Cloud Security Risks and Mitigation Strategies

Verified

Added on  2020/04/07

|11
|2148
|37
AI Summary
This assignment delves into the security risks associated with cloud infrastructure implementation, particularly focusing on Webb's potential vulnerabilities. It explores various threats such as data breaches, insider attacks, and regulatory non-compliance. The paper proposes mitigation strategies including comprehensive data backup plans, clear service level agreements (SLAs) with Cloud Service Providers (CSPs), and robust security measures to minimize risks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Student name Assignment Title
Assignment 2
Title
Student Name:
Student id:
Course Code:
Lecturer Name:
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Student name Assignment Title
Executive Summary
The objective of this report is to help the management of Webb’s to understand that
IT pain point and develop the future strategies. The report discusses the migration activity for
Webb and the security measures that the organization should have as they move to cloud. The
report would also discuss the risk and challenges as the organization plan to move to cloud.
2
Document Page
Student name Assignment Title
Table of Contents
1. Introduction...................................................................................................................................3
2. IaaS instance hosted by AWS/Azure.............................................................................................4
2.1. Security Controls implemented by Aws/Azure to protect IaaS instance...............................4
2.2. Benefits and limitations of the Security Controls.................................................................4
3. Risks associated in the Database Migration..................................................................................4
3.1. Risks associated with the migration of the database.............................................................5
3.2. Risks associated with the migration of IaaS infrastructure...................................................5
3.3. The communications between Webb’s and their IaaS database in the cloud........................5
4. Using Cloud for Backup and Archival of Records........................................................................6
4.1. Backing up data to the Cloud...............................................................................................6
4.2. Storage of data in the Cloud.................................................................................................6
4.3. Retrieval of data from the cloud...........................................................................................7
4.4. DR plan of the CSP..............................................................................................................7
5. Cloud Management.......................................................................................................................7
5.1 Their IaaS infrastructure.......................................................................................................7
5.2 Their Ms SQL Server 2012 R2 cloud instance.............................................................................8
5.3 Their Cloud network infrastructure......................................................................................8
5.4 Their Cloud backup and restore infrastructure.............................................................................8
6. Conclusion....................................................................................................................................8
References.............................................................................................................................................9
3
Document Page
Student name Assignment Title
1. Introduction
The movement to cloud should be advantageous for the company as it should help the
organization to save time and cost. However, migration is a difficult task that must be
handled strategically. The various sections of this report can be discussed as:
2. IaaS instance hosted by AWS/Azure
Migration of a database will involve 3 steps i.e. extracting the data from the existing
database, data massaging that involves making the data format which is supported in target
instance and then injecting the data in a target system which is cloud systems and can be
either of Amazon or Microsoft (Varia, 2010). As per the research and statistics, 17% of the
Cloud service provide multi factor authentication, 40% encrypt the data and 20% are ISO
27001 certified. And these numbers indicate the risks involved in migration to cloud. The
diagrammatic representation of IaaS can be shown as:
2.1. Security Controls implemented by Aws/Azure to protect IaaS instance
One of the most important Security control is that Webb stores must uses their own
encryption and tokenization as well as control their keys (Rahumed, et al., 2011).
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Student name Assignment Title
Webb stores must uses multi-factor authentication and not just 1 password. There are
many devices that can generate real time passwords valid for next few seconds only.
File system permissions can be used and there should be permission like read, write
for each file. Also, files can be password protected if they contain sensitive data
which is almost like a 3rd layer of protecting the data
2.2. Benefits and limitations of the Security Controls
There are 2 advantages of encryption at rest. First, the data is not even visible to the
cloud vendor and 2nd if due to the security flaws in the CSPs systems and data is
stolen, it will still be rendered useless (Dlodlo, 2011)
Multi-factor authentication will make system more robust
File permissions limits the unauthorized access and actions
3. Risks associated in the Database Migration
The various kind of risks can be discussed as:
3.1. Risks associated with the migration of the database
Data loss risk is one of the biggest risks to the database. For example, migration involves
data extraction and massaging. Data massaging is nothing but the transformation (Rahumed,
et al., 2011).
Data portability is another risk. If Webb stores decide to change their CSPs for some reason,
how they will ensure the data extraction again needed for injecting the data in new systems
3.2. Risks associated with the migration of IaaS infrastructure.
Data Compliance risks: Each CSPs is having their own security systems, capabilities and
compliance mechanism and, there are numerous compliance and regulations like HIPAA,
SOX, CIPA, PCI DSS that each organization must comply with.
5
Document Page
Student name Assignment Title
Insider Threat risk: Cloud systems provides the flexibility of accessing applications from
anywhere and not from the office network which is the case with the on-premise systems.
With this flexibility comes the problem that people can store information on their personnel
systems which they are not supposed to (Claycomb, & Nicoll, 2012).
