Assessment 4: Hybrid Cloud Computing and Migration for Smiths Security
VerifiedAdded on 2023/06/03
|26
|7961
|247
Project
AI Summary
This report provides a comprehensive hybrid cloud computing solution for Smiths Security, an Australian security firm. It begins with an executive summary and introduction outlining the company's current IT infrastructure and its need for cloud migration. The report then delves into various cloud architectures, including workload distribution, resource pooling, and dynamic scalability, explaining their benefits for Smiths Security. It also analyzes the risks associated with a hybrid cloud strategy, such as lack of encryption, poor compliance, and data redundancy, and proposes information security controls to mitigate these risks. A detailed business continuity plan is recommended, along with requirements for resource management, remote server administration, and SLA management. Finally, the report outlines the steps for migrating services to the Amazon AWS hybrid cloud, addressing critical issues associated with the migration. The report concludes by emphasizing the advantages of adopting a hybrid cloud approach for Smiths Security.
Running head: HYBRID CLOUD COMPUTING
Hybrid Cloud Computing
Student Name
Institutional Affiliation
Hybrid Cloud Computing
Student Name
Institutional Affiliation
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
HYBRID CLOUD COMPUTING
Executive Summary
Smiths Security is a security firm that is located in Australia that deals with fire
monitoring services, armored vehicles, alarm monitoring, and security guards. The Smiths
Security Ltd is considering that data center in Sydney should be retained for sensitive data
and critical systems. The company’s concern for the need to consolidate monitoring centers
into one location is the issue of business continuity plan, disaster recover, and backup
strategies. This research recommends to Smith Security to adopt the hybrid cloud
technology because of the numerous benefits that the business will gain by implementing
this technology.
This report seeks to discuss the various cloud architecture that can be used and their
benefits, risks associated with hybrid cloud strategies, information security controls that the
company can adopt to secure Hybrid cloud, recommend the various elements that should
be included in the business continuity plan, discuss the various requirements that should be
considered when conducting resource management, remote server administration, and SLA
management, and the various steps that should be taken when migrating the services to the
Amazon AWS hybrid cloud
2
Executive Summary
Smiths Security is a security firm that is located in Australia that deals with fire
monitoring services, armored vehicles, alarm monitoring, and security guards. The Smiths
Security Ltd is considering that data center in Sydney should be retained for sensitive data
and critical systems. The company’s concern for the need to consolidate monitoring centers
into one location is the issue of business continuity plan, disaster recover, and backup
strategies. This research recommends to Smith Security to adopt the hybrid cloud
technology because of the numerous benefits that the business will gain by implementing
this technology.
This report seeks to discuss the various cloud architecture that can be used and their
benefits, risks associated with hybrid cloud strategies, information security controls that the
company can adopt to secure Hybrid cloud, recommend the various elements that should
be included in the business continuity plan, discuss the various requirements that should be
considered when conducting resource management, remote server administration, and SLA
management, and the various steps that should be taken when migrating the services to the
Amazon AWS hybrid cloud
2
HYBRID CLOUD COMPUTING
Table of Contents
Executive Summary....................................................................................................................2
Introduction...............................................................................................................................4
Question 1a: Cloud Architectures..............................................................................................4
Workload Distribution Architecture......................................................................................5
Reason for deploying this architecture..............................................................................5
Resource Pooling Architecture..............................................................................................5
Reason for deploying this architecture..............................................................................5
Dynamic Scalability Architecture...........................................................................................6
Reason for deploying this architecture..............................................................................6
Question 1b: Benefits of Implementing these Architectures....................................................6
Question 2: Risks of Hybrid Cloud Strategy...............................................................................7
Question 3: Information Security Controls and Steps for Hybrid Clouds................................14
Question 4: Business Continuity Plan......................................................................................16
Question 5: Requirement Analysis...........................................................................................18
Remote Server Administration............................................................................................18
Resource Management........................................................................................................18
SLA Management.................................................................................................................19
Question no 6: Migration Steps...............................................................................................19
Question no 6 B: Critical Issues Associated with Migration....................................................21
Conclusion................................................................................................................................21
References................................................................................................................................22
3
Table of Contents
Executive Summary....................................................................................................................2
Introduction...............................................................................................................................4
