IT Risk for Cloud Computing at Aztek

Question: Discuss about the IT Risk for Cloud Computing at Aztek. Answer: Introduction The cloud computing can be explained as the internet based virtual storage for the information and data and it has been helpful for development of many organizations. The primary benefit for the use of cloud computing includes the development of the remote administration of the information and data (Agudelo et al., 2016). The cloud computing provides the benefit of deploying faster data access and support for the business organization. The development of the cloud computing had also provided the increasing of risk factors and their affect on the development of operations at Aztek. According to Garcia et al. (2014), the cloud migration can result in decreasing the authority and authentication of data and information. The paper has been made on the analysis of risk factors that the business organization has been facing after implementing the cloud system. The migration of cloud at Aztek has been initiated for improving the operations of business organization. The following report has highlighted the review of the project of migrating to cloud by Aztek. The risk and threats assessment had provided an overview of the various types of risk and threats that the organization has to face for migrating to the cloud service. The recommendations for the risk assessment consist of risk mitigation strategies for Aztek. Project Review as per Financial Service sector Cloud Computing provides the most suitable benefit of data access and management for business organizations (Bello, 2015). The use of cloud computing has helped in facilitating the faster data transfer and scalable storage. However, the technical requirements of the cloud computing has made it evitable for some issues and flaws. Business organizations like Aztek have employed the cloud computing for improving their operations. It has resulted in some financial issues like management of accounts data, legal obligations, and strategic risk (He, P., Wang et al., 2015). These risk factors have severe affect on the development of secured information processing and transfer for the business organization. Operational benefits and control: The financial data and transactional information like account holder name, personal information, sales quantity, amount received, and discount provided. These data are very crucial for any business organization (Brodin et al., 2015). The business organizations keep this information secured from any external infiltration and reach. The development and implication of cloud computing at Aiztek would make the information stored over the cloud accessible from any remote location. The cloud computing system provides the ease of data access from any place (Pahl, 2015). However, the design and structure of the cloud computing system is dependent on the technical strategies used for building the system. The cloud vendor is also in control of the data stored over the cloud network (Cole et al., 2013). The data and information can be modified or examined from the source of cloud vendor. Technical Risk: The various hackers and cyber criminals can use the developed technology for hacking and getting into the system of the Aztek. The data stolen about the transactions and bank summary of Aztek can be used for harming the company financially. These attacks have a prone effect on the companys economy as the company might lose their potential clients due to misuse of the stolen data (Chance Brooks, 2015). It would result in decreasing the certainty of the operations included in the cloud system operations. The technical errors and design flaws of the system have resulted in diminishing data access efficiency and hinder the process of data flow. Aiztek would have to deal with the problem of process halt and it would result in bringing financial loss to the company. Strategy Risk: The strategy risk for the cloud computing consist of failures of the implementing process (Ghosh et al., 2013). The deployment of cloud can be based on three types of application and they are information, platform, and software. Aiztek can select any one from the three services. However, due to failure in implication, the cloud service would not be able to function properly. The wrong selection of the service would also result in delaying the services that would result in decreasing the revenue of the organization. Hence the project of migrating to cloud service must be done with proper care and evaluation of above said problems. The cloud computing provides vast functionality to the data stored and it can be scaled up or down as per requirements. Project Review as per impact of security posture The project of migration of the data to cloud services would provide the benefit of scalable security functions, different priority of information, time effective, and resource concentration. It would enhance the control over the data and provide the benefit of faster data access and modification (Keyes, 2013). The benefits of cloud migration for Aiztek have been explained below, Scalable security functions: The security functions and processes of the cloud computing has been helpful for providing the benefit of the scalability for the operations of business organization. The scalable security functions would be helpful for providing the ease of operations with secured data transfer (Lobelo et al., 2016). The