Cloud Security Risks and Mitigation

Verified

Added on  2020/04/01

|13
|2958
|265
AI Summary
This assignment delves into the significant security threats posed by migrating databases and infrastructure to the cloud. It examines various vulnerabilities, including unauthorized access, data breaches, and service disruptions. The assignment also emphasizes the importance of a robust risk management framework for cloud migration, encompassing secure configuration, access control, encryption, and incident response planning. Students are encouraged to analyze real-world case studies and propose practical solutions to mitigate these risks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: CLOUD COMPUTING AND WEBB’S STORES
[Assessment Name and ID]
[Student Name, ID]
[Student Email]
[Professor’s Name Here]
[Date Here]
[Name] [Student No.]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CLOUD COMPUTING AND WEBB’S STORES
Executive Summary
On the account of the benefits of virtualization and information technology in general, cloud
computing provides all the necessary elements including the conveniences of mobility, resilience
and flexibility. In essence, cloud-based solutions will offer extended environments for ICT
resources which are not only based on the digital platform but on the immediate needs of the
user. Furthermore, with cloud computing the users are able to access resources that they would
previously not be able to access as they were either too expensive or unavailable. A similar
outcome is exhibited in this scenario, where Webb’s Stores requires an innovative and dynamic
plan to manage its data systems. At the present moment, its data management procedure involves
a wide range of database centres that are continuously replicated across different regions within
Australia and New Zealand. However, this replication process is not efficient as the organization
has many operational challenges in expanding the content of the databases as well as the
expansion of the infrastructure itself. To solve these challenges, cloud computing is being
proposed based on a hybrid architecture that will combine both the in-house facilities with those
of a service provider, the centre mark of this report.
[Name] [Student No.] 2
Document Page
CLOUD COMPUTING AND WEBB’S STORES
Table of Contents
Task 1........................................................................................................................3
a. Types of IaaS security.....................................................................................3
b. Benefits and risks of these security features...................................................4
Benefits:..............................................................................................................4
Risks:...................................................................................................................4
Task 2........................................................................................................................5
a. Database..........................................................................................................5
b. IaaS resource...................................................................................................5
c. Communication between Webb’s Stores and IaaS resource provider.............6
Task 3........................................................................................................................6
a. Risks of using cloud backups and retrieval services.......................................6
i. Data backups.................................................................................................6
ii. Cloud as data storage facilities....................................................................7
iii. Data Retrieval.............................................................................................7
b. Webb’s DR plan based on the acquired cloud facilities..................................7
Task 4........................................................................................................................8
a. IaaS resource....................................................................................................8
b. Ms SQL server instance..................................................................................8
c. The cloud network infrastructure....................................................................9
d. Backup and restoration of the cloud facilities.................................................9
References..............................................................................................................11
[Name] [Student No.] 3
Document Page
CLOUD COMPUTING AND WEBB’S STORES
Task 1
a. Types of IaaS security
There are many different types of security that can be implemented to protect the database
instance hosted on the IaaS infrastructure. These security systems or features are critical to the
success of the cloud facility as it hosted within a public domain where different operations,
services and users exist. Therefore, the following security measures are proposed for the IaaS
instance:
Tokenization or encryption: As stated above, all the communications and operations of the cloud
facility will exist within a public system which does not guarantee safety. In addition to this, the
IaaS instance is most likely to be accessed by many individuals within the organization.
Therefore, the content and the facilities used should be encrypted using high levels encryptions
such as SHA and AES, while using passwords that are generated using the best access
procedures (Joshi, Shrivastava, & Joshi, 2016).
IaaS isolation: Secondly, the IaaS instance should be compartmentalised to contain intrusions in
case they happen. In essence, this security feature would create system isolations similar to those
of system partitions. The isolated sections would then be accessed by the users based on their
privileges and access levels.
Access policy and authentication: Finally, the access given to the users i.e. employees of
Webb’s Stores should be based on clear-cut policy. Again, this policy would stem from the roles
held by the employees, offering different access privileges based on their requirements.
