Discuss About The Journal Of Network Computer Applications?
The movement to cloud should be advantageous for the company as it should help the organization to save time and cost. However, migration is a difficult task that must be handled strategically. The various sections of this report can be discussed as:
Migration of a database will involve 3 steps i.e. extracting the data from the existing database, data massaging that involves making the data format which is supported in target instance and then injecting the data in a target system which is cloud systems and can be either of Amazon or Microsoft (Varia, 2010). As per the research and statistics, 17% of the Cloud service provide multi factor authentication, 40% encrypt the data and 20% are ISO 27001 certified. And these numbers indicate the risks involved in migration to cloud. The diagrammatic representation of IaaS can be shown as:
The various kind of risks can be discussed as:
Data loss risk is one of the biggest risks to the database. For example, migration involves data extraction and massaging. Data massaging is nothing but the transformation (Rahumed, et al., 2011).
Data portability is another risk. If Webb stores decide to change their CSPs for some reason, how they will ensure the data extraction again needed for injecting the data in new systems
Data Compliance risks: Each CSPs is having their own security systems, capabilities and compliance mechanism and, there are numerous compliance and regulations like HIPAA, SOX, CIPA, PCI DSS that each organization must comply with.
Insider Threat risk: Cloud systems provides the flexibility of accessing applications from anywhere and not from the office network which is the case with the on-premise systems. With this flexibility comes the problem that people can store information on their personnel systems which they are not supposed to (Claycomb, & Nicoll, 2012).
Cloud availability: Although most CSPs have high availability rate but they do not provide any Service level Agreements (SLAs) that if system become down due to some reason, how much time it will take to bring it back.
Data theft risk: With increasing number of malicious attackers and intruders in the systems, data communication will increase when Webb stores will use Hybrid cloud strategy and thus there is a high risk of attack during transmission (Subhashini, & Kavitha, 2011)
Lack of controls like Firewall: Firewall is often difficult to use in cloud systems as compared to the on premises systems which simply increase the risk of malicious user entering into a system.
There are primarily two risks associated with maintain backup on the Cloud.
Data privacy risk: Clouds stores the large amount of information and as a result, they are on a constant target of malicious users and in case of any successful attack, there will be a risk of losing private data (Alhazmi, & Malaiya, 2013).
Data compliance/Location risks: Every country has its own rules and regulations and every organization has to abide by those rules. As clouds maintains backup at multiple locations across the world, there can be issues. For example, some countries have rules that employee personnel data cannot be stored outside the country (Subhashini, & Kavitha, 2011).
Data removal risk: Cloud systems stores data in a complex mesh of networks distributed across servers. In such cases, if a company wants to permanently remove some data, how it will remove it from database (Tang, Lee, Lui, & Perlman, 2012).
Authorization and Authentication risk: Clouds systems have to ensure that the retrieval requests are coming from the authentic sources and users are authorized for that information.
Data encryption during motion: Data encryption at rest is provided by CSPs but what about data encryption in motion. If data is not encrypted during motion, there is a risk of intruders attack (Kandukuri, & Rakshit, 2009).
Changing a backup location from on-premise to a cloud will definitely affect the DR plans for the company. DR from tapes is quite different from cloud systems due to difference in recovery time. Webb stores have to clearly identified risk, vulnerabilities with respect to location, surroundings, and geographies along with the CSPs. Also, earlier they were maintaining business impact analysis (BIA) for all business processes but now it will become responsibility of the cloud vendor (Ristov, Gisev, & Kostoska, 2012).
Webb should use encryption for data at rest as well as data in motion at their end also and not rely fully on the encryption provided by the CSPs
Cloud service providers must keep their security systems up to date with latest tools and techniques and must monitor the malicious attacks on a constant basis (Dahbur, et al., 2011).
Backup is a key activity that requires a lot of time. Webb must get the acceptable RTO (recovery time objective) from the vendor and conduct the pilots regularly till desired RTO is achieved (Jarvelainen, 2012). Another thing it must have service level agreements beyond which CSPs will be liable for penalty.
Conclusion
With the above discussion, it can be said that the management of Webb must have strong strategy in place for the implementation of cloud infrastructure. The above paper discusses various risks and mitigation strategies that should be used. It would be correct to say that ‘data back-up’ is the key strategy that would help the organization to overcome the threat associated with several risks.
References
Alhazmi, O. H., & Malaiya, Y. K. (2013, January). Evaluating disaster recovery plans using the cloud. In Reliability and Maintainability Symposium (RAMS), 2013 Proceedings-Annual (pp. 1-6). IEEE.
Claycomb, W. R., & Nicoll, A. (2012, July). Insider threats to cloud computing: Directions for new research challenges. In Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual (pp. 387-394). IEEE.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and vulnerabilities in cloud computing. In Proceedings of the 2011 International conference on intelligent semantic Web-services and applications (p. 12). ACM.
Dlodlo, N. (2011, April). Legal, privacy, security, access and regulatory issues in cloud computing. In Proceedings of the European Conference on Information Management & Evaluation (pp. 161-168).
Järveläinen, J. (2012). Information security and business continuity management in interorganizational IT relationships. Information Management & Computer Security, 20(5), 332-349.
Kandukuri, B. R., & Rakshit, A. (2009, September). Cloud security issues. In Services Computing, 2009. SCC’09. IEEE International Conference on (pp. 517-520). IEEE.
Rahumed, A., Chen, H. C., Tang, Y., Lee, P. P., & Lui, J. C. (2011, September). A secure cloud backup system with assured deletion and version control. In Parallel Processing Workshops (ICPPW), 2011 40th International Conference on (pp. 160-167). IEEE.
Ristov, S., Gusev, M., & Kostoska, M. (2012). Cloud computing security in business information systems. arXiv preprint arXiv:1204.1140.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
Tang, Y., Lee, P. P., Lui, J. C., & Perlman, R. (2012). Secure overlay cloud storage with access control and assured deletion. IEEE Transactions on dependable and secure computing, 9(6), 903-916.
Varia, J. (2010). Migrating your existing applications to the aws cloud. A Phase-driven Approach to Cloud Migration.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download