Table of Contents
1.0. Introduction 2
2.0 Privacy strategy for personal data 2
3.0 Recommended privacy controls 6
4.0 Personal data protection strategy 8
5.0 Recommended data protection controls 10
6.0. Conclusion 12
7.0 References 13
The significant purpose of the report is to deal with the potential implication of the cloud computing technology in respect to the overall aspects of the cloud computing methodology that will significantly help the selected domain of the Australian Government. The Department of the Administrative Services (DAS) are significantly related with the overall services that enhances the other departments within the Government. The DAS is set to implement the shared systems approach in respect to the implication of the cloud computing methodology. The purpose of the report depends on the fact of the strategic approaches that will be adhered in respect to the overall management of the cloud services thus enhancing the services in respect to the related departments (Rao & Selvamani, 2015). The next sections of the report will primarily focus on the overall management of the cloud computing approach by the organization of DAS.
2.0 Privacy strategy for personal data
The first adherence in respect to the implementation of the cloud computing technology within the environment of DAS is depicted as the security as well as the privacy of the data associated with the organization. It is potentially identified that the organization supports or endures different departments within the Government of Australia. The significant approach in respect to the centralization of the data within the different departments will be a noteworthy implementation in respect to the services provided by the Government.
This implementation thus needs to store the data of the overall users that are facilitated by the various services that are provided by DAS. The organization also tends to merge the HR management system of themselves within this approach (Shaikh & Sasikumar, 2015). Thus it can be identified that there will a significant huge amount of data that is to be stored within the shared resources section. The HR portal will also possess the facility of the Performance evaluation as well as management of the employees associated within the organization. Thus it will also be adhered that the data of the employees will also be stored by the help of this approach (Latif et al. 2014). Most importantly it can also be signified that these data will comprise of important personal details which are to be provided with potential security.
The organization must tend to ensure that the data provide or stored within the cloud approach of the organization is kept with effective security as well as data privacy methods. There are various methodology or strategies which are analysed to be significant in respect to the protection of the data (Kalaiprasath, Elankavi & Udayakumar, 2017). The protection in respect to the private data is associated to maintain a level of security in respect to the overall management of the data within the environment of DAS. The significant strategies that are identified to be adhered in respect to the overall management of the data thus providing significant security as well as privacy in respect to the organizational premises are analysed within this section.
The first potential approach is identified as the assurance from the upper management of the organization regarding the implications of the security policies as well as conditions related to data privacy (Jouini & Rabai, 2019). The development of a data privacy strategy is a noteworthy approach in respect to the overall management of the data within the cloud computing approach.
The second strategy is identified as the recruitment of a Data Protection Officer who will be in the overall authority regarding the maintenance of the overall data stored within the organization (Ahmed & Hossain, 2014). The person will be responsible for maintaining a significant environment where data privacy will be provided in respect to the adhered terms and conditions provided by the DPO.
The next strategy will be dealing with the significant knowledge of the data type that are being stored within the organization, to which the requirements of the level related to data privacy and security will be set up. The requirement of the security levels will also depend on the regulations that are provided by the Government of Australia. This will provide an enhanced level of security in respect to the overall data that are being stored within the organization.
The next strategy significantly deals with the overall analysis as well as management of the risks that may arise within the environment of the data security in DAS. The inventory related with the implementation procedure, the requirements related with the data privacy and the relevant risk management framework will be depicted to be significant in respect to the overall management of the data security of DAS (Sun et al., 2014). The vulnerability as well as the threats related with the maintenance of the data within the organization is to be significantly identified in respect to the overall management of the data within the cloud computing technology that are to be implemented by DAS.
The implementation of the significant data privacy controls in respect to the overall data associated with DAS is depicted to be significant in respect to the maintenance of the data security thus adhering the privacy of data (Saravanakumar & Arun, 2014). This will also comprise of the fact that the organization must tend to imply a potential Risk Treatment Plan which will adhere the emergence of the sudden risks associated within the organizational premises. This plan will be effectively developed in respect to the associated management of the Australian Government as well as significantly develop the standards that will help in the identification, mitigation as well as acceptance of the related risks.
The most significant part associated with the control of the data privacy as well as security is identified to be the training as well as the awareness programs related with the effective management of the risks (Krishna et al., 2016). This will potentially adhere the staff related in the IT department, the associated security team, the auditors, the legal advisors as well as the DPO may also be provided with the training modules thus enhancing the security of the data (Rasheed, 2014). This will enhance the overall management of the risks associated with the data which are stored within the cloud computing methodology of DAS.
