Week 4 Assignment

docx

School

Brigham Young University, Idaho *

*We aren’t endorsed by this school

Course

531

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

6

Uploaded by niiquash

Report
1 Week 4 Assignment Ammon Nii Atiapa Quarshie School of Computer Information Science, University of the Cumberlands ITS-532-B03: Cloud Computing Dr. Barcus Jackson November 14, 2023
2 Malicious Employee Threat Mitigation Securing cloud computing environments from internal threats, especially those posed by malicious employees, presents a set of challenges and complexities. As businesses and organizations increasingly rely on cloud infrastructure to store and process sensitive data, the potential for insider threats becomes more critical. Malicious employees with access to cloud systems can compromise data integrity, confidentiality, and availability. This makes necessary a comprehensive and proactive security strategy tailored to the unique dynamics of cloud computing. In this context, mitigating the risk of malicious insiders involves not only traditional security measures but also requires leveraging cloud-specific controls, monitoring mechanisms, and user behavior analytics to ensure a resilient defense against internal threats within the dynamic landscape of cloud environments. According to Mahajan & Sharma (2015), a malicious insider refers to an employee of the Cloud Service Provider who exploits their position for personal gain or other malicious objectives, such as disgruntled employees seeking retribution. The risk posed by a malicious insider is widely acknowledged by most organizations. For consumers of cloud services, this threat is magnified due to the integration of IT services and customers within a unified management domain, coupled with a general lack of transparency regarding provider processes and procedures. In addition to complexity, there is typically limited visibility into the hiring standards and practices for cloud employees. This situation becomes an enticing opportunity for potential adversaries, ranging from amateur hackers to organized crime or even nation-state sponsored intrusions. The level of access granted in such scenarios could empower adversaries to acquire confidential data or assume complete control over cloud services with minimal risk of detection.
3 Mahajan & Sharma (2015), further explain the motives that may be behind malicious employees’ attacks. Hackers engage in various motives, each driven by different goals and intentions. First and foremost, the allure of stealing valuable data serves as a significant motivation. Data stored on the internet often holds immense value, some even valued in millions of dollars. Gaining access to such valuable information provides hackers with the means to generate revenue, as exemplified by instances like WikiLeaks. Another motivation lies in causing controversy; certain attackers thrive on the thrill of chaos, and the internet, particularly the Cloud, becomes an appealing medium for its popularity and the likelihood of successful data theft. Additionally, revenge can be a powerful motivator, especially for former employees who, having lost their positions, may express dissatisfaction by hacking into their former organization's network, a task made easier when the organization utilizes Cloud services. Conversely, some hackers adopt a helpful approach, identifying security flaws in an organization's system to aid in improvement. Others seek to prove their intellect and gain prestige by targeting large organizations with robust security mechanisms, turning hacking into a career. Lastly, a group of hackers may act out of sheer curiosity, wanting to learn more about a company or organization. While their intent may not be malicious, their actions can still pose a danger, even if unintentional rule-breaking is involved. In recent events, many organizations have had to deal with insider threats. One major incident occurred at General Electric (GE). In a well-known case of insider threat, two employees at General Electric (GE) executed a scheme involving the unauthorized download of numerous files containing trade secrets from the company's servers. Subsequently, these files were either uploaded to cloud storage or sent to private email addresses. Additionally, the malicious insiders managed to persuade a system administrator to grant them improper access to
