Cloud Computing Assignment: Security Management
Question
Task:MetaSoft Ltd is a software development company which works across Australia and New Zealand. The company is considering the following strategic proposal:
- They plan to close down the Melbourne data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Sydney data centre, which has the most up to date infrastructure, as well as capacity to expand
- They plan to move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. This would entail changing their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring).
- They also plan to use the Cloud Infrastructure to increase flexibility and availability for some of the LoB (Line of Business) applications that will continue to run on their own internal infrastructure. However, they are hoping to take advantage of the Cloud infrastructure to help manage and balance demand on internal resource use.
The Board of MetaSoft is contemplating this strategy as a way to increase the company’s flexibility and responsiveness, particularly for its overseas operations. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing the oldest existing data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.
MetaSoft has again approached you to advise them on this strategy. You have already advised MetaSoft that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.
MetaSoft also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. Your team will be required to organise, run and facilitate this workshop.
The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.
Your team has been engaged to provide a risk assessment for MetaSoft in their planned move to a Hybrid Cloud strategy.
The tasks : The team’s task is to prepare a report for MetaSoft that discusses the following:
Describe which Cloud architectures you would employ to assist MetaSoft to meet the Board’s strategy?
- Describe each of the architectures that you would use, along with your reasons for deploying it.
- Describe the benefits and issues that would be the result of your deployment of these architectures.
Describe the risks that you see associated with this new Hybrid Cloud and Microservices strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This should be presented in a tabular form.
Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud. You will need to explain to the Board your reasons for recommending these particular security steps.
Discuss briefly what you would recommend should be included in MetaSoft’s BCP as a result of their adoption of a Hybrid Cloud and Microservices approach. You will need to consider, as a minimum, the issues of application resilience, backup and disaster recovery in a Hybrid Cloud environment. This section should be no more than 2 pages
Discuss the requirements that MetaSoft will need to consider in order to conduct remote server administration, resource management and SLA management for its proposed IaaS and PaaS instances (it may be useful to consider Morad and Dalbhanjan’s operational checklists for this section). This section should be no more than two to three pages in length.
The MetaSoft board has decided, as an initial step, to move their SharePoint instance and their SQL Server 2012 Database servers to the AWS cloud in order to begin the migration process, and test their strategy.
- Describe the steps that you would include in the plan to migrate these services.
- What are the critical points and issues that you see occurring at each of these steps? Explain why you see these points or issues as critical.
Answer
Introduction
MetaSoft is planning to migrate some of its applications and data onto the hybrid cloud in order to improve efficiency, flexibility and responsiveness in its business. For this purpose, this cloud computing assignment presents a thorough analysis and critical discussion on the major cloud architectures and their corresponding features and functionalities in order to identify the most suitable solution for MetaSoft. This cloud computing assignment addresses the most important aspects of cloud adoption along with the risks associated with the different architecture and deployment models available for cloud-based environments. Moreover, this cloud computing assignment further reflects on the benefits and challenges that MetaSoft can possibly face during the deployment across various areas such as disaster recovery, application resiliency, SLA management, remote server administration and so on.
1. Cloud architectures to assist MetaSoft to meet the Board’s strategy
Based on MetaSoft’s requirement, the cloud service model is selected. MetaSoft can implement cloud computing in two ways. Firstly, it can adopt a private cloud hosted on premises or in an external environment by a third party provider. In this case, implementing a hybrid cloud will benefit the company by reducing the IT infrastructure maintenance costs. To be more precise, MetaSoft can internally (on-premises) host the sensitive applications and move the less sensitive applications onto the externally hosted cloud environment (Jadeja & Modi, 2012). In this context, MetaSoft can choose amongst the three most common types of cloud architecture or cloud delivery models such as IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). The selection of the most appropriate cloud architecture should essentially be based on the three major factors that determine the level of business benefits. Firstly, flexibility in terms of costs is an important factor. Secondly, scalability is another crucial aspect of deploying cloud models. Finally, security of the organization’s critical data is another important factor to consider.
1.1 Description and justifications of cloud architectures deployment
Hybrid cloud:Hybrid cloud is a combination of public and private clouds. More specifically, hybrid clouds typically consist of one private or virtual private cloud and one or more public clouds. For example, MetaSoft can use a private cloud to keep its sensitive data in a secured environment while interacting with its customer using a public cloud (Li et al. 2013). Hybrid cloud deployment will essentially allow MetaSoft to migrate certain applications and information onto the cloud utilize the cloud-based datacenter capacity, create effective backup and disaster recovery strategies. It also helps to utilize new cloud native capabilities, bring certain applications closer to their customers and at the same time, ensure cost effectiveness and high availability. Deploying a hybrid cloud architecture will be helpful for MetaSoft because it will eliminate the need of high investments in on-premises hardware and software.