security functions would help in forming the limited access to the data and information stored over the cloud storage. The storage of the cloud computing for Aiztek is scalable and can provide the security for all the data stored in the cloud network. Aiztek could consider the development of the prominent security functions at the business organization. Prioritization of the security feature: The cloud computing has to be provided with the prioritization of the risk factor. The data stored in the cloud network is in abundance. However, the security of this information is not limited to all levels (Mitrovic et al., 2014). Each of the data stored in the cloud computing are prioritized with the security feature. Some of the data like accounts information, stakeholders info, and other information have to be kept strictly secured and private from the reach of external individuals. These types of information are to be stored with the most secured design of the cloud computing. The cloud computing can keep these data protected from external influence. Time effective: The operations of the cloud computing provides with secured data connection the ease of faster data connection and transfer (Moshir et al., 2014). It has resulted in making the operations of Aiztek faster and efficient. The organization can ease their processes with the help of cloud computing process. The time effectiveness of the cloud computing is a result of wireless data access from any source and place. The main reason behind the use of cloud computing is the time effectiveness of the operations. Resource concentration: The cloud computing provides the benefit of the secured resource allocation for Aiztek. The resource allocation for the cloud computing would provide the ease of data storage and communication (Moyer, 2013). The resource allocation at the cloud computing would provide the ease of faster data storage and communication at Aiztek. The resource allocation at the cloud computing storage would be helpful for communicating the data and management of the information at Aiztek. However, the cloud computing has brought some issues and problems for data security and information privacy for Aiztek such as dependent on the vendor, hacking methods available, and compromise of data. These issues have been discussed below, Dependency on the vendor: The cloud computing has brought out the issue of dependency on the cloud vendor and the network for accessing the data (Niesen et al., 2016). The individual member of Aiztek would have to deal with the problem of network slackness and depending on the cloud vendor for their operations and functions. Aiztek have implied the cloud computing for improving their operations and functions. However, the complete access from the end of cloud vendor would result in security flaws. The vendor end can be tampered for modifying or accessing the data of Aiztek. Methods of hacking: Computer hackers and cyber criminals have founded many ways for making the cloud system ineffective and slow (Ogie, 2016). The extraction and modification of the data would result in decreasing the overall functions of the cloud computing technology. The various ways for the hacking of data and information would comply to diminish the authenticity of the stored data. It is a primary ethical issue of the migration to the cloud structure. Data Compromise: The data and information stored over the cloud network can be stolen such as transactions and bank summary statements (Rampini Viswanathan, 2016). It can be used for harming the companys economy. The misuse of the stolen data would result in decreasing the certainty of the operations included in the cloud system operations. The cloud computing has resulted in compromising the data stored over the cloud computing structure (Sadgrove, 2016). Aiztek would have to deal with the data compromise and loss of customers information. The various benefits and issues of the cloud computing that has been stated above is responsible for the mixed reactions of the people for using the cloud computing in the Aiztek organization. Risk and threats Assessment in cloud computing This section deals with an overview of the impact of the risk of cloud computing migration and developing strategies for dealing with these risk factors. The risk mitigation strategies have been evaluated by the use of quantitative data analysis and pragmatic research process (Samaras et al., 2014). Aiztek would have to make sure that their data and information has been kept secured from infiltration and threats. Impact of risk factors at Aiztek The development of technology has resulted in increasing the efficiency of the cloud computing operations and processes in business organization (Sansurooh Williams, 2014). However, there are many issues of cloud computing migration that have grown with the development of cloud computing at Aiztek. The two primary threats of migrating to cloud services in Aiztek are loss of control on data and dependency on the cloud computing. The loss of data control has been resulted due to the implementation of the cloud computing process. The data stored over the cloud can be accessed from any location with prior authorization and authentication. The cloud service provider vendor has the complete access on the data and information stored over the cloud network (Seigneur et al., 2013). The various cyber criminals are using the access of the cloud vendor for