Question 1a: Cloud Architectures..............................................................................................4
Workload Distribution Architecture......................................................................................5
Reason for deploying this architecture..............................................................................5
Resource Pooling Architecture..............................................................................................5
Reason for deploying this architecture..............................................................................5
Dynamic Scalability Architecture...........................................................................................6
Reason for deploying this architecture..............................................................................6
Question 1b: Benefits of Implementing these Architectures....................................................6
Question 2: Risks of Hybrid Cloud Strategy...............................................................................7
Question 3: Information Security Controls and Steps for Hybrid Clouds................................14
Question 4: Business Continuity Plan......................................................................................16
Question 5: Requirement Analysis...........................................................................................18
Remote Server Administration............................................................................................18
Resource Management........................................................................................................18
SLA Management.................................................................................................................19
Question no 6: Migration Steps...............................................................................................19
Question no 6 B: Critical Issues Associated with Migration....................................................21
Conclusion................................................................................................................................21
References................................................................................................................................22
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
HYBRID CLOUD COMPUTING
Introduction
Smiths Security is a firm located in Australia that deals with security businesses such
as fire monitoring services, armored vehicles, alarm monitoring, and security guards. The
head office is located in Sydney and has data center across all the major cities in Australia
such as Brisbane, Perth, Melbourne, Adelaide, and Sydney). Sydney office houses the main
data center. At every site there is 2 business application servers, one lotus notes email
server, one windows server 2003 running IIS web servers, one SQL server 2003, one active
directory domain controller, and windows server 2003 print server. Smith Security has not
updated its infrastructure for a very long time and only upgrading the server hardware and
the operating system won’t be of help according to Company IT management team. As such,
the team has recommended that all or some of the IT infrastructure be moved to the cloud.
However, they suggest hat the business application servers should not be moved.
The Smiths Security Ltd is considering that data center in Sydney should be retained
for sensitive data and critical systems. The company’s concern for the need to consolidate
monitoring centers into one location is the issue of business continuity plan, disaster
recover, and backup strategies. Additionally, they are planning to adopt the use of thin
clients to replace the normal staff computers and migrate SQL and web infrastructure to the
cloud in order to enhance availability and flexibility. This report seeks to discuss the various
cloud architecture that can be used and their benefits, risks associated with hybrid cloud
strategies, information security controls that the company can adopt to secure Hybrid cloud,
recommend the various elements that should be included in the business continuity plan,
discuss the various requirements that should be considered when conducting resource
management, remote server administration, and SLA management, and the various steps
that should be taken when migrating the services to the Amazon AWS hybrid cloud.
Question 1a: Cloud Architectures
In order to meet the various strategies, set out by the board, Smiths Security can
adopt the following cloud architecture:
4
Introduction
Smiths Security is a firm located in Australia that deals with security businesses such
as fire monitoring services, armored vehicles, alarm monitoring, and security guards. The
head office is located in Sydney and has data center across all the major cities in Australia
such as Brisbane, Perth, Melbourne, Adelaide, and Sydney). Sydney office houses the main
data center. At every site there is 2 business application servers, one lotus notes email
server, one windows server 2003 running IIS web servers, one SQL server 2003, one active
directory domain controller, and windows server 2003 print server. Smith Security has not
updated its infrastructure for a very long time and only upgrading the server hardware and
the operating system won’t be of help according to Company IT management team. As such,
the team has recommended that all or some of the IT infrastructure be moved to the cloud.
However, they suggest hat the business application servers should not be moved.
The Smiths Security Ltd is considering that data center in Sydney should be retained
for sensitive data and critical systems. The company’s concern for the need to consolidate
monitoring centers into one location is the issue of business continuity plan, disaster
recover, and backup strategies. Additionally, they are planning to adopt the use of thin
clients to replace the normal staff computers and migrate SQL and web infrastructure to the
cloud in order to enhance availability and flexibility. This report seeks to discuss the various
cloud architecture that can be used and their benefits, risks associated with hybrid cloud
strategies, information security controls that the company can adopt to secure Hybrid cloud,
recommend the various elements that should be included in the business continuity plan,
discuss the various requirements that should be considered when conducting resource
management, remote server administration, and SLA management, and the various steps
that should be taken when migrating the services to the Amazon AWS hybrid cloud.