Furthermore, their access would be monitored by intrusion detection system having created
personalized accounts that would be accessed using authentication procedures having access
multiple factor (Vordel, 2011).
[Name] [Student No.] 4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CLOUD COMPUTING AND WEBB’S STORES
b. Benefits and risks of these security features
Benefits:
Virtualization conveniences – cloud computing offers a wide range of benefits such as the
flexibility and scalability of IT resources. These benefits can only be achieved if the IaaS
infrastructure is protected and well managed, an outcome facilitated by these security features.
Cost saving – in addition to the benefits of virtualization, the organization at hand would have
minimal expenditures owing to the minimal repairs needed to maintain the IaaS instance. Webb’s
Stores would have minimal system congestion and damages, inconveniences that are caused by
system intrusions (staff, 2017).
Data security and privacy – another key benefit of having good security features which protect
the data being used. Webb’s Stores uses a lot of data owned by its customers which needs the
utmost security features to avoid its exposure.
Risks:
Data security and privacy – while these security features may increase the security of the data,
they also risk its exposure as they require the users to provide confidential information in order
to access the IaaS resources.
The ambiguity of resources – because two different parties are involved (Webb’s and service
provider), the challenges of data ownership and the security protocols used may arise. Therefore,
a state of ambiguity may arise as their responsibilities may be unknown (Potter, 2016).
[Name] [Student No.] 5
Document Page
CLOUD COMPUTING AND WEBB’S STORES
Task 2
The risk of cloud migrations on:
a. Database
Data ownership and control – while the data hosted on the cloud facility is legally owned by the
leasing organization, its control is usually unknown. For one, the leasing organization cannot
account for all the resources hosted online. Secondly, it cannot adequately track the same
resources (Hexatier, 2016).
System security – the database system is migrated to a foreign environment which in most cases
in unknown to the user. This process eliminates the physical security exhibited by on-premise
storage facilities which are a considerable security risk.
Migration problems and changes – in addition to the security problems, the entire database
system owned by Webb’s Stores will have to be migrated to a new facility. Now, consider the
size of this database as determined by its content. There are considerable challenges of losing
some of the data during the migration process. Furthermore, it presents many advanced changes
to the operations of the organization.
b. IaaS resource
Loss of system control – of all the service models offered by cloud computing, IaaS is said to
offer the best control to the user because of the ability to moderate and control the physical
infrastructure. However, this control is based on a virtualized system which generally is
unreliable unlike physical systems (Katsanos, 2017).
[Name] [Student No.] 6
Document Page
CLOUD COMPUTING AND WEBB’S STORES
Security – the same features that promote the extensive control of the IaaS infrastructure also
exposes the model to many security problems. For one, if the system is compromised the entire
cloud facility is affected as the user has extended access, a considerable security risk.
Downtime occurrence – cloud resources are online facilities that depend on the availability of the
internet. Therefore, outages and delays will affect the business operations of the organization as
the IaaS resource will be unavailable.
c. Communication between Webb’s Stores and IaaS resource provider
Privacy – to improve the security of the systems being used, the service subscriber is often
required to use confidential information to access online resources. This information will include
addresses and identification numbers. Now, this requirement is precisely required for
communication facilities as sensitive information is exchanged between the service provider and
customers such as access problems (passwords) and payments (financial transactions). Therefore,
the privacy of both the service provider and subscriber is at risk as this information may be lost
or exposed in the public domain (Islam, Fenz, Weippl, & Mouratidis, 2017).
Cybercrime – secondly, the communication process takes place in a public environment i.e. the
internet which is well known for its cybersecurity problems. Therefore, exchanging data within
this framework is an inherent risk owing to the countless attack methods that can be used by
intruders.
Task 3
a. Risks of using cloud backups and retrieval services
i. Data backups
Unknown access windows/time – on-premise facilities are convenient for backup facilities as
they are adequately accessed based on the network resources available. In essence, accessing the
[Name] [Student No.] 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
CLOUD COMPUTING AND WEBB’S STORES
backup tapes is based on LAN speeds which are efficient. However, cloud resources rely on the
speeds of the internet which will vary based on the existing network conditions (Manes, 2012).
