Benefits of Cloud Computing in the Australian Finance Industry

New world is moving rapidly towards being digital and Cloud computing is offering industries to be more automated and much efficiently led the operational activities. Australian finance industries have been implementing Cloud computing for the enhancement of their performance.  It was becoming heavy burden for the industries to manage the in-house IT departments and Cloud computing is providing the solutions for those issues. Cloud computing is much cheaper than the in-house IT departments and it has been maintained by the third party that implies that the organization will have to no worry about the maintenance and services related to the data and information including the information security management. Most of the Australian finance industries have not adopted Cloud computing in their existing system yet however many of them have adopted it.

Cloud Computing can be defined as the on-demand service that allows the users to store data in the Cloud and let them access wherever they want via connecting to the internet. This basically performs on three platforms that can be listed as: SaaS (Software-as-a-Service), PaaS (Platform-as-a-service), and IaaS (Information-as-a-service). These platforms are being deployed through four basic models that can be listed as: Public Cloud, private Cloud, Hybrid Cloud, and Community Cloud.

Current State and Approach to Cloud computing

Australian finance industry is in its toddling stage of Cloud adoption as many of the financial industries’ range of Cloud based services are limited. For some of the cases the consumers would not be aware of the services that could be provided by the Cloud computing and its approach is still not strategically sound. A survey (made by) suggests almost 88% of the financial industries are using Cloud-based services and implementation of Cloud computing at its utmost pace and among them 81% of the industries were aware with the services offered by Cloud computing (Chang, Walters & Wills, 2014).

Due to the common approach for financial industries 50% of the Australian Finance industries are linked to the use of hybrid of private Cloud and public Cloud. In-house IT and moving non-critical services like content management tools, collaboration and email management to the Cloud based services is being practiced by 40% of the industries. Some of the financial industries are using Cloud services as a testing environment in manner to plead the development of use cases that could be better option for assessing the hybrid of Public Cloud and on premises, in-house hosting applications of the Cloud services (Schulte et al., 2015). The financial industries are also using it as test beds for new and innovative applications and among all the industries only 8% of the industries are using strict Private Cloud only policy. Compliance and privacy concerns including the confidence that the Private Cloud can satisfy the business requirements of the organization are its main objectives. 92% of the industries that are using Cloud based services have a strategically developed strategy that is based on hybrid of Private and Public Cloud hosted both in-house and externally IT services. It can be stated based on the discussion that the confidence among the financial industries has been increasing towards adopting Cloud Computing services within the system of the organization (Gai, 2014). Otherwise, a certain level of prudency on the context of migration towards Cloud computing can also be noted. Digital transformation of the business is still preferable to many consumers rather than migration of their data to the Cloud.

Challenges of Cloud Computing Implementation in the Australian Finance Industry

Cloud adoption Example (Finance Industries)

CME Clearport OTC Data on-demand: An on-demand Software-as-a-services (SaaS) web service working on the same platform Xignite and is proving to be helpful in offering accesses to end-of- day OTC volume, open interest, and settlement data in manner to provide support to the markets that are available through CME Clearport® (Pattnaik, Prusty & Dash, 2016).

NASDAQ OMX Data on-demand: Known software that provides flexibility and easy access to massive amount of data is Software-as-a-service (SaaS) and is made available to the market by the support and skills of Xignite. API (Application programming interface) can be used to get an access to it and can be helpful in managing users to purchase data online as a web application to give it more comfort ability. It can also be used as plain texts (Mahmood et al., 2014).

Microsoft Azure DataMarket for the Energy Industry: For enabling the exploration, discovery and consumption of data from the commercial data sources and trusted public domains Cloud services offered by IT giant Microsoft DataMarket SaaS. Public domains for example, health, demographics, weather, real estates, navigation, transportation, and location- based services, and many more are making its use to the limit. Analytics for enabling insight from that data and visualization is also included in it (Coleman et al., 2016). For incorporating these data into software applications for any of the devices common API are the easiest approach. To create analytic applications and energy forecasting many of the energy industries have been using these platforms.

Gridglo real-time energy apps: Due to the demand of the services many firms are jumping in the competition of one of the startup, Gridglo is developing SaaS services for their startup in manner to sell information to utilities in Australia. Describing it as a mining energy consumption data from smart meters would not be considered as illogical and thereafter the combination of these data with data from other sources like data related to demographic and weather, real estate, energy credit scoring and demand response analytics in manner to categorize different types of consumers for providing tools that can be helpful in energy forecasting, including an energy tool for financial risk.