Question 1a: Cloud Architectures
In order to meet the various strategies, set out by the board, Smiths Security can
adopt the following cloud architecture:
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
HYBRID CLOUD COMPUTING
Workload Distribution Architecture
This architecture is used to minimize underutilization and over utilization of the
information technology resources to a level which relies on run time logic and load
balancing algorithms sophistication (Erl, Mahmood, & Puttini, 2013).
Reason for deploying this architecture
The reason why this architecture is recommended is because it can be employed in
information technology resources that have workload distribution that is normally done in
to support cloud storage devices, distributed file servers, and cloud services (Halpert, 2013).
This architecture supports audit monitor which is very essential in run time workload
distribution and determining whether the information technology resources that processes
data meets the regulatory and legal requirements. Secondly. It supports monitoring the
cloud usage by tracking processing of data and run time workload (Margaret, 2018). Thirdly,
it supports replication of resources that can be used to generate virtualized IT resources
new instances to respond to the demands of distribution of run time workload. Another
reason why this architecture should be adopted is because it supports clustering of
resources in active mode to ensure that there is load balancing in the various cluster nodes.
Resource Pooling Architecture
This architecture depends utilization of one or more pools of resources where similar
information technology resources are put into one group and is maintained by a single
system that make sure that they are always synchronized. Since cloud providers can create
many pools for their applications or consumers, they tend to become more complex and as
such the need to have an architecture that will be able to address these complexities
(Norman, 2016). In order to enable the company to organize different requirements of
resource pooling, it is essential that a hierarchical structure be developed to create parent,
child, and nested pools.
Reason for deploying this architecture
This architecture enables creation of multiple instances that can be used to offer in-
memory pool of information technology resources that are “live”. Additionally, mechanisms
such as logical network perimeter, cloud usage, hypervisor, audit monitor, pay-per-use,
resources management, remoted administration system, resource replication, and resource
5
Workload Distribution Architecture
This architecture is used to minimize underutilization and over utilization of the
information technology resources to a level which relies on run time logic and load
balancing algorithms sophistication (Erl, Mahmood, & Puttini, 2013).
Reason for deploying this architecture
The reason why this architecture is recommended is because it can be employed in
information technology resources that have workload distribution that is normally done in
to support cloud storage devices, distributed file servers, and cloud services (Halpert, 2013).
This architecture supports audit monitor which is very essential in run time workload
distribution and determining whether the information technology resources that processes
data meets the regulatory and legal requirements. Secondly. It supports monitoring the
cloud usage by tracking processing of data and run time workload (Margaret, 2018). Thirdly,
it supports replication of resources that can be used to generate virtualized IT resources
new instances to respond to the demands of distribution of run time workload. Another
reason why this architecture should be adopted is because it supports clustering of
resources in active mode to ensure that there is load balancing in the various cluster nodes.
Resource Pooling Architecture
This architecture depends utilization of one or more pools of resources where similar
information technology resources are put into one group and is maintained by a single
system that make sure that they are always synchronized. Since cloud providers can create
many pools for their applications or consumers, they tend to become more complex and as
such the need to have an architecture that will be able to address these complexities
(Norman, 2016). In order to enable the company to organize different requirements of
resource pooling, it is essential that a hierarchical structure be developed to create parent,
child, and nested pools.
Reason for deploying this architecture
This architecture enables creation of multiple instances that can be used to offer in-
memory pool of information technology resources that are “live”. Additionally, mechanisms
such as logical network perimeter, cloud usage, hypervisor, audit monitor, pay-per-use,
resources management, remoted administration system, resource replication, and resource
5
HYBRID CLOUD COMPUTING
management makes it very essential in hybrid cloud environment that Smiths Security
wants to adopt (Buyya, Vecchiola & Selvi, 2013).