getting into the system and extracting information from there. The dependency on the cloud vendor and the loss of control over the data has many negative effects on the operations of Aiztek such as, Lack of transparency: The people using the cloud computing services would have to deal with the transparency issue of the cloud computing system (Song Lee, 2014). The people of Aztek know that by implying the cloud computing the control of the data and information access would be shifted to cloud providers and vendors. The development of the cloud system has resulted in data security flaws and issues. The lack of transparency for the data stored over the cloud computing would result in compromising the data either from users end or from vendors end. The customers literally have no idea about the way their data is used or processed. Sensitivity of data: The data stored in the cloud computing is useful for accessing the data wirelessly from any source. The cloud storage is very sensitive data storage as there is no tangible form of security available to implement any limitations (Spears San Nicolas-Rocc, 2016). The social media sites and applications are subtle for sharing the personal information such as private photos. The cloud computing works on connection between the user and the client server and it is accessed remotely. The connection between the users and client cannot be protected always and it leads to security risks in the data sharing and transfer. Issues in legislation: The legal obligations and privacy concerns have been raised due to the redundancy of the data (Tu et al., 2015). The electronic storage of the data can result in bringing duplication of stored data and enforce the mandatory files copying. The cloud computing would have to be structured in such a way that the data duplication and redundancy is avoided. The provision of the legal laws and compliances of the cloud computing are different at different locations (Sadiku et al., 2014). The deletion of the files and following of the legislation would have to be used for securing the information and security of the information and data. Risk Mitigation planning for cloud computing in Aiztek The risk mitigation strategies consists of making a plan and implementing it for dealing with the causes of risk factors and minimizing their effect on the processes involved (Webb et al., 2014). The planning process of risk mitigation consists of four processes, namely analysis, plan, implement, and evaluation. Figure: Risk Mitigation Planning (Source: Brodin, 2015, pp-161) Analysis: The analysis phase consists of analyzing the requirements of the risk mitigation plan, the causes of risks, areas of impact of the risk, and priority of the risk (HIGH, MEDIUM, and LOW) (Yang et al., 2013). The manger of the project of implementing the cloud computing would have to analyze the risk factors and develop plan for dealing with them. Planning: The planning phase would be helpful for providing the benefit of risk mitigation planning (Weeger Gewald, 2014). The risk mitigation planning can be developed by the prioritization of individual risk and developing plan against each of them. The priority matrix is useful for providing the ease of prioritizing the risk factor for the implementing of the cloud system at Aiztek. Implementing: In this phase, the plan developed would be implemented for implying the security features of the Aiztek cloud computing implementing process. The increased efficiencies of the cloud network have to be kept secured by limiting the access and developing plan for secured data transfer. Evaluating: The evaluation phase consists of developing appropriate feedbacks from the evaluation process. The development of the cloud computing has provided the facility of the risk management. Recommendations for risk management at Aiztek The risk mitigation strategy would be helpful for developing the regulatory compliance of the security and integrity of operations in cloud computing implementation process at Aiztek. Some other risk mitigation options are provided below: Evaluation of cloud design: The design made for implementing the cloud system for Aiztek should be evaluated for dealing with the flaws in the designs (Erl et al., 2013). It would help in maintenance of the design security and fight against the design flaws. Differentiation in employee access: The differentiation of access for the trusted and non trusted employees would be helpful for limiting the chances of error in the cloud computing structure. It would limit the access of the cloud system data for the non trusted employee. Security of cloud application: The cloud application has to be implemented with security options and device oriented platform (Sharma Santharam, 2013). It would help in keeping the applications secured from any external infiltration. Creation of appropriate support: The appropriate support of the technical team would help in creating an appropriate function for the functions of cloud computing. It would form the development of the support system for the minor flaws and issues of cloud computing. Hence it can be evaluated that the risk mitigation planning (consists of analysis phase, planning phase, implementing phase, and evaluation phase) and risk mitigation strategies (like evaluation of cloud design, differentiation in employee access, security of cloud application, and creation of appropriate support) would be helpful