Monday, December 9, 2019
Cloud Computing Implementation and Security
Question: 1.How Cloud computing technology have changed corporate (and personal) practice over the last decade? 2.How has the IT landscape changed? 3.What are the new risks/threats? (e.g. confidentiality, integrity, availability think back on CNSS model) 4.How severe are the risks? 5.What can we do to mitigate/reduce the risks? 6.Based on this observation, how might you determine if the new patch is worth installing? 7.How do you approach this issue at work? 8.Can you develop the better an approach? Answer: 1. The cloud computing technology has been able to bring a change in the generation products and the services. There have been different business models which are set along with outsourcing of the IT suppliers. The lightweight forms of the partnerships and the outsourcing is possible with the IT suppliers with the awareness of a greater internet. Through cloud computing, there is a possibility of the employment tools like SaaS, and the non-relational databases. (Haimes et al., 2015). The structure is based on handling the SOA with the cloud along with emerging models of IT. With the rising trends of computing, there have been new generation policies where the new industry leaders and the IT vendors where the opportunity is to bring a new sensibility with cloud computing. There are different cloud solutions which are related to SaaS with the self-service of the IT from the business sides. The business users can adapt the changes through the innovation and experimentation process to mo ve to improve the business compliance with market validation. 2. The cloud technology has been able to have a significant influence on: The IT infrastructure where there has been a significant impact on the hardware and the software processes. The companies are under the regulatory driven IT environment with small to medium business environment. (Rittinghouse et al., 2016). The Job skills in IT are related to the server patching and the management of email. There have been events of the application management and the performance monitoring which directs to handle the application development, testing and the deployment of the different features. Platform as a Service (PaaS) and Data Management has been set for controlling the cost reduction, risks and the evaluation of the various complex applications. The buying, development is based on ready-made platforms which hold the means to work for the traditional IT infrastructure. 3.The risks and the threats are based on confidentiality, integrity and the availability of the CNSS model. This is related to privacy where the measures have been taken to access the viewing of the data. The data encryption is to ensure the confidentiality with biometric verification and security tokens. (Yu et al., 2015). The integrity involves the consistency, accuracy with the user access controls. The availability is based on maintaining the hardware and the performance of the system operation functions. This will provide the adequate communication along with preventing the data loss, with a security equipment like the firewalls and the proxy servers. 4. The risks are serious which leads to the vulnerability to the Distributed Denial of Service attack. The risks have been severe as it can lead to the security breach along with the information loss which gives others access to the cloud. As per the legal liabilities, the information security has not been able to find a proper balance to share information with a lack of standardization and support. There is a possibility of the loss of control over the end user actions with the malware infections. 5.There is a need to check the security history of the vendor with the check for the references and the security vulnerabilities. This will ensure the utilization of the single sign-on solutions to add to the safety and convenience. The work with the third party is to make sure about the cloud security with the implementation of the end-to-end encryption process and updating the in-house software data. The implementation includes the prohibition for the sharing of the account credentials between the users. (Alavi et al., 2015). The performance needs to be effective due to the diligence with the cloud service provider. The processing and the networking are for the storage and application security for proper user access. This will help in managing the IT in-house. 6. For the installation of patches, there is a need to analyze the risks related to the same in our computer. This is through the authentication of all the people who are using the same, with the framing of all the permissions to access so that the users can handle the applications and data authentication process. The cloud provider needs to work on authentication by formalizing the entire process through requesting permissions for accessing the data. The monitoring is based on the different network activities and the log user activity and program. This relies on regularly checking the network for the vulnerability of software or any external users. 7.The issues include the Denial of Services attacks where there has been the bombardment of the virtualised server, theft of data through breaching of security and hijacking. The public cloud providers focus on holding the shared responsibility along with enabling the firewalls to filter the traffic data using the rules. (Masky et al., 2015). This defines the data flows and the server based firewalls on the VM server operating system level. 8.The cloud computing is based on post evaluations with the new cloud service technologies which have a significant impact on the software, hardware, and the networking assets. This will emerge the different threats with a high uptime availability which sets to identify the cloud type. The insufficient network based controls in the virtualised networks are mainly for handling the security of the network infrastructure. (Yu et al., 2015). This limits the access to the support. IP-based network zoning is for analyzing the risks and the dependency of the impacts of the risks for the different assets in the PaaS setup for the operating system, hardware, network infrastructure and the instance resource. Reference Haimes, Y. Y., Horowitz, B. M., Guo, Z., Andrijcic, E., Bogdanor, J. (2015). Assessing Systemic Risk to Cloudà Computing Technology as Complex Interconnected Systems of Systems.Systems Engineering,18(3), 284-299. Rittinghouse, J. W., Ransome, J. F. (2016).Cloud computing: implementation, management, and security. CRC press. Yu, H., Williams, K., Yuan, X. (2015, November). Cloud Computing Threats and Provider Security Assessment. InInternational Conference on Algorithms and Architectures for Parallel Processing(pp. 238-250). Springer International Publishing. Alavi, R., Islam, S., Mouratidis, H. (2015, September). Human Factors of Social Engineering Attacks (SEAs) in Hybrid Cloud Environment: Threats and Risks. InInternational Conference on Global Security, Safety, and Sustainability(pp. 50-56). Springer International Publishing. Masky, M., Young, S. S., Choe, T. Y. (2015, December). A Novel Risk Identification Framework for Cloud Computing Security. InInformation Science and Security (ICISS), 2015 2nd International Conference on(pp. 1-4). IEEE.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.