Cloud Computing in Relation to Identity Theft and Security Feedback Assessment
Thank you very much for your valuable feedback! I believe that a way to improve the security of the cloud-based systems is to change the implementation of clouding per se. In my opinion, there are lots of unsafe methods being used that lead to security vulnerabilities. While it is not so frequent, the physical servers that run multiple virtual machines with the implementation of hypervisors can give attackers an opportunity to exploit a hypervisor remotely due to already existing vulnerabilities. The risk here is that a virtual machine can escape from the sandbox environment, gaining access to both the hypervisors and all the related virtual machines (Lukan, 2014). I completely agree with your statement about careful planning, as it is what leads to most insecurities and flaws in practice.
Thank you for your kind feedback and a relevant case study! Indeed, the Census was delivered through the ABS's own structure, and not the cloud, but it turns out that the "distribution of blame" has been directed at IBM. Nevertheless, IBM also had a right to call the others for being responsible, as mitigating the DDoS attacks risks is one matter, while force the troublesome matters to disappear by "just paying" is completely different thing. Excessive outsourcing is what concerns me a lot. While it is a subjective opinion, I believe that the use of several providers and different involved organizations only increases the risks. The trouble is that most organizations only meet their own standards and requirements, while one should adhere to a common, unified standard. The attackers use both high-technology and the old methods of identity theft and gaining access to personal information, which should implement both new and old methods of cyber defence (Edwards, 2015). According to statistics, the identity fraud cost in Australia was estimated at $1.1 billion for Australia in 2001-2002 ("Protect Your Financial Identity - Faqs", 2016). According to the source, there was no national research conducted and completed since that date, which is quite worrisome to me.
An accurate Risk Transference model in action is a good point made. I believe that we see the case of improper distribution of tasks and responsibilities between IBM and ABS. In my opinion, it is partially due to lack of proper social and business awareness of the cyber security mechanisms and the risks. Nevertheless, Australia has all the resources and knowledge to "position itself as a location for cyber security innovation by establishing a Cyber Security Growth Centre, through the National Innovation and Science Agenda ("Australia's Cyber Security Strategy", 2016). I am certain that creation of a national network of research, analysis, and innovation, the Growth Centre will unite the efforts of Australian governmental structures, business groups, and the researchers. It will help to define, study, and prioritise the challenges and risks of cyber-security threats, including cloud services and delegation of responsibilities. United approach can help …