Corporate Security Policies For Protecting Cloud Services

However, research focusing on the adoption of cloud computing technology and its impact on business operation is limited. This trend may be explained by cloud computing being a relatively new field. Available research on the structures, processes, security measures surrounding the cloud services are still at an early stage.

Organizations use the Cloud in a variety of different service models (SaaS, PaaS, IaaS) and deployment models (Private, Public, Hybrid). There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud) and security issues faced by their customers.In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.

Cloud computing has set a trend in the information technology arena that has sparked the interest of all who utilize the internet on purpose and unsuspectingly. Initially, the primary purpose of cloud computing was to provide a centralized data bank that organizations could use for quick data access. Its use has been quickly adapted, however, beyond business use to become the first option for personal use. The advantages and disadvantages of implementing such a shift from business to personal are varied, yet, statistically, according to the CISCO Global Cloud Index: Forecast and Methodology, 2014-2019 White Paper, its public use is on the rise. The report notes that “by 2019, 56 percent of the cloud workloads will be in public cloud data centers, up from 30 percent in 2014 and by 2019, 44 percent of the cloud workloads will be in private cloud data centers, down from 70 percent in 2014”. Though disadvantages with regard to data security is prominent, users have deemed that its implementation will still promote greater benefits than loss.

Federal organizations are moving their services to the cloud to minimize their software and infrastructure footprint and to save money, time, and resources. As cloud service providers (CSPs) are becoming prevalent, we must analyze the security of these services to ensure compliance with standards and laws that protect customers, citizens, and information. Therefore, this paper analyzes a new federal cloud compliance program called the Federal Risk and Authorization Management Program (FedRAMP). This paper also establishes that FedRAMP can indirectly aid federal government organizations to be compliant with the following laws: Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Family Educational Rights and Privacy Act (FERPA); the International Traffic in Arms Regulations (ITAR); and the Payment Card Industry Data Security Standard (PCI DSS). This paper will briefly explain these four laws and cloud computing discussions regarding these laws. This paper will also explain FedRAMP and the way it can help federal organizations to be complaint with these laws.

Managers in the information technology sector are faced with various challenges. Above all, the single most cybersecurity vulnerability remains to be individuals or employees in organizations. This is because lapses in the security system always start with members of staff. Moreover, the above-mentioned individuals are the primary defense mechanism. The range of activities that come up as a result of human error are many, most of the time involving acts of trespass, extortion, vandalism and even theft. The reason behind vulnerability is in the fact that efforts of protection are easily defeated and would only require a person who is against your interests in a particular way. An example is a scenario where an employee decides to infect the system of an organization with a virus. Nevertheless, the same person could become negligent in his duties and give an unauthorized colleague usernames and passwords to systems. The consequences that lie in this would be dire in that it can facilitate crime and sharing of files, which may be considered confidential by a company.

The majority of us have been found out about the most cloud security disappointments in which all the cloud innovation organizations are kept on developing, despite everything they endure a similar kind of issues in-house infrastructure's. Distributed computing has turned into a greatest market in the present innovation. In a report of 2016, experts at Gartner anticipated that exchanging to cloud will influence $1 Trillion in Information innovation in the following five years. Cloud administrations showcase has developed to a degree level that it was not a striking level of aggregate it is spending, which was creating new innovations and new businesses which are conceived in the cloud. At the point when cloud administrations are going

The first scenario that will be examined is looking at Cloud Computing from the perspective of security. Many small and medium sized businesses utilize the internet and Cloud Computing to conduct business and transfer money from system to system as well as report on financial accounting data. With that being the case, it is crucial that whatever system the business is working with pays very close attention to security needs to ensure that this data is protected from unauthorized sources viewing or manipulating it.

A lot has being said concerning issues surrounding the law and cloud computing. Some of these issues include privacy and data security concerns and laws and regulations. Regardless of what cloud computing models an organization uses, both the cloud provider and the consumer ha to operate under this laws. Therefore both parties need to have a broad knowledge of the these laws such as data breaches, information ownership and control and how close customers can manage risk both at the federal and state levels.

