n this research paper, we are going to focus on the IT risks associated with the migration of the business application of Aztec organization with the external cloud hosting for managing data sources. The Aztec organization is looking forward for the risk identification, assessment, and mitigation plan associated with the transformation of the business operation to the cloud computing platform.
Adoption of the cloud computing in the Aztec organization:
The Aztec is moving towards the migration of business operation with the deployment of the cloud environment. With the increasing demand of cloud computing to improve the business tactics, the cloud model is adopted for carrying over the business operation (Buhalis, 2010). The following diagram shows the pattern followed by the Aztec organization to implement the cloud platform in the working functionality of the business.
The cloud platform enables the data centre for the cloud environment. The processes and the business activities can be improved with the effective utilization of the cloud services. The complex problem can be solved by managing the availability of the resources at the user end. The risks associated with the security infrastructure of the company can be solved with the inclusion of intrusion detection system and intrusion prevention system. The cloud models which are used for changing the working practices of the Aztec organization are platform as a service and infrastructure as a service.
The platform as a service model of the cloud is used for managing the life cycle of the application. Resources used for the implementation of the application, creating the beneficial environment of the working of the business processes, The management of the activities associated with the application should be taken under consideration for the effective utilization the resources, and the integration of the data and activities (Betcher, 2010). The infrastructure as a service cloud model is used for providing platform to develop the cloud infrastructure, administration and control should be taken under consideration for the management of business processes, compliance and security associated with the working model of the enterprise, and the development of accounting system for the management of resources on the demand of the user. The smart cloud framework should be used for migrating the business processes of the Aztec with the cloud computing environment.
Research methodologies:
The migration of Aztec business processes to the cloud computing environment is based on following research methodologies programs:
Financial services sector review of Aztec with the cloud:
The need of automation arises with the development of the business activities. The virtualization is the basic need for deploying the cloud environment within the enterprise. The operational efficiency of the business can be improved by adopting the virtual server for the implementation of storage, application, resources, and the network application (Jayachandran, 2013). The smart cloud architecture helps in providing operational benefits to the working environment by managing the resources on the demand of the user. The user orientation is involved in accessing the control over the issues related with the process of identification, authorization, and authentication. The availability of the dynamic services helps in optimising the IT services. Basic structure of the cloud is composed of the following:
The deployment of the private cloud for the Aztec enterprise involves the following four processes:
|
Pre-virtualization phase |
Virtualization phase |
Standardization phase |
Automation phase |
|
This phase focuses on the standalone server It works on making strategies for the effective utilization of the resources |
It focuses on deploying the pool of virtual machine on the main server It helps in optimizing the utilization of the resources It is cost effective technique for making resources available on demand It works on simplification of the operation The development of the resiliency network |
The management of images can be efficiently done (Rao, 2016) Operational activities simplification with the utilization of the effective management technique Infrastructure helps in leveraging the sharing of information Diversification of the application used for carrying out business activities |
The provision provided for the effective utilization of the resource by the end user for completing their business operation (Dhammeratchi, 2012) The timing of the market analysis should be improved The initiatives can be taken by the business for the management of the IT manpower. |
The following diagram shows the clear representation of deploying Private cloud in the working environment of the Aztec organization.
The migration of the business operational activity on the cloud platform helps in reducing the cost associated with the carrying of the activities with the help of cloud computing platform. The agility is provided to the business operation which helps in developing cost saving program for the enterprise (Murray, 2013).
The cloud computing solution are providing on-demand resources, the self-services to resolve the issues associated with the fetching of information, and inexpensive solution. The exact cost can be identified of the resources used with the use of cloud public vendor platform. The allocation of the resources to the demanding parties can be efficiently done with the deployment of three clouds public, hybrid, and private. The out-sourcing of the resources does not require any extra cost for handling it to the third party.
The overhead cost of availability of the resources can be reduced with the implementation of the secured cloud computing environment (Greenwood, 2014). The SAAS model is used for generating automatic fee management system, payments to the participating units such as suppliers, trading company, dealers, and etc. The cost benefits can be provided to the business by analysing the market activities associated with the operational platform. It is capable of providing procurement to the demanding units which help in completing the process on time. The standard policies should be used for signing the service level agreement for achieving security in the cloud environment.
