Securing Data and Infrastructure in a Cloud Computing Environment at Mobile Insurance Corporation
Managerial Applications of Information Technology – MIS 535
DeVry University, Keller Graduate School of Management
April 13th, 2010
Company Background 3
Business Problem(s) 4
High Level Solution 5
Benefits of Solving the Problem 5
Business Process Changes 6
Technology or Business Practices Used to Augment the Solution 8
Conclusions and Overall Recommendations 8
High-level Implementation Plan 9
Summary of Project 9
With the company moving to Cloud Computing we need to determine a solution to keep our Customer data and our ...view middle of the document...
Throughout the years Mobile One has acquired companies along the way and merged with other companies to become the global mobile insurance provider that they are today. Mobile One being a global company, operating in the cloud is very important to the organization along with protecting our customers and our infrastructure.
With Mobile One moving to the cloud, security issues play a big role in the livelihood of our organization and our customers. There are several security issues that the organization needs to be aware of so that they can protect themselves and the customers. Some of these threats are data breach, data loss, account or service traffic hijacking, denial of service, abuse of cloud services, insufficient due diligence, and shared technology.
Data breaches occur when someone from the outside taps into the data being sent back and forth across the internet, intercepts the package stealing personal info. Data breaches can also occur if there are a lot of backups of your data that are stored some place where this data can be accessed. Data loss happens when a disk drive or a server crashes and there was no backup created by the owner. Account or Service traffic hijacking occurs when an “intruder gains access to a user account and is able to eavesdrop on transactions, manipulate data, provides false and business-damaging responses to customers, and redirects customers to competitors sites or inappropriate sites” (Babcock, 2014). Service hijacking compromises the integrity, the availability and the confidentiality of deployed services when hackers gain access to these critical areas of the deployed services. Denial of service is where hackers send thousands if not millions of requests tying up the services so that the system has to determine which are the good requests and which are the bad requests while tying up resources that the organization will have to pay for during the attack. A hacker is able to abuse the cloud services by using an array of cloud servers to decrypt encryption keys or use the servers for launching malicious software or DDoS attacks; before the cloud this was much harder to do due to the limited hardware that a hacker had available to him/her. When a company moves to the cloud they might not understand all there is to know about cloud security and they do not do their due diligence in making the transfer to the cloud a secure one. With more and more companies moving to the cloud and using the same 3rd party vendors which means using shared database services or cloud services that could crisscross the data eventually ending up in the wrong hands.
High Level Solution
In order for Mobile One to combat the security issues that come along with cloud computing I propose that Mobile One uses a Hybrid-cloud, perform a risk management analysis to decide which data they want to keep in house and which data they want stored in the cloud, data integrity, implement a robust metadata database...