The last important strategy that is to be developed with respect to the implementation of the cloud computing methodology is depicted to be the fact of compliance as well as monitoring the overall development and implementation procedure (Choo, 2014). This will significantly help the organization to be effective in respect to the implementation as well as storage of the user’s personal data in respect to the organization of DAS. This will potentially help the organization to deal with the effective management of the cloud services thus providing an enhanced support to the organization related with the data privacy as well as security methods (Kumar, Lakshmi & Balamurugan, 2015). Thus the overall implementation of the cloud computing methodology in respect to the stated organization will help DAS to safe keep the overall data of the users as well as the employees associated within the organization.
3.0 Recommended privacy controls
The privacy controls in respect to the overall implementation of the cloud computing is depicted to be an effective methodology in respect to the security of the data hat are potentially stored within the system (Cayirci et al., 2014). This section will significantly adhere the effective privacy controls that may be necessary for providing enhanced security in respect to the data stored in the cloud system of DAS.
The primary recommendation may be stated as the restriction of the data to be stored in the cloud systems. The sensitive information is depicted not to be stored within the cloud systems so that there remains no significant challenges or issues in respect to the data stored within the cloud systems (Hendre & Joshi, 2015). This necessary recommendation is depicted to be effective, however there are limitations to the storage of the data.
The next recommendation that is analysed in respect to the effective privacy control within the cloud systems of the organization is depicted as the user license agreement that will help DAS to deal with the effective terms and conditions regarding the usage of the security policies as well as security in respect to the data stored in the cloud.
The adherence of the password policy in respect to the overall management of the data stored in the cloud is also depicted to be a useful recommendations in respect to the security of the data (Rao, 2016). The acceptance of the strong password policy in respect to the development of the password is depicted to be effective in respect to the overall management of the data stored in the cloud systems of DAS. A strong password is recommended to possess a small alphabet, a capital alphabet, special character and a number thus identifying space as a non-accepted criteria.
The significant usage of the encryption keys are depicted to be a useful strategy in respect to the storage of the data within the cloud architecture of the Australian Government. This will help the organization to develop a significant encryption module thus maintaining an effective data privacy as well as security within the organization of DAS. The proper maintenance of the security modules in respect to the encryption as well as decryption of the passwords and the data are depicted as an important aspect related with the security module. The effective usage of the different modules in respect to the data protection as well as security of the volume of data associated with the DAS (Xiong et al. 2015). The encryption related with the data security is depicted to be an enhanced methodology in respect to the management of the data within the organizational department of DAS. The usage of the significant encryption systems is analysed to be effective in respect to the management of the data to be accessible in respect to the organization supported by the Australian Government.
The significant recommendation in respect to the usage of the cloud services to be encrypted in respect to the usage of the encrypted cloud services that will enhance the storage of the data within the implemented organization of DAS. This will help the organization to deal with the effective management of the significant data associated with the different sets of departments (Cuzzocrea, 2014). The effective usage of the overall encrypted services it can be well determined that the organization of DAS will be effective in respect to provide effective services to the other significant departments to whom, it intends to provide services.
Thus the overall state recommendations intends to help the users as well as the employees with the significant usage of the different techniques which will help the organization of DAS to safe keep the data which will be stored in the cloud systems of the stated organization (Nepal & Pathan, 2014). Thus the overall aspects of the implementation of cloud computing will help the organization to be effective in regards to the associated data within the organization.
4.0 Personal data protection strategy
The data protection strategy that is associated in respect to the protection of the data that are stored within the cloud computing services are depicted within this section. The overall management of the data within the data protection methodology will be analysed in respect to the fact that the data protection is the main aspect related to the cloud computing services. The significant strategies that must be adhered by the organization of DAS will be discussed below.
The first noteworthy strategy related with the effective data protection within the cloud services are identified as the recovery as well potential back up of data. The important association in respect to the data recovery is analysed to be an effective strategy in respect to the data protection within the cloud servers (Shaikh & Sasikumar, 2015). The significant usage of the overall clod services will intend to help the organization to keep a safe track of the data present within the cloud services (Gahi, Guennoun & Mouftah, 2016). The effective usage of the data protection rules also enhances the overall protection of the data thus enhancing the overall management of the data thus analysing the fact that the cloud services will be effectively dealing with the significant collection of the data as well as helps the organization to maintain the data in the long run. These rules intends to provide effective knowledge in respect to the overall management of the data that is associated with the cloud computing services that are used by the organization of DAS thus enhancing the overall management of data (Sugumaran, Murugan & Kamalraj, 2014). This will be effective in respect to the different data protection approaches associated with the effective knowledge of the data protection methodologies.
Secondly the strategy that can be identified for the protection of personal data for DAS include effective management of the personal information needs involves accurate management of the data that is stored in the database (Gholami & Laure, 2016). One strategy for managing and protection of the personal information involves understanding the process in which data can be processed in a fair and lawful manner. Adequate information keeping is necessary for managing the accurate information flow within the project. Accurate information flow from the centralized database is needed to be ascertained as a part of protecting the personal information that are stored in the database. Along with that, authorized access and disclosure of the personal information is critical to ascertain complete data protection (Yu et al., 2016). Use of personal digital identities while accessing the data stored in the database is necessary to establish a complete control on the personal information that is associated with DAS.
