Amazon - Risk Assessment - Case Study Example

Risk Assessment Proposal and Report Introduction The study on risk assessment would be conducted on Amazon.com Inc., an emerging and fastest growth online store based in Washington, U.S. The company has set benchmarks for being the largest online retailer in the U.S. and one of the biggest online stores throughout the globe (Amazon, 2013). Furthermore, Amazon has been a market leader in its dimension of addressing as well as mitigating the risks associated with doing a business. Hence, the study would be carried out with the help of secondary findings collected from authenticated websites pertaining to Amazon, which will derive a comprehensive understanding of the risks associated with the company and the steps to be taken in order to mitigate such risks. Research Question The research study would be based on providing solution to the research question of how Amazon can ensure protection of vital information pertaining to the customers and the sellers, which evolve as one of the prime risks or threats for the company. Furthermore, the research study would be aimed at providing an understanding of the key areas where Amazon has been successful as well as such fields that require high level of concentration for availing several significant benefits. Research Purpose The chief purpose of this particular research is to identify as well as assess the threats or the vulnerabilities faced by Amazon while performing different business or operational functions. From a theoretical perspective, threats or vulnerabilities are duly considered to be one of the vital factors affecting business environment, which may hinder the growth and expansion of an organization. Hence, it is in beneficial for the organizations to consider the risks associated with conducting a business and likewise take appropriate steps to mitigate the same. In this regard, risk assessment is referred to as the process, which involves identification of the business risks, evaluation of those risks and formulation of corrective measures to cope with the same (Drissi, Houman & Medromi, 2013). Hence, the research aimed at examining the risks faced by the company that affected its overall performance and also suggesting various ways through which Amazon might respond effectively in resolving such risks. Research Design The research study on risk Assessment of Amazon would be conducted via establishment and description of a number of steps. Initially, after introduction section, the study would provide the readers with a comprehensive understanding about the perceptions of management of risk and risk assessment. The second step in the research study would be to illuminate upon the risks associated with the company and third step describing the importance of risk mitigation. Finally, the research study would outline a brief overview of risk evaluation and assessment with drawing a valid conclusion in the end. Risk Assessment Risk assessment, in short, can be described as the examination of risks associated with conducting a specific business. Specially mentioning, the conduct of a proper risk assessment by a company may lead to its ability of fostering growth by elimination of the risks in business, prior to their occurrence. Risk assessment further allows an organization to ensure that risks can be properly managed whenever they occur and there lays the probability of controlling such risks by following and implementing number of steps (Drissi et al., 2013). Assessment of Risks Faced By Amazon With an increase in the overall market share and holdings, Amazon has become susceptible to a number of risks. In this regard, one of the risks faced by the company can be related to competitive pricing scheme, which used by its competitors including ‘Target’ and ‘Walmart.’ Walmart introduced several products at lower prices than that of Amazon. This could possibly lead to a change of perception amongst the customers regarding Amazon’s lower priced products (Stoneburner, Goguen & Feringa, 2002). With the core aim to gauge the risks associated with Amazon’s networking and computer infrastructure, the cloud computing service provided by the company to the customers worldwide is worthy to taken into concern for discussion. Amazon’s cloud computing services are noted to be the fundamental infrastructure service being provided by the company to the end users that exhibit a number of potential risks. A number of threats are involved in providing cloud computing services to the customers, which possess the innate ability to exploit such risks. With an increase in the overall popularity of the cloud computing services, there has been a rise in the number of risks associated with such services. The basic reason behind high risk involved in cloud computing is the availability and access to huge amount of vital information pertaining to users of cloud computing services that can be easily hacked by the attackers (Stoneburner et al., 2002). Organizations are moving forward towards the development of cloud computing services, and hence, giving rise to number of threats and vulnerabilities associated with such services. With this concern, the research study made an attempt to outline the threats, risks and vulnerabilities associated with computing and networking infrastructure. The possible and known threats that can hinder the advancement and working of Amazon’s cloud computing services might get associated with the existing computerized