Cloud Security and Software Development

Verified

Added on 2020/03/16

AI Summary

This assignment analyzes the multifaceted aspects of cloud computing security, specifically focusing on its integration within various Software Development Life Cycle (SDLC) models. It compares traditional SDLC approaches like Waterfall and V-model with Agile methodologies in the context of securing cloud environments. The analysis delves into the privacy implications associated with data storage and processing in the cloud, highlighting the potential vulnerabilities and risks. Furthermore, the assignment explores hybrid cloud computing as a solution for enhancing security through data deduplication and access control mechanisms.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SYSTEM ANALYSIS AND DESIGN
System Analysis and Design
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
SYSTEM ANALYSIS AND DESIGN
Table of Contents
1. Introduction......................................................................................................................3
2. The Non-functional Requirements of the system............................................................3
2.1. Functionality.............................................................................................................3
2.2. Usability....................................................................................................................4
2.3. Reliability.................................................................................................................4
2.4. Performance..............................................................................................................4
2.5. Security.....................................................................................................................4
3. Non functional requirement Vs the Functional requirement of the system.....................5
4. The Chosen Cloud Environment: Hybrid Cloud.............................................................6
4.1. Strength of the hybrid cloud Environment...............................................................7
4.2. Weakness..................................................................................................................7
5. The SDLC approach Predictive, Adaptive......................................................................7
5.1. The Predictive SDLC approach................................................................................8
5.1.1 The pros/ advantages of predictive Approach....................................................8
5.1.2 Cons....................................................................................................................9
5.2. The Adaptive SDLC approach..................................................................................9
5.2.1. Pros....................................................................................................................9
5.2.2. Cons...................................................................................................................9
6. Conclusion.....................................................................................................................10

2
SYSTEM ANALYSIS AND DESIGN
7. References......................................................................................................................11

3
SYSTEM ANALYSIS AND DESIGN
1. Introduction
The organization Headspace is implementing an information system for storage and
access of the patient’s health record in a cloud based environment. The various security risk and
concerns associated with this are analyzed in order to evaluate different aspects and the details of
the system implementation. The report identifies the different non-functional requirements of the
system (Steele, Min & Lo, 2012). The report discusses the advantages of using a hybrid cloud-
based solution. The report discusses the proper SDLC approach that would be beneficial for
considering in the project. The details about the implementation of the information system in
elaborated in the following paragraphs.
2. The Non-functional Requirements of the system
The non-functional requirement of any project is responsible for evaluating and
enhancing the performance of a system. The non-functional requirement for implementation of
“My Health record system” is identified according to the critical system qualities associated with
the project, system interfaces, user interface requirements and different system constraints. It
defines the different operations of the system and proper identification of the same is responsible
maintaining the objective and functionality of the system. The major non-functional
requirements identified for the project are discussed below (Chung, Nixon & Mylopoulos, 2012)-
2.1. Functionality
Functionality of the system comes under the non-functional requirement of the system
because it is essential for the system to perform according to the set functions. This is similar to
the functional requirement of the system as well because the functional requirements also deals
with measuring the functionality of the system. The ease of update and data access are from any

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
SYSTEM ANALYSIS AND DESIGN
platform is a major functionality of the system. Adaptability is therefore one of the primary non-
functional requirement that can be identified for functionality.
2.2. Usability
The ease of system usage is another major non-functional requirement of the system.
Both patients and the professionals will use the system that is to be implemented and therefore
the presence of an easy user interface is a major non-functional requirement of the system. Apart
from this, the scalability and flexibility of the system are other non-functional requirements.
2.3. Reliability
System reliability is a non-functional requirement that is essential to consider for
implementation of this system. This is because the system will store the sensitive and
confidential data of the patients and therefore it should be reliable enough to guarantee the
proper security of the data. The presence of an option of data recovery is therefore a primary
non-functional requirement of the system.
2.4. Performance
Measurement of a system’s performance is essential for understanding the system’s
effectiveness. Therefore, it is considered as the primary non-functional requirement of the
system. The flexibility of the system is therefore a major non functional requirement of the
system.
2.5. Security
Ensuring a proper security is very essential especially for this project. This is particularly
because the data to be stored in the system is very sensitive. If the data confidentiality is not

