Friday, May 1, 2020

Addressing Cloud Computing Security Issues â€Myassignmenthelp.Com

Question: Discuss About The Addressing Cloud Computing Security Issues? Answer Introducation Suitable for global organizations this project considers technology risk challenges such as future skill deficit. Banking operations at Aztek need servers, storage and databases management systems for numerous internet applications. Outsourcing saves on costs because Aztek only pays for services and software applications that it can accesses and use. However, compliance to business terms is necessary. Aligning Azteks project plan with its mission and values is important. It is also critical to ensure that the resources are available for the project. Aztek has an objective of implementing continuous improvement practices in its operations and functions. By setting aside resources for this plan, the company is able to avert current and future risks. A good plan guides the company in the adoption of risk management strategies such as insurance. It also encourages compliance by the business companys teams. The implementation of risk management encourages the fulfilment of business goals because it scrutinizes all areas of Aztek. Outsourcing Cloud Computing Economies of scale in cloud computing advocate for reduced costs for IT systems as an operational risk management tactic. Risks present liabilities and high cost of management(Benlian Hess, 2011). Making wrong decisions about the IT capacity needs for Aztek contributes to the risk factors. Websites operating on common applications like ecommerce are at a high risk of manipulation from cybercriminals. An effective transfer of IT app1.lications requires a reliable and safe infrastructure system. The company needs updated cloud solutions for its mobile devices, webservers, and data storage or recovery. These must be free from fraud. Making company websites accessible to multilevel, multidimensional and group systems requires effective models within the legal framework. The development, configuration and administration of applications in the global environment include privacy. Transfer of IT Applications Samandari, Havas, Harle ( 2016) identify future risks in the banking industry to identify technological disruptions among the issues of focus. Although innovation provides solutions to banks and services, it presents fresh challenges every day. Aztek deals with metadata and technology helps in portfolio management, detecting inconsistencies and making projections. Accuracy in the banking sector is a necessity and automated machines such as the ATM and mobile banking cannot afford to make mistakes. IT applications lower the risks giving the bank a competitive advantage. Of concern are privacy issues, data protection and error free business modelling. Definition of Risk E-commerce is a platform for business engagements using the internet(Chiu, Wang, Fang, Huang, 2014). Cloud computing used in the financial sector include the website links and knowledge management systems. These allow for third party access hence security and training concerns emerge. The use of cloud computing in banking services is questionable because of the banking business model. Banks are financial companies but they also stand out as well as high-risk businesses. A risk in this case is the unexpected occurrence, which may hinder the successful implementation of objective 2 of the planned portfolio. The foreseen danger may occur in any form hence there is no certain definition of its magnitude or specific. The planning process involves a cycle process of taking actions against the challenges and evaluating the controls. This is a flow showing the mission, strategy, goals and goals of Aztek as a company and its IT plans. Stakeholders play a key role in defining the process. Regulatory measures and Best practice Licensed under the Australian Banking Act, the financial regulations affect its operations(Hooper, Martini, Choo, 2013). Aztek also designs risks with consideration for the finance industry laws for credit facilities, labour laws, customer relations and banking services apply. The harmonization is under the: Good governance and conduct Privacy and personal data protection Business regulations and operations E-commerce global regulations Project Impact on Current Security Aztek strategic risks cover wide areas including corporate banking, which accommodates for its plans to venture into business alliances. Top on its plan is institutional compliance in which the Bank fulfils its responsibilities of implementing, managing and providing financial security(Rittinghouse Ransome, 2016). The IT outsourcing plan expounds on its agenda of providing reliable information to the stakeholders. Awareness creation and the implementation of risk control is important for both internal and external stakeholders. The bank has in place a system of risk management for its internal operations but it needs an elaborate framework for an external IT related plan. Current plans Azteks Risk management plan comprises of an overall organizational design as well as the departmental breakdown. The framework covers financial risks, governance, credit, developmental, strategic and operational risk levels. This plan derives its motivation from the global threats faced by the financial industry. Top on its list is the liquidity risk followed by technology and organized crime(PWC, 2017). The Australian banking service is an industry, which revolves around the consumer. Efficiency is an important factor in its value chain. Innovation also has a major role in organizations and is a best practice for the banking industry. Aztek as a company has a risk management team whose responsibility features: A risk framework for Aztek and the financial industry Development of a risk strategy and treatment plan Oversight of the risk management agenda Monitoring and ensuring compliance of the plan Coordinating risk