Data loss – while using backup tapes, organizations and users can access resources stored at any
point in time. This resources can be old and even unrelated to the existing infrastructure as
needed by the user. However, cloud backups overwrite the existing records which mean, the user
cannot access old resources.
ii. Cloud as data storage facilities
Data security – while using on-premise infrastructure for data storage, its security is almost
guaranteed depending on the security measures put in place. However, the same conclusion
cannot be achieved while using cloud resource because of the security risk involved i.e.
virtualized storage and access methods that use online facilities (Lord, 2017).
Minimal data control and management – cloud resources have been known to offer minimal
control to the subscribers. This inconvenience extends to the storage facilities as the user is
unable to track all the data migrated to the online facilities. Furthermore, the service provider can
mix up resources owned by different subscriber leading to data exposure.
iii. Data Retrieval
Access window and time – a similar risk as that experienced during the backup process, where
the variations in the cloud connections affect the retrieval process of the backup resources. In
essence, internet delays and congestion generally affect the process of re-acquiring the content
stored online.
Data security – in addition to the inconveniences of time, the retrieval process is also subject to
the security risks of the internet. Therefore, the subscriber can acquire intrusions such as
malware while accessing the backup resources (Healy, 2015).
[Name] [Student No.] 8
Document Page
CLOUD COMPUTING AND WEBB’S STORES
b. Webb’s DR plan based on the acquired cloud facilities
Although the recovery procedures of cloud facilities are rocked with many challenges as
highlighted above, they also do provide the same benefits of virtualization. Now, based on this
conveniences, Webb’s Stores disaster recovery plan would shift from a physical strategy to a
virtualized system having several resources in an online infrastructure. This outcome would
increase the reach of the DR plan, as multiple backup resources would be accessed by all
business locations owned by the organization. Moreover, it would facilitate the isolation of the
physical and the software resources an outcome that would minimize the replication expenses of
the foundational elements of backup equipment. In all, the cloud resources would lower the
overall cost of the DR plan while extending the benefits of virtualization to the recovery
procedures. Moreover, they would also minimize the time of the recovery procedures, a key
component of DR plans (Crump, 2017).
Task 4
Access protection:
a. IaaS resource
Multiple factor authentication – authentication is the main strategy of protecting the access
procedures of any given digital system. This strategy will use different factors to give access to
the resource. Therefore, in this instance, several factors should be used such as the combination
of passwords with fingerprint scans (Healy, 2015).
Resource control and isolation – authentication should also collaborate with good management
facilities where the IaaS resources would be isolated based on the needs of the user. This
control/isolation would increase the accountability of the resources.
[Name] [Student No.] 9
Document Page
CLOUD COMPUTING AND WEBB’S STORES
b. Ms SQL server instance
SQL authentication and encryption – following the security features provided on all logical
database instances of SQL systems, additional access procedures should be implemented. In
this case, the access procedures would involve authentication and encryption protocols that
would secure the SQL statements and instances (Microsoft, 2017).
Packet filters – many people (Webb’s employees) would access the SQL database, either as
front-end users or as back-end users. Therefore, all requests directed to the SQL server should be
monitored and filtered for intrusions. In essence, the access resource should stop all unverified
requests. Furthermore, it should keep an accurate record of the access given to the users.
c. The cloud network infrastructure
Network administration – the networks used to access the cloud resources should be monitored
to avoid intrusions and downtime instances. This administration would be conducted using
network support tools such as firewalls and intrusion detection systems.
Access control/policy – having established the networks, the administration process can only be
guaranteed if the users are monitored based on their access privileges. Again, this outcome will
require an access strategy led by an adequate policy that would isolate the access given to
different users of the cloud resource (Hexatier, 2016).
d. Backup and restoration of the cloud facilities
Data encryption – since backup and restoration facilities majorly involve data, this resource
should be protected against unauthorized access. The best security feature to provide this
protection is encryption as it would only offer access to authorized members based on their
access keys. Moreover, it would also protect the cloud resources as they are hosted on online
facilities and are transported using public channels (Vordel, 2011).
