Risk Mitigation Strategies for Cloud Data Security in IT and ITES Sector during COVID-19

Abstract

Digital Transformation of all the realms of life became obligatory after the spread of COVID-19. IT, Education, work, commerce, shopping, sales, industry - transformed into digital mode. The IT (Information Technology) and ITES (IT Enabled services) had to undergo a tremendous transformation in the operational aspects due to the rapid implementation of various protective measures as a consequence of the pandemic. ‘WFH (Work from Home)’ became a new normal. These factors enhance the significance of cloud data security. This paper performs a qualitative analysis of 3 major components of Cloud a) Iaas-Infrastructure as a Service ,b) PaaS- Platform as a Service and c) SaaS-Software as a Service and evaluate in detail the risk mitigation strategies that could be implemented with respect to cloud data security. Meeting the confidentiality, trust and reliability aspects necessary for multinational clients, obligation of completion of tasks by the deadlines, maintaining the confidentiality and sensitivity of data, preventing the inadvertent malicious intrusions - all add up to the additional significant risks and challenges, as the probability for the occurrence of these events in the cloud have increased exponentially due to the large-scale applications of cloud during the pandemic. In future, many IT companies have decided to migrate entirely to cloud and operate mainly using cloud services, as the operational expenses are drastically reduced and that contributes to a gap in the existing research areas, considering the volume, confidentiality and criticality of the data handled. The implementation of efficient and effective risk mitigation strategies become crucial considering the long-term implementation of a cloud operating model. The objective of this paper is to qualitatively understand with the aid of secondary data, the risk mitigation strategies that could be proactively implemented in IT and ITES sector for cloud data security. This paper concentrates mostly on the identification of risk mitigation strategies implemented at present, evaluation of those strategies and the identification of gaps in the current strategies. In this paper, the existing strategies and gaps in the system are analysed, and an initial proposal of advanced risk management strategies for cloud data security in IT and ITES Sector is provided.