Abstract
The purpose of this dissertation was to outline the security risks of run-time application in the cloud as well as to design strategies to mitigate such. This study has extensively investigated the security risks associated with run-time applications in the cloud environment. The risk to Health Information Exchange (HIE) continues to grow. A notable example as reported by Kutcher (2016, p87) involves “a vendor using a Boston clinic employee's credential inappropriately access patient data.” The incident involved unauthorized access to patient information. The information that was accessed included “information about payment for medical services, name, and address, date of birth, gender, medical services consumer information and medical insurance coverage information” (Johnson, 2016, p88). “Some patients’ social security numbers were also stolen” (Hue, 2016, p41). However, “the information accessed was not illegally used” (James, 2016, p47).
Different instances of customer data breach demonstrate how vulnerable cloud run-time applications are. To mitigate such issues, Boston Clinic has instituted policies that ensure access to patient information is granted only to employees with a need-to-know, access is regularly monitored and revoked if there is no longer need to access such records. This policy is fully enforced and in the event of a breach, the employee(s) involved may have their access revoked and maybe terminated depending on how negligent they have been adhering to the policy.
This research studies various companies; both cloud providers and cloud consumers using a qualitative research methodology. The findings describe some of the security risks for run-time applications in the cloud, how that risk is analyzed, and what steps are taken to mitigate such risks.
To protect data integrity in the cloud, we propose the use of two-factor authentication as well as encrypting the data both at rest and in transit. To ensure reliability and availability of data, we propose that the availability requirement be defined in the Service Level Agreement (SLA) and a redundant method should be established to connect to both the wired and wireless services in the network.
To match performance requirement, the researcher suggests that performance and availability should be specified in the SLA and performance monitoring tools, such as, BMC Software APM should be used. To avoid the risk of losing data in the cloud, we recommend the use of multiple cloud service providers. For enterprise data to be compliant, cloud service providers must be compliant with available standards, such as FIPS 140-2.
Different instances of customer data breach demonstrate how vulnerable cloud run-time applications are. To mitigate such issues, Boston Clinic has instituted policies that ensure access to patient information is granted only to employees with a need-to-know, access is regularly monitored and revoked if there is no longer need to access such records. This policy is fully enforced and in the event of a breach, the employee(s) involved may have their access revoked and maybe terminated depending on how negligent they have been adhering to the policy.
This research studies various companies; both cloud providers and cloud consumers using a qualitative research methodology. The findings describe some of the security risks for run-time applications in the cloud, how that risk is analyzed, and what steps are taken to mitigate such risks.
To protect data integrity in the cloud, we propose the use of two-factor authentication as well as encrypting the data both at rest and in transit. To ensure reliability and availability of data, we propose that the availability requirement be defined in the Service Level Agreement (SLA) and a redundant method should be established to connect to both the wired and wireless services in the network.
To match performance requirement, the researcher suggests that performance and availability should be specified in the SLA and performance monitoring tools, such as, BMC Software APM should be used. To avoid the risk of losing data in the cloud, we recommend the use of multiple cloud service providers. For enterprise data to be compliant, cloud service providers must be compliant with available standards, such as FIPS 140-2.
| Original language | English |
|---|---|
| Qualification | Doctor of Information Technology |
| Awarding Institution |
|
| Supervisors/Advisors |
|
| Place of Publication | Australia |
| Publisher | |
| Publication status | Published - Mar 2017 |