The personal data stored over the centralized database becomes increasingly valuable and protection of the same falls under the responsibility of the organization. The data protection strategy that is proposed further involves processing of the data in a secure manner so that any unauthorized access can be easily prevented. The organization should be obliged to collect data after taking permission of the individual (Li et al. 2016). The personal data protection strategy involves use of the collected data after taking permission from the individual whose data is being used. Along with that the permission for data protection further involves providing data access to the individuals who are trusted enough to access the confidential information that is stored over the database.
The unique personal digital identity that is provided to each of the individuals is a crucial step towards safeguarding the data that is being stored. The unique digital ID will restrict the illegal or unauthorized data usage (Worku et al., 2014). This is a crucial need for ascertaining that the data is not accessed by any unauthorized individual. The use of personal digital identity can be defined as a process oriented strategy that will help DAS in establishing the major organizational aspects of handling the personal data and information. Along with development of an effective data protection strategy, it is quite needed to enforce premium control on the data security risks that have been identified so that the changes that have been brought into the organization does not risks the privacy and the confidentiality of the existing data that is stored. The various recommendations for mitigation of the identified security risks that might risk the information possessing of DAS is elaborately discussed in the following section.
5.0 Recommended data protection controls
The cloud usage establishes various data security risks that are needed to be addressed so that the risk of unauthorized or illegal data access can be mitigated. The mitigation of the identified data security risk is linked with identification of the controls that can help in protection of the privacy of the data that is stored.
The malware infection on the network and the database is a critical data security risk linked with the usage of cloud. Therefore, identification of proper control measures for mitigation of this risk is of foremost importance. The recommended control for protection of the network, data and the server against the risk of malware infection involves use of up to date security system and proper antivirus so that risk of malware infection is completely eliminated.
The loss of control over the users’ action can subsequently increase the data security risk linked with migration to cloud. DAS needs to have a control on the individuals who are provided with the rights of data access (Ab Rahman, Cahyani & Choo, 2017). Loss of control on the same might increase the data security risk. This can be linked to the insider threats that are quite common in cloud computing. For example, an ex-employee of an organization having an access to the data stored might be a threat to the organization. Thus DAS needs to have a control on the process employees who are given an access to the information stored.
The data security risk that has been identified further include threats linked with phishing. Phishing is a common technique that is used for retrieval of the information stored in an organization. The control measure that is recommended against this risk involves providing proper training to the staffs regarding the concept of phishing scams and the method of safeguarding the data against the phishing scams. The protection of the privacy and confidentiality of the stored data is quite essential to address majority of the data security risks that can be faced.
Along with the mitigation of the identified data security risk, it is necessary to implement an effective personal data protection strategy so that the confidentiality of the stored data can be maintained. The implementation of the strategy for personal data protection is subjected to understanding the major data security risk that can arise with the storage of data over cloud (Wei et al., 2014). All the individual users of the organization are needed to be trained about the various issues and the security threats that might be faced while accessing the data in the cloud. The process of implementation of personal data protection strategy in DAS are indicated as follows-
- The individuals who have an access to the unique digital identity should ensure proper security of the same. The unique digital ID by no means should be leaked to any individual who is not supposed to access that data.
- The individuals need to have a correct idea of the personal data protection strategy that is being proposed so that they can act accordingly. Various strategies are made for protection of the personal data and the employees are needed to have an idea of the same so that the risks and issues can be mitigated.
- Data breach in cloud have increased in the recent years and therefore, appropriate protection against the same are needed to be taken. It is recommended that every individual who have an access to the data is accessing the data in a secure manner. The data protection strategy can provide a guideline for secure data access.
- The data storage should be done in an encrypted manner so that the access to the data can be provided to the individuals who are allowed to access the data. All the operations related to data access and control should be done under thorough supervision so that illegal access to the same can be prevented.
The above discussed points indicate the strategies that can be considered for protection of the personal data in the DAS. Apart from mitigation of the identified data security risk, it is essential for the individuals to understand the need for safeguarding the stored data so that the chances of unauthorized data access can be prevented.
The report aims in understanding the major aspects of cloud computing and its related data security risk. The report discusses the major security aspect for making use of cloud first approach in data storage. The organization has been moving to SaaS instance and this leads to increase in the major security risks. The use of SaaS is linked with certain major privacy and data security issues. The report discusses the main data security risks and issues in cloud against which various privacy proposal for DAS is proposed. The privacy strategy that is proposed is linked with the use and disclosure of personal information along with the use and disclosure of personal information. The report further discusses and recommends certain controls for implementation of the privacy strategy. Along with that the personal data protection strategy and the controls for identified security is proposed in the report.
