Cloud Computing could be defined as the process of providing certain technological features such as high capacity data storage, contemporary software, massive databases and servers, complex networks and data analytic tools to end users (Armbrust et.al, 2008). Cloud computing services are provided by companies which are termed as “cloud providers”. These services provide an economic way for companies like Aztek in availing vital technological tools, as they are billed for only the services being provided to them. Cloud computing could also be used to host extensive and unceasing access of a shared collection of resources for the end users. These shared resources are made available to the users by the help of the internet. The advantage for the customer in using the public cloud is the ability to access new features and functionalities of state-of-the-art tools and services that may not be availed otherwise. The services offered by the cloud can be accessed in a ceaseless way, without spending a considerable amount on expensive, state of the art hardware, software or other services (Qian et.al, 2009). There are few other reasons why companies like Aztek decide to migrate towards a cloud environment. The expectation that Aztek had while shifting their business critical application and data sources to a cloud based system was that they could gain access to the infinite volume of data that could be availed with no extra effort or budget on maintenance. The ease of use was also crucial in taking the decision for the migration to the cloud based architecture. The speed and bandwidth of a high speed internet connection was considered as the only decisive factor in getting the advantages out of a cloud service. Like most other big corporate companies that serve its customers in the financial sector, Aztek also plans to shift its operations from a dormant working atmosphere based at the office to a ‘work on the move’ model. This shift would have been the major driving force in the management’s decision to migrate its critical applications to an external Cloud based solution. Since Aztek runs its business in a Customer Relationship Management application, it is highly necessary that the users have access to the software and its major functionalities available to them consistently, without any fail. This also happened to be another major influencing factor for the management to take the decision to shift its operations to a cloud hosting service.
Cloud service providers for companies in the financial domain have stringent policies on security issues and make it their prime obligation. The service providers have modern technologies built into the cloud resources that are capable of fighting security breaches and attacks by viruses, malware and other spam (Zhang et.al, 2010). The CSP’s also provide state-of-the-art mechanisms to protect the data and secure them by having efficient backup means.
By migrating to cloud based architecture, Aztek plans to reduce the costs involved in having extra hardware for storing data and business critical technological services. The costs and risks involved in maintaining such a huge repository of hardware could be avoided if the cloud based architecture is adopted (Hayes, 2008).
The scope of development and expansion would be more if cloud based architecture is adopted. As technology and Information technology innovations are making rapid changes, it is well advised to shift over to the cloud as the company does not have to research or invest on the technological updates and breakthrough designs in hardware (Subashini and Kavitha, 2011).
The financial service sector has always been dynamic in nature, and one that modifies and adapts itself quickly to the changes in the economy. The companies in the financial sector have to stay up to date in technologies mandatorily, that would help them stay ahead of the competitors. Along with these technologies, these companies have to use other state of the art solutions also to serve the customers in a better fashion. It requires a lot of planning and forecasting in the part of the executives and managers of Aztek to stay ahead of its competitors. The major reason for these financial companies in adopting a cloud hosting solution was for revamping and upgrading the business process to meet the growing demand of an ever dynamic economic environment. Cloud computing also helps in better collusion for the clients by allowing constant and ceaseless data access mechanisms (Catteddu, 2010). There is also an increasing demand from the stake holders of companies in the financial domain for better returns of investments. The customers also demand for better services from companies in a cost effective manner. This has forced a lot of businesses like that of Aztek to concentrate on a new model that accommodates and incorporates modern technological tools that are designated to satisfy the needs of the customer. Companies in the financial domain like those of banks or insurance companies find it necessary to advance their operations further and become more customer-centric by catering to the needs of the customer in a more cost effective manner.
The major transition that is expected to happen on companies in the financial sector once they adopt cloud services is the digitizing of trading. Apart from this it is also expected that a better management of wealth and assets, and an improved customer relationship can be attained by utilizing the full facilities offered by adopting the cloud services (Rimal et.al, 2009). Inspite of the various advantages that has been listed out, there has been a certain level of scepticism for the directors of Aztek, just like few other companies around Australia, in the financial domain, to make a complete change and adopt themselves to a cloud based environment. Being in the financial sector, a major cause of concern for Azteks management before the full transition was planned, was to be aware of the industry regulations and the compliance procedures. Being in the financial domain, Aztek’s management had to take into consideration the high level of risks and the strict compliance procedures, according to the government norms and procedures. Since the adoption of the new technology could put the compliance procedures at risk, companies including Aztek seemed to be hesitant at the start, to adopt the cloud technology completely.