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 sensitive corporate data. The aftermath of their actions unfolded as one of the employees established a new company utilizing the stolen intellectual property, focusing on advanced computer models crucial for precisely calibrating turbines in power plants. This new entity directly competed with GE in turbine calibration tenders, offering significantly lower bids. Unsurprisingly, GE lost multiple bids to this new, competitively priced rival. Upon discovering that the company was founded by their former employee, GE reported the incident to the FBI. Subsequently, the FBI conducted a multi-year investigation, resulting in the conviction and imprisonment of both malicious insiders in 2020. As part of their sentencing, they were fined $1.4 million in restitution to General Electric ( Trade Secret Theft, 2020). Data Centers at Risk to Natural Disasters Practicing risk mitigation is essential for every business, especially when safeguarding your IT infrastructure, which is as crucial to your mission as the data and applications it supports. While downtime may result from various known and unforeseen factors, in approximately one- third of cases (33.9%), a singular cause can be identified: natural disasters (gipnetworks, 2022). Data centers are vulnerable to a variety of natural disasters that can have devastating consequences. Hurricanes and tornadoes, driven by high winds, pose a significant threat, with evidence indicating an increase in both the frequency and severity of these atmospheric catastrophes. Regardless of the careful selection of your data center site, the unpredictable nature of these events emphasizes the importance of preparedness. Also, erratic weather phenomena, such as blizzards or severe ice storms, can not only inflict physical damage to the infrastructure but also hinder staff access when roads become impassable. Earthquakes, a global concern with approximately 55 reported each day, present a unique challenge even in regions considered low-risk. Despite seismic enhancements, a direct impact
5 could lead to catastrophic outcomes. Power outages, caused by lightning storms or overloaded power grids, underscore the necessity for a data center's self-sustainability in the face of utility failures. While generators are a common backup, diversifying power sources can significantly reduce the risk of prolonged outages. Flash floods and wildfires further contribute to the list of potential threats, emphasizing the importance of selecting a data center location free from these hazards. In the event of utility feed outages, both floods and fires can obstruct fuel truck access to generators, resulting in operational downtime. The multifaceted nature of these risks underscores the need for comprehensive disaster planning and mitigation strategies for data center security. A news report by Babcock (2015) iterates an example of a fire disaster that occurred to a Samsung data center in Korea. On April 20, 2014, a fire erupted in the heart of an office building located in Gwacheon, South Korea, originating in the Samsung SDS data center situated within the premises. In response to the incident, both the Samsung IT staff and occupants of the building underwent evacuation procedures, with only one staff member sustaining minor injuries, including cuts and scratches from falling debris, as reported by Data Center Knowledge. The repercussions extended to users of Samsung devices, encompassing smartphones, tablets, and smart TVs, who experienced a loss of access to their data. During the aftermath, users were unable to retrieve content for several hours until recovery systems in a secondary Gwacheon data center were able to reinstate services. This disruption prompted Samsung officials to issue a public apology via a blog post, acknowledging the inconvenience caused to their user base.
6 References Babcock, C. (2015, June 7). 7 Data center disasters you’ll never see coming | InformationWeek . (n.d.). https://www.informationweek.com/it-infrastructure/7-data-center-disasters-you-ll- never-see-coming gipnetworks. (2022, April 11). 6 Disasters likely to impact your data center - Global IP Network . Global IP Network. https://gipnetworks.com/6-disasters-likely-to-impact-your-data- center/ Mahajan, A., & Sharma, S. (2015). The malicious insiders threat in the cloud . International Journal of Engineering Research and General Science , 3(2), 245-256. Trade secret theft . (2020, July 29). Federal Bureau of Investigation. https://www.fbi.gov/news/stories/two-guilty-in-theft-of-trade-secrets-from-ge-072920
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

MEM07032 - THEORY - Use workshop machines for basic operations - PRE LEARNING: Attempt review.pdf
TML_Assignment_2.pdf
Outline of Lit Review.docx
written_assignment_3.docx
Collaborative Perspectives .docx
ECE 231 - Fall 2023 - HW2 - Solutions.pdf
ECE 231 - Fall 2023 - HW4 - Solutions.pdf
Homework8_Solutions.pdf
hw9.pdf
TECH170_Lab3_JasmaandipSinghGill_N01461801.docx
hw7.pdf
hw6.pdf
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781305627482
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781285196145
Author:Steven, Steven Morris, Carlos Coronel, Carlos, Coronel, Carlos; Morris, Carlos Coronel and Steven Morris, Carlos Coronel; Steven Morris, Steven Morris; Carlos Coronel
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
SEE MORE TEXTBOOKS