management activities across the business Carrying out internal audits for new risk framework IT Security Risk Factors IT Security Policies and Procedures at the company also have structures laid out 3 years ago. Its focus was initially on risk assessment but industry trends indicate the importance of risk management. Its agenda was to address gaps in the infrastructure and they include three levels namely, the infrastructural, software application and development (Zissis Lekkas, 2012). Cloud computing is an advanced technology that falls under this docket. As a software model, it comes with a structure and model that is distinct and critical to Aztek IT systems. It comprises of the change in technology featuring systems designed for the banking services. This change comes from demands in the global sector. The complexity of technology systems and applications calls for risk management by leveraging the company installations with global expectations. Risk assessment leads to strategic approaches to combat and deal with the impending and potential risks. Supply chain risks are inevitable and corporate governance regulations allow the bank to undertake these risk analysis and implementation. The drivers of value creation in risk management is the stakeholder who comprises of large and small companies (Upper, 2011). Risk assessment considers: Possible situations that could happen Process of his could occur What impact it could have on the system Solution to this problem The New Plan In the new plan, risk management considers the risk assessment factors as well as crisis management using a modern approach(Bessis, 2011). It incorporates liquidity risk management and the use of technology services and products. The growth of the online business brings fresh risks for the financial IT systems because consumers now have to make most of their transactions using credit cards. Online transaction risks include credit risks, market challenges, operational and liquidity challenges. The contemporary system has configurations and computer applications to address these issues. Risk management planning highlights the possible risk avenues in order to describe concrete solutions. Outsourcing IT is a major factor affecting Azteks financials and business performance. Its outsourcing framework is an interesting business model that involves a third party service provider. Cloud computing is a new approach to collective operations. IT comprise of an innovative structure that involves a third party supplier. This means the introduction of a new security plan for Aztek communication and information systems plan. It starts with the identification of its security threats and quality business processes. This brings in the IT and Information Systems configuration. Challenges Advanced technology challenges keep advancing over time. This needs strategy improvements to tackle its complex nature. The introduction of collective computing systems provides opportunities and challenges. The new business model targets deeper connectivity and quality management(Bessis, 2011). Reputable banks prepare for uncertainties across through risk management services and products. Online credit risks include the protection of customers personal data and unauthorized access to credit card data. Value Creation Reputational risks include loss of respect in public image or consumer trust. This happens when the stakeholders question the capability of Aztek to carry out its financial services effectively. Reports about the bank or its customers losing data gives a negative image on the company. It gives a negative impression of the brand and customers lose confidence in the company. The company needs a system for detecting crime and credit underwriting. Having an early warning application gives it an edge over the competitions. In the IT financial industry, having insight on the potential risks for outsourcing services is important(Low, Chen, Wu, 2011). Operational risks The introduction of an external cloud process brings new changes such as the introduction of new people, systems and procedures. Change Management arrests the impending risks arising from human and computer generated risks. The computing systems could relay incorrect data or it could leak information to criminals. Data management solves this problem by providing security installations, making changes on personal data safety, permits or licenses. It checks the facilities, capital, space, emergency, and the operational environment. Liquidity risk The reduction of losses is important for the business because it upholds the companys assets and customers. Liquidity risks include daily loses in cash transactions. Security installations in mobile banking is an effort to reduce these risks. Globally secure mobile and internet banking is a problem. Aztek needs concrete plans for this. Credit risks This covers the largest risk factor for banks in the global system. Customers access services through cloud systems and installation applications. Its dangers come from loans, foreign exchange, swiping, equities, trade financing and forex. The modern consumers uses the credit card services for online shopping and payments. Banks face threats from unsuccessful transactions arising from failed processes. The introduction of mobile banking services on mobile devices is due to customer demands, and market changes. Other risks in credit loans include credit delays, the loss of funds due to credit transactions, calculations, exchange rates and exchange value settlement different. Market risks Economic recession and financial trends determine the pricing, interest rates, forex rates and fines. Placed on consumers by the bank it brings about fluctuations in currency, commodity and equity. The contemporary consumer prefers low interest costs and banks, which have long-term strategies against their competition. Business risks include national, regional and global management issues. There