network base within the company, internet and intranet systems. These remain under a constant threat of being hacked by the potential hackers. One of the threats in relation to Amazon that can possibly affect cloud computing services provides by the company is the reprehensible and neglected use of such services. Neglected use of such services that secure vital information pertaining to users can lead to loss and theft of personal, financial and corporate data. Apart from this, inattention in performing and carrying out specific roles while operating services can also act as a major threat for Amazon, which can consequently lead towards creation of mistrust amongst the customers (Stoneburner, Goguen & Feringa, 2002). Another potential threat or vulnerability, which can obstruct the infrastructural mechanism of Amazon, is the employees and tools employed for performing their respective job responsibilities in the context of providing maximum quality services to the customers. In case, the software and tools used for providing the services are found to be malicious in nature, it can act as a potential threat for the company and likewise hinder the functioning of such services. The use of corrupted or malicious database and software while providing services can also act as a key factor, which deters the provision of services being offered to the users. Another possible threat that can hinder the overall computing services of Amazon is insecure interfaces of application and programming software. The application as well as the programming interfaces that enable a user to connect and make use of the company’s online services can get interrupted in case of intrusion make by an external factor such as virus that can lead to malfunction of the cloud computing services. Furthermore, an improper interface could possibly lead to an insecure data connection. Another potential threat that can lead to the disruption of the computing services is the sharing of technology by Amazon with others in order to ensure smooth flow of information. A number of threats such as synchronization of the data from other applications and software that make the services accessible to the users could possibly lead towards disruption of valuable information (Bisong & Rahman, 2011). The next major threat or vulnerability, which can hinder an organizational infrastructural and computing service, is the loss or theft of data. As a majority of the tasks pertaining to cloud services is performed over the internet, it may lead towards conducting hacking by the professionals. It will be vital to mention that the hackers might try to overpower the services that may lead to faulty and disrupted ones. Hackers, for their personal benefits, might extract, exploit and share valuable information pertaining to computing and infrastructural cloud services. In addition, the non-availability of adequate data protection software might hinder the overall performance of the cloud services. In response, antivirus might play a key role in mitigating such threats; however, loss of potential information does not occur only because of presence of viruses. A threat might also occur in case there exists an insecure encryption as well as decryption of data based on which, transactions and quality cloud services are performed (Paidi & Rao, 2013). The next threat, which can be duly considered as affecting the entire business operations or performances, is hijacking of the accounts associated with the users. Hackers might hack users’ account, their passwords and personal mails that can lead to transfer of control of the operations from the hands of the users to the hackers. Apart from hijacking the online accounts and dispersing users’ information, hackers may perform hacking over the cloud services. One of the recent examples of cloud storage hacking was the celebrity photo hack done by the hacker over Apple’s cloud service. Apart from hijacking personal accounts and online services, hackers might posses the ability to create threats by hacking the traffic services amongst the users and their access to online services (Drissi, Houman & Medromi, 2013). A major threat that can hinder Amazon’s network is the disruption in the flow of information and traffic amongst the users and the websites. Users might involve themselves in making use of online services for varied purposes; however, this might lead to sharing of vital information with the users such as personal mails, data and financial data amongst others. Hackers might develop strong tools that may be able to capture such information by decryption of data over the websites. Antivirus or systems that have the innate abilities to restrict the flow of information to outsiders might not be able to wipe out the problems of hacking. Similarly, users may also play an imperative role in developing threats, as these might install third-party applications to establish connections between themselves and the cloud services. Unknown risk profile may be another factor that may lead to initiation of threats. Risks concerning online computing based services may arise at any point of time, which may be incompatible with the available resources to defend threats. The risks and the threats associated with Amazon’s cloud services might require the company to develop or else take assistance from third-party software developers to counter the same (Bisong & Rahman, 2011). The threats discussed above might evolve number of risks associated with