Please note! This essay has been submitted by a student.
IT Governance can be described as the set of processes that can ensure the effective and efficient use of IT which can deliver the organization to deliver its goals. This paper describes about the IT Governance concepts that enables the organization leaders to look at the progress of the project at the higher management perspective. Managing cloud-based system and providing security for the data is it self a challenging aspect of the project and this paper proposes the techniques that can avoid the bottlenecks that can be caused to access data as well as discuss about the authentication, access levels and technical issues related to data security with connectivity and network security playing the major role to have all the communications.
IT Governance: IT governance providing a perfect balance between Information Technology and Business functions of the organization. We use a governance framework designed that provide a direction to enhance the performance of the organization (De Haes, 2013).
Security in Cloud Computing: When we start speaking of security, it’s defines a combination of confidentiality, integrity, prevention of unauthorized access, deletion, withholding and disclosure of information. The major issues of security in cloud computing include resource security, management and monitoring. Thinking about cloud security, we should include The most important aspects of cloud security include, data privacy, data protection, data availability, data location and secure transmission. For the all the above threats include data loss, service disruption and outside malicious attacks. Providing data security access control mechanisms for a cloud computing environment can be divided into the following aspects:
Network security: Network security focuses on maintaining the data on the servers over the network.
The layer that is closer data is the Access Right, which controls resources which is the information and what users can do with that information, this control also applies partitions, folders and files. The next layer is the most common and effective method of network security which is Password/Login. Commonly used security layers in network servers The administrator has full access and controls user activity. The next layer is the Data Encryption which is done with a certain algorithm which encrypts the data into public key and private keys and even in a case of data loss, the hacker would not be able to decrypt the data without the encryption key associated with the data. The last line of defense is the Firewall protection which prevents intrusions and filters unwanted packets. A firewall is usually should have the following basic functions: should have the following basic functions:
The network traffic can be controlled by inspection of a packet which is the process of handling the data based on the access rules for incoming and outgoing traffics.
Packet filtering: The firewall operates with a TCP/IP protocol and works with an algorithm to split data, we receive data from the packets by running the protocols. (Telnet, STMP, DNS, SMNP, NFS). Using stateful firewall products CISCO PIX A firewalls improves the overall performance of the firewall.
Sample packet information described in the image below:
Physical security: Setting up physical security measures such as Infrastructure security, Access levels for certain users and physical security level for access of working floors in the data center. Use biometrics for access to determine the access levels for the users who access the patient level data as well the data from the claims. Setting up surveillance cameras for the highly compromised data can be suggested to reduce suspicious activity from the employee within the organization. Provide relevant training materials for the employees to with stand spoofing emails that would always end up in the mail box.
Summary: With the above techniques and concepts, the application level security can be obtained and physical security having to be the main and first line of defense for any physical threats that the organization can have. The next step is taking the application level security taking all the hackers and phishing attacks into consideration the application is built robust enough to withstand any kind of internal as well as external attacks.