Australian Banks using Cloud for risk analysis and non-core processes: IBM iDataPlex servers has been used in various banks of Australia as a part of an Infrastructure-as-a-service (IaaS) strategy in manner to evaluate and build programs related to risk analysis that can be used for further purposes. Multiple systems can be used instead of just one separate computer to turn into a pool of shared resource that can be referred as Cloud. Morgan Stanley is using PaaS Cloud vendor Force.com for its recruiting applications that is proving to be way beneficial in extensive Cloud penetration in strategy and analytics (Asatiani et al., 2014).

Security Issues in the Australian Finance Industry: Considerations for Cloud Computing

Challenges

Likewise, every other thing in the world there are certain challenges in implementation of Cloud computing which can be listed as: data privacy, data security, vendor lock-in, availability, and compliance with the existing policies (Sanei et al., 2014). Some of the ways in which these challenges may impact the Australian finance industries are mentioned below:

Monetization of the data related to the customers may happen by Cloud vendors or the data can even get compromised on the Public Cloud are also a factor for the concern of the financial institutions. Examples speaks louder than words so considering that as traders in a firm might be worrying about migrating their proprietary strategies related to trading in a Cloud because there are chances that the competitor might be using the same Cloud and get access to the saved data due to some technical error or may be caused by some misbehaving elements (Moreno-Vozmediano, Monentro & Liorente, 2013). This implies that risk analyst and portfolio managers are much apprehensive about the location for the assets as it may lead to barrage of lawsuits or have reputational implication on the firms.  

Another concern related to the Cloud computing adoption is the ‘Vendor lock-in’. This states that it becomes very hard or impossible to move to the other service provider once the consumer has made agreement with a service provider. This made the situation as the consumer get stuck with the single service provider. Another concern is the use of APIs that lead to the necessity of being stuck with a single service provider. Even shifting from one vendor to the other can cost the organization a lot and alters the budget calculation. It was the first priority for the organizations that it cost much less to implement Cloud computing and transferring to another vendor will eliminate this benefit too (Avram, 2014). Isolation failure and Loss of governance are other challenges that “could put the challenge to control sufficiently resources in the Cloud affecting the security and an unauthorized Cloud computer has the capability to influence the systems on which the Cloud application has been adopting” (Tossi, Colheiros & Buyya, 2014).  

Security Issues

Following are the list of certain security issues that could be concerned before and/or after implementing the Cloud computing within the organization:

Compromises Management Interface: This can be said as the part of the data breach in which an intruder somehow get access to the network and thus get access to the data and information that is being offered by the service provider. This generally happens in the Public Cloud service that provides the customers with management interfaces and access to the data and information at anyplace via connecting to the internet (Almorsy, Grundy & Muller, 2016). This results in the possibilities of higher risk to the data security, mainly in the situation when the data is being accessed through the remote control and web browser vulnerabilities

Examples of Cloud Computing Services Used in the Australian Financial Industry

Isolation Failure: The major benefit that is being offered by the Cloud computing is the multi-tenancy and resource sharing that could lead to the failure of the mechanisms that controls the server, storage, memory, technology and many others. However it can be said that this is very less likely to be happen within the organization who has implemented Cloud computing rather than traditional IT-infrastructure to manage the data. But this could impact very high and cause serious loss to the organization (Hashizume et al., 2013).

Incomplete or insecure data deletion: There is not any way to completely delete the data from the web once it is uploaded to the Cloud. The consumer requesting to delete the data would have been assured by the service provider that the data has been deleted but even that it can be recovered by certain coding and program. This could happen in multi-tenancy case as these are much vulnerable to these cases (Modi et al., 2013). This also enhances the risk to the users using the same hardware to store or transfer the data via the same network.

Data breaches: Any data that is being stored in the Cloud or in the internet is vulnerable to data breach attacks. Looking the mirror of the present world it can be said the likelihood of such attack has been increasing rapidly. In this attack the intruder get access to the data and information saved into the data base and these are made intentionally either for the money or for the personal revenge (Ahmed & Hossain, 2014). Data breaches leads to both security and privacy risks for the consumers as the data related to the sensitive information goes into the wrong hands and they have the access to manipulate, hamper, alter and expose the sensitive information.

Malicious insider: This is a very unusual risk but the impact is similar o the data breach and this is mainly done for the revenge purpose. This intrusion can be made by the formal employee of the organization or the stakeholders that have no relation with the organization anymore but even that they have the access to the network and the data that is being saved on the network (Stojmenovic & Wen, 2014). This intrusion can also be made by the employees who are not trustworthy.

