IT Risk Management
CHARLES STURT UNIVERSITY
Cloud Computing IT Risk Management
Student ID: Name:
Cloud Computing
Cloud Computing
2
Contents Cyber Security ............................................................................................................................................... 3
Executive Summary: ...................................................................................................................................... 3
Features of cloud computing: ................................................................................................................... 3
Types of cloud computing: ........................................................................................................................ 4
Merits of the cloud computing: ................................................................................................................ 4
Recommendations .................................................................................................................................... 4
Risks .......................................................................................................................................................... 5
Risk Assessment ............................................................................................................................................ 6
Threats: ..................................................................................................................................................... 6
Vulnerabilities: .......................................................................................................................................... 6
Mitigation steps ........................................................................................................................................ 7
Protection mechanisms ................................................................................................................................ 7
References .................................................................................................................................................... 8
Cloud Computing
3
Cyber Security
Executive Summary: Cloud computing is defined as a service provided by another company which can be accessed over the
internet, instead of using the hardware and software inside your own company (Chris Woodward, 2017).
It clearly explains that the user is nowhere concerned about the location of the hardware and software
and the work it does, it is all done in the “CLOUD”. The word cloud computing is explained differently to
people in different domain areas, for IT people cloud computing is the outsourcing, for others it may be
a computing service and for some others it may be a bought software or service which usually sits
outside the firewall (Chris Woodward, 2017).
Examples of cloud computing:
When we query into Google, our desktop or laptop is not doing much in getting the output for
the query, it is the service provided by some other source which may be located at some other
location. We usually do not recognize this most of the times as we are only concerned with the
output we get and not the process of getting the output (Chris Woodward, 2017).
We prepare different documents on-line without using the inbuilt applications like Microsoft
office word or power-point. This would be another newer example of the cloud computing.
Features of cloud computing: Manageable: These are easily manageable because the users are using the services provided by the
cloud and they are managed by the people on cloud. For example, if we are using some Google
documents we need not worry about the virus that is going to affect the document or neither installs
some software that is supporting it. All these tasks are performed by the cloud computing services (Chris
Woodward, 2017).
On-demand: Cloud computing services are very high on demand and we can pay for the services as we
use it or on a subscription basis. So, it is quite similar to paying the electricity or telephone bills as we
pay for what we use. This really saves time and money instead of buying huge software and hardware
and one doesn’t know what to do (Chris Woodward, 2017).
Public/private: Usually we have two types of cloud computing based on the internet and intranet
services we use. For example, the free services like those which Google provides and the web based
emails come under the public services. The services which use the intranet services come under the
private computing (Chris Woodward, 2017).
These easily accessible feature of cloud computing make it more popular and used all over the web
which can be accessed anywhere and anytime. We also have different types of cloud computing services
based on the service it provides (Chris Woodward, 2017).
Cloud Computing
4
Types of cloud computing: Infrastructure as a service: This service is provided where we buy access to the computer hardware
through the internet, for examples servers which are used for data storage. Here, utility comes into
picture as we pay for the service what we use. Web hosting is a simple example for the infrastructure as
a service and is used very often (Chris Woodward, 2017).
Software as a service: Here the complete application will be running on some other’s system. Google
documents and the web based emails will be the best examples for the software as a service (Chris
Woodward, 2017).
Platform as a service: Here, the web applications will be developed at one location and it will be running
on end-users system. For example, a website can be created at one place and it can be accessed from
anywhere all over the world like Amazon (Chris Woodward, 2017).
Merits of the cloud computing: Cost savings: Money can be saved by introducing cloud computing into one’s business as it has
huge benefits.
Security: Cloud computing offers full time security as it is its main responsibility.
Flexibility: Cloud computing offers more flexible services as per the requirement.
Mobility: Easily accessed through our mobile phones from any location all over the web.
Insight: Tracking of the data can be maintained for the data in the cloud.
Collaboration: Employees in a team can work very effectively as the data can be easily accessed.
Quality assurance: All the documents in the cloud will be saved in one format and are
maintained with at most quality.
Disaster recovery: Cloud computing stores all the data very effectively in their services and can
be retrieved as we like.
Prevention of loss: Loss can be prevented to a large extent as the data resides in the cloud.
Automated software updates: Most of the people have no time to update or install new
software in their systems; here the cloud based applications will be installed and updated
automatically on time when needed.
Competitive edge: People who use cloud computing services are getting their services used on
their fingertips when compared to people who get their services locally.
Sustainable: This can be clearly explained as the hosting on cloud is more eco-friendly which
results in less number of carbon footprints.
Recommendations:
Clear identification of the data and the data processing operations is required before passing the
data into cloud (Gaeten Cordier, 2016).
Definite requirements have to be designed for the legal and technical security (Gaeten Cordier,
2016).
Cloud Computing
5
Risk analysis has to be carried out to identify the security measures needed for the organization
(Gaeten Cordier, 2016).
Proper and relevant cloud has to be identified and picked for the services needed (Gaeten
Cordier, 2016).
Service provider has to definitely provide proper guarantees and one has to chose based on the
requirements (Gaeten Cordier, 2016).
Internal security should be clearly reviewed (Gaeten Cordier, 2016).
Changes in the cloud should be monitored over time and have to be handled from time to time
(Gaeten Cordier, 2016).
Risks Unauthorized access: As the cloud services integrate data of many small businesses, one should
be careful on the security of the data.
Vendor based risks: One should be completely aware about the services that vendors provide
and the methodologies they use in protect ting valuable data.
Legal risks and compliance: One should definitely know the location where the data resides,
people who can access the data and the methods of protection.
Lack of control risks: This risk comes into picture because we can control the services on our
desktop, but we can control the services on the cloud as the vendor does that.
