Webb’s Stores is a successful and famous regional retailer operating in Australia and New Zealand. The store is planning to close their Auckland data center and migrate the existing data and services of the Auckland data center into cloud storage. The Store is expecting a significant amount of savings on the cost of maintaining the ICT infrastructure after closing the Auckland data center. The report discusses the different security methods that are deployed to protect the mission critical database after moving to a public cloud instance (Li et al., 2015). The benefits and issues that can be obtained as a result of deployment of the security measures are further discussed in the report. The benefits of using cloud and how likely it would affect the backup and DR plans of the the Webb’s are elaborated in the following paragraphs.
Type of Security to be Deployed
There are certain risks associated with the migration of the MS SQL server 2012 R2 database of Webb’s Stores to an IaaS instance of the cloud. Therefore, Webb’s should deploy certain tools and techniques for mitigating the risk of storing the database in a hybrid cloud (Hashizume et al., 2013). The primary security feature that Webb’s Stores can implement in order to mitigate the risk includes authentication and encryption of data along with other techniques such as data masking and data backup.
Authentication is a process to validate the identity of registered users. Therefore, this security measure can be effectively used for limiting the access of data. Multiphase authentication is used for safeguarding the data further (Boyd & Mathuria, 2013). It includes different phases of authentication such as fingerprint authentication, security passkey and security questions. Therefore, access of data can be limited only to the users by employing a method of encryption.
Encryption is another method of adding an additional layer of security for confidential data. Encryption is a process of transferring a pain text or a readable value to a cipher text or unreadable value. This helps in maintaining the confidentiality of the data that is stored over unsecured network such as cloud (Malawski et al., 2013). Different encryption standards and protocols are in use for proper encryption and maintaining the integrity of the confidential data that are present in the Webb’s database.
Therefore, the Webb’s Stores can effectively deploy these security techniques in order to maintain the confidentiality and integrity of data stored in the database. It further helps in preventing data theft and data loss.
Benefits and Issues Related to the Deployment of the Security Features
The different security measure that can be deployed by the Webb’s Stores for protecting the privacy and confidentiality of the data present in the database includes encryption and authentication. These two security measures will offer a number of additional benefits to the organization, which are listed below-
1) Encryption ensures that integrity of data is maintained, which is an essential process. Integrity of data guarantees that it is not been tarnished or modified on transaction (Doan, Halevy & Ives, 2012).
2) Data security is ensured in the process of encryption and authentication. It prevents the loss of data and data theft (Chen & Zhao, 2012). Since the encrypted data is unreadable without the access of proper decryption key, the unauthorized access to the data is prevented.
3) Data privacy is protected by the method of encryption that prevents the unauthorized access to the data and information. Encryption and authentication only allows an authorized person for access of data and information (Zissis & Lekkas, 2012).
Furthermore, deploying these security measures will increase the flexibility of the database and will provide high security for the data. Furthermore, deploying of these two security techniques are cost effective and incurs a very less maintenance cost, which would be beneficial for the organization (Arora, Parashar & Transforming, 2013). Therefore, it is recommended for Webb’s Stores to implement these security features in order to ensure proper protection of the database.
However, along with these benefits, there are different issues associated with the deployment of these security features. The concerns with the security measures discussed above are listed below (Tao et al., 2014)-
1) The process of three-phased authentication is complex and therefore, proper methodology must be undertaken for properly implementing this complex structure and related algorithms.
2) The contents in the database are prone to Brute Force attack. It is a trial an error process used by an attacker in order to decrypt an encrypted data. Therefore, it is increasingly essential to prevent Brute Force attacks for safeguarding the database properly and to prevent data leakage (Wei et al., 2014).
Therefore, Webb’s Stores must consider these two major concerns associated with the deployment of encryption and authentication, which will prevent the unauthorized access of the data after moving to the cloud infrastructure (Garg, Versteeg & Buyya, 2013).
Risk in the Database
Along with the offered by the cloud storage, which includes easy access and maintenance of the data, there are certain risks associated with migrating the database in the cloud storage. These risk are elaborated below-
1) Since the entire existing data of the Auckland data centre would be moved to an IaaS instance of the cloud, there is a considerable risk of corruption of data due to the movement of the data in bulk amount. Therefore, appropriate measures are needed to be taken in order to prevent the risk of data loss due to corruption of data.
2) The risk of data loss is most significant for the case of data migration. Transferring all the data is a complex process and therefore, sufficient measures are to be taken and proper plan is to be prepared for successful transfer of data (Hashem et al., 2015).
Risk Associated with IaaS Infrastructure
The different risks associated with the migration of data to an IaaS instance are elaborated below-
1) One of the primaru risks associated with the storage of data in a cloud instance is maintaining the privacy and confidentiality of the data. This is because, IaaS is subjected to be managed by a third party cloud vendor, and the vendor is able to access the information. This is a major concern associated with the storage of data in the IaaS infrastructure (Hashizume et al., 2013).
2) The IaaS database is complex and therefore, technical difficulty will be obvious in the processes and structure, which may prevent normal operations of the Stores. IaaS is dependent on the network connect and therefore any concern with the network may affect the normal work process of the IaaS and prevent the access of data.
3) Cloud based solutions are vulnerable to cyber attack and different threats. This is because it is easier for the attacker to exploit the data stored over public cloud resulting is data leakage, data loss or modification of the data (Zissis & Lekkas, 2012).
4) Denial of service attack is another issue associated with the storage of data over IaaS infrastructure (Malawski et al., 2013). This attack aims at preventing the use or access of the resources for legitimate users in order to prevent the normal business processes and business operations.