Amazon’s online computing and infrastructural services. Risks may be a result of negative consequences based present and future circumstances that are associated with providing services to the customers. In relation to infrastructural security, a potential risk is the collapse of overall integrity of vital information, its confidentiality levels and its availability to the users. The risks might create a negative impact upon the users and also hinder the ability of the organization to deal with such problems (Marx, 2013). Apart from the aforementioned factors, risks might get developed because of inability to secure critical data pertaining to the users. One of the potential threats to Amazon, which can hinder the performance of the organization and its cloud services, is the safety of intellectual data and property from the outsiders. In addition, a major risk that can be associated with the Amazon’s online services is disclosure of trade secrets at any point of time. Inability to maintain proper record of information, particularly the ones that require high level of attention and the use of which might get restricted to internal office floor, may act as a potential risk for Amazon (Paidi & Rao, 2013). Besides, a potential threat pertaining to computer infrastructure and data sharing on internet is reckoned to be the access of outsiders to personally identifiable data. Another risk that can lead to emergence of potential threat is the absence of visibility to backup as well as storage processes and the inability to gain physical access to the online services that offer by Amazon. In addition, risks associated with infrastructural facilities and cloud computing services of Amazon may possess the inability to access and delete vital information of users, as information about the users may be stored at a single place in the form of online cloud service (Bisong & Rahman, 2011). Vulnerability to threats is another factor that might be considered while designing appropriate solutions to the identified problems. This can be duly considered as one of the potential weaknesses, which may lead towards the formation of threats. Vulnerabilities can be exploited by others leading to damages in online infrastructural systems of Amazon. The possible vulnerability for Amazon that can hinder its ability to provide quality online storage services to the customers is eavesdropping perform by hackers for obtaining valuable information related to users by using several techniques. One of the vulnerability factors is hacking technique used by professional hackers, who may acquire, exploit and share valuable information pertaining to the users. Another vulnerability to Amazon’s online services is the crash or loss of huge database, as in cloud services, information of several users is stored on a single database. This further increases the vulnerability of information being shared to the hackers, who get complete access to multiple user databases (Javadi, Dolatabadi, Nourbakhsh, Poursaeedi & Asadollahi, 2012). Apart from the above mentioned vulnerable factors, Amazon’s known vulnerable threats are use of third-party malicious applications for providing services to users and data cracking by the users. Furthermore, Amazon’s known vulnerability include the ability of the users to locate data about a specific user and use of several techniques such as ‘denial-of-service attack’ to gather all resources pertaining to users at a single point of time. In addition, the possible weaknesses and vulnerabilities of Amazon might inculcate the inability of the customers to gain access to valuable information (Paidi & Rao, 2013). Ways to Mitigate the Identified Risks Several steps can be taken by Amazon to ensure that the risks associated with its online computing services are lowered to the maximum possible extent. It must be ensured in this similar concern that the risks are controlled and managed in a proper manner for successful transfer of information and data pertaining to the users. Hence, Amazon can adopt a number of steps to mitigate the risks that have been found during risk assessment. One of the possible mitigation strategies that can be undertaken by Amazon is the risk assumption factor. Risk assumption refers to accepting potential risks associated with IT system and implementation of potential security measures such as software that would reduce or restrict the external forces (Cloud Standards Customer Council, 2012). Apart from the above specified context, Amazon can establish an environment that would possibly lead to an increase in the flow of communication with the users in a more comprehensive manner. More importantly, the company can establish a secure connection by proper encrypting and decrypting of data and available information in relation to the website. In addition, it must be ensured by Amazon that appropriate steps are taken to ensure reinforcement of internal security standards. The company must focus on developing and establishing firewalls as well as anti-viruses to restrict the flow of information to the external parties such as hackers. Furthermore, to mitigate the risks prior to their rise, Amazon must keep a close watch over the internal functions of the employees, as a part of internal risk assessment. This would require Amazon to monitor the activities performed by the employees regularly who are authorized to deliver the respective services of the company to the customers. It order to mitigate the risks associated