This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Company

Company A Risk Analysis

Admin 21 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

Company A Risk Analysis

Governments and businesses are shifting workloads to the cloud. Some organizations, however, are hesitant because of the lingering unease about how to secure data is with cloud computing. Services in cloud fall under three classifications including SAAS (Software as a Services), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service).

Company A Risk Analysis

Good security measures for cloud give scalable solutions that detect risks before reaching the data center. These risks include:

  1. a) Contracts and Technology Selection

The contract provided includes no crucial elements that would protect privacy needs and security requirements. Company A ranked this problem the highest with the high likelihood of occurring with the largest impact.

  1. b) Tenants separation and Multifactor Authentication

The exploitation of software and system vulnerabilities with the infrastructure of CSPs, applications, or platforms supporting multi-tenancy may fail to maintain the existing separation. Surface areas for an attack are increased by multi-tenancy in that if there is a failure in separation controls, the chances for data leakage are increased. Company A’s IaaS firewalls are not under managers but the application team. Without multi-factor authentication, the company is at a high risk of logical attacks.

Don't use plagiarised sources.Get your custom essay just from $11/page

  1. c) Incomplete Data Deletion

Since visibility to some stent is decreased, one cannot be sure of where data is stored to verify that data has been deleted entirely. Therefore, potential threats exist with the deletion of data. As in Company’s A, information media is a high risk. It is essential that a secure shell (SSH) or Secure Sockets Layer (SSL) be used when sharing information with CSP.

  1. d) Compromised CSP Chain of Supply

Just like company A, it is vital that the quality of service is monitored. If the CSP parts are outsourced, for example, its maintenance, infrastructure, and operations, then the third parties may not meet what the CSP is meant to provide.

  1. e) Abuse of Information by Insiders

The administrators and staff abuse their access to the company’s systems, data, and networks have a unique opportunity to infiltrate data. Company A is mainly at risk of this because it is a problem common with IaaS. The insider can get away with nefarious activities that may require forensics when cloud resources provide no forensic capabilities.

  1. f) Migration to Cloud Computing Increases Complexity

It would require new model learning for the staff to manage, operate, and integrate it. The tools and techniques available to monitor and log cloud services vary with CSPs, hence more complexity. A hybrid cloud will also present emergent risks due to the method of implementation, technology, and policies.

Risks of Private, Public and Hybrid Clouds and How to Mitigate them

Public Clouds

This is where the CSP, such as Google or Microsoft, makes resources such as storage, infrastructure, and application available to businesses and customers over the internet. Services like Gmail are free, and although one has limited control over the hosting of the computing infrastructure, it is as secure as private clouds. Since company A is migrating, there would be a need for assessment to see if the company is capable and ensure safety. CSPs should hold SAS 70- Company A faced a high likelihood of missing SAS 70- which is an audit providing verification from an independent third party that the design of procedures and policies is correct (Balasubramanian & Aramudhan, 2012).

Another risk involves data loss through leaked data across tenants. When there is a weak link in the infrastructural components of a shared network such as weaknesses in IP control, DNS server, or the Configuration Protocol for Dynamic Host, cross-tenant attacks are highly likely especially in infrastructure with Iaas (Balasubramanian & Aramudhan, 2012). Company A uses Iaas CSP, thus at risk of this. This type of risk is not easy to predict or prevent, hence the client must protect his or her data, ensuring that security mechanisms are in place.

Another issue may be the increased risk of losing data over communication channels. It is crucial that key management and data encryption be used. Also, CSP may hide their security processes for security reasons hence a lack of transparency for those using public clouds.

Private Cloud

Private clouds refer to computing platforms built on an individual’s software or hardware. It may also be called a corporate cloud or internal cloud. Host services are provided for only a limited number of people. Higher security level and application control are experienced here as a private network provides and maintains services and infrastructure. Using this cloud should enable one to control the environment. Through a dashboard based on the web, security aspects can be viewed as well as the potential threats (Balasubramanian & Aramudhan, 2012).

Hybrid Cloud

As the name suggests, it is a combination of the two clouds discussed- private and public. Its primary disadvantage is that different platforms of security have to be managed together.

A hybrid cloud is more complicated, especially without data redundancy (Zhang et al., 2011). This is a high-security risk, especially when there is data outage, and there was only one center. Therefore, cloud architects must avail redundancy vial multiple centers of data originating from a single provider or various providers of a public cloud.

There are also issues with compliance. Company A, using an IaaS, may also work with data for payment cards. In this way, an individual has to demonstrate collaboration between the two clouds and that data protection is guaranteed especially, when card data may be transferred from the more secure private cloud to the less secure public cloud.

Another issue is that hybrid clouds have poor Service Level Agreements (SLAs). This trickles back to the issue of contracts. The public and private cloud CSPs should be able to meet what has been specified in the agreement. Otherwise, one would be forced to choose the SLAs based on the lesser expectations of the two cloud types, and that is the private cloud (Zhang et al., 2011).

Audit Tasks and Mitigation Controls

The audit tasks applicable to the above case study will be considered in several stages:

Access and Identity management

Audit tasks will be focused on data transmission and connection. Connectivity should be secured with SSL or HTTPs that data transmitted on a regular basis is secured (Lageschulte & Gadia, 2013). Mitigating control for this is to control data access in a way consistent with the company’s security needs.

Data Protection

Audit actions would focus on the company’s procedures and policies to protect data that third-parties stores. It will also be directed on data co-mingling with the cloud application tenants. One potential mitigation approach is to come up with a roadmap standardizing the technology used and supports choices on when to migrate to novel technologies (Lageschulte & Gadia, 2013).

Technology Risks

Audit actions will be directed towards knowing whether the CSPs are adequately protecting the company from risks inherent with using an IaaS. It will also look at the Segregation of Duties (SoD). Just because the cloud holds an application, it doesn’t mean that SoD should be diminished. Mitigation controls would include a clear definition of SLAs with CSPs. There should also be a clear definition of the mutual acceptance of responsibilities between CSPs and clients (Lageschulte & Gadia, 2013)…

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask