Findings from the opinion of Network administrators
Network administrators from all the five companies considered for the research are interviewed to gather the required information to understand the impact and requirements of data security for their organizations and the key findings are given in this section as below
Data security requirements for organizations in the opinion of network administrator
Network administrators are asked regarding the level of security requirements for their data and their opinions are analyzed in this section. When on the network admin is asked the question like what are the expectations towards the data security, he replied that “We always expect a layer approach for the data protection and our service providers can handle this”. From this opinion it is clear that, even the network administrators are seeking the layer approach for their data, where the complete organization data is divided into different layers and each layer is provided with a separate level of security and access.
One of the network admin replied to the same question like “We need a perfect authentication mechanism and all the users should be provided with limited access to the data as per their privileges” and from this statement it is clear that, authentication can be considered as the best way to provide the data security for the organizations and even a limited access is desired in this context, such that users are not provided the complete authorization to the data. One of the admin said for the same question like “A strict encryption and decryption mechanism should be implemented for the data across the cloud for the organization” and from the statement it is clear that, even the traditional approaches for security like encryption are also implemented across the data security for the organizations and even most of the service providers are implementing this techniques as per the business requirements.
One of the network admin replied to the same question like “We always need additional security requirements for the cloud data protection and all we need is a recent trend in this context”. From this statement it is clear that, most of the organizations are looking forward for the latest security implementations and even the service providers are implementing all the possible latest trends towards the data security of the organizations.
Sharing the organizational data to the cloud service providers also plays an important role in deciding the level of data security requirements and when one of the network admin asked regarding this, he replied like “In general we share all the data to the service providers and in few cases, we won’t share the most confidential aspects”. From this reply it can be analyzed that, most of the organizations need to share all the data and the corresponding information to the cloud service providers such that get the complete range of services from the cloud and in some cases, few organizations cant share the most confidential information of the organization like financial documents and liabilities information.
When one of the network admin was asked the same question, he replied that, “We share most of the information such that our customers should be aware of the process and products of our organization, but seeks more security this information against illegal access”. From this statement it is clear that all the public information is shared across the public clouds and even a detailed level of security is required in this context and if the cloud is the private cloud then more level of information security is required. One of the network admin replied to the same question like “We decide up on the public and private information and public information has less security constraints and the private information has limited and privileged access”.
From this statement it is clear that, most of the organizations are categorizing their data in to two important aspects like public and private. Private data is protected more when compared to the public clouds and they are insisting the limited and access level restrictions to the private clouds. One of the network admin replied to this question like “Multi layer security requirements are mandatory for our private data and service providers are also implementing the same” and from this statement it is clear that, almost all the organizations are implementing the multi layer architecture for the security of the private data, where the top end management has complete rights on the data and a hierarchy of data access is required for most of the organizations.
When one of the network admin is asked regarding this question, he replied that “We share only the public data and information related to products and services and in few cases we share the private information and seeks more security for this data”. From this statement it is clear that, all the information related to products and services can be shared publicly and the private information need more security and this scenario is common among all the companies and service providers.
There are few third parties that provide the data security to the organizations and when the network administrators were questions with respect to this, one of the network admin replied that, “We can’t trust the third parties all the time and there are lot of disadvantages like loss of data and unauthorized access”. From this statement it is clear that, most of the organizations do not trust the third parties in sharing their organizational data and they have lot of doubts with respect to their data loss and other issues.
When the same question is asked to other network admin, he replied that, “There are many security threats with the third parties and we lost our data in some aspects, and out applications are hacked and information stolen due to this implementations”. From his opinion it is clear that, there are many hidden security threats across the third party adoption for the data security and most of the companies are losing their information with the public access through the third party websites. One of the network admin replied to the same question like “Restoration of data is not possible with the third party adoption towards the cloud computing and even the lock to the data does not works with third parties”.
From this statement it is clear that, if the data is lost it can’t be restored effectively if the data is maintained by the third parties and thus most of the companies are doesn’t prefer these third parties to ensure more security to their data. One of the network admin replied to the same question like “There are few advantages by adopting the third parities for the data security if they are reliable and in most of the cases we can’t trust them unless are more reputed”. From this statement it is very clear that, apart from the advantages provided by the third party data security providers there are many threats across the security and most of the organizations are striving a lot to choose the reputed companies while giving their data.
One of the network admin answered to the same question like “Third party data protection mechanism can’t be trusted always, as there are many limitations with them and the key among them is their reliability and durability”. From this statement it is clear that, third parties can be used for the data protection of the organizations which they share the data for the cloud services and in most of the cases, these third parties are not reliable and durable and if this is the case, the actual organizations may lose the important data and also lose the confidence of their users.
From the overall analysis of this question it is clear that, most of the organizations don’t trust the third parties for their data protection and also they don’t have hope on their reliability in terms of their data protection. Thus if the service providers can make this process simple and build the required confidence among the small organizations in terms of the trust towards their public and private data, then the business value of both the small organizations and the cloud service providers can be increased a lot.
There are lot of risks associated with the data security that was shared across the cloud services and when the network administrators are asked regarding the same, one of the network admin replied that, “When the data is processed outside the enterprise there are many risks associated and key among them is lack of data location servers even to the organizations”. From this statement it is clear that, if the organizations share the public or private data to the cloud service providers, they store the data at the remote locations and in some cases, even the data is stored in a different country and if this is the case, the management of the organizations are not aware of the situations and can’t locate their data when the service providers servers are down.
When one of the network admin is asked the same, he replied that “Data recovery can be considered as the key problem with the data security across cloud computing and we need a separate data recovery protocol for this situation”. From his answer it is clear that, if the data is lost for any known or unknown reasons, the service providers should be able to recover the data and in most of the cases, they can’t do this and also the organizations are seeking a data recovery protocol in this context and if it can be implemented, then job the service providers would become very easy.
One of network admin, replied to the same question like “Data segregation is the key issues faced by our organization and out service provider need to maintain our data in a separate disk” and from this statement it is clear that most of the service providers maintains all the encrypted data of two or more companies on the same disk and thus there could be lot chances that end up with data segregation. If the service providers can maintain a separate data block to store the data of the individual organizations, then this problem can be solved to some extent.
When one of the network admin is asked regarding this question the reply is “Storage of the encrypted keys is the main security risk associated with the data, as the service providers will store the data of one organization at other organizations and thus our data should be safe from the second organization employees”. From this reply it is very clear that most of the service providers store the data of one organization at a remote location and the actual data should be encrypted and the corresponding encryption keys should be made available to the client organization such that the employees of the remote organizations can’t access this data.
One of the network admin replied to this question like “Availability of data to the clients all the time should be considered from the service provider’s point of view and even the involvement of third parties should be eliminated at maximum possible levels”.
From this statement it is clear that, there could be chances of service provider downtimes and in those cases, the clients should be connected to their respective data all the time and even the service providers should not involve the third parties during the downtime of the actual servers to recover the data and if this is the case, the third parties will hack the data of the organizations and it has happened many times with the famous cloud service providers.