with internal processes, it must be ensured by the company that a higher degree of inspection is conducted along with providing quality training to the employees, developing the ways of handling valuable information and having a stricter control over access of relevant data (Cloud Standards Customer Council, 2012). Furthermore, Amazon, in the context of responding and mitigating the threats associated with work factors, the company must take steps towards restricting the information and making use of third-party applications. Risks associated with security measures must be prohibited and ensured that the data as well as the transactions are being monitored apart from conducing data encryption along with decryption. With providing security services to the customers, the company must ensure that security measures are extended to mobile devices and protection is provided to the users who access cloud services over mobile phones. Security checks must be made in order to ensure that devices providing online services to the users are not vulnerable to others (Chandran & Angepat, 2010). An additional security layer, which would ensure that the data pertaining to users’ password and personal information are safe, must be added to the mobile devices. This practice would certainly allow the users to conduct varied purposeful transactions. A notification service must be enabled by Amazon, which would allow the concerned parties to gather knowledge regarding the privacy concerns such as the log-in and log-out times. Equipments or software used for providing required services to the customers must be security checked and the security for cabling is ought to be enhanced. Furthermore, outdated assets that can create potential risks for the users as well as the company must be removed and ensured that valuable data is eradicated from online database (Paidi & Rao, 2013). Apart from the above discussed factors that can lead towards mitigation of risks, creation of a backup feature can possibly result in securing data and making it available to the users in case of data loss. Creation of backups can further lead towards segregation of information and maintenance of separate databases for every customer. This would ease Amazon to provide required data to the users and improve the effectiveness of the policies concerned with providing maximum satisfaction to the customers of cloud services, thereby improving the overall security measures of Amazon (Paidi & Rao, 2013). It is worth mentioning that Amazon could also adopt certain steps for mitigating the identified threats or vulnerabilities risks. Such steps included ensuring effectual authority mechanism and flow of communication while providing quality services to the users. Moreover, Amazon can ensure that the risks are mitigated by introducing a proper reporting mechanism and implementing a business process within the organization. Policies associated with privacy of information and valuable data must be enforced upon the existing policies, which would ensure that there does not arise any short of problem affecting the entire performance of the company. To control the external factors, Amazon must assure itself regarding the development of cloud networks, apart from implementation of security requirements that need to be considered in the process of exiting from user accounts (Bisong & Rahman, 2011). Risk Mitigation Approaches Used by Amazon In accordance with the factor concerning risk assessment, Amazon, through the establishment of ‘Amazon Web Services’ (AWS), has tried to analyze the risks and thus adopted certain effective steps for eliminating the same. Justifiably, the Management Committee at Amazon has set up a ‘strategic business plan’ with the core aim of identification of potential risks as well as execution of steps to avoid and manage emerging risks. For ensuring that the risks are being properly managed, AWS made deliberate efforts in making quality assessment of the strategic plan. Furthermore, AWS attempted to consider the fact that the plan inculcates the ability to counter the modern-day and potential risks in future. The company intended to make sure that the risks are evaluated on a timely basis, which fall under the dimensions of responsibility and devise solutions to mitigate the business or operational risks (Amazon. 2013). In addition, Amazon has also created an environment control mechanism, which is concerned with the assessment of various internal as well as external risks. Furthermore, Amazon’s Compliance as well as security departments concerned with risk assessment have introduced a security framework and information security system, which outlines the policies associated with managing risks. The policies concerned with the assessment of risks are based on Control Objectives for Information and related Technology (COBIT) framework, which further accompanied by Amazon’s integration into ISO 27001 certifiable framework (Amazon Web Services, 2013). In order to ensure that the security standards associated with risk assessment are set to the highest standards, Amazon must ensure that its security policies are developed to the highest levels. Notably, Amazon is involved in providing quality training to its employees concerning various risks associated with its business or operational environment and performing security checks over its applications and supporting websites through internet medium. More vitally, the company tried to safeguard the interests