for dealing with the issues like data lost, dependency on cloud computing vendors, and threat of unauthorized access would result in harming the functionality of the cloud system migration of Aztek. Data Security risks at Aztek The various data security risks would result in hindering the process of data leakage and misuse. The various data security risks for Aztek cloud migration project are: Lack of privacy of information due to third party hindrance: It is the most destructive information safety efforts that requires to be implemented inside the framework design of the association (Lee Still, 2015). Absence of mindfulness among the representatives causes the information burglary or information abuse by the outsider inside the association. Threats of vulnerable remote device: This is another unprotected risk to be considered as it results in increasing the occurrence of the cloud applications inside the framework design of the association. Adaptable applications are extremely full of feeling for the authoritative information (Lobelo et al., 2016). The programmer effectively gets to the information over the authoritative system so as to get the secret data from the hierarchical system. Challenges in tracking information: This is another essential danger that influences the hierarchical data security arrangement of Aztek. Moreover, the utilization of cloud administrations and portable stockpiling of information are expanding the information weakness inside the association (Mitrovic et al., 2014). The association does not have any procedure to track the authoritative classified information inside it. Administration of information and isolation of information: This is another viewpoint that is known as the best risk inside the framework design of the association that is hurting the authoritative assets and the private data inside the association (Verissimo et al., 2012). This information security hazard hampers the successful authoritative structure of the association. Leakage of information: The hierarchical workers present this hazard as they give absence of mindfulness over their gadgets and authoritative data inside the association (Vora, 2015). The programmers get points of interest from this stolen gadget that permits them to get the data from the authoritative data structure. Disappointed Employees a hazard: It is another risk required in the Cloud system migration (Ogie, 2016). There are distinctive workers inside the association who left the association because of some significant issues yet they have all the thought regarding the secret data inside the association. This viewpoint makes the framework engineering powerless and influenced. Business and individual information: There are different extents of blending of individual and hierarchical information inside the authoritative operations (Morad, 2012). This angle expands the odds of information robbery or abuse of hierarchical information. Subsequently, this another matter of information security dangers required inside the framework engineering of Aztek. Hence, the data security at Aztek has to be implemented with proper planning and security for dealing with the security risks. Conclusion It can be concluded form the report that the cloud computing had been helpful for development of many organizations as it includes the development of the remote administration of the information and data. The cloud computing had provided the benefit of deploying faster data access and support for the business organization. The migration of cloud at Aztek has been initiated for improving the operations of business organization. The Cloud Computing had provided the most suitable benefit of data access and management for business organizations. The benefits of cloud computing technology would help in providing benefits of Scalable security functions, Prioritization of the security feature, Resource concentration, Operational benefits and control, and Time effective processes. However, the technical requirements of the cloud computing has made it evitable for some issues and flaws like technical risk, strategy risk, dependency on the vendor, methods of hacking, and data compromise. The study had shown that these issues and flaws of cloud computing at Aztek had resulted in lack of transparency, sensitivity of data, and issues in legislation. The risk assessment consists of risk mitigation planning (consists of analysis phase, planning phase, implementing phase, and evaluation phase) and risk mitigation strategies (like evaluation of cloud design, differentiation in employee access, security of cloud application, and creation of appropriate support) that would be helpful for dealing with the issues like data lost, dependency on cloud computing vendors, and threat of unauthorized access. The data security flaws include the redundancy of data stored in the cloud computing. References Agudelo, C. A., Bosua, R., Ahmad, A., Maynard, S. B. (2016). Understanding Knowledge Leakage BYOD (Bring Your Own Device): A Mobile Worker Perspective.arXiv preprint arXiv:1606.01450. Bello, A. G. (2015).A Framework for Investigating, Assessing, Understanding, and Controlling the Information Security and Privacy Risks in BYOD Environments. Bessis, J., O'Kelly, B. (2015).Risk management in banking. John Wiley Sons. Brodin, M. (2015). Combining ISMS with strategic management: The case of BYOD. In8th IADIS International Conference on Information