Virtualization and Cloud Computing Report

Verified

Added on 2019/11/20

AI Summary

This report provides a comprehensive analysis of virtualization and cloud computing. It begins by outlining the numerous benefits of cloud computing for businesses, including cost reduction, ease of maintenance and upgrades, accessibility from any location, business continuity, and enhanced security. However, the report also acknowledges the inherent risks associated with cloud computing, such as data theft or loss, regulatory compliance issues, data location and access concerns, privacy and security vulnerabilities, data availability and business continuity challenges, data loss and recovery complexities, difficulties in managing old data, environmental security threats, and vendor lock-in. The report then delves into the design aspects of cloud computing, presenting structural diagrams of a cloud storage system and a cloud system security design, along with a detailed explanation of cloud identity and access architecture. The justifications for these designs emphasize the importance of security-as-a-service architecture, sound identity and access management, automated API safeguards, avoiding IP address-based authentication, and comprehensive logging. Finally, the report lists several key cloud security principles that should be considered and customized by cloud architects, including the principle of least privilege, isolation between security zones using layered firewalls, end-to-end transport-level security, and integrated security monitoring. The report concludes by emphasizing the importance of implementing these security measures to protect sensitive business data in the cloud.

Running head: VIRTUALIZATION AND CLOUD COMPUTING
Virtualization and cloud computing
Name of the Student
Students ID
Signature of the Student

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1VIRTUALIZATION AND CLOUD COMPUTING
1. Benefits of Cloud Computing:
Cloud computing refers to the computing of a process or basically a software which helps
to gain access over various computer related resources like computer network, storage, various
server, applications and various services. It is done with the help of internet. Many companies
have tried cloud services for continuing their business. Cloud computing is beneficial many ways
[1]. The benefits depend on the size of the business, the sector of the business and the strategic
goals of the business. The possible benefits that the company S-mart can get using cloud
computing are:
 Low of cost: The process of service on demand or demand when required has helped
business to invest on the model based on operational expenditure. Cloud computing has
helped in lowering the investments on servers, licenses and software’s. Cloud computing
helps a lot in reducing the cost as there is no longer any need of purchasing an own
datacenter or keeping an IT team for the maintenance of the data server [2]. Someone
having an MSP no longer needs to pay the bills for traveling from one location to another
and saves the time required to travel. S-mart can have huge profits and the annul
expenditure of the company decreases.
 Easy to upgrade and easy maintenance: Allocation of IT professionals for some other
works as the cloud provides the server, software’s and network. Each cloud provider has
their own IT experts who are solely responsible for the services they provide. The cloud
vendors provide the upgraded forms of service, which saves both Time and money [3].
Every time a cloud service provider invests in a new solution it is made available to the
cloud user helping them to use the most advanced tools and applications with no extra
cost of buying those tools or applications. As the company has a large amount of data and

2VIRTUALIZATION AND CLOUD COMPUTING
large customer base so it becomes necessary for the company to upgrade its technology
used for storing and compiling of data. Therefore, cloud technology provides the
company with many benefits by providing it with upgraded technologies.
 Accessible from any location and from any device: Services provided by the cloud is
accessible almost from any location. Users are able to access the important files, data,
documents and IT tools from any device having an access to internet [3]. Moreover,
clouds provide the required bandwidth making it possible to work online and replicating
the office environment thereby helping the employees work more productively. As S-
mart has many product lines, it becomes difficult to access the data of those product lines.
Cloud services can help in accessing data of different locations siting at one place.
 Continuation of business: Cloud helps in remote working. During disaster the working
procedure of a business continues. During times of natural calamity (rain, flood, show
fall) or in cases of theft and technology people have an option of working from different
locations even if they are unable to reach the office [4]. Users can simply login to access
their work desktop and continue their work, as they would have done in their normal
working days. Users can access the files, documents and data present in the cloud
provided the users have necessary access codes.
 Security: Previously the security issues in cloud computing were weak but as technology
has made advancements the security related to cloud computing has also increased. There
is a saying that cloud computing improves the companies defense. Cloud service
providers invest a lot in improving securing their data infrastructure to protect the
customer’s data [5]. Cloud service providers invest in improving the security more and
more if they earn profits from the users. S-mart has many data related to customer’s and

