Department of Administrative Services and Cloud Privacy - Samples

Question: Discuss about the Department of Administrative Services and Cloud Privacy. Answer: Introduction: The scenario considered for this report involves the Department of Administrative Services (DAS) and its cloud first approach alongside prominent references to its data migration policy. The other elements observed in the scenario include references to the process of implementing the shared services such as SaaS HR and Personnel management suite, PaaS SharePoint platform which can be accounted as the basis for the proposed WofG Intranet platform and the SaaS performance management suite. The following report presents a comprehensive analysis of the threats and risks associated with this project since it involves the physical location of data centres at different geographical locations (Abbas Khan, 2015). The necessity of privacy and personal information management is perceived explicitly in the case of Department of Administrative Services (DAS) decision to centralize its functions and services for different government based entities through a US based cloud service provider. The particular references to the recent emergence of profound threats due to expansion of the internet and cloud based practices in the professional domain have to be considered as significant determinants for introduction of policy guidelines. As per Gholami Laurem, the policy guidelines are indicated towards addressing the data breaches that have been reported in context of sensitive areas such as governmental and financial domains (Gholami Laure, 2016). The objective of the cloud security framework should be aligned with the personal information management of associated with particular references to security and privacy of employee data that would be recorded in the HR and performance management framework a nd the payroll information. These aspects would be provided through the single link sign in portals available for employees on the intranet. Security of Employee data: Threats in the cloud migration infrastructure could be identified in the form of Malware and Hacking, unintended disclosure, phishing emails, insider threat and employees bringing their own devices to the workplace. As per Henze, et al, the threats from the implications of employees bringing their own devices to the workplace could lead to profound security threats. The threats arise from storage of sensitive company information in the personal devices of employees could lead to data leakage since the devices could not have appropriate security software (Henze, et al., 2016). The protection of personal information could also be subject to the threat of phishing emails which could be targeted at the personal emails of employees in order to access the details of the employees individual Single Link Sign-in passwords. As per Kamarinou, Millard Hon, employees could also be subject to security risks through unintended disclosure according to which arise from human errors on behalf of the service users, contractor and data processing centre (Kamarinou, Millard Hon, 2016). Such examples could be identified in the physical loss of devices by employees that can be addressed by considering the education of employees regarding the common threat vectors that would not involve references to education and training of employees regarding the risks leading to intended disclosure such as downloading unknown software, malicious links and checking the authenticity of the web addresses. Privacy of employee data: According to Merani, Barcellona Tinnirello, the particular areas which affect the privacy of employee data could be identified in the lack of monitoring the continuous updates regarding applicable legal precedents. Furthermore, it is also essential to notice the pitfalls in collection and processing of personal data related to employees and the lack of awareness of the global process facilities regarding important changes (Merani, Barcellona Tinnirello, 2015). The privacy concerns could be addressed effectively through implementing a comprehensive framework which supports authentication. The privacy of employees personal data can be ensured through inducing a systemic approach that facilitates distinct insights into the responsibilities and authorities of supervisory personnel. These precedents would be considered in context of collection of personal information, processing, utilization and transfer of personal data and the authentication of responsibility of the individuals to undertake these processes. Digital Identity Issues: Digital identity concerns that could be observed in the case of the cloud migration initiative of DAS to introduce HR and performance management suite, the payroll management framework and management of data integration from different data processing centres include identity theft, personal data theft, and misuse of identity, privilege escalation and identity tampering. Identity theft is profoundly observed in the form of using the digital identity of other individuals to access information or impersonating the person on the digital platform. Since the web platform would be implicative of the requirements for management of personal information on the basis of integrity of the data, it is essential to implement suitable approaches such as encryption of digital identity based platforms that are used within the organization (Reichel, et al., 2016). Employees should be equally aware of personal data theft as a detrimental consequence in digital identity issues. Therefore individual employees would be held accountable for resolving issues in the digital identity pertaining to the cloud framework of the organization. As per Soghoian, the creation of a legal environment, addressing privacy concerns in the initial stages which is considered responsible for addressing the digital identity concerns in an organization. Another prominent measure that could be observed in the form of demarcating the digital identification approach from the authorisation and authentication approaches (Soghoian, 2017). Provider Solution Issues: The provider solutions provided by the service provider are also accompanied with prominent references to the multiple data centres of the organization. The particular references to the processing centre at a single location would also be complicated for the service provider to collect data from distinct sources, process the information regarding the different departments of the Government (Xiao Xiao, 2013). It is imperative for the providers to align with the policy and legal requirements pertaining to the cloud services. However, the limitations could arise profoundly in the form of conflicts between policy precedents of the service provider and individual government agencies. Data Sensitivity: The concerns for data sensitivity could be identified in this case profoundly in the form of lack of minimal control of physical security of data centres, employees financial data and performance management data (Merani, Barcellona Tinnirello, 2015). These elements have to be associated with measures such as encryption in order to ensure security of sensitive data. The notable classifications of the data into three categories on the basis of sensitivity would enable employees to perceive the appropriate levels of encryption and security precedents for each form of data. The three categories include profound references to confidential data, regulated data and public data. References Abbas, A., Khan, S. U. (2015). e-Health Cloud: Privacy Concerns and Mitigation Strategies. InMedical Data Privacy Handbook(pp. 389-421). Springer International Publishing. Gholami, A., Laure, E. (2016). Advanced cloud privacy threat modeling.arXiv preprint arXiv:1601.01500. Henze, M., Hermerschmidt, L., Kerpen, D., Huling, R., Rumpe, B., Wehrle, K. (2016). A comprehensive approach to privacy in the cloud-based Internet of Things.Future Generation Computer Systems,56, 701-718. Kamarinou, D., Millard, C., Hon, W. K. (2016). Cloud privacy: an empirical study of 20 cloud providers' terms and privacy policiesPart I.International Data Privacy Law,6(2), 79-101. Merani, M. L., Barcellona, C., Tinnirello, I. (2015, June). Multi-cloud privacy preserving schemes for linear data mining. InCommunications (ICC), 2015 IEEE International Conference on(pp. 7095-7101). IEEE. Reichel, J., Lind, A. S., Gholami, A., Litton, E., Laure, E. (2016). Design and implementation of the advanced cloud privacy threat modeling.International Journal of Network Security Its Applications. Soghoian, C. (2017). Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era. Xiao, Z., Xiao, Y. (2013). Security and privacy in cloud computing.IEEE Communications Surveys Tutorials,15(2), 843-859.