Module 8 Assignment
docx
keyboard_arrow_up
School
California State University, Fullerton *
*We aren’t endorsed by this school
Course
1964
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
8
Uploaded by marttiatoo
Running Header: RISK MANAGEMENT FOR CLOUD BASED SYSTEMS
1
Module 8 Assignment: Risk Management for Cloud Based Systems
Name: Prapullah Gummapu
ID: 545259
Cloud Computer Security
August 19, 2023
2
Introduction
As a direct result of the tremendous acceleration of technological innovation that has
taken place in recent years, cloud-based systems have emerged as an essential component of
the day-to-day operations of many organizations in recent years. Increasingly, companies
worldwide rely on cloud-based technologies as part of their regular operations (El-
Haddadeh,2019). However, these systems introduce new risks that must be addressed because
they rely on shared infrastructure and services provided by external vendors. We must protect
ourselves from these threats. There needs to be a response to these dangers. The
identification, evaluation, and mitigation of risks associated with using cloud computing
services is risk management in cloud-based systems (El-Haddadeh,2019).
It is possible to divide this procedure into three distinct phases: detection, analysis,
and control. This process has three steps: observation, evaluation, and management. Data
breaches and service interruptions are two of the many potential risks, alongside
noncompliance with legislation and vendor lock-in (Lou, 2020). Not being able to meet rules
and getting stuck with a single provider are two other possible dangers. Therefore, businesses
must be thoroughly aware of the various risk management approaches to mitigate the impact
of potential hazards on their operations. One strategy for accomplishing this is to conduct
extensive research into risk management. Examining the significance of risk management for
cloud-based systems, the challenges of doing so in the present technological landscape, and
the most effective approaches there are now to do so are the goals of this study (Lou, 2020).
Risk Identification:
Learn about the risks that can arise from utilizing cloud services in your business, so
you can prepare adequately. Data breaches, unauthorized access, lost data, interrupted
services, vendor lock-in, compliance violations, and possibly many more problems are among
the many that could arise (Tuli, 2020).
3
Analyze the risk:
Examining its scope can begin as soon as the potential threat is identified. The
possible outcomes and the likelihood of the dangers occurring are both calculated. Probability
in cloud computing is determined by weighing the system's vulnerabilities, the consequences
of those vulnerabilities being exploited, and the threats to the system. You can use this
formula to calculate the likelihood of an event. During the analysis phase, a company learns
more about the nature of risk and how it could affect its objectives (El-Haddadeh,2019).
Evaluate the risk:
The risks are then ranked by how likely they are to materialize and how much of an
impact they may have on information security if they do. The dangers are prioritized
according to how likely they are to appear. The next step is for the organization to determine
if the risk is severe enough to warrant intervention or is manageable (Lou, 2020).
Treat the risk:
At this point, attempts are being undertaken to either eliminate the most urgent risks
or reduce them to a level that the population can tolerate. Motivating the creation of
preventative measures and risk-mitigation processes lies in maximizing the potential benefits
from opportunities while decreasing the likelihood of unfavourable results. The necessary
assessment processes are carried out once the security controls within the cloud computing
system have been implemented. It is done to determine whether or not the security measures
have successfully produced the desired outcome (Tuli, 2020).
Monitor or Review the risk:
Maintain a consistent monitoring routine to check on the preventative actions taken to
ensure the safety of the cloud's underlying infrastructure. As part of this process, you are
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
required to analyze the efficiency of the controls, and you must keep a record of any
modifications you make to the system or the environment in which employees are required to
work. To appropriately follow up on risks as part of the risk mitigation plan, it is essential to
regularly monitor and document both newly emerging threats and pre-existing hazards. After
that, it will be feasible to follow up on risks effectively (El-Haddadeh,2019).
Types of Risks in Cloud Computing:
In the following paragraphs, we will discuss some of the most severe risks associated
with cloud computing.
Data Breach:
A data breach occurs if an unauthorized third party, such as a hacker, acquires access
to confidential information and uses it without the permission or knowledge of the data's
owner. Hackers are a typical example of something that falls within this category. When a
corporation chooses to store its data in the cloud, it does so at the endpoint of the cloud
service provider, which may be situated in a different nation from the firm's headquarters. It
indicates that if the CSP's servers are attacked, the attack may harm the data of every one of
its customers (Lou, 2020).
Cloud Vendor Security Risk:
Every company uses at least part of various vendors' many cloud computing services.
If these cloud providers can't reliably protect data and lessen associated risks, it will severely
and immediately affect the company's ability to operate and grow. With so many user
interfaces and service options available from different cloud providers, it might take a lot of
work to make the switch. As a result, it might not be easy to transition from one cloud service
to another (Tuli, 2020).
