CCA 610
Project 2: Final Cloud Risk and Compliance Issues Analysis
University of Maryland Global Campus
CCA 610 9040 Cloud Services and Technologies (2208)
Final Risk Assessment and Compliance Report
Executive Summary
Cloud computing is a service that is the new alternative to the traditional on-premises
computing model which is currently supporting the BallotOnline business Following a careful
assessment of the benefits or possible drawbacks of moving BallotOnline’s IT infrastructure to
the cloud, the company seeks to analyze and evaluate the potential risks and compliance issues
associated with adopting the cloud system. BallotOnline which uses a Software as a Service
model, needs to consider effective management of risks and mitigation measures if it intends to
use a Cloud Service Provider’s Infrastructure as a Service platform. This summary will
recapitulate important cloud security risks, guidelines from governmental and non-governmental
regulatory bodies, within and out of the United States. European Union regulations would be a
significant part of this analysis, as they represent key standards in the protection of Personal
Identifiable Information worldwide. A risk management matrix will be presented to help
elaborate an assessment of the risks types and recommendations to mitigate them. Security
covers a major aspect of the risks incurred when moving to the cloud; Security issues will be
discussed as well as the laws put in place by the legal system to challenge negative encounters in
the Cyberspace. Because these laws can be rather complex, compliance issues are common,
which the paper would examine as well. After carefully evaluating all pieces, a compliance
program chart will be proposed as the formal strategy to overcome possible challenges related to
cloud adoption.
,Risk Analysis
From a risk perspective, there is some gradient across the different service models, but the
deployment model is where the risks vary widely. However, while cloud computing provides
many benefits, at the same time, it introduces major risks on several crucial fronts that need to
be governed and managed by user organizations. Well-managed organizations must understand
and mitigate these risks to better leverage their cloud computing initiatives.
Risks can be categorized as internal and external.
Internal risks are defined as risks faced within the
company. These include Technology risks, physical
risks and people risks. For instance, a simple
programming error which may cause a software
dysfunction would be classified as a technology
risk.
Physical risks such as power outage, and fires could damage devices or a system, such that
voting devices and data are lost. People risks could involve insider jobs or outsider jobs. An
authorized company personnel may use its privileges to leak critical company techniques,
hereby putting the company’s credibility at risk
Five major risks are:
1. Data security and regulatory
2. Technology
3. Operational
4. Vendor
5. Financial
Summary: Five key risks of cloud computing
Risk Management Guidelines
, As risk management guidelines relating to BallotOnline have been reviewed, some laws
have been enacted to ensure that standards are followed for continuous privacy protection. These
laws fluctuate by locations. In the U.S, the laws apply at the state level. Meanwhile in Europe,
legislations of the European Union are an umbrella to all countries belonging to the union. The
EU privacy requirements have been deemed rigorous enough to represent the standards to which
BallotOnline should adhere.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the
world. Though it was drafted and passed by the European Union (EU), it imposes obligations
onto organizations anywhere, so long as they target or collect data related to people in the EU.
The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against
those who violate its privacy and security standards, with penalties reaching into the tens of
millions of euros In May 2018, the European Union established a law called the General Data
Protection Regulation (GDPR). This law has for purpose to establish security and enforce
compliance in order to protect data and the privacy of users. The GDPR will levy harsh fines
against those who violate its privacy and security standards, with penalties reaching into the
tens of millions of euros.
The GDPR has general data protection principles that organizations need to follow when
collecting, processing and storing individuals' personal data. The data controller is responsible
for complying with the principles and must be able to demonstrate the organizations compliance
practices. The principles are (IT GOVERNANCE PRIVACY TEAM,2017)
1. Lawful basis and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
Project 2: Final Cloud Risk and Compliance Issues Analysis
University of Maryland Global Campus
CCA 610 9040 Cloud Services and Technologies (2208)
Final Risk Assessment and Compliance Report
Executive Summary
Cloud computing is a service that is the new alternative to the traditional on-premises
computing model which is currently supporting the BallotOnline business Following a careful
assessment of the benefits or possible drawbacks of moving BallotOnline’s IT infrastructure to
the cloud, the company seeks to analyze and evaluate the potential risks and compliance issues
associated with adopting the cloud system. BallotOnline which uses a Software as a Service
model, needs to consider effective management of risks and mitigation measures if it intends to
use a Cloud Service Provider’s Infrastructure as a Service platform. This summary will
recapitulate important cloud security risks, guidelines from governmental and non-governmental
regulatory bodies, within and out of the United States. European Union regulations would be a
significant part of this analysis, as they represent key standards in the protection of Personal
Identifiable Information worldwide. A risk management matrix will be presented to help
elaborate an assessment of the risks types and recommendations to mitigate them. Security
covers a major aspect of the risks incurred when moving to the cloud; Security issues will be
discussed as well as the laws put in place by the legal system to challenge negative encounters in
the Cyberspace. Because these laws can be rather complex, compliance issues are common,
which the paper would examine as well. After carefully evaluating all pieces, a compliance
program chart will be proposed as the formal strategy to overcome possible challenges related to
cloud adoption.
,Risk Analysis
From a risk perspective, there is some gradient across the different service models, but the
deployment model is where the risks vary widely. However, while cloud computing provides
many benefits, at the same time, it introduces major risks on several crucial fronts that need to
be governed and managed by user organizations. Well-managed organizations must understand
and mitigate these risks to better leverage their cloud computing initiatives.
Risks can be categorized as internal and external.
Internal risks are defined as risks faced within the
company. These include Technology risks, physical
risks and people risks. For instance, a simple
programming error which may cause a software
dysfunction would be classified as a technology
risk.
Physical risks such as power outage, and fires could damage devices or a system, such that
voting devices and data are lost. People risks could involve insider jobs or outsider jobs. An
authorized company personnel may use its privileges to leak critical company techniques,
hereby putting the company’s credibility at risk
Five major risks are:
1. Data security and regulatory
2. Technology
3. Operational
4. Vendor
5. Financial
Summary: Five key risks of cloud computing
Risk Management Guidelines
, As risk management guidelines relating to BallotOnline have been reviewed, some laws
have been enacted to ensure that standards are followed for continuous privacy protection. These
laws fluctuate by locations. In the U.S, the laws apply at the state level. Meanwhile in Europe,
legislations of the European Union are an umbrella to all countries belonging to the union. The
EU privacy requirements have been deemed rigorous enough to represent the standards to which
BallotOnline should adhere.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the
world. Though it was drafted and passed by the European Union (EU), it imposes obligations
onto organizations anywhere, so long as they target or collect data related to people in the EU.
The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against
those who violate its privacy and security standards, with penalties reaching into the tens of
millions of euros In May 2018, the European Union established a law called the General Data
Protection Regulation (GDPR). This law has for purpose to establish security and enforce
compliance in order to protect data and the privacy of users. The GDPR will levy harsh fines
against those who violate its privacy and security standards, with penalties reaching into the
tens of millions of euros.
The GDPR has general data protection principles that organizations need to follow when
collecting, processing and storing individuals' personal data. The data controller is responsible
for complying with the principles and must be able to demonstrate the organizations compliance
practices. The principles are (IT GOVERNANCE PRIVACY TEAM,2017)
1. Lawful basis and transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