The risks associated with the financial sector should be handled very carefully and at first priority because it can affect the profit of the Aztec organization. The financial services which are provided by the cloud platform are the deployment of the electronic trading system, analysis of the data collected for undertaking the market strategy, testing of the algorithms, and generation of the reports. The application programming interface is used for fetching the information from the online sources. The availability of the resources helps in minimising the budget of the enterprise to reduce the procurement of the new resources. The code of conduct which should be followed in the financial sector are:
Security Posture Review
The inclusion of cloud computing fundamentals in the working platform of the Aztec organization can affect the traditional security infrastructure of the enterprise. From the research we have analysed that the security standards which are used by the organization for the governing bodies are affected by the implementation of the cloud computing fundamentals within the working environment of the enterprise.
Assumptions:
The governing bodies which are affected by the cloud computing policies are named as documentation of the service level agreements, procedures used for auditing of the agreements, and inclusion of service providers. The traditional security architecture has to be transformed according to the requirement of the cloud computing environment. Analysing the traditional security procedures deployed by the enterprise:
Risks associated with data security and flow of data:
The enterprise has to face challenges in managing connection between the cloud and the infrastructure, browser, information exchange, and registration process. The user orientation is involved in accessing the control over the issues related with the process of identification, authorization, and authentication. There are various security issues associated with the deployment of cloud infrastructure related with the virtualization in the portfolio of SAAS, IAAS, and PAAS.
The operational efficiency of the business can be improved by adopting the virtual server for the implementation of storage, application, resources, and the network application. The integration and confidentiality of the data raises the concern of security. The security issues associated with the migration of data over the cloud computing platform. The following table specifies the risks associated on the traditional security infrastructure with the inclusion of cloud computing platform.
|
Categories |
Issues and Risks |
|
Deployment of the security standards |
The security standards are not accurate for handling cloud computing infrastructure. Risks associated with the compliance Lack of auditing tools Lack of efficient service level agreement Lack of trust between the participating units |
|
Deployment of the network architecture |
The installation are not proper with the use of firewalls for providing security to the cloud computing platform Configuration of policies associated with the network security Vulnerabilities associated with the internet protocol Dependency of the activities on the internet connection |
|
Access control associated with the cloud activities |
Hijacking of the services and accounts Malicious attack on the resources Lack of appropriate authentication protocol Privilege given to the user access documents Security provided to the browser |
|
Infrastructure needed for the deployment of the cloud computing |
Insecurity related with the API interface Insecurity in providing quality of service The occurrence of flaws in the technical architecture Inefficiency in maintaining reliability with the inclusion of supplier Misconfiguration in the security procedures Inefficiency of the multi-tenancy effects Location and maintenance of the server backup |
|
Management of data |
Problem of redundancy of data Loss associated with the data leakages Accessing of the location of data Recovery from the data loss Management of data privacy Inefficiency in the protection given to the data Mismanagement in the retrieval of data |
The following diagram shows the security infrastructure with the cloud environment and the flow of data.
The policies and strategies of the traditional security infrastructure have to be changed with the new security requirement for the cloud environment. The response should be created for deploying the prevention techniques associated with the security of the cloud environment.
Threat, Vulnerabilities and consensus assessment
The following table shows the risks assessment associated with the deployment of cloud infrastructure within the working curriculum of the Aztec enterprise.
|
Name of the risk |
Description or consequences |
Impact |
|
Stealing of the cloud services |
The unauthorised person can use the cloud services without paying a penny for it. |
The infrastructure of the cloud is get affected |
|
Inclusion of denial of service attack |
Unavailability of cloud services and resources at the time of demand placed by the user |
The network of the cloud is get affected |
|
It affects the browsing history schedule |
||
|
The unauthorised person can use the cloud services without paying a penny for it by using the XML signature. |
||
|
Injection of the cloud viruses and malware software |
The login credential of the user can be leaked Loss of data due to data leakages Abnormal behaviour of the cloud computing environment |
The infrastructure of the cloud is get affected |
|
Using of Virtual machine |
Data leakages |
The infrastructure of the cloud is get affected |
|
Utilization of the resources |
||
|
Sharing of memory |
Leakages of cloud resources |
The infrastructure of the cloud is get affected |
|
Leakages of user information |
||
|
Open window for the injection of malware |
||
|
Phishing attack |
Personal information can be accessed by the hacker |
Impact on cloud network, cloud infrastructure, and the access control policies |
|
Malicious code get installed at the client side computer |
||
|
The system of the user start behaving abnormally |
||
|
Unavailability of the information to the requested client |
||
|
Inclusion of Botnets |
The resources from the cloud are accessing un-authentically |
