Paper Example on Cloud Computing: Challenges & Benefits for Businesses

Cloud computing is a technology that is increasingly gaining attention and becoming more popular. It offers businesses a more affordable mode of presenting their information to their clients online. These companies only need to contact a cloud service provider, such as Amazon and subscribe the systems of the service provider. While more businesses are using this feature in their operations, it faces some challenges, with the main one relating to accessibility, privacy, and security of the data in these systems (Faragardi 167). This paper focuses on this area and considers a case where a cloud service provider failed to abide by the ethics required in this business, leading to an attack of its client. The paper focuses on the consequences of this action and methods of reducing such cases from occurring.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

The factor that attracts clients to cloud-based systems is the guarantee that their data will be safe and accessible on demand. This assurance creates trust between businesses and their customers. However, in some cases, the cloud service providers encounter problems, such as the one that happened to Amazon web service (AWS). These ethical issues normally occur from unsatisfactory employees of these corporations as was the case with AWS (Kouatli 417). In many cases, people store sensitive information in these cloud systems, such as credit card details, secure credentials, health information, and other personal data. If any of these pieces of information lands in the hands of a hacker, the results can be catastrophic. For instance, AWS provides its services to government departments, including the Department of Defense and NASA, and financial organizations like Capital One (Graham). Therefore, an attack on this system would affect many people and it could lead to the loss of highly sensitive information.

In the case of the attack on AWS, a former employee of the company hacked the data of one of the clients of AWS. The attacker obtained credit card transaction data, social security numbers, and credit scores of over 100 million clients of Capital One from the AWS cloud (Graham). In this case, Amazon claimed that the attack was not its responsibility, but it occurred due to a security system misconfiguration fault in the part of Capital One. Moreover, AWS stated that its system is the most secure and the best in the industry (Graham). However, one factor that they failed to consider is that the person that hacked the account of Capital One was their former employee. While the code of ethics of Amazon encourages its employees to always behave ethically, the actions of this employee were not ethical. Therefore, some of the blame also falls on the company.

It is the duty of an organization seeking to use cloud-based systems to secure its data before sending it to the clouds. Such a business should implement measures, like encryption and obfuscation to secure its data and ensure that should an attacker get it, the data will be unusable (Haider and Selvan 2). In the case that this paper considers, Capital One failed to secure its data appropriately, and therefore, made it possible for an employee of AWS to notice the flaw and exploit it. Another ethical issue that allowed this attack to occur is the fact that cloud service providers allow their employees to use their personal mobile devices at work and therefore, increase the chances of a person leaking information from the business using a phone (Kouatli 413). Service providers need to secure the data of their clients using better approaches.

Securing the data on cloud systems involves the actions of several stakeholders. Firstly, it involves the clients that use the online systems, the service providers, and the employees of the company. Firstly the service provider should develop private and secure systems that comply to set regulations and adhere to set performance metrics (Faragardi 167). Their systems should ensure that the data they contain is inaccessible to unauthorized users, including the service provider itself. Secondly, the employees of the cloud services providers should practice ethics by not exploiting any vulnerabilities that they notice. Instead, they should inform the client of such factors for them to be resolved. Finally, clients should ensure that they protect their systems using the best techniques and not just rely on the security of the service provider. For instance, had Capital One used the best security systems, it would not have lost its data to the attacker.

The best method of dealing with such unethical behavior is to develop systems that are not easy to attack. Specifically, service providers should develop high security procedures that would not allow an attacker to exploit their systems. For instance, they could install a script that would run on a security scanner server to see if any one of their ports are under attack from a Rootkit or any other technique. Additionally, they need to inculcate ethics in their staff. Implementation of these features would improve the security of the information in cloud-based systems.

Works Cited

Faragardi, Hamd Reza. "Ethical considerations in cloud computing systems." Proceedings 1.3 (2017): 166. <https://doi.org/10.3390/IS4SI-2017-04016>.

Graham, Jefferson. Capital One data breach: Amazon web services is backbone for Netflix, NASA and others. 30 July 2019. Web. 3 February 2020. <https://www.usatoday.com/story/tech/talkingtech/2019/07/30/amazon-aws-unit-says-its-not-responsible-capital-one-data-breach/1868862001/>.

Haider, Yusuf and Siva Selvan. "Confidentiality issues in cloud computing and countermeasurs: A survey." National Conference on Emerging Computer Paradigms. Nitte: Nmamit, 2016. <https://www.researchgate.net/publication/305689086>.

Kouatli, Issam. "Managing cloud computing environment: Gaining customer trust with security and ethical management." Procedia Computer Science 91.2 (2016): 412-421. <https://dx.doi.org/10.1016/j.procs.2016.07.110>.