Dynamic Scalability Architecture
This architecture depends on predefined scaling conditions that prompts information
technology resources to be allocated dynamically from resource pools. Allocating resources
dynamically facilitates variable utilization which is set out by the fluctuating demands
because the resources that are not being used are reclaimed efficiently without the need of
interacting manually (Hwang, Dongarra & Fox, 2013). This architecture ensures that
resources are loaded to the workload processing by automated scaling listener which has
been setup with workload thresholds.
Reason for deploying this architecture
One of the major reasons of adopting this architecture is the ability to provide the
logic for dictating the number of additional resources that should be provided dynamically.
Other crucial mechanisms that this architecture support include dynamic vertical and
horizontal scaling and dynamic resource relocation.
Question 1b: Benefits of Implementing
these Architectures
The three architectures will greatly benefit Smiths Security in various ways. The
ability of this architecture to manage resources, dynamically allocate them and scale to
meet business needs is of essence. Another benefit is cost where Smiths security will be
paying much less money because they only pay for what they have used (Rittinghouse &
Ransome, 2016). Additionally, no hardware computing architecture have to be procured and
monthly system review is removed. Secondly, these architectures have the best disaster
recovery techniques such that in case of any failures in the system it will use the shortest
time possible to recover to normalcy. Performance and speed offered by these architectures
are very high because of the ability to virtualize resources which could easily adopt the
company needs and objectives (Stokes, 2014).
These architecture supports dynamic flexibility and scalability which will allow Smiths
Security to move the new applications to the public cloud from private cloud for the
6
management makes it very essential in hybrid cloud environment that Smiths Security
wants to adopt (Buyya, Vecchiola & Selvi, 2013).
Dynamic Scalability Architecture
This architecture depends on predefined scaling conditions that prompts information
technology resources to be allocated dynamically from resource pools. Allocating resources
dynamically facilitates variable utilization which is set out by the fluctuating demands
because the resources that are not being used are reclaimed efficiently without the need of
interacting manually (Hwang, Dongarra & Fox, 2013). This architecture ensures that
resources are loaded to the workload processing by automated scaling listener which has
been setup with workload thresholds.
Reason for deploying this architecture
One of the major reasons of adopting this architecture is the ability to provide the
logic for dictating the number of additional resources that should be provided dynamically.
Other crucial mechanisms that this architecture support include dynamic vertical and
horizontal scaling and dynamic resource relocation.
Question 1b: Benefits of Implementing
these Architectures
The three architectures will greatly benefit Smiths Security in various ways. The
ability of this architecture to manage resources, dynamically allocate them and scale to
meet business needs is of essence. Another benefit is cost where Smiths security will be
paying much less money because they only pay for what they have used (Rittinghouse &
Ransome, 2016). Additionally, no hardware computing architecture have to be procured and
monthly system review is removed. Secondly, these architectures have the best disaster
recovery techniques such that in case of any failures in the system it will use the shortest
time possible to recover to normalcy. Performance and speed offered by these architectures
are very high because of the ability to virtualize resources which could easily adopt the
company needs and objectives (Stokes, 2014).
These architecture supports dynamic flexibility and scalability which will allow Smiths
Security to move the new applications to the public cloud from private cloud for the
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
HYBRID CLOUD COMPUTING
purposes of testing. The ability to easily integrate with other system will allow the company
to access the data centres in different sites and provided the company with new
opportunities such as analytics that are not limited to business requirements.
Question 2: Risks of Hybrid Cloud Strategy
Hybrid Cloud risks Risk controls
Lack of encryption: transmissions of
networks are open to MitM (Man-in-the-
Middle) and eavesdropping attacks that
prevent shared authentication by
mimicking endpoints. Smiths Security
must encrypt data and communications
to prevent security intrusions.