[Name] [Student No.] 10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
CLOUD COMPUTING AND WEBB’S STORES
End to end protection – an important access policy that guarantees the safety of the cloud
resources as they are used by two different parties. Now, the security of digital systems is never
guaranteed and is further intensified by the existence of multiple parties. End to end protection
would ensure both parties implement standard security features to protect the access to the cloud
resources. Now, this strategy (end to end protection) can be achieved using several procedures
e.g. the use of end to end encryption (E2EE), a system that encrypts services based on
specialized cryptographic keys.
[Name] [Student No.] 11
Document Page
CLOUD COMPUTING AND WEBB’S STORES
References
Crump, G. (2017). A guide to a better cloud disaster recovery plan. Tech target, Retrieved 25
September, 2017, from: http://searchdisasterrecovery.techtarget.com/feature/A-guide-to-
a-better-cloud-disaster-recovery-plan.
Healy, R. (2015). The Top 5 Risks of Moving to the Cloud. Retrieved 09 September, 2017, from:
http://www.annese.com/blog/top-5-risks-of-moving-to-the-cloud.
Hexatier. (2016). Security Best Practices for Migrating your Database to the Cloud. Hexatier,
Retrieved 25 September, 2017, from: http://www.hexatier.com/security-best-practices-
for-migrating-your-database-to-the-cloud/.
Islam, S., Fenz, S., Weippl, E., & Mouratidis, H. (2017). A Risk Management Framework for
Cloud Migration. Journal of risk and financial management, Retrieved 25 September,
2017, from: www.mdpi.com/1911-8074/10/2/10/pdf.
Joshi, B., Shrivastava, M., & Joshi, B. (2016). Security threats and their mitigation in
infrastructure as a service. Science direct (Abstract), Retrieved 25 September, 2017,
from: http://www.sciencedirect.com/science/article/pii/S2213020916301306.
Katsanos, K. (2017). Migration to Infrastructure-as-a-Service Is Putting Businesses at Risk. IT
Biz Advisor, Retrieved 25 September, 2017, from:
https://itbizadvisor.com/news/migration-to-infrastructure-as-a-service-is-putting-
businesses-at-risk/.
Lord, N. (2017). Communicating the Data Security Risks of File Sharing & Cloud Storage. Data
insider, Retrieved 25 September, 2017, from:
https://digitalguardian.com/blog/communicating-data-security-risks-file-sharing-cloud-
storage.
Manes, C. (2012). What are the risks of backing up your business data in the cloud? Disaster
recover journal , Retrieved 09 September, 2017, from:
https://www.drj.com/articles/online-exclusive/what-are-the-risks-of-backing-up-your-
business-data-in-the-cloud.html.
[Name] [Student No.] 12
Document Page
CLOUD COMPUTING AND WEBB’S STORES
Microsoft. (2017). Azure SQL Database access control. Microsoft Azure, Retrieved 09
September, 2017, from: https://docs.microsoft.com/en-us/azure/sql-database/sql-
database-control-access.
Potter, D. (2016). SaaS, PaaS and IaaS: What are all the risks? Arrow, Retrieved 25 September,
2017, from: http://ecsnamagazine.arrow.com/saas-paas-and-iaas-what-you-and-your-
customers-need-to-know-about-the-risks/.
staff, S. t. (2017). 5 Important Benefits of Infrastructure as a Service. State tech, Retrieved 25
September, 2017, from: https://statetechmagazine.com/article/2014/03/5-important-
benefits-infrastructure-service.
Vordel, M. (2011). SaaS, PaaS, and IaaS: A security checklist for cloud models. CSO from IDG,
Retrieved 25 September, 2017, from: https://www.csoonline.com/article/2126885/cloud-
security/saas--paas--and-iaas--a-security-checklist-for-cloud-models.html.
[Name] [Student No.] 13
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]