Data breaches and data loss is a severe issue when it comes to cloud computing. Since some or all of the infrastructure is located off site at the cloud services infrastructure, we do not control the overall security of the system. If an attacker gains access to the cloud computing system, even if it is through a different customers account there is a chance that they could gain access to our data that is stored on the cloud services system. These data breaches can expose our customers private data such as names, addresses, and account information. If the cloud company does not properly store credit card numbers it may expose them as well (Babcock, 2014).

This journal examines the various types of threats that a cloud-based company has to defend against. The authors recognize that the cloud has the potential to be a disruptive force in technology, and it examines the concerns that a business has for migrating to the cloud through the use of surveys. The benefits and risks are examined and the article provides statics and charts to illustrate the findings. The most interesting point of this article is it highlights the concerns customers have listing security as the number one reason preventing a business from migrating to the cloud. I plan to use this article to explain the challenges developers face in securing data on the cloud, not only with application development but also with educating businesses to alleviate misconceptions on cloud computing.

The use of the cloud computing always have a question about the ethics issues related with client data confidential. The FEO formal ethics opinion on cloud endorses the way to use cloud computing technology which include the reasonable care must be taken effectively to minimize the risk related with the client information confidentiality. The cloud computing technology has been used by the many service provider such as Gmail, Hotmail, and Dropbox and so on for numbers of years. These technologies were using this for the centralized service efficiently over the web.

In the past few years cloud computing has become the latest mainstream technology for individuals and businesses(McDermott, 2009). Cloud defines the use of assembly of services, infrastructure, information and applications which are comprised of pools of network, compute, information and storage assets. The cloud is a centralized shared data storage network that enables an individual or business to be able to store personal data such as: personal files, images and videos etc.(Camp, 2009). It offers the convenience to be able to store personal data in one centralized location and allows easy access to the data even from a remote location by use of user assigned passwords and user login details. This concept may sound straight forward, easy and user friendly but cloud computing poses potential security threats that can possibly put the user’s privacy and security at risk in case another party is able to log in their account, resulting in an unsafe storage of their personal information. Users are assured that their data is safe and won’t be exploited, however the user does not have control where the data is being stored and cannot track precisely how well their data is being protected(McDermott, 2009). In most cases, users just rely on trust and confidence to their storage provider that they can be able to securely store their data and prevent unauthorized persons from accessing the data. This means users are unsure of who and what may be accessing their data and

The impacts of cloud computing has touched almost every area of Information Technology. The information kept in the cloud is private and confidential and protected by laws that regulate it and protects it. The cloud providers faces laws that relate to the preservation of critical information touching on taxes, security, and sometime employment regulations. Also in other circumstances, they are forced to comply with laws requiring them to destroy such

An example is, Amazon Elastic Compute Cloud (EC2) could be rented for a digital bulletin board service. Amazon S3 is a storage that could also be rented. The fact about cloud computing service is that it is convenient and less expensive, this has paved ways for so many small businesses to scale above their expectations. however, the risk in cloud computing makes organizations vulnerable to cyber-attacks on a daily bases. Hackers are never tired of creating new techniques to exploit system vulnerabilities. Hackers has a way of tricking the cloud by inputting accurate but stolen information in the cloud to perform their illegal activities, thereby, gaining unauthorized access to a cloud server. Once an attack is successful on a cloud server the data stored in it, is no longer safe, especially sensitive data like personal identifiable information, account information and health record. Record shows that within the first 9 months in 2012, there was a huge data loss, about 1,047 data breach incident occurred. While the year before that 2011, there were data breach incident of 1,041 in the entire year. Among organizations that where affect, Epsilon and Stratfor were victims of data breaches. In these accident, hacker exploited the vulnerabilities in Epsilon system and exposed millions of customer's information stored in the database, these led to a great loss in the business . In

While cloud computing is rapidly evolving along with its increasing adoption, it has many challenges to overcome to be a general purpose utility suitable for all. Some of the major challenges that prevent businesses from moving to the cloud includes security and privacy risks, service availability and reliability concerns and a lack of standards between cloud providers (Elena & Johnson 2015). Other major concerns are Government Regulations, Exit Strategies and International Data Privacy (Walker 2012). The aim of this