5
Data Classification:
Make sure your data is segmented into a few different categories according to the
level of significance or sensitivity each of those groups has. It will assist in adopting
appropriate security measures for the numerous distinct sorts of data that need to be secured
(El-Haddadeh,2019).
Data Encryption:
Encrypt the data not only when it is being transferred but also while it is being stored.
If data is encrypted, even if it is intercepted or hacked in some other way, the data will remain
unintelligible as long as the required decryption keys are not utilized. It is true even if the
data has been hacked (Lou, 2020).
Compliance and Legal Considerations:
If you want to ensure that your company stays on the right side of the law at all times,
you need to educate yourself on the regulations and laws pertaining to your firm's data and
activities. If your present provider of cloud services does not meet all of these requirements,
consider switching to a different one (Tuli, 2020).
Availability:
If the cloud provider's services are disrupted in any manner, such as when an internet
connection is lost, the services will be rendered useless. It may happen, for example, if a
power outage occurs. Depending on who you ask, this behaviour could appear on the user's or
the cloud service provider's end. In each case, there is a chance of it happening. When
developing an efficient plan for risk management, accessibility of services should always take
precedence over any other factors to be considered. It can be accomplished by building
6
redundancy into the cloud servers, such that even if one server has a breakdown, the other
servers will still be able to continue providing the necessary services (El-Haddadeh,2019).
Compliance:
The service provider may need help to meet the conditions of the external audit
technique. It is a possibility. If something like this were to take place, the safety of the final
customer would be put in jeopardy. Suppose there needed to be more protection and
agreements in place (Lou, 2020). In that case, the company might be liable if the cloud
service provider's negligence led to a data breach that exposed sensitive personal data. It
would be the case only if insufficient protection and agreements existed. If the data breach
revealed sensitive information, this would be the situation that would occur. The security flaw
was caused by the cloud computing service provider, who was also accountable for the
incident (Lou, 2020).
Importance of Risk Management in Cloud-Based Systems:
Risk management must be carried out in accordance with accepted standards of
practice to ensure the security and dependability of data stored in the cloud. It is the only
option for protecting sensitive information. Corporations and other organizations should
conduct a complete risk assessment to understand better the specific risks and exposures
offered by their cloud environment. Examining the cloud service provider's security and
access policies is an essential first step. Second, businesses should have well-articulated
policies and procedures for handling data, regulating access, and responding to incidents.
Multi-factor authentication, frequent backups, and strong passwords are all necessary to
prevent illegal entry (Tuli, 2020). Third, companies should routinely inspect their cloud
infrastructure for any indications of difficulty and address them as soon as they are
discovered. It is made feasible by tools that continuously scan, monitor and test the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
surrounding environment. Lastly, firms must invest heavily in educating their staff on risk
management in cloud-based systems, including recognizing threats, developing
countermeasures, and understanding their roles and responsibilities. Investing in employee
training and education should be a top priority for any business. Organizations can prevent
the loss of their most sensitive information by adhering to these suggestions for reducing the
risks associated with cloud computing (Tuli, 2020).
Conclusion
In conclusion, the approaching tendencies and expanding hazards associated with
cloud-based systems underline the importance of proper risk management solutions. It is
projected that cloud computing will become increasingly common over time, unavoidably
resulting in new problems and questions without answers. Concerns such as data breaches,
system breakdowns, and lock-in agreements with vendors are among the most critical issues
for which businesses must find answers. In addition, recent developments in fields such as the
Internet of Things, artificial intelligence (AI), and edge computing have introduced new
dangers, calling for innovative risk management approaches. To limit the impact of these
threats, organizations need to do several things, including establishing stringent security
policies, constantly monitoring and upgrading their systems, and creating solid connections
with cloud service providers in whom they can put their faith. All of these things need to be
done. In addition, to successfully manage risks in cloud-based systems, it is required to
conduct frequent risk assessments and put into place the best practices created in the industry.
It is necessary to achieve success in risk management. Companies can deal with the new
trends and growing hazards associated with cloud computing if they implement risk
management procedures and take safeguards to secure their most valuable data and
operations.
8
References
El-Haddadeh R. (2018). The impact of digital innovation dynamics on organizational
adoption of cloud computing services. IT Frontiers, 22(4),985-999.
doi:10.1007/s10796-019-09912-2
Lou H. (2019). Massive ship fault data retrieval technique for difficult cloud queries. Journal
of coastal research, 93(Sp1),1013-1018. doi:10.2112/SI93-146.1
Tuli KR. (2020). Marketing ramifications of software businesses' cloud computing
transformation on shareholder wealth. Journal of marketing science, 50(3),538-562.
doi:10.1007/s11747-021-00818-7