Expectation of the customer’s security: This belongs to the category of the policy compliance within the organization. The consumer’s perceptive for the security of data related to their customer might be different from the security being availed by the Cloud service providers. A Cloud service provider generally for maintaining the budget put the security of the data at sake and manages the budget.  

Loss Governance: this is the most likely happening issue related to the Cloud computing adoption as there is not anymore control over the personal information that is being provided to the service provider. After hiring the third party for managing the information and data, the consumer completely relied on the service provider for any information. Service provider never shows how they are going to manage the information security for the data and information that they are collecting from the consumers (Khetri, 2013). This also leads to the unsure of the location where the data is being saved.  said that “there are many such cases in which the implementation of Cloud computing results specific kind of compliance cannot be achieved for example PCI DSS etc”.

Availability chain: This generally happens due to the network failure or slow internet within the organization that create an unseen boundary for the customer to avail the services and get access to their own information and data. This generally happens from the customer side due to the use of low bandwidth internet.

Lock-in: As discussed above it is a challenge in adopting Cloud computing including that the customer gets completely dependent on the service provider for the tools, application and many more other programs or tools for accessing personal data or information. There are the possibilities that the service provider is not able to provide all the services that had been promised even that the customer would not be able to move on another vendor for the services (Ryan, 2013). Thus this lead to the concern for the customer in availing the services will be beneficial or not.

Cloud computing is no-doubt playing a very important role in enhancing the performance of the organization with very minimal efforts and higher efficiency. Risk can be defined as the combination of threats and vulnerabilities that have capability to affect the assets of the organization. Following is table and based on this a severity matrix has been proposed next to this table. This table describes the threats their impact and probability.

VH-Very high, H- High, M- Medium, L- Low, VL- Very low

The issues mentioned above cannot be eliminated completely within the system of the organization but, there are certain measures that could be helpful in minimizing these threats to the extent level. Following are some of the measures that could be helpful in managing the information security and enhancing the security for the data and information that are being saved into the Cloud:

First of all the service provider should be chosen after doing thorough research on the services and reputation of the service provider from past experiences. Another aspect that should be given priority is whether the presented agreement complies with the existing policy of the organization or not. The Service level Agreements should also be cross checked before giving contract to the service provider for managing the information security (Smith et al., 2013). It should also be considered before that the service provider is providing same value to the information security as the organization concerns or not.

Related to the credentials, first of all, the credentials should not be ex posed to an individual who is not trustworthy. Secondly, there should be two-factor authentication process for the users to login to their accounts. An OTP (One Time Password) factor should be introduced while the users login to their accounts. Using auto generated random passwords can also be recommended for strong passwords.

There are various Cloud hosted applications that asks for the credentials and keeping different passwords for each application can be a better approach. Another option is Single Sign-on (SSO) that could help the customers to log in different applications via a single credential (Pearce, Zeadally & Hunt, 2013. Another option could be the OneLogin application that is being represented as the password manager for this time.

The software, operating systems, anti-virus, anti-malware, and firewalls should be updated and up-graded with the latest version in manner to fight the latest malicious viruses. Reliable hardware should be used within the IT infrastructure.

The best approach towards achieving maximum information security can be stated to the end-to-end encryption of data or information that is being exchanged between the Cloud service provider and Cloud consumers (Barlow et al., 2013). The data should be properly encrypted and it should be unique and strong encryption by the Cloud service provider before uploading on the Web.

These are the certain measures that could be helpful in achieving maximum information security and keep the information and data safe even after an intruder or hacker enters the network.

Conclusion

The above discussion body led to the conclusion that Cloud computing is beneficial for Aztek to implement it within the organizational system however there are certain threats, issues and vulnerabilities in this adoption. These issues might affect the proper functioning of the organization and could led to the decrement in the performance and output. This report focuses on the risk assessment of the issues, and threats that might affect the data security within the Cloud migration. The severity matrix shows how much impact these threats could cause to the organization. Hybrid Cloud services can be recommended for the organization to implement within the existing system of the organization. It will be much secured than any other service models for the data security of the information. Data encryption is the best option for the threats lead to the expose or manipulation of the data and should be implemented over all the files even before providing to the service provider. The risk assessment provided above could be very helpful for the Aztek to manage and enhance the information security within the system after or before adopting Cloud Computing for the exchange and storage of the data or information.

References:

Ahmed, M., & Hossain, M. A. (2014). Cloud computing and security issues in the Cloud. International Journal of Network Security & Its Applications, 6(1), 25.

Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., & Ahmed, A. (2014). Security risk assessment framework for Cloud computing environments. Security and Communication Networks, 7(11), 2114-2124.