Impact on cloud network, cloud infrastructure, and the access control policies |
|
Abnormal behaviour of the cloud computing environment (Marston, 2011) |
||
|
Confidential information of the user get loss |
||
|
Stenography |
The unauthorised access of the user data |
Abnormal behaviour of the cloud computing environment |
|
Deletion of the data from the user account |
||
|
Loss of confidential information of the user |
||
|
Rollback of the virtual machine implementation on the cloud server |
The brute force attack can occurred on the cloud system Unauthorised accessing of the sensitive information and damages to the infrastructure of the cloud |
Accessing of the infrastructure deployed for the cloud fundamentals |
|
Risks associated with the policies and procedures |
The interface are associated with policy risks for transfer of data from the data centre to the application |
Application program interface |
|
Failure in providing cloud services on time |
The inefficiency in providing resources and service on time |
Business Planning processes |
|
Risks associated with technical areas |
The exhaustive procedure associated with the delivery of information on time |
The open sharing of the resources are associated with the technical risks associated with the application |
|
Data interpretation technique |
The risks associated with the encryption policies used for maintaining the interpretation of the data. |
Scalability of resources |
|
Risks associated with the denial of service attacks |
The risks associated with the services provided by the internet |
Cloud infrastructure |
|
Legal risks |
The migration to the cloud environment get associated with some legal risks for controlling the regulation compliance of the Aztec organization |
Cloud infrastructure |
|
Changes in the planning processes |
Migration of the business processes to the cloud environment |
|
|
Mismanagement of the governance schemes |
The compliance risks associated with the cloud provider |
Cloud providers |
|
Lock in risks |
The risks associated with the sharing of information between the clients and the customer |
Loss in confidentiality of the information |
|
Failure of multi-tenancy isolation |
It is difficult for managing the isolation between the multi-tenancy platform |
|
|
Protection provided to the data |
Inadequacy in the protection method used for providing coverage to the data |
|
|
Connectivity of the internet |
It is difficult for managing the internet connection between the large amount of devices in the scenario |
|
|
Estimation of the risks probability |
It is difficult for estimating the priority associated with the deployment of the risks (Garg, 2013) |
|
|
Unavailability of services |
Some of the application are not efficiently handled by the cloud environment |
|
|
Internal security risks |
Every business is equipped with some of the internal risks which can affect the functionality of the business process |
Business operation |
|
External security risks |
The technology is not able to detect the occurrence of the risks in the business operation. The proactive action is not taken by the company for securing their resources |
Resources |
Data security:
The paradigm of the cloud computing environment involves the inclusion of communication network system for managing peer to peer information exchange, authorised and authenticated accessing management system with the authenticated protocols, and end user machine for the deployment of the cloud infrastructure. The traditional security architecture has to be transformed according to the requirement of the cloud computing environment.
The overhead cost of availability of the resources can be reduced with the implementation of the secured cloud computing environment (Shacklett, 2013). The response should be created for deploying the prevention techniques associated with the security of the cloud environment. The deployment of the security parameters in the cloud environment helps in resolving the issues related with the risks and vulnerabilities attacks associated with the cloud computing environment.
The encryption keys should be used for transferring the data and the information over the cloud. The effective security system can be developed by focusing on the quantification of the security risks associated with the cloud system and planning for proactive solution to overcome the problem of vulnerabilities associated with the project. The complex problem can be solved by managing the availability of the resources at the user end. The risks associated with the security infrastructure of the company can be solved with the inclusion of intrusion detection system and intrusion prevention system. The intrusion detection system and the intrusion prevention system are the two basic approaches which are used for securing the cloud infrastructure from the potential attack associated with the new system environment.
The antiviruses should be installed on the outsourcing units for preventing from the virus and the malware attack. The standard policies should be used for signing the service level agreement for achieving security in the cloud environment. The deployment of the security parameters in the cloud environment helps in resolving the issues related with the risks and vulnerabilities attacks associated with the cloud computing environment (Telstra report, 2011).
The roll backing of the virtual machines deployed on the cloud server helps in resolving the issues related with the malware attack on the cloud environment. The security parameter should be used for restricting the unauthorised accessing of the information from the multiple sources to minimize the risks of data loss and the loss of confidentiality and integrity of the system. The following benefits are provided for the implementation of cloud computing environment:
The following is the recommended security framework for managing the security and the risks associated with the migration of business processes to the cloud environment. The effective security system can be developed by focusing on the quantification of the security risks associated with the cloud system and planning for proactive solution to overcome the problem of vulnerabilities associated with the project (Patron, 2012). The priority should be determined for handling the risks issues associated with the cloud environment.