5
SYSTEM ANALYSIS AND DESIGN
maintained, the patients will not be eager to use this system and the entire idea for deployment
and implementation of this project will fail. Therefore, it is an essential non functional
requirement that should be considered for system implementation (Kulkarni et al., 2012). Data
encryption and access control are therefore identified as primary non-functional requirement for
developing a secure information system.
3. Non functional requirement Vs the Functional requirement of the system
Functional requirements of the system define the process and the features that are
required to incorporate in a project for its proper development. It therefore defines the major
criteria that a system should consider for the project development. The primary non functional
requirements of this system under development includes the process of authentication that will
be required to limit the usage of the system only to the authorized or the registered users (Pearce
& Bainbridge, 2014). The defining of the different authorization levels may further help in
improving the authentication of the system. The other functional requirements of the system
include the presence of summary statements, report button and so on. These are although very
different from the non-functional requirements of the system; they are very closely related to
each other. The security of the system, is very closely related to the system authentication as it is
a basic feature of the system. Authentication limits the access of data only to authorized users of
the system, thus increasing the security of the system. Furthermore, the summary statement and
the report button are linked with the non functional requirement of functionality and the
reliability. Therefore, it can be said that both the functional and nonfunctional requirements are
essential to be considered for ensuring the project success. While functional requirements defines
the major functions that are needed to be considered for the ensuring the basic operations of the
system, non functional requirements if considered enhances the performance of the system. The

6
SYSTEM ANALYSIS AND DESIGN
non functional requirement of the security, that is data encryption is however a major
consideration for this project.
4. The Chosen Cloud Environment: Hybrid Cloud
The cloud environment that is recommended for implementation of this system is hybrid
cloud environment. Public and the private cloud environment is not chosen for this approach due
to the various limitations that are associated with these two environment. The public cloud
although offers a cost effective solution, it has an increasing risk of vulnerabilities due to
external attack. This is because the data in the public cloud environment can be accessed very
easily and therefore an attacker in data theft can target it (AlZain et al., 2012). The data to be
stored in the system will contain the sensitive data of mental ill patients and therefore maintain
the confidentiality of the system is utmost essential. Therefore, implementation of this system in
the public cloud environment is not a feasible idea.
The system cannot be implemented in the private cloud environment although it offers
more security than a hybrid cloud environment. This is because of its limitation in the data
access. The data stored over a private cloud network can be accessed with the network of the
private cloud. It is very difficult to access the data in the private cloud environment but it is a
needed feature for this system because the primary aim of this system is allowing the data access
to the different professional that the patient visit.
Therefore, it is beneficial for Headspace in implementing the system in a hybrid cloud
environment. Hybrid cloud environment will provide all the essential benefits of the system
implementation (Galibus & Vissia, 2015). The strength and weakness of the implementing the
system in a hybrid cloud environment are described in the following sections.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
SYSTEM ANALYSIS AND DESIGN
4.1. Strength of the hybrid cloud Environment
The benefits or advantages that the hybrid cloud offers are listed below-
1. It provides a cost effective solution as the public zone of the hybrid cloud is generally
leveraged. This however is associated with a major security risk that should be considered in this
case (Li et al., 2013).
2. The security of data is maintained in the hybrid cloud environment and is more secure
than the public cloud (Li et al., 2015).
3. The hybrid cloud environment is very simple to implement.
4.2. Weakness
The major weaknesses of implementing the system in a hybrid cloud environment are
listed below-
1. A major security threat is associated with the hybrid cloud is its data movement in and
out of the public and the private cloud environment. This should be properly monitored in order
to eliminate the risk data theft.
2. The cost of implementation of system in a hybrid loud environment is more than that
of public cloud (Chen & Zhao, 2012).
Therefore, it will be appropriate for the organization to implement the system in a hybrid
cloud environment, as it will help in maintaining the security of the data.
5. The SDLC approach Predictive, Adaptive

8
SYSTEM ANALYSIS AND DESIGN
The software development life cycle defines the different phases that a software
undergoes in its successful implementation. The different phases related to the development of a
software includes the detailed planning, feasibility study, project execution and testing of the
project. This helps in proper project implementation. The predictive and the adaptive approach of
the SDLC are elaborated in the following sections. The appropriate approach that can be
considered for proper project development is further recommended.
5.1. The Predictive SDLC approach
The predictive approach of the software development life cycle deals with the project
planning at the beginning stages of the project. This is possible only if the scope of the project is
clear and the project requirements are simple. This approach relates to the waterfall model of
project development, which is generally used for development and implementation of the
software (Tuteja & Dubey, 2012). The pros and cons of development of the software in
predictive SDLC approach are as follows-
5.1.1 The pros/ advantages of predictive Approach
The advantages of using predictive software development life cycle are listed below-
1. The major advantage of this approach is that the project, which is implemented in this
approach, is generally completed within the set schedule.
2. A planned approach of project implementation can be seen in this approach. Since the
project planning is made before the project implementation, following a scheduled process of
project development becomes more easier.
3. Documentation control is another primary aspect of this approach.