Protect transmissions from unplanned
intrusions with encrypted protocols
that encompass endpoint validation
Apply a dependable VPN
Utilize a dependable proxy server
Use SS/TLS to encrypt all transmissions
to prevent interference of data off the
wire and control server validation
Apply SSH (secure shell) network
tunnel protocol to transmit decrypted
traffic over a network
Insufficient evaluation of security risk:
failing to conduct a comprehensive risk
profiles of systems and IT infrastructure
hinders network administrators from
identifying where and how an attack has
happened or when it occurred (Sahmim
& Gharsellaoui, 2017). It becomes
challenging to prevent future breaches.
Risk assessment and prevention must
be established
Any malicious traffic should be scanned
using the IPS/IDS systems
Activate log monitoring and constantly
update the current software
A comprehensive approach is the best
method to manage network
organization security using a
dependable SIEM system. As such, all
Smiths Security data can be easily
trended and viewed.
Poor compliance: regarding compliance,
hybrid clouds need proper attention.
The private cloud and the public cloud
provider must be integrated (Agrawal
7
purposes of testing. The ability to easily integrate with other system will allow the company
to access the data centres in different sites and provided the company with new
opportunities such as analytics that are not limited to business requirements.
Question 2: Risks of Hybrid Cloud Strategy
Hybrid Cloud risks Risk controls
Lack of encryption: transmissions of
networks are open to MitM (Man-in-the-
Middle) and eavesdropping attacks that
prevent shared authentication by
mimicking endpoints. Smiths Security
must encrypt data and communications
to prevent security intrusions.
Protect transmissions from unplanned
intrusions with encrypted protocols
that encompass endpoint validation
Apply a dependable VPN
Utilize a dependable proxy server
Use SS/TLS to encrypt all transmissions
to prevent interference of data off the
wire and control server validation
Apply SSH (secure shell) network
tunnel protocol to transmit decrypted
traffic over a network
Insufficient evaluation of security risk:
failing to conduct a comprehensive risk
profiles of systems and IT infrastructure
hinders network administrators from
identifying where and how an attack has
happened or when it occurred (Sahmim
& Gharsellaoui, 2017). It becomes
challenging to prevent future breaches.
Risk assessment and prevention must
be established
Any malicious traffic should be scanned
using the IPS/IDS systems
Activate log monitoring and constantly
update the current software
A comprehensive approach is the best
method to manage network
organization security using a
dependable SIEM system. As such, all
Smiths Security data can be easily
trended and viewed.
Poor compliance: regarding compliance,
hybrid clouds need proper attention.
The private cloud and the public cloud
provider must be integrated (Agrawal
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
HYBRID CLOUD COMPUTING
Both the Smiths Security private cloud
and the public cloud provider must abide
by compliance guideline. Demonstrating
and maintaining compliance is
challenging with hybrid cloud since data
shifts to and fro.
& Tripathi, 2018). Make sure that the
two clouds are in compliance and also
show compliance as they function
jointly.
The industry standards for information
security should be met by the two
clouds when managing confidential
information.
Weak security management: managers
of Smiths Security may become
uncontrollable when they fail to apply
identity management, authentication,
and authorization processes for both
their public and private cloud. Smiths
Security should integrate their cloud
security protocols.
Controls for both clouds should be
replicated
Security data should be synchronized
or an identity management service
used that co-function with the systems
the company run in either cloud
Manage on-premise data storage for
confidential information not suitable
for the public cloud
Poor data redundancy: a lack of
redundancy will place Smiths Security
and a hybrid IT cloud at risk. It is
particularly true if the company does not
have repetitious copies of data
appropriately shared across all data
centers. Sharing information in such a
manner reduces the damage that
happens when one data center is
disrupted.
Achieve redundancy. It can be implemented in
three ways:
By using many data centers from a
single cloud provider
From a hybrid cloud
From multiple public cloud providers
Failure to identify and authenticate:
security management is important when
coordinating private and public clouds in
a hybrid environment. The staff of
Smiths Security and the cloud provider
Be attentive
Verify and monitor all access
permissions
Use an IMS (IP Multimedia core
Network Subsystem) to synchronize
8
Both the Smiths Security private cloud
and the public cloud provider must abide
by compliance guideline. Demonstrating
and maintaining compliance is
challenging with hybrid cloud since data
shifts to and fro.