Systems 2015, 1416 March, Madeira, Portugal(pp. 161-168). IADIS Press. Brodin, M., Rose, J., hlfeldt, R. M. (2015). Management issues for Bring Your Own Device. InEuropean, Mediterranean Middle Eastern Conference on Information Systems 2015 (EMCIS2015). Chance, D. M., Brooks, R. (2015).Introduction to derivatives and risk management. Cengage Learning. Cole, S., Gin, X., Tobacman, J., Topalova, P., Townsend, R., Vickery, J. (2013). Barriers to household risk management: Evidence from India.American Economic Journal: Applied Economics,5(1), 104-135. Erl, T., Puttini, R., Mahmood, Z. (2013).Cloud computing: concepts, technology, architecture. Pearson Education. Garca, A. G., Espert, I. B., Garca, V. H. (2014). SLA-driven dynamic cloud resource management.Future Generation Computer Systems,31, 1-11. Ghosh, A., Gajar, P. K., Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies.Journal of Global Research in Computer Science,4(4), 62-70. He, P., Wang, P., Gao, J., Tang, B. (2015). City-Wide Smart Healthcare Appointment Systems Based on Cloud Data Virtualization PaaS.International Journal of Multimedia and Ubiquitous Engineering,10(2), 371-382. Keyes, J. (2013).Bring your own devices (BYOD) survival guide. CRC press. Lee, L., Still, J. D. (2015, August). Re-designing Permission Requirements to Encourage BYOD Policy Adherence. InInternational Conference on Human Aspects of Information Security, Privacy, and Trust(pp. 369-378). Springer International Publishing. Lobelo, F., Kelli, H. M., Tejedor, S. C., Pratt, M., McConnell, M. V., Martin, S. S., Welk, G. J. (2016). The Wild Wild West: A Framework to Integrate mHealth Software Applications and Wearables to Support Physical Activity Assessment, Counseling and Interventions for Cardiovascular Disease Risk Reduction.Progress in cardiovascular diseases,58(6), 584-594. Mitrovic, Z., Veljkovic, I., Whyte, G., Thompson, K. (2014, November). Introducing BYOD in an organisation: the risk and customer services view points. InThe 1st Namibia Customer Service Awards Conference(pp. 1-26). Morad, S. (2012). Amazon Virtual Private Cloud Connectivity Options.White Paper, October. Moshir, S., Moshir, K. K., Khanban, A. A., Mashatian, S. (2014).U.S. Patent Application No. 14/170,449. Moyer, J. E. (2013). Managing mobile devices in hospitals: A literature review of BYOD policies and usage.Journal of Hospital Librarianship,13(3), 197-208. Niesen, T., Houy, C., Fettke, P., Loos, P. (2016, January). Towards an Integrative Big Data Analysis Framework for Data-Driven Risk Management in Industry 4.0. In2016 49th Hawaii International Conference on System Sciences (HICSS)(pp. 5065-5074). IEEE. Ogie, R. (2016). Bring Your Own Device: An overview of risk assessment.IEEE Consumer Electronics Magazine,5(1), 114-119. Pahl, C. (2015). Containerisation and the PaaS cloud.IEEE Cloud Computing,2(3), 24-31. Rampini, A. A., Viswanathan, S. (2016).Household risk management(No. w22293). National Bureau of Economic Research. Sadgrove, K. (2016).The complete guide to business risk management. Routledge. Sadiku, M. N., Musa, S. M., Momoh, O. D. (2014). Cloud computing: opportunities and challenges.IEEE potentials,33(1), 34-36. Samaras, V., Daskapan, S., Ahmad, R., Ray, S. K. (2014, November). An enterprise security architecture for accessing SaaS cloud services with BYOD. InTelecommunication Networks and Applications Conference (ATNAC), 2014 Australasian(pp. 129-134). IEEE. Sansurooh, K., Williams, P. A. (2014). BYOD in ehealth: Herding cats and stable doors, or a catastrophe waiting to happen?. Seigneur, J. M., Klndorfer, P., Busch, M., Hochleitner, C. (2013). A Survey of Trust and Risk Metrics for a BYOD Mobile Worker World: Third International Conference on Social Eco-Informatics. Sharma, V. S., Santharam, A. (2013, December). Implementing a Resilient Application Architecture for State Management on a PaaS Cloud. InCloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on(Vol. 1, pp. 142-147). IEEE. Song, M., Lee, K. (2014). Proposal of MDM management framework for BYOD use of large companies.International Journal of Smart Home,8(1), 123-128. Spears, J. L., San Nicolas-Rocca, T. (2016, January). Information Security Capacity Building in Community-Based Organizations: Examining the Effects of Knowledge Transfer. In2016 49th Hawaii International Conference on System Sciences (HICSS)(pp. 4011-4020). IEEE. Tu, Z., Turel, O., Yuan, Y., Archer, N. (2015). Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination.Information Management,52(4), 506-517. Verissimo, P., Bessani, A., Pasin, M. (2012, June). The TClouds architecture: Open and resilient cloud-of-clouds computing. InIEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012)(pp. 1-6). IEEE. Vora, S. B. (2015). DATA BACKUP ON: CLOUD COMPUTING TECHNOLOGY IN DIGITAL LIBRARIES PERSPECTIVE.Journal of Global Research in Computer Science,5(12), 12-16. Webb, J., Ahmad, A., Maynard, S. B., Shanks, G. (2014). A situation awareness model for information security risk management.Computers security,44, 1-15. Weeger, A., Gewald, H. (2014). Factors Influencing Future Employees Decision-Making to Participate in a BYOD Program: Does Risk Matter?. Yang, T. A., Vlas, R., Yang, A., Vlas, C. (2013, September). Risk Management in the Era of BYOD: The Quintet of Technology Adoption, Controls, Liabilities, User Perception, and User Behavior. InSocial Computing (SocialCom), 2013 International Conference on(pp. 411-416). IEEE.