The major regulatory authorities for the companies in Australia regarding financial issues are the Australian Securities and Investments Commission (ASIC). The ASIC is responsible for setting forth certain rules and regulations that are intended for protecting the rights of the customer and ensure that the shareholders does not suffer if the company fails to perform according to the expectations. Similarly other governing authorities like the Australian Prudential Regulatory Authority and the Australian Securities Exchange also puts forward a few compliance standards for companies regarding the financial transactions and activities within the country. The Australian Government Information Technology Security Manual (ACSI) is another governing body that pertains to the compliance procedures that are to be followed regarding the Information and Communication technology (ICT) procedures within the country (Ferris and Riveros, 2009). Freedom of Information Act that was passed in 1982 and the Archives Act passed in 1983 also deals with the regulatory norms of Information Technology related norms within the country. The strict compliance procedures put forth by these regulatory bodies and few other rules that pertain to the Information technology procedures were always a stumbling block in the minds of companies in the financial domain to adopt new technologies. The same could be told about Aztek too.
Following these scepticism and indecision in the parts of companies like Aztek in the financial domain, the onus was on the government’s part to make it clear that there was no major reason why companies in the financial could not adopt the cloud based technology services as long as it did not violate any compliance standards.
Though there are innumerable benefits of Cloud Computing which have been already pointed out and discussed, security issues are always a glaring factor for companies who decide to avail the cloud computing facilities. Since cloud computing revolves around the data saved in the internet, there are always chances of a security breach, or the data being tampered by an unauthorized entity (Beard, 2008). A few best practices adopted by cloud computing strategists help in bypassing these security issues and enable the IT personnel to come up with a model that would provide secure data transmission. Any company in the financial domain which decides to adopt the cloud computing services could follow these best practices to overcome the security issues.
As cloud computing hosts its information in the internet and transmits its services in cyberspace, security issues cannot be ignored. The risks of data being hacked are very much relevant and it can be avoided only by being well informed about the contemporary issues of security in a cloud based environment.
When data and files are being stored in the cloud, it would always be recommended to have a backup mechanism in case of a disruption or a failure. Since the cloud computing mechanism is completely dependent on external entities such as the internet, power supply and back up, a mishap in any of these resources should not affect the progress of the project to any extent (Varia, 2011). A caching mechanism for storing the data and files would be a practical solution in such a scenario to provide a ceaseless and uninterrupted running of the business.
Though security is one the main features that is being concentrated on in the cloud computing technology nowadays, there is an inherent risk of data being lost if a major interruption occurs. Understanding the risk elements in accessing data and services from the cloud helps in assessing alternative options for securing and backing up the critical data.
Companies like Aztek should focus on the technological modifications and changes in the protocols that the cloud service provider undergoes once the service is offered. There should be a dedicated communication channel within the organization to have the relevant information passed on about the changes that are carried out by the cloud service provider.
There should be a clear understanding of the data and the services that are being provided by the cloud service. Maintaining a clear segregation about the data and the services that are being stored and accessed in house, from the ones that are being accessed from the cloud helps in keeping record of the data that has to be accessed from the backup sources in case of a security breach (Menken, 2008).
The Risk Assessment Plan discussed here intends to create a systematized way to perceive and forecast the risks, evaluate and assess the risks, and determine mechanisms to counter the possible risks. The document is intended to help the managers and the stake holders in identifying the potential threats that Aztek may face during a business critical decision like the transition of their technology to a cloud based environment. The risks that are analyzed here evaluate the different reasons that restrict the decision making capabilities of the management while migrating towards a cloud based environment. The Risk assessment plan compares and quantifies the potential risks to the advantages and convenience which the company may garner in terms of revenue and technological advancements. As discussed earlier the adoption of a cloud based environment would not only increase the storage capacity of their existing repositories for data storage but also increases intercommunication and transmission capabilities and make these channels more effective (Mosher, 2011). While preparing the risk assessment plan a comparison chart has been used to correlate the trade off between the data saving methods. An analysis has been made to check whether saving the business critical data and files in an in house storage is more convenient to a storage mechanism in the cloud servers. The risks being analyzed in the plan pertains to the operations within Aztek and not the cloud provider. But a certain number of risks that are being analyzed in the document could be transferred to the capabilities of the cloud provider and could be considered as the benefits drawn out of the cost spent on availing the cloud services. But the risk assessment plan does not guarantee a relief for other serious calamities in the business such as an unexpected loss or other serious judicial issues.