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the Cloud computing security problem. arXiv preprint arXiv:1609.01107.

Asatiani, A., Apte, U., Penttinen, E., Ro?nkko?, M., & Saarinen, T. (2014, January). Outsourcing of disaggregated services in Cloud-based enterprise information systems. In System Sciences (HICSS), 2014 47th Hawaii International Conference on (pp. 1268-1277). IEEE.

Avram, M. G. (2014). Advantages and challenges of adopting Cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.

Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & security, 39, 145-159.

Chang, V., Walters, R. J., & Wills, G. (2014). Review of Cloud Computing and existing Frameworks for Cloud adoption.

Chou, D. C. (2015). Cloud computing: A value creation model. Computer Standards 

Coleman, S., Göb, R., Manco, G., Pievatolo, A., Tort?Martorell, X., & Reis, M. S. (2016). How can SMEs benefit from big data? Challenges and a path forward. Quality and Reliability Engineering International, 32(6), 2151-2164.

Drissi, S., Houmani, H., & Medromi, H. (2013). Survey: Risk assessment for Cloud computing. International Journal of Advanced Computer Science and Applications, 4(12), 2013.

Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. R. (2014). Security issues in Cloud environments: a survey. International Journal of Information Security, 13(2), 113-170.

Furuncu, E., & Sogukpinar, I. (2015). Scalable risk assessment method for Cloud computing using game theory (CCRAM). Computer Standards & Interfaces, 38, 44-50.

Gai, K. (2014). A review of leveraging private Cloud computing in financial service institutions: Value propositions and current performances. International Journal of Computer Applications, 95(3).

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on Cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for Cloud computing. Journal of Internet Services and Applications, 4(1), 5.

Juliadotter, N. V., & Choo, K. K. R. (2015). Cloud attack and risk assessment taxonomy. IEEE Cloud Computing, 2(1), 14-20.

Kshetri, N. (2013). Privacy and security issues in Cloud computing: The role of institutions and institutional evolution. Telecommunications Policy, 37(4), 372-386.

Latif, R., Abbas, H., Assar, S., & Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. In Future Information Technology (pp. 285-295). Springer, Berlin, Heidelberg.

Mahmood, M. A., Arslan, F., Dandu, J., & Udo, G. (2014). Impact of Cloud Computing Adoption on Firm Stock Price–An Empirical Research.

McConky, K., Viens, R., Stotz, A., Galoppo, T., & Fusillo, T. (2015). U.S. Patent No. 9,098,553. Washington, DC: U.S. Patent and Trademark Office.

Modi, C., Patel, D., Borisaniya, B., Patel, A., & Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing. The Journal of Supercomputing, 63(2), 561-592.

Moreno-Vozmediano, R., Montero, R. S., & Llorente, I. M. (2013). Key challenges in Cloud computing: Enabling the future internet of services. IEEE Internet Computing, 17(4), 18-25.

Pattnaik, M. S., Prusty, M. R., & Dash, M. (2016). Cloud in financial services: Building value across enterprise. International Journal of Research in IT and Management, 6(6), 25-32.

Pearce, M., Zeadally, S., & Hunt, R. (2013). Virtualization: Issues, security threats, and solutions. ACM Computing Surveys (CSUR), 45(2), 17.

Pearson, S. (2013). Privacy, security and trust in Cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer London.

Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions. Journal of Systems and Software, 86(9), 2263-2268.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile Cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Schulte, S., Janiesch, C., Venugopal, S., Weber, I., & Hoenisch, P. (2015). Elastic Business Process Management: State of the art and open challenges for BPM in the Cloud. Future Generation Computer Systems, 46, 36-50.

Smith, P., Haberl, H., Popp, A., Erb, K. H., Lauk, C., Harper, R., … & Masera, O. (2013). How much land?based greenhouse gas mitigation can be achieved without compromising food security and environmental goals?. Global Change Biology, 19(8), 2285-2302.

Stojmenovic, I., & Wen, S. (2014, September). The fog computing paradigm: Scenarios and security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on (pp. 1-8). IEEE.

Theoharidou, M., Tsalis, N., & Gritzalis, D. (2013, June). In Cloud we trust: Risk-Assessment-as-a-Service. In IFIP International Conference on Trust Management(pp. 100-110). Springer, Berlin, Heidelberg.

Toosi, A. N., Calheiros, R. N., & Buyya, R. (2014). Interconnected Cloud computing environments: Challenges, taxonomy, and survey. ACM Computing Surveys (CSUR), 47(1), 7.