& Tripathi, 2018). Make sure that the
two clouds are in compliance and also
show compliance as they function
jointly.
The industry standards for information
security should be met by the two
clouds when managing confidential
information.
Weak security management: managers
of Smiths Security may become
uncontrollable when they fail to apply
identity management, authentication,
and authorization processes for both
their public and private cloud. Smiths
Security should integrate their cloud
security protocols.
Controls for both clouds should be
replicated
Security data should be synchronized
or an identity management service
used that co-function with the systems
the company run in either cloud
Manage on-premise data storage for
confidential information not suitable
for the public cloud
Poor data redundancy: a lack of
redundancy will place Smiths Security
and a hybrid IT cloud at risk. It is
particularly true if the company does not
have repetitious copies of data
appropriately shared across all data
centers. Sharing information in such a
manner reduces the damage that
happens when one data center is
disrupted.
Achieve redundancy. It can be implemented in
three ways:
By using many data centers from a
single cloud provider
From a hybrid cloud
From multiple public cloud providers
Failure to identify and authenticate:
security management is important when
coordinating private and public clouds in
a hybrid environment. The staff of
Smiths Security and the cloud provider
Be attentive
Verify and monitor all access
permissions
Use an IMS (IP Multimedia core
Network Subsystem) to synchronize
8
HYBRID CLOUD COMPUTING
should mutually share cyber-security. data security
Unshielded APIs: when unshielded, API
endpoints reveal confidential
information to malicious intrusions that
manipulate authorization or
authentication key or token to exploit
personal data and information. Such
vulnerability is of specific interest in
Smiths Security mobility management
and bring your own device (BYOD)
transmissions over unsafe connections.
APIs must be managed in similar way
as code-signing and encryption keys.
Keys should be handled safely by third-
party developers
Before handing over API keys, always
validate a third-party to avoid a breach
in security
DOS (denial-of-service) attacks: attackers
make a mobile or cloud business
inaccessible by releasing a DoS attack.
Disruption of network service occurs in
the virtual environment via an internal
vulnerability in shared resources such as
RAM, CPU, and network bandwidth or
disk space (Chen, Zhang, Hu, Taleb &
Sheng, 2015).
DOS attacks on APIs of cloud management are
usually brought by transmitting bad REST or
SOAP request from the business
Flow analytics can avoid denial of
service attacks by diverting traffic to a
counteracting device and responding
to attacks
The tools of flow analytics must be
adaptable for the amount of traffic it
analyzes and gathers
Distributed DOS attacks: the application
layer or volumetric attacks are emerging
and even more dangerous than DOS (Sill,
2015). The attacks have increased and
are maliciously spread from many
sources and created at a central
location. By the time these incursions
are identified, websites are perceived
useless and network traffic is usually
A robust implementation of a
distributed DOS (DDoS) mitigation
strategy that constantly processes all
outgoing and incoming traffic can assist
in preventing DDoS attacks (Froberg,
2013). The strategy should be able to
scale, act and perform instantly when
there are multiple attacks
9
should mutually share cyber-security. data security
Unshielded APIs: when unshielded, API
endpoints reveal confidential
information to malicious intrusions that
manipulate authorization or
authentication key or token to exploit
personal data and information. Such
vulnerability is of specific interest in
Smiths Security mobility management
and bring your own device (BYOD)
transmissions over unsafe connections.
APIs must be managed in similar way
as code-signing and encryption keys.
Keys should be handled safely by third-
party developers
Before handing over API keys, always
validate a third-party to avoid a breach
in security
DOS (denial-of-service) attacks: attackers
make a mobile or cloud business
inaccessible by releasing a DoS attack.
Disruption of network service occurs in
the virtual environment via an internal
vulnerability in shared resources such as
RAM, CPU, and network bandwidth or
disk space (Chen, Zhang, Hu, Taleb &
Sheng, 2015).
