Tasks

While considering the in-house HR database for storing the employee data there are two major threats for the security of the data:

The data backup is a major issue when considering the security of the data. When the data is stored in the database there should be a proper data backup. Now the problem with the local host is that it comes with a limited storage as the cost of storage is quite huge. Due to limitation in storage, the data is often kept as it is without proper backup. Now the data stored into the database is subject to corruption due to data hack and several other issue (Cai et al., 2018). Now if anyhow the data is corrupted and if there is not proper backup for the data, then the data is not possible to retrieve. Hence it process a strong security threat to the database.

The user of the database might be tweaked into accessing email that might contain malicious code, which when run on the system will provide the hacker full administration on the system (Jackson, 2016). Once the administrative access is provided, it is possible to modify the system setting on which the database and the server is running. Now due to less technical expertise, this kind of things happens as it becomes difficult for the users to identify which email is malicious or not. Hence this a security challenge for the system.

SQL injection is one of the common threats for the database running on SQL server. It is a common method for gaining access to the database server. The SQL injection is aimed for stealing user name and password that helps to modify the database and the contained data (Jukic, 2016). The access to the database include permission for both read and write. The SQL injection is quite popular among the hackers as it is easier to implement and often works well with database where the security methods are not that strong.

Timely update is another major issue with the database security. The problems with the in-house database is that the servers are not updated timely. Without updated security patches the server becomes vulnerable to hacks (Grycuk, 2015). 

The data privacy and the data security might seem two different concept, but both of the issues are interconnected. If the data in the database is not secured it will directly affect the data privacy. The database that is designed for storing the employee data is quite sensitive in nature. It contains several personal data of the employees (Zhao, 2014). These data include details like ID card, passport, date of birth and several other sensitive data like financial details including payroll and account numbers. As there is a concern for data security like lack of data storage, security updates, SQL injection, the data privacy is directly affected. As the information stored in the database is directly connected with the privacy of the employee, loss of these data means the privacy of the employee will be affected largely. Hence the in-house database is subject to information security and privacy threat. Hence it is a major concern for the organization as well.

Major threats to employee data stored on the HR database

Absence of identity services

Not every cloud providers offering SaaS application support is aware or care about integrating strong identity services with the cloud platform. Cloud providers often prefer to compromise with the quality of the security standards and focus more in offering cheap cloud solutions for the customer for maintaining large customer base (Lee & Zheng, 2015). With proper security tools like strong digital identity solutions, the cost of the service will significantly increase. Without a proper identity service the access to the database will not be secured as the service will not be able to distinguish between a lot of users that might have or have not access to the database. This process a threat for the organizational data stored in the cloud.

The presence of secure data connector will ensure that access to the data base is safe and secure. The data connector helps to make an encrypted connection between user data and the applications. Due to this, in every session there is an access to the applications and the database, the data transfer is secured with proper encryption. The encryption is necessary for protecting the data (Singh & Chatterjee, 2017). Only the users who have the proper access to the application will be able to interpret the encrypted data. As a result it strengthens the identity management process. However, only few large companies like google has this for securing the user data in the cloud. Most of the cloud providers does not include this feature to the cloud service for technical complexity and cost which always put the application related data at risk due to lack of proper encryption. Companies that offer this feature is not that strong either.

Now in order to access several SaaS application, user needs to care for several security tolls and also need to have several password for each application. Now having different password for each application may seem obvious, it needs stronger password management system. However most of the service provider wants the customer to manage own password and this is where the customer are not so good. They in turn opt for choosing either easy password or same password for different applications. In both the approach, there is a serious threat to the digital identity that belongs to a specific customer.

Security issues with SaaS

Although the SaaS cloud platform improves some security issue of the in-house database like data storage and security updates, it has some own security issues as well. These issues are:

Data backup security issue

If the cloud server faces disruption, whatever be the reason, it will hamper a lot of users than if it was the case in the in-house database system. Data availability ensures that the user gets data access whenever it is needed (Puthal et al., 2015). Hence it is a major issue for the cloud service.

As data is transferred to a remote location, integrity of data is always a challenge for the cloud service. Proper integrity of the data is must for better security (Kalleswari et al., 2018).

As the data is transferred outside the company premise, sometime the data access is not complied with the internal organizational policies and hence the right to the data is sometime violated which affect the confidentiality of the data, hence compromises the data security (Durairaj & Manimaran, 2015).