of its concerned stakeholders by proving them with optimum services without the need to remain concern about shopping with Amazon. The reviews made under the strategic plan evaluated the levels of secrecy, candor and information availability to the customers. These reviews were found to be helpful in assuring the conformability of the devised policies pertaining to risk assessment (Wooley, 2011). Apart from the above discussed aspect, the security department at Amazon remained much concerned about scanning of its official website over the internet. The security committee deals with an important function of verifying the IP addresses of the webpage. It is worth mentioning in this regard that Amazon’s security wing is concerned with forwarding notifications to the concerned members regarding remediation of the potential identified risks. Nonetheless, security checks build by the company that remained concerned with assessment of risks are collaborated with varied security based organizations. These firms manipulate essential data about the risks that might be faced during the conduct of internal business or operational functions (Amazon Web Services, 2013). The findings gathered from conducting researches on risks are transferred to the company’s leadership wing, which takes care of the establishment of protective steps against the arrived risks. The security risk scans are performed and carried out in a manner that would result in proving a balance between Amazons’s IT infrastructure and identified risks. The major concerns behind such risk assessment are to ensure the safeguarding of the underlying IT infrastructure of Amazon and developing security checks based on customer groups. In addition, Amazon, as a part of risks assessment strategy plan, allows its customers to make use of security risk scans over the internet along with the company’s online cloud services. To avail this option, customers need to take permission from the company’s directory and ensure that the security checks get complied with the acceptable users’ guidelines (Amazon Web Services, 2013). Apart from the above discussed aspects, Amazon has maintained compliance with the ‘Motion Picture Association of America (MPAA)’ guidelines, which is concerned with storing, protecting and providing users with media content. Amazon’s IT department is noted to ensure that the activities performed by the company and services made available to the users are aligned with MPAA standards. The introduction of AWS BY Amazon has set out SOC 1 controls, which look after the accessibility levels of the insiders as well as controlling the compliance initiatives. In short, the risks assessment conducted by the company aims at focusing on the control and assessing the risks associated with the insiders (Amazon Web Services, 2013). Conclusion The above study provides a comprehensive idea about the concept of risk assessment. This particular perception generally takes into concern examining varied risks that face by an organization while performing distinct operational or business functions. The research study outlined the ways by which a proper understanding of the risks associated with Amazon such as high level of competition and security levels can be made. More importantly, the research study has outlined several steps that can enable the company to mitigate the risks associated with different fields, whether operational or technical. These steps included risk assumption and establishment of a secure connection. It is strongly believed that proper and effective addressable as well as the mitigation of the identified risks by the stated steps would not only support Amazon to improve its entire business performance, but would also ensure in maintaining long-term sustainability in future. References Amazon Web Services. (2013). Amazon web services: risk and compliance. Whitepaper, 1-83. Amazon. (2013). Annual report. Retrieved from http://phx.corporate-ir.net/External.File?item=UGFyZW50SUQ9MjI4Njc1fENoaWxkSUQ9LTF8VHlwZT0z&t=1 Bisong, A., & Rahman, S. M. (2011). An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & Its Applications, 3(1), 30-45. Chandran, S. P., & Angepat, M. (2010). Risk analysis. Cloud Computing: Analyzing the Risks Involved In Cloud Computing Environments, 1-6. Cloud Standards Customer Council. (2012). Security for cloud computing 10 steps to ensure success. Final Report, 1-35. Drissi, S., Houman, H., & Medromi, H. (2013). Survey: risk assessment for cloud computing. (IJACSA) International Journal of Advanced Computer Science and Applications, 4(12), 143-148. Javadi, M. H. M., Dolatabadi, H. R., Nourbakhsh, M., Poursaeedi, A., & Asadollahi, A. R. (2012). An analysis of factors affecting on online shopping behavior of consumers. International Journal of Marketing Studies, 4(5), 81-98. Marx, G. (2013). Can cloud computing be secure? Six ways to reduce risk and protect data. Retrieved from http://www.theguardian.com/media-network/media-network-blog/2013/sep/05/cloud-computing-security-protect-data Paidi, V. K., & Rao, P. V. (2013). Multi-cloud architecture to reduce security risks in cloud computing. International Journal of Advanced Research in Computer Science and Software Engineering, 3(8), 1150-1152. Stoneburner, G., Goguen, G., & Feringa, A. (2002). Risk management guide for information technology systems. NIST Special Publication 800-30, 1-41. Wooley, P. S. (2011). Identifying cloud computing security risks. Capstone Report, 1-84. Read More