DOS attacks on APIs of cloud management are
usually brought by transmitting bad REST or
SOAP request from the business
Flow analytics can avoid denial of
service attacks by diverting traffic to a
counteracting device and responding
to attacks
The tools of flow analytics must be
adaptable for the amount of traffic it
analyzes and gathers
Distributed DOS attacks: the application
layer or volumetric attacks are emerging
and even more dangerous than DOS (Sill,
2015). The attacks have increased and
are maliciously spread from many
sources and created at a central
location. By the time these incursions
are identified, websites are perceived
useless and network traffic is usually
A robust implementation of a
distributed DOS (DDoS) mitigation
strategy that constantly processes all
outgoing and incoming traffic can assist
in preventing DDoS attacks (Froberg,
2013). The strategy should be able to
scale, act and perform instantly when
there are multiple attacks
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
HYBRID CLOUD COMPUTING
blocked.
Poor Intellectual Property (IP)
protection: extra protection should be
given to IP. Highest security and
encryption protocols should be
established. IP must be classified and
identified to verify possible security
risks. Appropriate encryption and
vulnerability assessment are required.
Fully automated systems are
insufficient in quantifying risks and
classifying IP. These activities must be
carried out manually. Risks connected
to IP can only be determined after
classifying data
Smiths Security should be aware of the
source of their threats. They should
create a comprehensive threat model
and adhere to it
Generate an authorization matrix
Harden all elements of open source to
prevent attacks
Carry out detailed audits of a third-
party
Ensure network infrastructure is
protected.
Lack of data ownership: cloud venders
should be examined thoroughly for
security controls when managing data.
Once the deployment of cloud is done,
Smiths Security may lose the power to
manage their data set. Smiths Security
managers should assess the available
security levels in the cloud to avoid
surprises.
Verification of security and data
ownership must be done. Fend off
vendors who cannot offer acceptable
ownership expectations
Ask the vendor to define everything in
a well-designed SLA (service Level
Agreement) that address a hybrid IT
business. Get a clear understanding of
who accesses information, what the
vendor does with access logistics or
logs, and the geographic or jurisdiction
10
blocked.
Poor Intellectual Property (IP)
protection: extra protection should be
given to IP. Highest security and
encryption protocols should be
established. IP must be classified and
identified to verify possible security
risks. Appropriate encryption and
vulnerability assessment are required.
Fully automated systems are
insufficient in quantifying risks and
classifying IP. These activities must be
carried out manually. Risks connected
to IP can only be determined after
classifying data
Smiths Security should be aware of the
source of their threats. They should
create a comprehensive threat model
and adhere to it
Generate an authorization matrix
Harden all elements of open source to
prevent attacks
Carry out detailed audits of a third-
party
Ensure network infrastructure is
protected.
Lack of data ownership: cloud venders
should be examined thoroughly for
security controls when managing data.
Once the deployment of cloud is done,
Smiths Security may lose the power to
manage their data set. Smiths Security
managers should assess the available
security levels in the cloud to avoid
surprises.
Verification of security and data
ownership must be done. Fend off
vendors who cannot offer acceptable
ownership expectations
Ask the vendor to define everything in
a well-designed SLA (service Level
Agreement) that address a hybrid IT
business. Get a clear understanding of
who accesses information, what the
vendor does with access logistics or
logs, and the geographic or jurisdiction
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
HYBRID CLOUD COMPUTING
area of all kept data.
Lack of communication with cloud
vender: Smiths Security should first get
written details and estimate of service to
be carried out in the implementation of
their hybrid cloud. They should acquire
SLAs that clarifies responsibilities and
expectations.
Regarding security, a client should
clearly inform the cloud vendor the
security requirements required. By
doing so, disasters and surprises will be
eliminated.
Detailed questions should be asked.
Avoid service providers who cannot
offer comprehensive answers on how
they protect and define multi-tenant
boundaries, ensure PCI compliance,
FISMA and auditing
SLAs that are defined poorly: when
migrating to the cloud, clients lose the
power to manage their data set and are
obliged to depend on service providers
to protect data when in the public sector
(Yousif, 2016).
Security measures must be defined
properly and protections and access
permissions clarified in the SLA. The
same should be done to requirements
and expectations of the cloud service
vendor(Jula, Sundararajan & Othman,
2014).