are risks arising from systematic risks, which affect the economy of the bank. The external environment such as cloud computing shapes the trend in the market systems. It comprise of perceived risks such as failed investor risks(Fahlenbrach Stiultz,2011). Compliance Contracts address issues such as leases and sponsorship for the projects. In a global organization such as Aztek, the Australian regulations and statutory laws apply(Governement, 2015). These involve employees and the community as well as company installations. Engaging in a business model with an external service provider has challenges among them is the challenge of breach of contract. The Codes of conduct ensure compliance to the rules. Clients need a clear understanding of the terms and penalties, loss of revenue purchasing practices, and litigation challenges. Risk Analysis The success of this project depend on effective management approaches including an analysis of the potential risks. These require an effective management support system. An effective plan looks at the risk factors in a project in order to measure their viability. The Aztek IT Risk Assessment lead involve different stakeholders and technologists hence an effective decision-making process is required. The Australian government incorporates cloud computing among ICT arrangements as illustrated below(Kluwer Delbaere, 2016). Risk management identifies the potential risks, vulnerabilities and the risk control processes. When developing competitive processes, the financial organizations must be aware of the need for compliance with the legal framework affecting business continuity, cloud service provider, and service location. The Risks, Vulnerabilities and Threats Cloud computing and IT installation of technology from external sources poses risks. The project plans to make installations on laptops, pads, tablets and mobile phone devices. Each of these devices face challenges and exposure to malware and other effects. The incorporation of a corporate-wide email for archive systems need a compatible and compliant design. Upgrading applications on desktop operating systems also needs IT Security Policies and procedures. In order to understand the risks, it is crucial to understand vulnerabilities, threats and risks(Grobauer, Walloschek, Stocker, 2011). This clarification provides a guide on the types of risks involved in the process. Threats This is a potential cause of alarm for an organization. It includes system interference. Different agents of these threats include criminals, bank fraudsters and organized criminals. Aztek needs a plan that foresees this as a future challenge for the organization. The legal framework admonishes the financial service provider from compromising client assets. In order to prevent this failure, and combat theft, the plan makes provision for better security software and the training of its employees with codes of conduct for risk aversion(Cappelli, Moore, Trzeciak, 2012). Employees can also become threats if they are not aware of the risks. Competitors often use employees to steal crucial information and company data. The company needs protection from hacking systems and unauthorised access. In some regions, access by government and terror groups(Martini Choo, 2012). Contemporary criminals have the capacity to fabricate identity for unauthorised entries. Vulnerabilities Defined as weaknesses characterising a system, the vulnerabilities expose the system to threats. An example is weak passwords, insecure online banking and constant cyber-attacks. Data security requires privacy protection as one of the major safety measures(Chen Zhao, 2012). This service delivery approach is crucial for cloud computing which involves different IT experts and networking systems. Public clouding is vulnerable to software bugs and information leaks. Broken financial processes also expose the system to such threats. This calls for changes in hardware and software installations. Aztek needs effective measures such as backup systems and prevention of human errors. As part of its customer service, the brand needs to inform its customers about the value of having stronger passwords and protecting personal computer devices. Aztek might consider using top security OS such as Apple devices. Risks Consequences or potential losses or damages leading to the destruction of Azteks assets. This is a result of a vulnerable system or applications such as password access. Cybercrime is one of the major problems facing business organizations today. Cyberstalking and profit-oriented criminals exist in cloud systems. Aztek as a group needs to invest in software applications and systems, which prevent such disruptions. Failure to do so exposes the company to threats of money losses, compromised privacy, loss of confidence and legal suites. As a best practice, the company invests in quality systems that enhance its reputation as a safe financial service provider(Gonzalez, et al., 2012). Data damages such as service interruptions and network unavailability is another risk. In such a case, the company needs to make changes such as upgrading the systems of modification. Practical law for IT in the finance industry includes outsourcing issues(Wang, Wang, Cao, Lou, 2012). These regulations provides guidelines for procedure such as hiring global consultants, purchasing software applications for the office functions and integration of Aztek services with other businesses. A merger between Aztek and a technology company needs clear business terms. The international, local and national environments have adoption and integration. The two companies forming the merger operate within a contract policy that determines payment for technology services or software application. Risk management tackles any issues of conflict that may arise. It shapes an effective framework that includes policy changes and regulations from the industry and the two companies. Infrastructural