Platform as a Service (PaaS): PaaS facilitates application development over the internet. The PaaS cloud architecture is typically accessed through a web browser. PaaS supports an entire web application development life cycle, along with all the individual phases of software development such as design, building, testing, deploying, managing and updating. PaaS eliminates the need for hardware investments. MetaSoft can utilize a PaaS architecture for its software development work. The PaaS features such as the add-on development facilities, application delivery-only environments, stand-alone development environment, and remote utilization of development platform are beneficial for MetaSoft. The company employees can use the user customization facilities for developing, designing and implementing their web apps on the same platform where the end-users can also run the apps (Zhang, Cheng & Boutaba, 2010).
1.2 Benefits and issues of architecture deployment
Hybrid-cloud architecture benefits and issues:
Benefits: It provides maximized efficiency and flexibility as well as optimized workload. It allows for adequate scalability by placing some workload onto the public cloud such as backend processes and application development, which require a good amount of storage and computing power. Other less sensitive applications or workload, requiring lower latency and greater security are suited to a virtual private cloud (Armbrust et al. 2010). Thus, it is beneficial in terms of scalability, availability and billing optimization.
Issues: Compatibility between the on-premises infrastructure and cloud-based infrastructure can be a real issue. In addition, maintaining proper integration between the data and application can be another issue. The infrastructure where each application and data is placed needs to be synchronized so that it is possible to access correct data remotely. Lastly, networking is another factor while deploying a hybrid cloud. It is significantly critical to maintain adequate connectivity and communication between the public cloud and the private or virtual private cloud through networking and synchronized data transfer processes (Luo et al. 2011). It can become potentially complex to address this issue in the hybrid cloud architecture.
PaaS benefits and issues:
Benefits: PaaS effectively reduces the storage and server overheads. Along with that, significant cost reduction benefits come in terms of network bandwidth and software maintenance. Furthermore, it ensures improved agility, flexibility and speed. The development process becomes significantly faster by facilitating a heterogeneous infrastructure for application building.
Issues: Security issue is associated with PaaS in terms of control over the processing of data in the virtual machines. The cloud vendor provides the entire cloud platform and thus, the company will have no control over the data or the platform (Subashini & Kavitha, 2011). Managerial task including updating and upgrading applications can be tedious and time consuming.
2. Risks and control associated with the new Hybrid Cloud and Microservices strategy
|
Risk name |
Risk description |
Control |
|
Lack of encryption |
Data transmission over the network can be vulnerable to eavesdropping and MitM (Man in the middle) attacks if data is not encrypted before transmitting. |
Cryptographic protocols are necessary, endpoint authentication and use of a reliable proxy server is useful to prevent this threat. VPN (virtual private network) must be implemented. Transmission encryption using SSL/ TLS and secure shell (SSH) |
|
Unprotected APIs |
Unprotected APIs can exposure confidential data to outsiders by authentication exploitation or personal data manipulation |
API keys must be handled securely, verification of third parties before releasing API key is must |
|
DoS (Denial of Service) attacks |
The cloud network is rendered inaccessible by attacker through disruption of services in shared resources such as RAM, CPU, network bandwidth and disk space. |
Flow analytics, firewall intrusion detection and prevention systems |
|
Poorly defined SLA |
Loss of control over data, unsure of cloud security measures taken by the cloud service provider |
Cloud vendor should clearly define SLA with access protections and permissions, reasonable expectation of service, well-defined security controls |
|
Data leakage |
Cloud provider’s failure to provide adequate security controls can result in comprise of confidential information, data loss or corruption, unauthorized access |
Data loss prevention mechanism must be implemented, software errors and infrastructure malfunctions must be eliminated |
3. Information Security steps and controls to secure the Hybrid Cloud
Compliance: MetaSoft should fully understand all the regulatory compliance laws and requirements pertaining to its sensitive information. It is necessary to have security with compliance. It is important to be aware of the security controls used by the vendor, and know whether they comply with the security rules and regulations.
Visibility: It is essential to ensure complete visibility across public clouds, private or virtual private clouds as well as the traditional on-premises infrastructure. Lack of visibility can bring greater security risks.
Vulnerability scanning and assessment: Patch management and assessments are necessary part of vulnerability scanning in order to identify and eliminate the software errors and bugs in the cloud-based API environment (Almorsy, Grundy & Müller, 2016).
Security monitoring: A continuous security monitoring should be necessary for checking the common types of events such as unusual user logins, login failures, privileged user activities, access to encryption keys, third party and cloud service provider’s threat intelligence and so on.
DevOps and automation: DevSecOps facilitates integrated security control throughout the application development process including code analysis and testing, patch management and configuration management, logging and event monitoring as well as privileged user access management.
4. Recommendations on MetaSoft’s BCP after Hybrid Cloud and Microservices adoption
Application resilience: The Business Continuity Plan (BCP) for MetaSoft should essentially incorporate the basic requirements for ensuring adequate application resiliency. The hybrid cloud operations should be managed in such a way so that the applications can stay on top of the hybrid storage. In order to effectively handle any outage incident, the BCP should address measures for using multiple data availability zones as well as collocation sites so that disruptions in functions can be avoided (Chen & Zhao, 2012). Application resilience is an integral part of high availability. For this purpose, data replication is required. It is further required to deploy multiple instances of services. Distribution of workload can be achieved with autoscaling. Load balancing is another useful technique to distribute the application requests.