The deployment policies used for managing the security of cloud infrastructure by taking consideration on the following components:
Recommended mitigation plan for securing the Aztec business processes with the deployment of following business techniques:
Conclusion:
The traditional security architecture has to be transformed according to the requirement of the cloud computing environment. The overhead cost of availability of the resources can be reduced with the implementation of the secured cloud computing environment. The research study should be conducted in the areas of discovering threats associated with the cloud environment, possibility of vulnerabilities occurrence, development of standards and policies used for overcoming the situation of attacks, provision given to the data security procedures, and etc. for analysing the security procedures used by the enterprise to overcome the critical situation of security. The intrusion detection and prevention system should be used for overcoming the risks associated with the cloud environment. The encryption keys should be used for transferring the data and the information over the cloud.
References:
Angelo, E. (2009). IT control objective for cloud computing. Retrieved from https://www.isaca.org/chapters2/kampala/newsandannouncements/Documents/IT%20contro%20objectives%20for%20Cloud%20computing.pdf
Betcher, T. (2010). Cloud computing: IT related risks. Retrieved from https://scholarsbank.uoregon.edu/xmlui/bitstream/handle/1794/10207/Betcher-2010.pdf
Buhalis, S. (2014). Mitigating risks in the cloud. Retrieved from https://webobjects.cdw.com/webobjects/media/pdf/Solutions/Cloud-Computing/151383-Mitigating-Risk-in-the-Cloud.pdf
Dhammeratchi, D. (2012). Reinventing business with cloud computing. Retrieved from https://www-01.ibm.com/events/wwe/grp/grp033.nsf/vLookupPDFs/CWHK_Cloud_User_Guide_IBM_May_2012/$file/CWHK_Cloud_User_Guide_IBM_May_2012.pdf
Garg, A. (2013). Cloud computing for the financial services industry. Retrieved from https://www.sapient.com/content/dam/sapient/sapientglobalmarkets/pdf/thought-leadership/GM_Cloud_Computing.pdf
Greenwood, D. (2014). Cloud migration: A case study of migrating an enterprise IT system to IAAS. Retrieved from https://www.aspiresys.com/WhitePapers/Cloud-Migration-Methodology.pdf
Hogmen, G. (2012). Benefits, risks, and recommendation for information security. Retrieved from https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security
Jayachandran, J. (2013). Cloud migration methodology. Retrieved from https://www.aspiresys.com/WhitePapers/Cloud-Migration-Methodology.pdf
Marston, S. (2011). Cloud computing the business perspective. Retrieved from https://www.keencomputer.com/images/KEENCOMP/CLOUD/cloud-computing-business-perspective.pdf
Murray, P. (2013). Common risks of using business apps in the cloud. Retrieved from https://www.us-cert.gov/sites/default/files/publications/using-cloud-apps-for-business.pdf
Patron, C. (2012). Cloud computing: Transforming IT and business. Retrieved from https://www-01.ibm.com/events/wwe/grp/grp033.nsf/vLookupPDFs/CWHK_Cloud_User_Guide_IBM_May_2012/$file/CWHK_Cloud_User_Guide_IBM_May_2012.pdf
Rao, R. (2016). Moving t the cloud key consideration. Retrieved from https://home.kpmg.com/content/dam/kpmg/pdf/2016/04/moving-to-the-cloud-key-risk-considerations.pdf
Rosado, D. (2012). Security analysis in the migration to cloud environment. Retrieved from https://www.google.co.in/url?sa=t&rct=j&q=Research%20paper%20pdf%20on%20IT%20risks%20associated%20with%20Migrating%20business-critical%20applications%20and%20their%20associated%20data%20sources%20to%20an%20external%20Cloud%20hosting%20solution.&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwjlnva-5b3WAhXJvI8KHbhGBN8QFggtMAE&url=https://www.mdpi.com/1999-5903/4/2/469/pdf&usg=AFQjCNGg3GaViyiwLmGSi-0834mgdwnAAQ
Shacklett, D. (2013). Need for quantum cryptography. Retrieved from https://aircconline.com/ijaia/V6N5/6515ijaia07.pdf
Telstra report. (2011). Moving to cloud. Retrieved from https://www.telstra.com.au/content/dam/tcom/business-enterprise/industries/pdf/business-govt-moving-to-cloud.pdf
Williams, I. (2012). Making the move to cloud computing. Retrieved from https://www.icaew.com/-/media/corporate/archive/files/technical/information-technology/technology/making-the-move-to-cloud-computing.ashx?la=en
Wueest, L. (2015). Mistakes in the IAAS cloud could put your data at risks. Retrieved from https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/mistakes-in-the-iaas-cloud-could-put-your-data-at-risk.pdf
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download