As a minimum, the research paper will include the following areas:
1.What is the background of your problem statement?
2.Why did you select the specific problem statement?
3.The decision to perform an acquisition is heavily influenced by how it relates to the strategic business goals of an organization. Explain why you think the acquisition you are detailing in your submitted Activities potentially supports the strategic business goals of the organization.
4.Risk analysis is a critical part of the acquisition process and is often not done very well. Looking back at the risks you identified for your submitted project, which ones do you believe would be most likely to be identified and accurately measured and which ones either less likely to be identified at all or measured correctly. Explain why. Does your analysis allow you to draw general conclusions on the type of risk that would be likely to be overlooked or mis-analyzed in future projects you might work on?
5.Many scenarios submitted for your alternative solutions included either a COTS product or a SaaS based solution. Gartner is a top analyst that provides great insights on IT solutions across a wide range of business needs. Go to http://www.gartner.com/technology/home.jsp or leverage on another research DB to look at articles related to the IT solution you are acquiring and share the analysis on key vendors, product trends, and market potential.
6.In Week 5 lecture notes, under the heading Commercial Acquisitions, there are references to three readings. Determine if any of them apply to your project. If so, why? If not, why not?
NOTE: This is a research paper, not a Q&A session. The questions above are intended to be used as guidelines for your research paper.
Additional format information about this research paper:
◾Double spaced
◾Word count only applies to the body of the paper, excluding title page, abstract, & references
◾Cite at least twelve (12) references
As a minimum, the research paper will include the following areas:
1.What is the background of your problem statement?
2.Why did you select the specific problem statement?
3.The decision to perform an acquisition is heavily influenced by how it relates to the strategic business goals of an organization. Explain why you think the acquisition you are detailing in your submitted Activities potentially supports the strategic business goals of the organization.
4.Risk analysis is a critical part of the acquisition process and is often not done very well. Looking back at the risks you identified for your submitted project, which ones do you believe would be most likely to be identified and accurately measured and which ones either less likely to be identified at all or measured correctly. Explain why. Does your analysis allow you to draw general conclusions on the type of risk that would be likely to be overlooked or mis-analyzed in future projects you might work on?
5.Many scenarios submitted for your alternative solutions included either a COTS product or a SaaS based solution. Gartner is a top analyst that provides great insights on IT solutions across a wide range of business needs. Go to http://www.gartner.com/technology/home.jsp or leverage on another research DB to look at articles related to the IT solution you are acquiring and share the analysis on key vendors, product trends, and market potential.
6.In Week 5 lecture notes, under the heading Commercial Acquisitions, there are references to three readings. Determine if any of them apply to your project. If so, why? If not, why not?
NOTE: This is a research paper, not a Q&A session. The questions above are intended to be used as guidelines for your research paper.
Additional format information about this research paper:
◾Double spaced
◾Word count only applies to the body of the paper, excluding title page, abstract, & references
◾Cite at least twelve (12) references
Commercial Acquisition
Name
Institutional Affiliation
Abstract
The research paper outlines the security and privacy of data and other related issues that arise during the commercial acquisition of cloud computing platforms. The most concerned issue is the privacy and the security of data, which is a major concern in the current technology. The goals and objectives of any IT organization are to maintain the security of the systems. The security revolves around data privacy issues and the security of the systems. The paper outlines the risk analysis process, which includes factors such as the analysis of various threats and risks such as policy and organization risks, legal risks, and technical risks. The alternative solution is to integrate other services such as Software-as-a-service (SaaS) to help in reducing the issues that are related to the management of data.
Key Words: Risks, Cloud Computing, Software-as-a-service, data privacy, security
Security and Privacy of Data of Cloud Computing in
Commercial Acquisition
Introduction
Cloud computing is a model of enabling convenient on-demand network access to a shared pool of network resources which are configured. The resources include networks, servers, storage, services, and applications (Levchuk, 2018). Cloud computing has been evolving with the change in technology. It is also termed as evolutionary or revolutionary. The technology has increased pressure on the federal government to find solutions on the existing problems that affect the citizens (Bodenheimer, 2012). The process is facilitated through the commercial acquisition of cloud computing technologies. The contractors and the federal government are the processes of traversing from the traditional IT systems to cloud acquisitions. However, the challenges involve maintaining the acquisition practices, cybersecurity rules, as well as cloud technology. The factors remain constant during the process of commercial acquisition.
Problem Statement
The complexities of commercial acquisition majorly lie on the acquisition process and information security. Cloud computing takes several forms, which includes requiring acquisition methods and the security safeguards that are tailored in a particular type of cloud chosen by the acquiring parties (Tanriverdi and Uysal, 2011). On the other hand, there is a need for consideration of economic factors which fuel the rapid spread cloud, time spacing, evolution of standardized acquisition and security programs in the public sector. Security continues to be a major concern in the field of cloud computing. Therefore, there is a need to magnify the challenges of adapting evolving security programs. The acquisition of cloud computing in the public sector is still new territory for various participants, such as agencies and contractors. The area of commercializing cloud computing has not been explored over several years, and therefore, it becomes a challenge for many stakeholders. The data security and security of information are important considerations due to the rising cases of cybersecurity. The drivers of commercial sectors and other parties are required to participate in several programs that ensure that the process is successfully implemented and integrated. If the problems are not addressed, then the process of acquisition may not be successful. On the other hand, the transition from the private sector to the commercial sector is an uphill task. Most of the concerns revolve around budget and cost-cutting pressures.