The problem of data access is major privacy issue with the SaaS cloud platform. As the service is provided over the internet, if the connection is not properly encrypted the personal data communicated over the internet might get hacked (Almorsy, Grundy & Muller, 2016).

The storage of the personal data over the cloud is not always complied with the data privacy rule which might hamper the organization if data breaches occurs (Sethi & Sruthi , 2018).

Once the personal data is deleted by the owner, it is not specified by the cloud provider like how long the retained in the cloud. If the data is acquired by someone else it will create privacy issue (Fernandes et al., 2014).

Often the service provided by the cloud providers does not comply with the internal privacy law and it is a challenge for the organization to monitor whether the service has compliance issue or not (Khan, 2016). 

In house HR management system is an important resource for any company. The database contains several information about the employees of the organizations. These information are not only important for the organizations but for the employees as well. Maintaining these information safe and secured is the top most priority of every organizations as there might be several ethical and legal issues associated with the collection and access of those information (Warren, 2015). These information are particularly becomes sensitive in nature as it contains financial data like payroll and benefit data, the information becomes highly sensitive in nature:

The information that is collected for the HR database, should have the permission of the employee. But most of the time organizations does not bother about the permission of the employee before the information about them is collected for official use (Warren, 2015). If there are some issues with the data and the employee later sue the organization on the basis of the ethical issue as collecting personal data without the concern of the individual is always unethical. Hence the organization might face ethical issue if the organization is unable to secure the information form misuse.

Malicious code in email and database access vulnerability

If the organization fails to secure the data or if the data is lost or somehow stolen, the company might be subject to legal issue (Short, 2017). The person who submit the data to the organization has the full right to take legal action if the data is not protected properly. Even if the data is made safe against external hack, the data collection have to comply with the local legislation or international data compliance rules to avoid any legal actions.

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing privacy problem. arXiv preprint arXiv:1609.01107.

Cai, M., Grund, M., Gupta, A., Nagel, F., Pandis, I., Papakonstantinou, Y., & Petropoulos, M. (2018). Integrated Querying of SQL database data and S3 data in Amazon Redshift. IEEE Data Eng. Bull., 41(2), 82-90.

Durairaj, M., & Manimaran, A. (2015). A study on security issues in cloud based e-learning. Indian Journal of Science and Technology, 8(8), 757-765.

Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., & Inácio, P. R. (2014). Privacy issues in cloud environments: a survey. International Journal of Information Security, 13(2), 113-170.

Grycuk, R., Gabryel, M., Scherer, R., & Voloshynovskiy, S. (2015, June). Security challenges for storing visual data based on WCF and microsoft SQL server database. In International Conference on Artificial Intelligence and Soft Computing (pp. 715-726). Springer, Cham.

Jackson, J. (2016). Sql: the security issues individual should be aware of (Volume 1).

Jukic, N., Vrbsky, S., & Nestorov, S. (2016). Database systems: Introduction to databases security and data warehouses. Prospect Press.

Kaleeswari, C., Maheswari, P., Kuppusamy, K., & Jeyabalu, M. (2018). A Brief Review on Cloud Security Scenarios.

Khan, M. A. (2016). A survey of privacy issues for cloud computing. Journal of network and computer applications, 71, 11-29.

Lee, C. H., & Zheng, Y. L. (2015, June). The issue of digital identity of cloud computing, IEEE International Conference on (pp. 426-427). IEEE.

Puthal, D., Sahoo, B. P. S., Mishra, S., & Swain, S. (2015, January). Cloud computing features, issues, and challenges: a big picture. In Computational Intelligence and Networks (CINE), 2015 International Conference on (pp. 116-123). IEEE.

Sethi, S., & Sruti, S. (2018). Cloud privacy Issues and Challenges. In Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications (pp. 77-92). IGI Global.

Short, C. I. (2017). ChromaStarDB:  legal concern for SQL Database-driven Spectrum Synthesis and More. Publications of the information Society of the Pacific, 129(979), 094504.

Singh, A., & Chatterjee, K. (2017). Cloud security issues and challenges of protecting digital identity: A survey. Journal of Network and Computer Applications, 79, 88-115.

Warren, T. (2015). SQL Database Programming: The Ultimate Guide to ethical issues in storing employee data in HR Database.

Zhao, G., Lin, Q., Li, L., & Li, Z. (2014, November). Security challenges and privacy issue in Schema conversion model of SQL database to NoSQL. In P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), 2014 Ninth International Conference on (pp. 355-362). IEEE.