As a part of a survey that was made by the major players in the financial sector, it was identified that higher authorities of a company were most concerned about security threats in the cloud computing architecture. The other major concern that followed the apprehension about security threats were the compliance procedures that had to be adhered to. These compliance procedures are legal statutes set forth by the government while adopting certain Information and technology tools and services adopted by companies (Tucker and Li, 2012). The IT compliance standards are normally deemed to be intricate in nature and requires an in depth analysis before deciding to start any project or an undertaking that is new. The third prevalent concern for the administration was the security breach notification. These are laws that safeguard the privacy of a customer while using personal or private data. These laws enforce a company to notify and take remedial measures if a breach in data security occurs. In the modern digitized world, data breach is considered as a serious offence and requires prompt remedial measures for rectifying them.
In the risk assessment plan all these issues are considered in a comprehensive and exhaustive way before discussing on the corrective measures to counter these impending risks.
One of the major risk that Aztek has to face while shifting its IT operations to an exclusively cloud based technology is the lock in procedures followed by the cloud service providers. A lock in is a procedure adopted by the cloud service provider to make the customer completely bank on the services provided by them exclusively. The lock in strategy is adopted in most cases so that customers such as Aztek would remain with the cloud service providers for a long duration without shifting to other vendors fearing the mammoth charges involved in such a migration. From the previous analysis and market studies, it has been inferred by the IT executives and management in Aztek that a lock in can be a cumbersome process which is difficult to be disentangled from. As per the managements studies, it has been proved that once a lock in happens, a further migration to a new service provider is almost completely impractical and extortionate in terms of the costs involved (Leavitt, 2009). Is cloud computing really ready for prime time. Growth, 27(5), pp.15-20.. Considering the impending scenario of Aztek deciding to bypass the lock in restrictions provided by its current cloud service provider and decides to change its data and service repositories to a new service provider, there would be many operation and technological complications to be considered. The major problem that would be faced by Aztek would be that all the data and related service oriented statistical inputs should be transferred to an in house repository first. Once the data has been moved to an in house repository, further measures could be taken to transfer the information and data back to the new cloud service provider’s data repositories. This would involve a lot shuffle and technological changes that would prove to be extremely cumbersome.
While doing a risk assessment of the above problem, it could be inferred that by following certain measures the impending risks could be countered effectively or prevented altogether.
One of the major impending threats that Aztek had to take into consideration was the impending loss of governance that companies usually face while migrating to the cloud based architecture. It would always be challenging for a company’s administration, especially one in the financial domain to loss control of crucial elements like the data and services which are provided by the cloud service providers (Khan and Malluhi, 2010). The major things which are deemed to be as risky by the management are listed out as follows:
The risks that are associated with the loss of control can be countered by having certain strategies that are planned well before the shifting happens to the cloud based architecture.
Being in the financial domain, one of the major compliance standard that Aztek had to consider was the PCI security standard. The PCI security standard stands for the Payment Card Industry Data Security Standard that sets forth the compliance and regulations for branded credit cards. Some of the risk factors that Aztek has to take into consideration while keeping in mind the compliance procedures were the location of the data and the way it is going to be stored or sent. The risks associated with the compliance procedures could be bypassed by taking into consideration the following points.