9
SYSTEM ANALYSIS AND DESIGN
5.1.2 Cons
1. The project cannot be improvised after it is completed or implemented.
2. Absence of feedback path.
5.2. The Adaptive SDLC approach
The adaptive software development life cycle is different from the predictive approach.
This is similar to the agile project management methodology. The project follows a phased
process in this approach and the deliverables of each phase is determined and planned as a
project execution process. The major advantage of adaptive SDLC is that it allows a feedback
path and the process of project modification while the project is in the implementation phase.
The advantages and the disadvantages of using this approach of project development are
elaborated below (Balaji & Murugaiyan, 2012)-
5.2.1. Pros
The pros or advantages of implementation of a system using Adaptive SDLC approach
are listed below-
1) The presence of feedback path enhances the performance and the features of the
system to be implemented and helps in developing a flawless product.
2) The system is testing after the completion of each phase and therefore it becomes
easier to detect the bugs present in the system
5.2.2. Cons
1. The cost of implementation of a project using this approach is generally high

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10
SYSTEM ANALYSIS AND DESIGN
2. There is a risk of project being not completed within the schedule time.
Therefore, it is recommended for the organization to use a predictive SDLC approach in
this project ((Mahalakshmi & Sundararajan, 2013)).
6. Conclusion
Therefore, from the above discussion, it can be concluded that the project is very much
feasible to be implemented in a hybrid cloud environment. The report discusses the different
functional and non-functional requirements of the system and the strengths and weaknesses of
the hybrid cloud. The report further elaborates the SDLC approach that would be approapriate
for the project.

11
SYSTEM ANALYSIS AND DESIGN
7. References
AlZain, M. A., Pardede, E., Soh, B., & Thom, J. A. (2012, January). Cloud computing security:
from single to multi-clouds. In System Science (HICSS), 2012 45th Hawaii International
Conference on (pp. 5490-5499). IEEE.
Balaji, S., & Murugaiyan, M. S. (2012). Waterfall vs. V-Model vs. Agile: A comparative study
on SDLC. International Journal of Information Technology and Business Management,
2(1), 26-30.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud
computing. In Computer Science and Electronics Engineering (ICCSEE), 2012
International Conference on (Vol. 1, pp. 647-651). IEEE.
Chung, L., Nixon, B. A., Yu, E., & Mylopoulos, J. (2012). Non-functional requirements in
software engineering (Vol. 5). Springer Science & Business Media.
Galibus, T., & Vissia, H. E. R. M. (2015). Cloud storage security. Proc NSCE, 2014, 123-127.
Jain, A. K., & Nandakumar, K. (2012). Biometric Authentication: System Security and User
Privacy. IEEE Computer, 45(11), 87-92.
Kulkarni, G., Gambhir, J., Patil, T., & Dongare, A. (2012, June). A security aspects in cloud
computing. In Software Engineering and Service Science (ICSESS), 2012 IEEE 3rd
International Conference on (pp. 547-550). IEEE.
Li, J., Li, Y. K., Chen, X., Lee, P. P., & Lou, W. (2015). A hybrid cloud approach for secure
authorized deduplication. IEEE Transactions on Parallel and Distributed Systems, 26(5),
1206-1216.

12
SYSTEM ANALYSIS AND DESIGN
Li, Q., Wang, Z. Y., Li, W. H., Li, J., Wang, C., & Du, R. Y. (2013). Applications integration in
a hybrid cloud computing environment: Modelling and platform. Enterprise Information
Systems, 7(3), 237-271.
Mahalakshmi, M., & Sundararajan, M. (2013). Traditional SDLC Vs Scrum Methodology–A
Comparative Study. International Journal of Emerging Technology and Advanced
Engineering, 3(6), 192-196.
Pearce, C., & Bainbridge, M. (2014). A personally controlled electronic health record for
Australia. Journal of the American Medical Informatics Association, 21(4), 707-713.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management,
and security. CRC press.
Steele, R., Min, K., & Lo, A. (2012). Personal health record architectures: technology
infrastructure implications and dependencies. Journal of the Association for Information
Science and Technology, 63(6), 1079-1091.
Tuteja, M., & Dubey, G. (2012). A research study on importance of testing and quality assurance
in software development life cycle (SDLC) models. International Journal of Soft
Computing and Engineering (IJSCE), 2(3), 251-257