Reasons for selection of the problem statement
The change in technology and the rising issues on the security of cloud computing technology is a major concern in the commercial sector. Companies are more concerned about the security of the systems due to rising cases of cybersecurity. In the current world of technological change, and with the invention of new technologies such as cloud computing there are increased threats on the data that operates on the platform. The commercial acquisition means that the company will have expanded and hence, there is an increase in vulnerabilities. There is a security consideration in government acquisition of public cloud services (Liu et al., 2011). Organizations are on the verge of assessing the viability of their infrastructure in adopting cloud-based services. Therefore the solid transition methodology is implemented for a solid transition that encompasses the transformational lifecycle. The acquisition process is only successful if it meets the desired goals and objectives of the business. Additionally, the field of commercializing the cloud services are relatively new in the market, and therefore, there several issues that revolve around the security of the systems which are raised. The process must also conform to international standards and some conventional standards across the vendors and the industry (Krutz and Vines, 2010).
Strategic Business Goals
The decision of performing the acquisition process is greatly influenced by how it aligns to the strategic business goals of the organization. The goals of many organizations in the commercial sectors are to provide and deliver efficient services to the public and ensure the protection of data of the customers and the citizens (Altunbaş and Marqués, 2008). The other goals involve the need to cut the cost of operation and increase in the efficiencies of services. For instance, the implementation of cloud computing platforms such as virtualization helps in cutting the cost of computation by 50% as well as savings gains from lower infrastructure operational costs (Bodenheimer, 2012). The objective of the federal government is to escalate the commercial sales. The increase in global competition has increased in demand for new technologies and competition such as cloud computing. The process increases pressure on the federal government to implement cloud computing technologies. On the other hand, it is within the federal law through various acts that the federal agencies should acquire commercial items that benefit the public (Jansen and Grance, 2011).
Effective information security is one of the major concerns of successful cloud computing in several agencies. The commercial agencies have an obligation of ensuring that the security of data on the cloud computing platform is maintained. The security of the system is enhanced by developing cybersecurity standards for cloud acquisition. However, some of the security issues are generally influenced by the implemented brings about security concerns (Wyld, 2010).
Risk Analysis
Risk analysis is a fundamental concept during the acquisition process. The most common types of risks that are likely to occur are the policy and organizational risks, technical risks, and legal risks (Popović and Hocenski, 2010). The policy and organizational risks involve lack of existing technologies, and standard solution for integration, lack of transparency of development and terms of use, among others. The areas that are most likely to be affected include the company systems, sensitive commercial data, and real-time service delivery. Technical risks involve several areas which include inaccessible to the service, lack of agreement of access control, likelihood of economic losses, and reputation. The other areas of concerns during the acquisition of cloud computing technologies are the presence of multiple ownership and resource sharing. The storage and networks are shared among the users, which increase risks such as the failure of separation mechanisms between the storage resources, memory failure, among others. The legal risks that might arise include lack of source of separation, lack of transparency in the storage of data, lack necessary information (Pearson and Benameur, 2010). The areas which are likely to be affected by legal risks are the reputation of the company, confidence of the customers, and personal data. Technical problems are likely to be identified easily and accurately measured because they revolve around physical resources such as hardware and software. The less likely risks to be identified are legal risks because of several laws that govern acquisition. The types of risks likely to be overlooked are legal risks due to change in technology that requires new legal measures.
Solution
The solution to reducing the security of the system is the integration of the Software-as-a-Service, which is one of the technologies that is widely used in cloud computing (Soufiane and Halima, 2017). The organization should adopt technology to increase the security of data and confidentiality. The process is accomplished by enhancing the security of data through the backup, data storage, availability, and authentication (Zhang, Cheng and Boutaba, 2010). In implementing the SaaS system, the following security features are considered: data security, network security, location of data, data integrity, and access of data, authentication, data confidentiality, availability, and backup (Craciunas et al., 2010).
References
Soufiane, S., & Halima, B. (2017). SaaS Cloud Security: Attacks and Proposedsolutions. Transactions on Machine Learning and Artificial Intelligence, 5(4).
Craciunas, S. S., Haas, A., Kirsch, C. M., Payer, H., Röck, H., Rottmann, A., … & Sengupta, R. (2010, June). Information-acquisition-as-a-service for cyber-physical cloud computing. In Proceedings of the 2nd USENIX conference on Hot topics in cloud computing (pp. 14-14). USENIX Association.
Tanriverdi, H., & Uysal, V. B. (2011). Cross-business information technology integration and acquirer value creation in corporate mergers and acquisitions. Information Systems Research, 22(4), 703-720.
Altunbaş, Y., & Marqués, D. (2008). Mergers and acquisitions and bank performance in Europe: The role of strategic similarities. Journal of economics and business, 60(3), 204-222.
Jansen, W. A., & Grance, T. (2011). Guidelines on security and privacy in public cloud computing.
Wyld, D. C. (2010). The cloudy future of government IT: Cloud computing and the public sector around the world. International Journal of Web & Semantic Technology, 1(1), 1-20.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), 7-18.
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., & Leaf, D. (2011). NIST cloud computing reference architecture. NIST special publication, 500(2011), 1-28.
Bodenheimer, D. Z. (2012). Cloud Computing Acquisitions & Cyber security. Briefing Papers, (12-11), 20.
Popović, K., & Hocenski, Ž. (2010, May). Cloud computing security issues and challenges. In The 33rd International Convention MIPRO (pp. 344-349). IEEE.
Pearson, S., & Benameur, A. (2010, November). Privacy, security and trust issues arising from cloud computing. In 2010 IEEE Second International Conference on Cloud Computing Technology and Science (pp. 693-702). IEEE.
Levchuk, K. (2018, December 31). Three Acquisitions In 2018 To Impact 2019’s Tech Landscape. Retrieved from https://www.forbes.com/sites/cognitiveworld/2018/12/30/three-acquisitions-in-2018-to-impact-2019s-tech-landscape/#7ab17338353e