Framework Poor Management of legal arrangements poses threats to the company image and workforce. Exposing employee data, Aztek facilities and commercial processes makes the organization vulnerable for attacks. A crisis arises when hackers access the company website and share the information to competitors. Research indicates that Australian banks are among the most vulnerable globally(Bavas, 2015). The findings by Kaspersky Lab a cyber-security firm indicated the advancement of criminal networks, which monitor banks and employees to fleece the company of millions through customer account. Aztek has the private cloud system for its employees across different branches and it has software installations for different services accessed by the consumers. Other stakeholders such as partners also have portals. A reliable infrastructural network that is free from third party access hinders interference from hackers, and malware. Compliance with legal terms helps customers to download applications from reputable company sites. It thus prevents the risks by controlling damage. In case of a breach, or IT systems exposure to fraud, the company also needs a crisis management plan. This includes reorganization of the system and infrastructural networks. Risk management mechanisms have consideration for components such as events, changes in technology, target profile, negative public perception and software manipulation. A comprehensive solution has provisions for Abuse from legitimate users, illegal or rogue users and software vulnerabilities. Sometimes additional installations pose a threat hence Aztek needs an authentic database and Denial of Service (DoS) installations(Zargar, Joshi, Tipper, 2013). Data Security Cloud computing service models comprise of infrastructural systems (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)(Subashini Kavitha, 2011). Security installation at all these levels is necessary. Mitigating the risks calls for strengthening the IT systems in order to prevent stolen passwords. This includes security installations in multimedia applications for downloads and uploads. Regular hardware and software maintenance must be in place. This includes checks against any communication vulnerabilities that may arise. Employees and other human vulnerabilities also need to be in check. Assessing IT Risks Assessing the IT systems for risk in business terms is critical because it highlights the quantitative and qualitative risk management approaches. This comparison identifies the external factors, internal manipulations and system errors. The quantitative analysis points out the incremental attacks and interference from other channels. It takes note of network weaving and frequency in authorization attacks. It facilitates for the identification of information vulnerabilities arising from IT capacity and software disruption as well as scripts. The quantities risk quantifies objectives, decisions and achievable metrics such as costs and schedules or targets for system installations and upgrades(Shaikh Karjaluoto, 2015). This gives a higher quality analysis with data variations for a better risk analysis. It gives projections for the projects timelines too. Qualitative analysis looks at the business trends and management challenges. It recommends weaknesses in business processes and inadequate controls for effective change management. This form of risk assessment, which facilitates for the classification of risks. It also indicates the relationship between causes of IT insecurities for Aztek and its cloud systems effects. This helps to identify the pros and cons of the broad network access used in the project, which advocates for the use of mobile phones and tablets(Benlian Hess, 2011). Although the quantitative analysis provides for a deeper understanding, it takes time and it may not explain the probability. It is important to have a practical description of the threats for an understanding of the impact and extent of the risk exposure. Therefore, both methods are effectively used together. The qualitative analysis checks for performance metrics in order to bring out the occurrence of the threats. The distribution of the risks helps stakeholders in the industry to make the necessary changes such as system upgrades. Aztek depends on the quantitative risk factors for mathematical simulations but it needs to combine the risks for effective application across the projects. Cloud computing and installation of external software involves a complex IT project that needs software and system applications(Aleksandro, Fedorovich, Victorovna, 2016). Insurance As IT risks continue to advance, companies adopt smart tactics such as risk insurance because technology is expensive. Managing risks calls for limitations or risk transfers. Based on the fact that risks are inevitable in clouding and technology installations, this approach examines the company profiles to create a plan for acceptable and unacceptable risks. Business risk liability can bring down a multinational company hence liability insurance includes IT for data protection and recovery. This is a cover plan for uncertainties(Corner, 2013). It caters for data migration, risk mitigation and insecurities faced by businesses today. The availability of a wide variety of insurance plans includes personal devices such as laptops, pads, and PDA. Such networks are prone to attacks from malware and the financial industry is at the highest risk. In Australia the law is unclear about the external storage of data hence most companies are sceptical about cloud computing insurance. General liability caters for risks in business activities including data damages and losses(Jain Shanbhang, 2012). Risk rating guide Insurance risk rating compares the losses and the compensation. In IT insurance, there are provisions for short-term and long-term coverages for systems protection. The ratings addresses security breaches, down time