Cybersecurity methods: SWOT Analysis
Method 1: Access Control solution
Strengths of this method
Access control is a vital component of data security in cloud computing. It dictates who is allowed to access and use the company resources and information. Through authorization and authentication, the access control standards and policies ensure that users are correctly identified through login credentials such as passwords, biometric scans, usernames, and passwords (Colombo and Ferrari, 2019). Therefore, access control helps to limit access to users’ data and this is a key strategy that can help to enhance the privacy of data and information that is stored by an organization through its cloud servers. In any organization, access control helps to secure an organization’s confidential information such as intellectual property, customer data, and personally identifiable information from getting into the wrong hands (Hasbini and Tom-Petersen, Jordan, 2017). It is most effective with organizations that are uses hybrid and multi-cloud computing systems that data, resources, and applications in the companies’ hardware systems and their cloud servers.
Weaknesses of this method
The access control method is limited by insider threats. Despite the methods being effective in keeping off third-party users, rogue employees can still leak the login credentials to the wrong individuals and organizations (Colombo and Ferrari, 2019). In the US, insider threats are on the rise due to high employee turnover in many organizations across the country. Employees or leaders who retire or quit their jobs often end up selling their former companies’ information or access credentials that make it easy to access and steal or tamper with the users’ data. Therefore, Valenzano (2014) notes that insider threats may render access control useless.
Another challenge with access control is hacking. Even though organizations may try to control and monitor people who access data and information from their systems, hackers have also taken advantage of modern technology to develop powerful anti-software tools that crack almost every system (Hasbini and Tom-Petersen, Jordan, 2017). Examples of this software include intruder, Nets parker, and Nmap.
Opportunity
With increasing technology, companies can test their access control strategies. Ethical hacking allows companies to organize hacking drills on their systems to test their effectiveness and their employees’ level of preparedness (Valenzano, 2014). This is crucial as it may help companies to identify the gaps in their systems and enhance their access control strategies. Furthermore, access control also allows companies to disable the accounts of employees who leave their companies or change the login credentials including passwords and encryption protocols. Therefore, companies can still secure their systems despite the threats from insiders and hackers.
Threats
Increasing cases of insider threats and hackers threaten the integrity of access control methods. Nowadays, it is very difficult to determine who to trust with the company’s information. Access control methods cannot be effective if employees lack self-control, transparency, and ethics. It has become difficult to trust employees with critical business information (Valenzano, 2014).
Method 2: Compliance by the third-party vendors
Strengths of this method
Increasing security concerns on cloud computing have forced many organizations to use the third party-vendors to secure the users’ data (Shaverdian, 2019). The use of third-party vendors helps to eliminate common cloud computing such as insider threats. The third-party companies help to monitor a company’s security system and therefore, it becomes difficult for rogue employees or third parties to access the users’ data and a company’s classified information such as its IP rights. One of the strengths of using the third party method is its third-party risk management program (TPRM). The TPRM involves the third-party company and the host organization creating a risk management program that addresses all the risks from both sides (Li and Xu, 2021). Therefore, the TRPM helps the third party company and the host organization to create monitoring programs and remediation plans that help to manage all the possible risks that may affect the integrity of the users’ data and the privacy of the company’s vital information.
Furthermore, the TPRM is crucial is it assesses the internal controls of the host company to test their effectiveness and utilize the current software to fend off any risks and threats and create a strong security program (Shaverdian, 2019). Using the TPRM, this factor is made possible through the help of proper technological tools such as automated monitoring, prompt alerting of any threat, and tracking of high-risk behaviors within the company. Therefore, these tools help to keep the third-party program ahead of other methods.
Weaknesses of the method
The main weakness of third-party solutions is a lack of control. By using this method, all the security procedures and protocols are controlled by the third-party company. Although it may seem to be effective at enhancing the security of the users’ data, it also prevents large-scale organizations from expanding their cloud-computing protocols (Li and Xu, 2021). Most organizations often want to expand their cloud computing servers to have both private and public cloud computing. Once an organization selects the third-party method, other options are not allowed.
Opportunities
The third-party method is the best option as it allows organizations to draft security maps to identify the strengths and weaknesses of both parties. Therefore, it gives organizations a chance of testing their security systems and protocols to determine their effectiveness and also address the gaps that exist in the systems (Shaverdian, 2019). Using the third-party solution, the challenge of hacking or insider threats is almost zero since the entire security system is controlled and managed by a third-party organization.
Threats
An organization may not have much control over the security systems and security protocols since the entire work is undertaken by a third-party company. However, if the security system of the third-party company also fails, the host organization is also likely to lose valuable data and information (Li and Xu, 2021).
Method 3: employee data security and awareness training
The strengths
Employee training and awareness are crucial in equipping the employees with the necessary skills to handle all the security challenges on their cloud systems. It gives employees a chance to effectively monitor the company systems and respond to any security alerts that may arise from both internal and external environments (Khando et al., 2021). With data security and training awareness, it becomes easy for employees to enhance a company’s private information and also secure the users’ data.
Weaknesses
No matter how good the data security and awareness security training might be, this method is still challenged by the increasing cases of insider threats and hackers. Since the company’s employees may still be in charge of its systems, they are likely to leak the company’s vital information to rivals or unauthorized people (Khando et al., 2021).
Opportunities
Training programs help employees to learn how to be ethical when handling the users’ data. They learn new methods and tactics they can use to secure the company’s data and also protect the users’ data. It is also among the ways that organizations use to hone their employees’ skills in responding to emergencies (Li et al., 2019).
Threats
This method is costly and it may take long before the employees acquire all the skills that are necessary to protect the company’s systems and cloud servers. Furthermore, hackers usually evolve their skills almost all the time and therefore, this method may not be effective at eliminating future or long-term security threats from an organization (Khando et al., 2021).
Conclusion
In conclusion, using a third-party solution is the best method that any organization can adopt to enhance the security of its systems and cloud servers. This method gives helps an organization to have a clear map regarding the strengths and weaknesses of its systems and the security protocols that need to be followed to secure the users’ data and information. In a third-party solution, the risks of internal threats and hacking are almost zero and hence, this method may be effective is effective in protecting the users’ data.
References
Colombo, P., & Ferrari, E. (2019). Access control technologies for Big Data
management systems: literature review and future trends. Cybersecurity, 2(1), 1-13.
Hasbini, M. A., Tom-Petersen, M., & Jordan, D. (2017). The Smart Cities Internet
of Access Control, opportunities and cybersecurity challenges. Securing Smart Cities.
Khando, K., Gao, S., Islam, S. M., & Salman, A. (2021). Enhancing employees
information security awareness in private and public organizations: A systematic literature review. Computers & Security, 106, 102267.
Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the
impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13-24.
Li, Y., & Xu, L. (2021). Cybersecurity investments in a two-echelon supply chain
with third-party risk propagation. International Journal of Production Research, 59(4), 1216-1238.
Shaverdian, P. (2019). Start with trust: utilizing blockchain to resolve the third-party
data breach problem. UCLA L. Rev., 66, 1242.
Valenzano, A. (2014). Industrial cybersecurity: improving security through access
control policy models. IEEE Industrial Electronics Magazine, 8(2), 6-17.