Relevant service expectations must be
well-defined in the SLA so the client
has alternative if data is altered or
service interrupted.
An attorney should review the
agreement before it is signed.
Leakage of data: insufficient security
protocols from the cloud vendor can
jeopardize data which can be destroyed,
corrupted or improperly accessed. It is
particularly true in worker-drive
Smiths Security should not assume that
the vendor has handled data leakage
issue unless it is in writing. Preventing
loss of data is essential.
Since the Smiths Security owns client
11
area of all kept data.
Lack of communication with cloud
vender: Smiths Security should first get
written details and estimate of service to
be carried out in the implementation of
their hybrid cloud. They should acquire
SLAs that clarifies responsibilities and
expectations.
Regarding security, a client should
clearly inform the cloud vendor the
security requirements required. By
doing so, disasters and surprises will be
eliminated.
Detailed questions should be asked.
Avoid service providers who cannot
offer comprehensive answers on how
they protect and define multi-tenant
boundaries, ensure PCI compliance,
FISMA and auditing
SLAs that are defined poorly: when
migrating to the cloud, clients lose the
power to manage their data set and are
obliged to depend on service providers
to protect data when in the public sector
(Yousif, 2016).
Security measures must be defined
properly and protections and access
permissions clarified in the SLA. The
same should be done to requirements
and expectations of the cloud service
vendor(Jula, Sundararajan & Othman,
2014).
Relevant service expectations must be
well-defined in the SLA so the client
has alternative if data is altered or
service interrupted.
An attorney should review the
agreement before it is signed.
Leakage of data: insufficient security
protocols from the cloud vendor can
jeopardize data which can be destroyed,
corrupted or improperly accessed. It is
particularly true in worker-drive
Smiths Security should not assume that
the vendor has handled data leakage
issue unless it is in writing. Preventing
loss of data is essential.
Since the Smiths Security owns client
11
HYBRID CLOUD COMPUTING
environments of BYOD data, it is the responsibility of the
customer to ensure security
Security measures should be able to
address security breaches,
infrastructure malfunctions and
software errors.
Management strategies that are poorly
defined: smooth management of hybrid
cloud is only achieved when everyone is
aware of what should be done. Tasks
must be clearly defined with
management procedures and policies
(Choi, Choi & Kim, 2013). A network can
be disrupted is such guidelines are
assumed. A comprehensive approach
must be established to manage the
whole infrastructure.
Management strategies and tools
should be consistent for networking,
computing and storing resources over
several domains. It is the work of the
hybrid cloud administrator to ensure
the template is developed
Policies of cloud management must
define standards of controlling
installation and configuration. Access
control for restricted applications or
confidential information and reporting
and management of budget should be
established.
Smiths Security should be aware of the
kind of cross-channel tools to be
applied to handle hybrid cloud
Access controls, encryption and user
management should be strictly defined
Policies of access control that define
how restricted applications or
confidential information is accessed in
private and public clouds should be
prepared
Configuration management tools
should be used in resource
12
environments of BYOD data, it is the responsibility of the
customer to ensure security
Security measures should be able to
address security breaches,
infrastructure malfunctions and
software errors.
Management strategies that are poorly
defined: smooth management of hybrid
cloud is only achieved when everyone is
aware of what should be done. Tasks
must be clearly defined with
management procedures and policies
(Choi, Choi & Kim, 2013). A network can
be disrupted is such guidelines are
assumed. A comprehensive approach
must be established to manage the
whole infrastructure.
Management strategies and tools
should be consistent for networking,
computing and storing resources over
several domains. It is the work of the
hybrid cloud administrator to ensure
the template is developed
Policies of cloud management must
define standards of controlling
installation and configuration. Access
control for restricted applications or
confidential information and reporting
and management of budget should be
established.
Smiths Security should be aware of the
kind of cross-channel tools to be
applied to handle hybrid cloud
Access controls, encryption and user
management should be strictly defined
Policies of access control that define
how restricted applications or
confidential information is accessed in
private and public clouds should be
prepared
Configuration management tools
should be used in resource
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 26
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.