Apart from these common issues there are a few other threats that are to be considered before migrating to the cloud based architecture. These risks and the potential mitigation plans are enumerated in the table below:
|
Risks |
Mitigation plan |
|
Data corruption while being transferred from the CSP |
A continuous monitoring of the data for violation of its integrity. |
|
An interruption in the services offered by the CSP |
Analyze the different technological aspects that would help in recovering the data. Provide effective disaster recovery mechanisms for a ceaseless flow of business operations. |
|
An interruption caused due to a disruption at the Internet Service provider or due to a power failure. |
Have a backup option for restoring the business critical information. Maintain a backup power supply for unexpected power outages. |
|
A security breach while attempting to access the password protected resources. |
Have a common password protection mechanism enabled in the system which limits the number of times the password can be attempted. |
|
An attempt to download the secure cloud data through unauthorized access. |
Have a proper channel to review the download procedures. Giving access to only authorized personnel to download the information. |
The major challenge that Aztek has to face while implementing the cloud based strategy is the issue of security that has been already analyzed and discussed. Though an extensive study about the risks and the management of the risks has been done while changing to a cloud based infrastructure, there is always an impending threat in cloud computing. The major threat is that all the data and the resources are stored in the web and could be accessible by any entity that is connected to the same cloud service provider. There will be an attempt to access vital data such as financial information by outside entities that are in the form of rogue projects and malicious users. There is also another relevant problem of having very limited control over the data and the infrastructure of the resources that is being hosted by the cloud service provider. The costs of maintaining a cloud architecture and the maintenance costs for the same are also considerably high.
The flow of data and data security risks are very prevalent in the cloud computing architecture. The major cause of concern in terms of data in the cloud based architecture is because the cloud architecture hosts services or hardware resources externally which have unlimited access to the users private data (Chen and Zhao, 2012). There are a number of issues to be addressed in a cloud based framework which would improve the security of the cloud architecture as a whole
The main issues to be addressed in terms of data in a cloud based architecture is
All these issues are concerned with a security breach or an unauthorized access to data. There can be many security issues in case of an unauthorized access happens. There may be issues such as accessing the data or tampering it by malicious users. Most cloud service providers provide security to the data by providing mechanisms to safe guard the data. This could be commonly done by encryption methods. Similarly the other cause of concern is the loss of data due to a catastrophe such as a hard disk or storage failure. There should be enough counter measures to restore the business critical data. As financial data are of utmost importance, these issues should be addressed by Aztek before moving the data to external repositories in the cloud.
References
Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I. and Zaharia, M., 2010. A view of cloud computing. Communications of the ACM, 53(4), pp.50-58.
Beard, H., 2008. Cloud Computing Best Practices for Managing and Measuring Processes for On-demand Computing, Applications and Data Centers in the Cloud with SLAs. Emereo Pty Ltd.
Catteddu, D., 2010. Cloud Computing: benefits, risks and recommendations for information security. In Web application security (pp. 17-17). Springer, Berlin, Heidelberg.
Chen, D. and Zhao, H., 2012, March. Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Ferris, J.M. and Riveros, G.E., 2009. Methods and systems for verifying software license compliance in cloud computing environments. U.S. Patent Application 12/627,643.
Hayes, B., 2008. Cloud computing. Communications of the ACM, 51(7), pp.9-11.
Khan, K.M. and Malluhi, Q., 2010. Establishing trust in cloud computing. IT professional, 12(5), pp.20-27.
Leavitt, N., 2009. Is cloud computing really ready for prime time. Growth, 27(5), pp.15-20.
Menken, I., 2008. Cloud Computing-The Complete Cornerstone Guide to Cloud Computing Best Practices Concepts, Terms, and Techniques for Successfully Planning, Implementing… Enterprise IT Cloud Computing Technology. Emereo Pty Ltd.
Mosher, R., 2011. Cloud Computing Risks. ISSA Journal, July Issue, pp.34-38.
Popovi?, K. and Hocenski, Ž., 2010, May. Cloud computing security issues and challenges. In MIPRO, 2010 proceedings of the 33rd international convention (pp. 344-349). IEEE
Qian, L., Luo, Z., Du, Y. and Guo, L., 2009. Cloud computing: An overview. Cloud computing, pp.626-631.
Rimal, B.P., Choi, E. and Lumb, I., 2009. A Taxonomy and Survey of Cloud Computing Systems. NCM, 9, pp.44-51.
Subashini, S. and Kavitha, V., 2011. A survey on security issues in service delivery models of cloud computing. Journal of network Catteddu, D., 2010and computer applications, 34(1), pp.1-11.
Tucker, G. and Li, C., 2012, January. Cloud Computing Risks. In Proceedings on the International Conference on Internet Computing (ICOMP) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).
Varia, J., 2011. Best practices in architecting cloud applications in the AWS cloud. Cloud Computing: Principles and Paradigms, pp.457-490.
Zhang, Q., Cheng, L. and Boutaba, R., 2010. Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), pp.7-18
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download