Cloud availability: Although most CSPs have high availability rate but they do not provide
any Service level Agreements (SLAs) that if system become down due to some reason, how
much time it will take to bring it back.
3.3. The communications between Webb’s and their IaaS database in the cloud
Data theft risk: With increasing number of malicious attackers and intruders in the systems,
data communication will increase when Webb stores will use Hybrid cloud strategy and thus
there is a high risk of attack during transmission (Subhashini, & Kavitha, 2011)
Lack of controls like Firewall: Firewall is often difficult to use in cloud systems as
compared to the on premises systems which simply increase the risk of malicious user
entering into a system.
4. Using Cloud for Backup and Archival of Records
4.1. Backing up data to the Cloud
There are primarily two risks associated with maintain backup on the Cloud.
First one is most of the CSPs offers features of continuous or weekly data backup
features. Now, if a company uses continuous backup features, it will consume a lot of
bandwidth impacting the speed of the network. If the company updates the backup
weekly, there can be a risk of losing the data for maximum of 5 days in worst case
scenario
6
Document Page
Student name Assignment Title
Another risk is that restoring the data from the backup will take a huge time as it will
through the network while restoring the backup from the tapes is quite fast
4.2. Storage of data in the Cloud
Data privacy risk: Clouds stores the large amount of information and as a result, they are on
a constant target of malicious users and in case of any successful attack, there will be a risk of
losing private data (Alhazmi, & Malaiya, 2013).
Data compliance/Location risks: Every country has its own rules and regulations and every
organization has to abide by those rules. As clouds maintains backup at multiple locations
across the world, there can be issues. For example, some countries have rules that employee
personnel data cannot be stored outside the country (Subhashini, & Kavitha, 2011).
Data removal risk: Cloud systems stores data in a complex mesh of networks distributed
across servers. In such cases, if a company wants to permanently remove some data, how it
will remove it from database (Tang, Lee, Lui, & Perlman, 2012).
4.3. Retrieval of data from the cloud
Authorization and Authentication risk: Clouds systems have to ensure that the retrieval
requests are coming from the authentic sources and users are authorized for that information.
Data encryption during motion: Data encryption at rest is provided by CSPs but what about
data encryption in motion. If data is not encrypted during motion, there is a risk of intruders
attack (Kandukuri, & Rakshit, 2009).
4.4. DR plan of the CSP
Changing a backup location from on-premise to a cloud will definitely affect the DR
plans for the company. DR from tapes is quite different from cloud systems due to difference
in recovery time. Webb stores have to clearly identified risk, vulnerabilities with respect to
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Student name Assignment Title
location, surroundings, and geographies along with the CSPs. Also, earlier they were
maintaining business impact analysis (BIA) for all business processes but now it will become
responsibility of the cloud vendor (Ristov, Gisev, & Kostoska, 2012).
5. Cloud Management
5.1 Their IaaS infrastructure
Identity access management so that only the authentic people will able to access
IAAS infrastructure
Multi –factor authentication using RSA secure ID devices that generate temporary
real time password (Dahbur, Mohammad, & Tarakji, 2011)
5.2 Their Ms SQL Server 2012 R2 cloud instance
Webb should use encryption for data at rest as well as data in motion at their end also and not
rely fully on the encryption provided by the CSPs
5.3 Their Cloud network infrastructure
Cloud service providers must keep their security systems up to date with latest tools and
techniques and must monitor the malicious attacks on a constant basis (Dahbur, et al., 2011).
5.4 Their Cloud backup and restore infrastructure
Backup is a key activity that requires a lot of time. Webb must get the acceptable RTO
(recovery time objective) from the vendor and conduct the pilots regularly till desired RTO is
achieved (Jarvelainen, 2012). Another thing it must have service level agreements beyond
which CSPs will be liable for penalty.
8
Document Page
Student name Assignment Title
6. Conclusion
With the above discussion, it can be said that the management of Webb must have strong
strategy in place for the implementation of cloud infrastructure. The above paper discusses
various risks and mitigation strategies that should be used. It would be correct to say that
‘data back-up’ is the key strategy that would help the organization to overcome the threat
associated with several risks.
9
Document Page
Student name Assignment Title
References
Alhazmi, O. H., & Malaiya, Y. K. (2013, January). Evaluating disaster recovery plans using
the cloud. In Reliability and Maintainability Symposium (RAMS), 2013 Proceedings-
Annual (pp. 1-6). IEEE.
Claycomb, W. R., & Nicoll, A. (2012, July). Insider threats to cloud computing: Directions
for new research challenges. In Computer Software and Applications Conference
(COMPSAC), 2012 IEEE 36th Annual (pp. 387-394). IEEE.
Dahbur, K., Mohammad, B., & Tarakji, A. B. (2011, April). A survey of risks, threats and
vulnerabilities in cloud computing. In Proceedings of the 2011 International
conference on intelligent semantic Web-services and applications (p. 12). ACM.
Dlodlo, N. (2011, April). Legal, privacy, security, access and regulatory issues in cloud
computing. In Proceedings of the European Conference on Information Management
& Evaluation (pp. 161-168).
Järveläinen, J. (2012). Information security and business continuity management in
interorganizational IT relationships. Information Management & Computer
Security, 20(5), 332-349.
Kandukuri, B. R., & Rakshit, A. (2009, September). Cloud security issues. In Services
Computing, 2009. SCC'09. IEEE International Conference on (pp. 517-520). IEEE.
Rahumed, A., Chen, H. C., Tang, Y., Lee, P. P., & Lui, J. C. (2011, September). A secure
cloud backup system with assured deletion and version control. In Parallel Processing
Workshops (ICPPW), 2011 40th International Conference on (pp. 160-167). IEEE.
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Student name Assignment Title
Ristov, S., Gusev, M., & Kostoska, M. (2012). Cloud computing security in business
information systems. arXiv preprint arXiv:1204.1140.
Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models
of cloud computing. Journal of network and computer applications, 34(1), 1-11.
Tang, Y., Lee, P. P., Lui, J. C., & Perlman, R. (2012). Secure overlay cloud storage with
access control and assured deletion. IEEE Transactions on dependable and secure
computing, 9(6), 903-916.
Varia, J. (2010). Migrating your existing applications to the aws cloud. A Phase-driven
Approach to Cloud Migration.
11
1 out of 11
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]