5) The service provider or the third party vendor will control the IaaS instance and therefore, it would offer a limited flexibility and control of the data and operations.
Communication Risks in Between Webb’s Stores and IaaS Database
There are certain risks related to the communication between the Webb’s and IaaS database of the cloud. These risks and concerns that are associated with the communication processes between Weeb’s and IaaS are listed below-
1) The data interception is a common risk associated with the communication processes with the database.
2) Any technical error during the process of communication may lead to the loss or incorrect data update. Furthermore, the network error may lead to the freezing of all the important operations (Fernando, Loke & Rahayu, 2013).
Risk Associated with data Backup in Cloud
- i) The major risks associated with the data back up in cloud are elaborated below- Security Risk-There is a major security risk associated with the data backup in the cloud (Gonzalez et al., 2012). This is because, the cloud vendor is able to control the access of data and the store is largely dependent on the vendor for backing up of the data .
Loss of Data- Another primary concern with the backing up of data in the IaaS instance is data loss. This is because, while updating the newer versions of the records, the older version are overwritten that leads to the loss of the previous data versions (Hashem et al., 2015). Thus, the older versions of the data is lost. This is mainly done to save the space and bandwidth but can result in huge risk if the store finds the necessity of using the older version. Therefore, the risk associated with the backup of the data in cloud in a bulk amount is the risk of data loss.
- ii) The major risks associated with the data storage in a cloud storage are elaborated in the following paragraphs-
1) Lack of Data Standardization- One of the primary concerns associated with the data backup in cloud is that, the service provider has an access to the data, which results in the lack of data standardization (Dinh et al., 2013).
2) Another risk related with the storage of data in cloud is the security risk. The service provider can access data and therefore, there is a certain risk if data theft and loss of data.
3) Malware attack: Cloud database are more prone to malware attacks and therefore proper steps are to be taken for protecting the data (Chou, 2013).
iii) The different risks associated with the retrieval of data from cloud are listed in the following paragraphs-
1) Data leakage and data loss - the data retrieval from the IaaS instance of cloud storage largely depends on the network connection, and on an event of network failure, there is a considerable risk of data loss.
2) Data Snooping: Another major risk associated with the retrieval of data in interception of data while a transaction is going on. This process in known as data snooping and may result in data theft (Leippold & Lohre, 2012).
Cloud Backup and DR Plans
The DR or disaster recovery process in cloud computing involves keeping a copy of the data stored in the database, that can be later used for data recovery if required. The Webb’s Stores will definitely be benefited by migrating the whole database into a cloud instance. This is because, cloud offers a simple and easy method of creating a back up and data recovery plan. Moreover, the cloud service provider will control the whole back up procedure and therefore, Webb’s Stores will not face the risk of data loss. Moreover, there is an advantage f migrating data in IaaS instance of cloud storage as it offers a facility of periodic backup of data (Phillips, 2015).
The Iaas Infrastructure
The most significant method of controlling the access of IaaS infrastructure is restricting the physical access to the cloud storage to registered users only (Khan, 2012).
MS SQL Server 2012 R2 Cloud Instance
Ensuring proper encryption is an effective access control method in the cloud database. This is because; encryption allows only the authorized person to read a data (Biham & Shamir, 2012).
Cloud Network Infrastructure
Regular monitoring of the cloud database can help in ensuring proper access control in cloud network. Moreover, appointing a trusted service provider is necessary for ensuring the security of data in cloud network (Whaiduzzaman et al., 2014).
Cloud Backup and Restore Infrastructure
The process of access protection in cloud backup and restore infrastructure includes ensuring a password protection for in back up or restore of any data. This ensures that the backup process can only be triggered after entering a valid password (Avram, 2014).
Therefore, from the above discussion, it can be concluded that there are different issues that are associated with the data migration to a cloud instance. Webb’s Stores should consider the risks associated with this migration of the critical database after closing the Auckland data centre. The report suggests different risk mitigation strategies and approaches that can be considered for ensuring data protection in hybrid cloud environment.
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
Biham, E., & Shamir, A. (2012). Differential cryptanalysis of the data encryption standard. Springer Science & Business Media.
Boyd, C., & Mathuria, A. (2013). Protocols for authentication and key establishment. Springer Science & Business Media.
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Chou, T. S. (2013). Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology, 5(3), 79.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Doan, A., Halevy, A., & Ives, Z. (2012). Principles of data integration. Elsevier.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Näslund, M., & Pourzandi, M. (2012). A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing: Advances, Systems and Applications, 1(1), 11.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5.
Khan, A. R. (2012). Access control in cloud computing environment. ARPN Journal of Engineering and Applied Sciences, 7(5), 613-615.
Leippold, M., & Lohre, H. (2012). Data snooping and the global accrual anomaly. Applied Financial Economics, 22(7), 509-535.
Li, J., Li, Y. K., Chen, X., Lee, P. P., & Lou, W. (2015). A hybrid cloud approach for secure authorized deduplication. IEEE Transactions on Parallel and Distributed Systems, 26(5), 1206-1216.
Malawski, M., Juve, G., Deelman, E., & Nabrzyski, J. (2015). Algorithms for cost-and deadline-constrained provisioning for scientific workflow ensembles in IaaS clouds. Future Generation Computer Systems, 48, 1-18.
Phillips, B. D. (2015). Disaster recovery. CRC press.
Tao, F., Cheng, Y., Da Xu, L., Zhang, L., & Li, B. H. (2014). CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), 1435-1442.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592.