Availability: 100% uptime is not guaranteed by any service. If the internet services are bad and
we are unable to access the application, the cloud services may not be capable of the uptime.
Below is a sample screenshot of the risk.
Cloud Computing
6
Risk Assessment
Threats:
Due to many of the advantages that cloud services have, it is also prone so many threats. One should be
wise in choosing cloud services. Below are some of the top threats for cloud services:
Data transmission: While the data is transferred from the client systems to the servers in the cloud,
proper security measures have to be taken to avoid data transmission loss and insecurity.
Malicious insiders: Employees are the resources who have complete access to the data in the cloud
computing, so we should be careful with the employees and their quality of work.
Data loss: One should be very careful about the hard drive failure as there will huge loss of data.
Data breach: When we use a virtual machine to access other virtual server, there is possibility of data
breach at certain times and it most likely to occur.
Hijacking: Two-factor authentication is always preferred why because password is the only way to enter
into the service accounts. One should aware in this area about the authentication.
Unknown risk profile: All the security implications have to be considered before entering the cloud
services, the security softwares have to be installed on time and updated on time so as to meet the
requirements.
Denial of service: This is one of the most common attacks where the hacker can send millions of
unwanted requests and interrupt the service where the original requests will not be served on time.
Lack of understanding: Users of the cloud computing has to get a very clear idea on the services
provided to them and should be aware of the technologies involved. One cannot expect the protection
services at the user end in the cloud computing.
User awareness: Users have to be aware of various types of attacks while using the cloud computing
services; it may not be always possible for the service providers to provide security for us.
Vulnerabilities: It is defines as the weakness that an attacker can exploit for his personal gain. Below are some of the vulnerabilities in cloud computing services.
Session riding: This occurs when the hacker tricks the users by sending authentication requests in order
to achieve various things. A hacker can steal the user cookie and start his own work.
Virtual machine escape: We have a possibility that virtual servers can run much number of machines in
the cloud and there are chances that hackers can attack the systems and exploit them for their own
benefits.
Cloud Computing
7
Service availability and reliability: There may not be a chance of 100% uptime while using cloud services
as we don’t have internet when there is really bad weather. We should be prepared for the downtime of
the cloud services due to poor weather conditions.
Insecure cryptography: Virtual machines which are used by the users have to be relied on sources,
which can produce easy guessable numbers so as to avoid huge entropy in algorithms in cryptography.
Portability and data protection: When we chose a new vendor in cloud servicing, one has to make sure
that all the data has to be deleted from the old vendor cloud services.
CSP lock-in: Customers should not be locked in the cloud services for years and years and should be
easily transferrable from their accounts or services.
Internet dependency: One will be completely dependent on internet to use cloud services, so if the
internet falls down we cannot access or use the cloud services.
Mitigation steps Reliable cloud provider provides better security, so choose right provider.
In order to ensure data security, proper encryption systems have to be installed.
Introduce suitable validation processes and registration of the authorizers.
Network flow and traffic should be viewed time to time so that service is maintained perfectly.
Security standards have to meet the requirements.
Strict authentication has to be maintained along with the encrypted transmission of data, so
ensure data is safe even while transmission.
Vulnerabilities have to be checked from time to time and ensure safety measures are installed
and updated on time.
SSl encryption of data and API security has to be provided on time where necessary.
Protection mechanisms Below image shows how the attack may occur in the cloud services and let us discuss few protective
measures:
Cloud Computing
8
Cryptography related security measures:
Authorize encryption: Cloud service provides use advanced tools like proxy re encryption where
required in order to ensure security in all the conditions. Users can upload and download data
into the cloud form their smart phones and hence ensuring safety will be of higher priority.
Remote data auditing: This technique provides assurance for the data protection and security in
many ways. It works effectively in improving efficiency, public verifiability and probability of
detection when required.
BP-XOR gates: Installing these gates will work as an effective approach in the cryptography to
get trust worthy evaluation. These gates have to be installed at the major junctions and where
there are secret sharing schemes in order to ensure security of the system.
Key encryption: This key encryption is dependent on private hidden key encryption which is
very effective in providing security to the servers and database. The difficulty arises where it is
highly tough to decrypt the keys which are encrypted.
References
Explain that Stuff. (2018). Cloud computing - A simple introduction. [online] Available at:
http://www.explainthatstuff.com/cloud-computing-introduction.html [Accessed 27 Jan. 2018]. Salesforce.com. (2018). Cite a Website - Cite This For Me. [online] Available at:
https://www.salesforce.com/hub/technology/benefits-of-cloud/ [Accessed 27 Jan. 2018].
Iapp.org. (2018). CNIL Cloud Computing Recommendations. [online] Available at:
https://iapp.org/resources/article/cnil-cloud-computing-recommendations/ [Accessed 27 Jan. 2018].
Calyptix Security. (2018). Top 5 Risks of Cloud Computing. [online] Available at:
https://www.calyptix.com/research-2/top-5-risks-of-cloud-computing/ [Accessed 27 Jan. 2018].
Singh, N. and Singh, A. (2018). Data Privacy Protection Mechanisms in Cloud.
SSL Certificates by ClickSSL - Cheap Price, Best Quality & Support. (2018). Top 8 Cloud Computing Threats
and its Security Solutions. [online] Available at: https://www.clickssl.net/blog/top-8-cloud-computing-
threats-and-its-security-solutions [Accessed 27 Jan. 2018].
Lukan, D. and Lukan, D. (2018). The top cloud computing threats and vulnerabilities in an enterprise
environment. [online] Cloud Tech News. Available at: https://www.cloudcomputing-
news.net/news/2014/nov/21/top-cloud-computing-threats-and-vulnerabilities-enterprise-environment/
[Accessed 27 Jan. 2018].
Cloud Computing
9