and effects that this may have on users(Cloud Insure, 2014). In this case, it protects customers from server complications and inconveniences. This is a business strategy for Aztek as well as its IT cloud service provider. Forming partnerships in the acquisition of insurance is one way to overcome these liability challenges. Conclusion Aztek is a financial service in the contemporary system where technology is part of management practices. Innovation improves functions and operations in a financial business. As a best practice, industry players invest in it for successful implementation. This report analyses cloud computing and software installations as a major project underway for Aztek. It brings out the importance of risk management and some of its challenges. References Aebi, V., Sabato, G., Schmid, M. (2012). Risk management, corporate governance and bank perfomance in the financiak crisis. Journal of Banking Finance, 36(12), 3213-3226. Aleksandro, M. e., Fedorovich, N. A., Victorovna, P. (2016). Potential of the internet network in formation of the assortment of the trade organizations. European Science review, 1-2. Bavas, J. (2015, February 17). Australian banks fall victims to multinational hacking attack: cyber security firm. ABC. Retrieved from https://www.abc.net.au/news/2015-02-17/banks-victim-of-multi-national-hacking-attack-security-firm-says/6130370 Benlian, A., Hess, T. (2011). Opportunities and risks of software-as-a service: Findings from a survey of IT executives. Decision Support Systems , 232-246. Bessis, J. (2011). Risk management in banking. John Wiley Sons. Cappelli, D. M., Moore, A. P., Trzeciak, R. F. (2012). The CERT guide to insider threats: how to prevent, detect, and respond to infomration technology crimes ( Theft, Sabotage, Fraud). Addison-Wesley. Chen, D., Zhao, H. (2012). Data security and privacy protection issues in cloud computing. Computer Science and Electronics engineering ( ICCSEE) (pp. 647-651). IEEE. Chiu, C. M., Wang, E. T., Fang, Y. H., Huang, H. Y. (2014). Understanding customers repeat purchase intentions in B2C e-commmerce: the roles of utilitarian value, hedonic value and percieved risk. Information Systems Journal, 24(1), 85-114. Cloud Insure. (2014, May 16). Insurance Program Design and Management for clouds. Cloud insure. Retrieved October 2, 2017, from https://cloudinsure.com/news/news/30 Corner, S. (2013, July 13). Insurerers laging on cloud cover. The Sydney morning Herald. Retrieved October 2, 2017, from https://www.smh.com.au/it-pro/cloud/insurers-lagging-on-cloud-cover-20130708-hv0qa.html Fahlenbrach, R., Stiultz, R. M. (2011). Bank CEO incentives and the credit Bank CEO incentices and credit crisis. Journal of Financial Economics, 99(1), 11-26. Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., carvalho, T., Naslund, M., Pourzandi, M. (2012). A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing: Advances, Systems, and Applications, 1(1), 11. Governement, A. (2015, August). Information security mangement guidelines: Risk management of outsourced ICT arrangements ( Including Cloud). Retrieved from Protective security: https://www.protectivesecurity.gov.au/informationsecurity/Documents/AustralianGovernmentInformationSecurityManagementGuidelines.pdf Grobauer, B., Walloschek, T., Stocker, E. (2011). Understanding cloud computing vulnerabilities. IEEE Security Privacy, 9(2), 50-57. Hooper, C., Martini, B., Choo, K. K. (2013). Cloud computing and its implications for cybercrime investigations in Australia. Computer Law Security Review, 29(2), 152-163. Jain, A. K., Shanbhang, D. (2012). Addressing security and privacy risks in mobile appllications. IT Professional, 14(5), 28-33. Kluwer, W., Delbaere, W. (2016, October 13). MAS's outsourcing risk management guidelines: Bringing compliance closer to the cloud. Retrieved from Wolkers Kluwerfs: https://www.wolterskluwerfs.com/onesumx/commentary/MAS-outsourcing-risk-management-guidelines.aspx Lekkas, D., Zissis, D. (2012). Adressing cloud computing security systems. Future Geerations Computer Systems, 583-592. Low, C., Chen, Y., Wu. (2011). Understanding the determinants of cloud computing adoption. Industrial Management and Data Systems, 111(7), 1006-1023. Martini, B., Choo, K. K. (2012). An integrated conceptula digital forensic framework for cloud computing. Digital Investigation, 71-80. Melville, J. (2016, October 11). The value of an integrated GRC environment. Retrieved from LinkedIn: https://www.linkedin.com/pulse/value-integrated-grc-environment-james-melville-fcca PWC. (2017). Escaping the Commondity Trap: The future of banking in Australia. Retrieved from Pwc: https://www.pwc.com.au/pdf/pwc-report-future-of-banking-in-australia.pdf Ravi, K. J., Ramachandran, N. (2011). Factors influencing the outsourcing in the banking sector in India. Strategic Outsourcing: An International Journal, 4(3), 294-322. Rittinghouse, J. W., Ransome, J. F. (2016). Cloud computiing implimentation, management and security. CRC Press. Samandari, H., Havas, A., Harle, P. (2016, July). The future of bank risk management. Retrieved from McKinsey Company: https://www.mckinsey.com/business-functions/risk/our-insights/the-future-of-bank-risk-management Shaikh, A. A., Karjaluoto, H. (2015). Mobile banking adoption: A literature review. Telematics and Informatics, 32(1), 129-142. Subashini, S., Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 1-11. Upper, C. (2011). Simulation mehods to methods to assess the danger of contagion in interbank markets. Journal of Financial Stability, 7(3), 111-125. Wang, C., Wang, Q. R., Cao, N., Lou, W. (2012). Toward secure and dependable storage services in cloud computing. IEEE transactions on Services Computing, 220-232. Zargar, S., Joshi, J., Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service ( DDoS) flooding attacks. IEEE communications survey tutorials, 20(16), 20146-2069. Zissis, D., Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.