3VIRTUALIZATION AND CLOUD COMPUTING
their purchases so it becomes important for them to protect the data of the customers.
Cloud services provides lot of security measures so the company can use all the security
measures to save the data from any types of threats.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4VIRTUALIZATION AND CLOUD COMPUTING
2. Risks regarding cloud computing:
 Theft or Loss of property: Businesses’ are relying more in storing of data in the clouds.
When there is a breach in the cloud or in case of any cyber-attack, the sensitive data in
the cloud are accessed [4]. Breach in the services terms and policy may occur. The data if
lost will greatly affect the business of the company S-mart.
 Compliance in regulation: The users know that their data are stored in the services
providers cloud but still the user is accountable to its customers for any security and
integrity issue that affect the user’s data [4]. The user must know the standard and
procedures that they are provided with to mitigate the risks.
 Location where the data is stored, who can access the data and protection level of the
data: A user must know the location of their stored data and the privacy and security
laws, which apply to it. Doing this is necessary, as there is a risk of marginalization of the
rights of the user [1]. When a user does not have adequate legal protections then the user
is liable for any type of security breach. This means unless and until the provider gives in
writing then it is not liable for any type of security breach.
 Privacy and Security of the data: There is always a risk of breach in privacy of the user.
Uploading of data to the cloud means trusting on the provider’s security system. A user
must ask the service provider about who has access to the users’ sensitive data and the
physical and logical security [1], which the provider is using to protect the data.
 Availability of data and continuity of business: Cloud services depends totally on the
internet connection. This leads to a risk of poor service by the provider and problems in
accessing of the cloud services by the user [5]. This threatens the continuity of business.

5VIRTUALIZATION AND CLOUD COMPUTING
 Loss of data and recovery: Data loss might occur during a time of disaster or in cases of
breach. The recovery process totally depends on the capabilities of the service provider.
Therefore, the user must know the capabilities of the provider and if the recovery system
of the provider is tested or not. In case of any threat or disaster the company might lose
the valuable data of the customers. Loosing of data can cause difficulties in contacting
the customers as the weekly basis data is used by the company for informing the
customers and staffs.
 Keeping records of old data: Whenever a data is stored into the cloud, new data replaces
the old data [5]. When the user wants to access the old data then it might become difficult
for the user to get the data back. Before storing, any data in the cloud user must talk with
their service provider about the retention of the previous data. As there is regular
uploading of new data by the company so there is a risk of losing the old data of the
customers and their purchase details.
 Security regarding the environment: Data centers are cloud computing are highly
concentrated with computing powers, data and users making it vulnerable to attacks of
bots, malwares viruses and many other things [4]. Therefore, a user must know how
much the provider is prepared to face these types of difficulties.
 Lockdown of the providers: When a user uses the service then the provider is in full
control of the service. A user has no guarantee regarding the prices of the features
provided. There is always a possibility of price hike or doubling of price. The users and
their clients depending on the service are bound to pay the increased price [1]. In case the
provider server fails then many online operations by the company will get hampered .

6VIRTUALIZATION AND CLOUD COMPUTING
Public APIs for data and management
Virtual
compute
servers
Logical storage pools
Physical Storage Servers Physical Storage
Servers
Block, file or object storage
Object
Storage
Virtual
compute
servers
Security,
Strategy,
Architecture,
Governance,
Business
continuity
Identity,
Access
Management
Service,
(Access
Control,
SSO,
Federation,
STS, OAuth,
User
Provisioning,
Logging,
Auditing)
Automated Life Cycle Management
Platform as a Service
Virtualized Infrastructure
Automated Operations
Infrastructure as a Service
Firewall API, CA, SSL,
Encryption, Key
management, logging
Security Automation
Self-Service,
Monitoring, Metrics
User and App
identity, App Security
Testing, AuthZ,
Logging
Data Center Centric (BYOS)
Developer Centric Fully Managed Model
Security Services- Infrastructure Security Services- Applications
3. Designs used for cloud computing:
a) Structural diagram of a storage system in a cloud:
b) Cloud system security design:
c)
Cloud service location 1 Cloud service location n

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7VIRTUALIZATION AND CLOUD COMPUTING
Cloud Policy Decision Service
End User Cloud Policy Admin Service
Log/Audit Service
Cloud Authentication service
Account/Profile Provisioning service
Meter/Billing Service
Session
User Profile
Cloud Usage Records
Log/Audit Store
3rd Party Auditor
Cloud Policy Store
Enterprise
Registration UI
Cloud Provisioning Service
Local Authentication UI
Cloud Usage Report UI
External IDP (Authentication
Service
External Policy Decision Point
External ID Provisioning
Service
3rd party
Enterprise
Cloud Service Owner
Cloud Identity/Access architecture:

8VIRTUALIZATION AND CLOUD COMPUTING
4. Justifications of the design:
 Architect for security-as-a-service – Deployment of application in the cloud to co-
ordinate multiple services including automation of DNS, load balancer and many other
services. Security automation falls in the same category, which includes automation of
firewall policies between cloud security zones, provisioning of certificates (for SSL),
virtual machine system configuration, privileged accounts and log configuration.
Application deployment processes depending on security processes (such as firewall
policy creation, certificate provisioning, key distribution and application pen testing)
should be migrated to a self-service model [6]. Applying these techniques will help in
reducing human touch points and enable the scenario of security as a service. Initially this
will to mitigation of threats due to human errors, improve operational efficiency and
embed security controls into the cloud applications. The company S-mart should put
great efficiency in securing their data base and take all the necessary steps required to
protect their data stored in the cloud. All the above steps discussed above needs to be
followed by the company so as to continue their business without any difficulties.
 Implementation and practice of sound identity and access management
architecture - Addressing should be done by cloud access control architecture to all
aspects of user and access management lifecycles for both end users and privileged users
– user provisioning & DE provisioning, authentication, federation, authorization and
auditing. A sound architecture will enable reusability of identity and access services for
all use cases in public, private and hybrid cloud models [7]. Employing of secure token
service with proper user and entitled provisioning with audit trail is a good practice. The
first step for extending enterprise SSO to cloud service is Federation architecture. To

9VIRTUALIZATION AND CLOUD COMPUTING
protect the data, the company should adopt proper techniques of protecting the data. The
accessing of the data should be authentic so to do this there are many ways to prevent the
access of the data specially the purchase data of the customers.
 Automate safeguards to provide Advantage to APIs - Deploying of any new security
services with an API (REST/SOAP) to enable automation. APIs can help automate
firewall policies, configuration hardening, and access control at the time of application
deployment [8]. Security of the company’s data becomes more secure by use of this
technique.
 Not relying on an IP address for authentication services - As the IP addresses in a
cloud lasts for a short time in nature so the user cannot solely rely on them for
enforcement of network access control.
 Log, Log, Log – creation of an end-to-end transaction when the security events are
logged in by the application. The only reliable data leveraged by forensic engineers to
investigate and understand the exploitation of applications is the security events, logs and
audit trails [8]. This step is very much necessary for the company to keep track of each
and every details so as to keep the customers details safe and secure in case of any
vulnerabilities faced by the service provider.
Some of the cloud security principles that are to be considered and customized by the cloud
architect of S-mart are listed below:
 Present services in the cloud to follow the least privilege principles.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10VIRTUALIZATION AND CLOUD COMPUTING
 To Guarantee the Isolation between various security zones by use of layers of firewalls -
Cloud firewall, hypervisor firewall, and guest firewall and application container. The
policies of the firewall should comply with the trust zone isolations standards.
 Use of End-to-end transport level (SSL, TLS, IPSEC) by applications to secure the
transiting data between the applications deployed in the cloud as well as to the enterprise.
 Using API, compile the Security monitoring in the cloud with existing enterprise security
monitoring tools.

11VIRTUALIZATION AND CLOUD COMPUTING
References:
1. Catteddu D. Cloud Computing: benefits, risks and recommendations for information
security. InWeb application security 2010 (pp. 17-17). Springer, Berlin, Heidelberg.
2. Kondo D, Javadi B, Malecot P, Cappello F, Anderson DP. Cost-benefit analysis of cloud
computing versus desktop grids. InParallel & Distributed Processing, 2009. IPDPS 2009.
IEEE International Symposium on 2009 May 23 (pp. 1-12). IEEE.
3. Sether A. Cloud Computing Benefits. Browser Download This Paper. 2016 May 18.
4. Carroll M, Van Der Merwe A, Kotze P. Secure cloud computing: Benefits, risks and
controls. InInformation Security South Africa (ISSA), 2011 2011 Aug 15 (pp. 1-9).
IEEE.
5. Takabi H, Joshi JB, Ahn GJ. Security and privacy challenges in cloud computing
environments. IEEE Security & Privacy. 2010 Nov;8(6):24-31.
6. Jadeja Y, Modi K. Cloud computing-concepts, architecture and challenges. InComputing,
Electronics and Electrical Technologies (ICCEET), 2012 International Conference on
2012 Mar 21 (pp. 877-880). IEEE.
7. Dinesha HA, Agrawal VK. Multi-level authentication technique for accessing cloud
services. InComputing, Communication and Applications (ICCCA), 2012 International
Conference on 2012 Feb 22 (pp. 1-4). IEEE.
8. Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud
computing. Journal of network and computer applications. 2011 Jan 31;34(1):1-1.