LEARN MORE...

Analyze the impact of 2 laws and regs in cloud services, Analyze 2 frameworks.

User Generated

gnbbsyf

Computer Science

Cloud computing privacy and security

Colorado Technical University

Description

Now that you have identified the benefits and detractors of cloud computing, it is important to become familiar with the major frameworks, laws, and regulations with regard to cloud computing and security. In this final Key Assignment draft, you will revise all of the previous sections based on instructor and peer feedback and then research and analyze the impacts that various laws, regulations, and frameworks have had on the technology.

The Key Assignment deliverables include the following:

  • Revise your Week 4 Key Assignment draft based on instructor and peer feedback.
  • Address the following and add your responses to your final Key Assignment for Week 5:
    • Principles and practice:
      • Analyze the impact of 2 laws and regulations on organizations considering the use of cloud computing services (this is a new section this week).
      • Analyze 2 frameworks that can assist organizations in meeting regulatory compliance in the cloud (this is a new section for this phase).
  • Include a properly updated title page, table of contents, and document name.
  • Use a minimum of 3 scholarly references per section.

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: CLOUD COMPUTING SECURITY

Cloud Computing Security
Student
Cloud Computing, Privacy and Security
Teacher

1

CLOUD COMPUTING SECURITY

2

Table of Contents
Benefits and risks of cloud computing............................................................................................ 2
Current strategies for securing cloud computing services .............................................................. 3
Cloud computing policy development ............................................................................................ 9
Business Impact Analysis ............................................................. Error! Bookmark not defined.
Cloud computing frameworks, laws, and regulations (TBD) ....................................................... 14
References ..................................................................................................................................... 18

Benefits and risks of cloud computing
Iaas - this service is the most user friendly and widespread and you can automate functionality of
It. Being easier to use also means hacking, denial of service, loss of efficiency etc. could be a
problem.
Paas - this is an actual platform that the developers can use to upload their codes too easily and
run those apps without having to have any infrastructure or servers provisioned. Drawbacks
include things like code theft, hacking etc.
Saas - this is more of a delivery service and it lets users access it's cache from multiple types of
devices that have internet access. As with any internet access the same security drawbacks are
there.

Securing cloud based computing services can be done externally by using an outside company
specializing in the field or internally by hiring IT professionals and using more normalized
methods like IPS, IPS, control and auditing would also be a great tool to use.
If hackers get the information for a user they can gain access to the cloud platform and use
multiple devices to connect and steal, destroy and continuously compromise the security. DDoS
attacks can also be a challenge when it comes to these services as well.
Access controls would benefit a company to limit use of the service by deciding access type
and availability of information on a need to know basis.

CLOUD COMPUTING SECURITY

3

Current strategies for securing cloud computing services
Introduction
The rise of cloud computing as the primary mean of storage of company data is not
surprising at all if any past technological invention suggestions are put under consideration. The
increase in the global flow of data necessitated a world system that could store data more than
the average network system of a company could manage hence the introduction of a storage
system anchored on the network. The challenge of embracing cloud computing emanates from its
exposure to the users of the same vendor since the data stored is within the system of the said
vendor. For that matter, it is not wrong to say that security access is the primary challenge that
faces cloud computing as a storage resource.
Access control in cloud computing
The first means to securing access to a system entails limiting access to authorized
persons when they need it and how they need that information in the quantity in which the data is
required which forms the core of the definition of access control. The necessity of this kind of
power comes in handy in ensuring that data remains interfered with to assure its integrity,
accessible when required and most of all retain the confidentiality of the data and limit its
content only to those who must view it. Cloud computing has some tactics and techniques
discussed below to ensure that data within their storage and therefore their responsibilities are
not accessed maliciously or accidentally by unauthorized persons (Karame, & Stavrou, 2017).
Discretionary

CLOUD COMPUTING SECURITY

4

In this method, the owner of the system arbitrarily gives an individual or a group of
people authorization to access data on his behalf. The discretionary situation always sees the
system administrator award control of access to individuals based on rank and file,
responsibilities and talents. The benefit of the technique lies in the fact that the person in charge
knows the people with whom he can trust to relinquish control. On the flipside, it leaves the
system at the mercy of the decision of the administrator that could see one bad call in staffing
ruin the whole company.
Mandatory
The access model is when the administrator assigns the information responsibilities on
his staff based on the position occupied. Unlike the discretionary model where access is free
from "up to down", the mandatory access model embraces a no lookup no look down policy, a
plan intended to maintain the confidentiality of the information within as seniors cannot access
the data held by their juniors and the reverse is also true. Despite having increased privacy, the
method exposes the company to inefficiency based on the fact that the bureaucratic levels are too
many in the process of acquiring information.
Role-based access
In this kind of system, the user has the authorization to access information and objects
based on the roles that they have been assigned within the company. Herein, the characters upon
which the system relies for permission are influenced by the job functions of the user, a factor
that is subject to job authority and job functions. The model is more flexible as compared to its
counterparts the mandatory access model and the discretionary model making it the most

CLOUD COMPUTING SECURITY

5

preferred access control technique employed for computer-controlled systems (Basu, et al.,
2018).

Methods for securing data
As commentated by most I.T specialists, information is at risk whether I am in motion, at
rest or in use. On that note, it is essential to step up data protection in the stated states of
existence with protection policies instilled and implemented at the levels of data reported as
recommended by the paper.
Data in transit
The term defines data that is in the process of moving from point A to ...

Honor Code
flag Report DMCA

Review

Review

Honor Code
flag Report DMCA
Anonymous
Really helped me to better understand my coursework. Super recommended.
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Assignment: Group Process: Ground Rules and Group Member Evaluation
To work effectively in your group, it is helpful to establish ground rules—rules by which everyone agrees to abide. Th...
Business Recovery Strategies, computer science homework help
Develop business recovery strategies for SanGrafix, a video game design company. The strategies should contain detailed gu...
What is the different between RAM and ROM?
What is the different between RAM and ROM?...
Discussion Board assignment
For this Discussion Board assignment, you should use the library and course materials to complete the following: Research ...
Agile Discussion
Having learned about the scrum grooming ceremony, we now understand how it sets the team up for success in their sprint pl...
AIUO Over Internet Protocol and Power Over Ethernet Project
OBJECTIVES There are two parts to this assignment: a network architecture and design solution and the details explaining t...
Unit 2 Individual Project For Itas363
Access Control is a form of information security enhancement mechanism, where an organization implements a form of system ...
Operational Excellence Rev.edited
For this task, I chose to address the best practices related to operational excellence. The best practices related to oper...
Hardware And Network Security
Security of the network and the hardware in the business remains vital as marketing. This necessitates the management to e...

Related Tags

software engineering networking File Source parity bits technology value Software Testing technology data integration Data warehouse WAN Implementation information technology