Information Security of Amazon,com - Case Study Example

?Information Security - Amazon.com Table of Contents Table of Contents 2 Information Security 3 About Amazon.com 3 Current business issues on Information Security 4 Solution for various issues on Information Security 7 Recommendations for the Executive Committee 9 Reference 10 Information Security The protection of availability, integrity and privacy i.e. the process of protection information is called Information Security. With the advancement in the technology the companies are storing information at database much more than before. This information is highly confidential and needed to be protected with better security system to prevent public viewing. Many businesses are solely dependent on storing information on the database. The details regarding the employee workings, salaries and the Banking activities are carries out through storing it into the database under strong security to prevent access from unauthorized access. Not only the firewall and the antivirus system provides security to a system but the system design is also needed to be done in such a way so that it provides strong security system to be decoded by the hackers and break the security. Several viruses can be planted to a system which can erase all data in a minute and even certain hard-wares can be used which can bypass the firewall and enter into the system. The login information provided at different sites for transaction process are needed to be very secured otherwise there can loss of information and hackers can steal information for unlawful activities which can incur huge loss for the account holder both in terms of monetary and data loss. For certain issues like banking system and network activities the system should be highly secured as lack of security can cause huge loss money along with data. About Amazon.com Seattle, Washington based fortune 500 company Amazon.com is the leader of e-commerce business process globally. In the year 1995 Jeff Bezos started Amazon.com and then expanded gradually with wide range of products and services with international sites and strong network and customer service worldwide. Amazon.com claims to be the Earth’s most customer centric online service company who can provide anything that the customers’ need and they provide the lowest price possible in the market. With a diversified product line ranging from new, refurbished and also used items in various categories like jewelry, gourmet, apparel, books, music, toys, personal care electronics etc Amazon.com provides the solution for all under one roof (Rappa, 2010). The company operates sites at different parts of the world like United Kingdom, Japan, Canada, Germany, Italy, France and at China. The technological innovation and the growing trend in the internet industry give a great advantage for the company to innovate new features in to the site. The website provides the special search engine feature for its different items for a more customized search and helps a more easy buying process for the customers. The new AWS (Amazon web services) gives an end-to-end security and privacy in the cloud computing world for the customers and provides a more sophisticated approach than the single data center. With the new innovations day by day the company plans to expand into more geographical regions in coming years and build relation with more sellers and shoppers and implement a more secured e-commerce system for the customers (Amazon.com, 2011). Current business issues on Information Security Amazon.com follows the cloud computing technology which is the modern trend in the e-commerce system. It gives the flexibility for the company to expand its business and get connected to a larger mass of people with the development facility of the different application for different devices (Amazon Web Services, 2010). Figure 1: Cloud Computing (Source: India Current Affairs, 2011) But this cloud computing technique of Amazon.com has several security issues which are needed to be evaluated by the company for a more secured information security. Broadly these can be divided into 5 issues which are as follows- 1> Data in control of Amazon Amazon database is stored into a remote server and no one knows where it is stored. The personal data were accessible by Amazon only and the host server but this can be a serious concern if it contains some sensitive data. If any day Amazon goes out of business or the host server does not continue its business with Amazon then these data are lost from Amazon and are into the hand of the third party. These data can be sold or shared by the third party to other parties which can be serious threat for the individuals. 2> Weakly secured Amazon Simple Storage Service Amazon simple storage service or the Amazon S3 is the storage technique for the internet. It eases out the web scale computing for the developers. This type of computing gives several functionalities like read, write and also delete objects to certain level but on the other hand can store unlimited amount of data into the site (Amazon Web Services-a, 2010). Though the S3 model provides all the security it needs to be secured but the technique of unencrypted data storage into the system can cause serious problem if the bucket is left enabled to public access accidentally. This lack of encryption can be a serious threat if the data are exposed to the intruders by any chance. 3> Different perimeter security in cloud computing Though the security in cloud computing is not bad but the perimeter security system is different than the traditional system. Here the multiple network system are not managed by a firewall instead in this type of architecture there is security groups which permits one server to access in multiple groups. Here access can be blocked between two servers under same security groups. But all these are done through Amazon’s security system and no software based firewall system can be implemented by anybody into the network according to the terms and policies of the company. 