Ab Rahman, N. H., Cahyani, N. D. W., & Choo, K. K. R. (2017). Cloud incident handling and forensic‐by‐design: cloud storage as a case study. Concurrency and Computation: Practice and Experience, 29(14), e3868.
Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the cloud. International Journal of Network Security & Its Applications, 6(1), 25.
Cayirci, E., Garaga, A., Santana, A., & Roudier, Y. (2014, December). A cloud adoption risk assessment model. In 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing (pp. 908-913). IEEE.
Choo, K. K. R. (2014). A cloud security risk-management strategy. IEEE Cloud Computing, 1(2), 52-56.
Cuzzocrea, A. (2014, November). Privacy and security of big data: current challenges and future research perspectives. In Proceedings of the First International Workshop on Privacy and Secuirty of Big Data (pp. 45-47). ACM.
Gahi, Y., Guennoun, M., & Mouftah, H. T. (2016, June). Big data analytics: Security and privacy challenges. In 2016 IEEE Symposium on Computers and Communication (ISCC) (pp. 952-957). IEEE.
Gholami, A., & Laure, E. (2016). Security and privacy of sensitive data in cloud computing: a survey of recent developments. arXiv preprint arXiv:1601.01498.
Hendre, A., & Joshi, K. P. (2015, June). A semantic approach to cloud security and compliance. In 2015 IEEE 8th International Conference on Cloud Computing (pp. 1081-1084). IEEE.
Jouini, M., & Rabai, L. B. A. (2019). A security framework for secure cloud computing environments. In Cloud security: Concepts, methodologies, tools, and applications (pp. 249-263). IGI Global.
Kalaiprasath, R., Elankavi, R., & Udayakumar, D. R. (2017). Cloud. Security and Compliance-A Semantic Approach in End to End Security. International Journal Of Mechanical Engineering And Technology (Ijmet), 8(5), 987-994.
Krishna, B. H., Kiran, S., Murali, G., & Reddy, R. P. K. (2016). Security issues in service model of cloud computing environment. Procedia Computer Science, 87, 246-251.
Kumar, N. S., Lakshmi, G. R., & Balamurugan, B. (2015). Enhanced attribute based encryption for cloud computing. Procedia Computer Science, 46, 689-696.
Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. In Future information technology (pp. 285-295). Springer, Berlin, Heidelberg.
Li, J., Yao, W., Zhang, Y., Qian, H., & Han, J. (2016). Flexible and fine-grained attribute-based data storage in cloud computing. IEEE Transactions on Services Computing, 10(5), 785-796.
Narula, S., & Jain, A. (2015, February). Cloud computing security: Amazon web service. In 2015 Fifth International Conference on Advanced Computing & Communication Technologies (pp. 501-505). IEEE.
Nepal, S., & Pathan, M. (Eds.). (2014). Security, privacy and trust in cloud systems. Springer Berlin Heidelberg.
Rao, B. T. (2016). A study on data storage security issues in cloud computing. Procedia Computer Science, 92, 128-135.
Rao, R. V., & Selvamani, K. (2015). Data security challenges and its solutions in cloud computing. Procedia Computer Science, 48, 204-209.
Rasheed, H. (2014). Data and infrastructure security auditing in cloud computing environments. International Journal of Information Management, 34(3), 364-368.
Saravanakumar, C., & Arun, C. (2014, November). Survey on interoperability, security, trust, privacy standardization of cloud computing. In 2014 International Conference on Contemporary Computing and Informatics (IC3I) (pp. 977-982). IEEE.
Shaikh, R., & Sasikumar, M. (2015). Data Classification for achieving Security in cloud computing. Procedia computer science, 45, 493-498.
Sugumaran, M., Murugan, B. B., & Kamalraj, D. (2014, February). An architecture for data security in cloud computing. In 2014 World Congress on Computing and Communication Technologies (pp. 252-255). IEEE.
Sun, Y., Zhang, J., Xiong, Y., & Zhu, G. (2014). Data security and privacy in cloud computing. International Journal of Distributed Sensor Networks, 10(7), 190903.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Worku, S. G., Xu, C., Zhao, J., & He, X. (2014). Secure and efficient privacy-preserving public auditing scheme for cloud storage. Computers & Electrical Engineering, 40(5), 1703-1713.
Xiong, J., Li, F., Ma, J., Liu, X., Yao, Z., & Chen, P. S. (2015). A full lifecycle privacy protection scheme for sensitive data in cloud computing. Peer-to-peer Networking and Applications, 8(6), 1025-1037.
Yu, Y., Au, M. H., Ateniese, G., Huang, X., Susilo, W., Dai, Y., & Min, G. (2016). Identity-based remote data integrity checking with perfect data privacy preserving for cloud storage. IEEE Transactions on Information Forensics and Security, 12(4), 767-778.