Backup and disaster recovery: Data backup is a critical part of disaster recovery (DR) strategy. Validating the business impact analysis process (BIA) is a good way to start effective disaster recovery planning. The DR strategy must be able to support the service level targets. The BCP should properly address the challenge associated with the selection of an appropriate disaster recovery site. It is crucial to develop a reliable testing methodology for the DR that facilitates regular components testing (Dillon, Wu & Chang, 2010). Furthermore, the BCP should also consider the incident response activities in order to determine the criteria for disaster recovery initiation.
5. Remote server administration, resource management and SLA management for IaaS and PaaS
For remote server administration tools, MetaSoft can use PowerShell for server maintenance. Remote management is essential for web-based access. Equipment deliberation conceals the multifaceted nature of dealing with the physical processing stage and improves the registering assets adaptability. Subsequently, virtualization gives multi occupancy what's more, versatility, and these are two noteworthy attributes of Cloud Computing. Virtualization, a major innovation stage for Distributed computing administrations, encourages collection of numerous independent frameworks into a solitary equipment stage by virtualizing the processing assets (e.g., organize, CPUs, memory, and capacity).
This tip discloses what criteria to consider while choosing remote server organization instruments, and offers proposals for how to best use those apparatuses in a server farm. Remote server organization devices give IT specialists the capacity oversee server farms without really being there. Nevertheless, remote server monitoring, similarly as with any technology, has restrictions that ought not to be neglected (Kavis, 2014). Moreover, the SLA offered by the provider needs to be critically analyzed, reviewed and scrutinized. For PaaS, the SLA should clearly define the expected level of service from the web-based API platform, along with the strategies for disaster recovery and application resilience.
6. SharePoint instance and SQL Server 2012 Database servers movement to the AWS cloud
6.1 Steps to migrate the services
Migrating SharePoint to the AWS can be achieved by preparing an AWS account and selecting the deployment location. The selection of two or more availability zones can be beneficial in terms of ensuring high availability. The Amazon EC2 console is to be used to create key pairs for cryptography purposes. After that, the SharePoint software is downloaded so that the SharePoint stack can be launched.
On-premises SQL database can be migrated onto the AWS using the Migration Wizard. MetaSoft can use the BCP utility to facilitate an efficient way of transferring all the data from the on-premises database to the database instance (Luo et al. 2011). Apart from that, MetaSoft can also use the AWS Microsoft AD (Active Directory) that can support SharePoint and SQL Servers and at the same time ensure scalability, flexibility and high availability.
6.2 Critical points and issues
Lack of migration test plan can make the process complicated. Lack of user training is another factor in successfully migrating SharePoint or SQL database onto the cloud. Apart from that, lack of communication about the upcoming changes to be brought by the migration is significantly crucial. Finally, the most critical issue of all is developing a new architecture for SharePoint migration. Information architecture plan is essential in terms of addressing the key areas such as permissions, taxonomy, customizations, as well as integration with the other components (Jadeja & Modi, 2012). Hence, successful migration of these services onto the AWS cloud ought to consider customization and integration aspects in order to avoid failure or disruptions.
Conclusion
In view of thorough analysis in the cloud architectures and models in this cloud computing assignment, the results has been led at a general level, where a few parts of the cloud migration decision have been researched and what it can create for advantages and inconveniences. Hybrid cloud architecture will essentially bring a great deal of advantages and benefits to MetaSoft. In this cloud computing assignment it is observed that the powerlessness of a cloud partner can negatively affect the association related with a cloud movement, for example, security chances and changed schedules and forms. It is crucial develop proper BCP for the cloud deployment considering all the major issues and security concerns. Taking out beginning period dangers help the association to accomplish an effective movement with negligible dangers. Cloud computing assignments are being prepared by our IT assignment help experts from top universities which let us to provide you a reliable cheap assignment help service
References
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Dillon, T., Wu, C., & Chang, E. (2010, April). Cloud computing: issues and challenges. In Advanced Information Networking and Applications (AINA), 2010 24th IEEE International Conference on (pp. 27-33). Ieee.
Jadeja, Y., & Modi, K. (2012, March). Cloud computing-concepts, architecture and challenges. In Computing, Electronics and Electrical Technologies (ICCEET), 2012 International Conference on (pp. 877-880). IEEE.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Li, Q., Wang, Z. Y., Li, W. H., Li, J., Wang, C., & Du, R. Y. (2013). Applications integration in a hybrid cloud computing environment: Modelling and platform. Enterprise Information Systems, 7(3), 237-271.
Li, Q., Wang, Z. Y., Li, W. H., Li, J., Wang, C., & Du, R. Y. (2013). Applications integration in a hybrid cloud computing environment: Modelling and platform. Enterprise Information Systems, 7(3), 237-271.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
Zhang, Q., Cheng, L., & Boutaba, R. (2010). Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), 7-18.