4> Auto Scale Problem For the demand of the technological advancement the cloud provides an auto scaling feature of the Elastic Compute Cloud which automatically scales the EC2 up and down according to the defined conditions. Auto scale can be useful where there is variability in usage in hourly or weekly basis but for instance if an intruder launches an attack of distributed denial of service which will not actually make the service unavailable but will generate several instances which will eat up lots of bandwidth for which Amazon will have to pay but will generate no revenue for the purpose. This can be serious threat for the company to manage. 5> New potential threat to Virtualization The new technique of using virtualization in all respect like hardware, software and network virtualization potentially gives rise to new threats to the customers using the guest OS of Amazon system. An intruder can attack anybody in the process as they have no clue about which server was attacked in particular or cannot know the operating EC2 server for the launch of the malicious instances. Solution for various issues on Information Security For the cloud computing environment the first thing the company should look takes care of is the encryption system, backup policies, credential managements and the procedures of the whole system. The encryption system provides very well protection against any third party access to the data. But this encryption procedure should be implemented in a very tactful way otherwise it will be in vain. The SSL (Secure Sockets Layer) is not enough to be implemented on the web server but all the data at the entry level needs to be encrypted in the network traffic or S2 storage and also in the file systems. The SSL system encrypts data using two keys private and the public key encryption procedure. But it can be decrypted through strong hacking process. Thus personal encryption and decryption keys at every level are very important for the unintended access to sensitive data. The data provided at Amazon database are not secured enough so it needs a backup system for the entire application out of the cloud into another database or any other hosting infrastructure. There are various other security measures for the cloud computing architecture. These can be pointed as follows- Solution for accessibility Filtering of unused services is required. They should be shut down and the patches are required to be updated and reduce the permission and access rights to the users. Solution for Authentication Encryption and static IP should be maintained at all level so as to avoid IP spoofing. If dynamic IP protocols are used then it should be properly logged in into the Address Resolution Protocol tables. Solution against data verification and theft Resource isolation is very important for data verification and to keep safe against theft. There is no way to know whether the data once deleted are surely deleted from the database or not. It can be used by providers at later stage for any other unknown reason. Thus proper data verification and isolating the data from them is important to keep it secured and delete the data completely when ever required by the customer. Solution for Privacy and Control If the company is not able to pay the bill for using the resources of the third party then it’s a serious problem for the customers as they might lose sensitive information to the party. Thus very strong SLAs i.e. Service level agreement should be done between the parties to maintain the privacy and control over the data. The agreement should give the permission to the company to take back data stored in the database of the provider if they don’t continue any farther business terms and the company should get access to the complete information stored in the providers system. These are the few issues which are needed to be improved for a more secured system in the clouds which is followed by Amazon.com. The issues in cloud computing are mainly due to the third party inclusion which are needed to be very well evaluated before giving the responsibilities in their hand. Amazon should also evaluate the effectiveness of their EC2 architecture for the efficient use of resources. Recommendations for the Executive Committee With growing technical improvements in the IT industry Amazon should ensure the customers that they have the best security practices with the providers and the cloud customers are safe in doing any transactions over the network. This will help the customers for a more sound business decisions. Amazon should also evaluate the legal issues with the providers for granting full access to the information stored in their database. So that in future if the technological changes take place or there is any discontinuation of deals with the providers they should get back all the secured data in their system without any difficulty and threat to the customers. The processes carried out in the network should also be tracked and monitored by the company for any fraudulent activities which might grow day by day in future with more innovative technologies in recent future. Reference Amazon.com, (2011). About Amazon. Retrieved on June 14th 2011 from http://www.amazon.com/Careers-Homepage/b/ref=amb_link_5763692_1/176-8923937-7619905?ie=UTF8&node=239364011&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=left-4&pf_rd_r=03PXDS4PXA41KH0P9TDS&pf_rd_t=101&pf_rd_p=1298548502&pf_rd_i=239364011. Amazon Web Services, (2010). Amazon Web Services: Overview of Security Processes. Retrieved on June 14th 2011 from http://aws.amazon.com/articles/1697?_encoding=UTF8&jiveRedirect=1. Amazon Web Services-a, (2010). Amazon Simple Storage Service (Amazon S3). Retrieved on June 14th 2011 from http://aws.amazon.com/s3/. India Current Affairs, (2011). Cloud Computing. Retrieved on June 14th 2011 from http://indiacurrentaffairs.org/wp-content/uploads/2011/02/cloud-computing1.gif. Rappa, M. (2010). CASE STUDY: AMAZON.COM. Retrieved on June 14th 2011 from http://digitalenterprise.org/cases/amazon.html. Read More