MetaSoft Ltd is a software development company which works across Australia and New Zealand. The company is considering the following strategic proposal:
They plan to close down the Melbourne data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Sydney data centre, which has the most up to date infrastructure, as well as capacity to expand.
They plan to move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. This would entail changing their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring).
They also plan to use the Cloud Infrastructure to increase flexibility and availability for some of the LoB (Line of Business) applications that will continue to run on their own internal infrastructure. However, they are hoping to take advantage of the Cloud infrastructure to help manage and balance demand on internal resource use.
The Board of MetaSoft is contemplating this strategy as a way to increase the company’s flexibility and responsiveness, particularly for its overseas operations. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing the oldest existing data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.
MetaSoft has again approached you to advise them on this strategy. You have already advised MetaSoft that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.
MetaSoft also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. Your team will be required to organise, run and facilitate this workshop.
The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.
1. Describe the risks that you see associated with this new Hybrid Cloud and Microservices strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This should be presented in a tabular form.
2. Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud.
Meta Soft Ltd is the software development company that is working n New Zealand and Australia. They have decided to update and replace their old infrastructure. There is existing data as well as services within the data centre that is to be moved to the respective data centre in Sydney (Arora, Parashar & Transforming, 2013). The flexibility as well as scalability is maintained with this specific type of cloud. They have decided to run a workshop of risk and security for assessing the various security issues and risks and eve the possible methodologies for controlling the approach of hybrid cloud.
The various risks associated with the hybrid cloud and micro services strategy are as follows:
|
Serial Number
|
Risks for Hybrid Cloud and Micro Services Strategy
|
Description of the Risks
|
Controls for Mitigating the Risks
|
|
1.
|
High Complexity
|
The first and the foremost risk that is associated with the hybrid cloud and micro services strategy in the organization of Meta Soft Ltd is that the architecture is extremely complex and this makes the data management quite tough. The major reason for this type of complexity is that the hybrid cloud systems are responsible for bringing the onsite systems of information technology, private cloud system and public cloud system (Hashem et al., 2015). This could be extremely vulnerable for this particular organization, since they will not be able to access their confidential data easily and promptly.
|
The control for the reduction of higher complexity of hybrid cloud is to include backup and site recovery within this cloud (Dinh et al., 2013). Moreover, Cloud Care is also effective for the management of such risks.
|
|
2.
|
Unplanned Acquisition
|
The second important and significant risk for any specific hybrid cloud and micro services strategy is that the unplanned acquisition. Without the planned approach, the selection of the hybrid cloud systems can eventually create a mishmash of the various types of IT systems (Fernando, Loke & Rahayu, 2013). The business oriented departments are the common victims for these types of risks.
|
This particular risk can be controlled by the amalgamation of acquiring or building of several cloud services.
|
|
3.
|
Issues in Data Management
|
The next significant risk in the hybrid cloud and micro services strategy for the organization of Meta Soft Ltd is the issue for managing the confidential data and information. The storage automation is being utilized by several organizations within the data centres for the purpose of sending data to the various storage tiers. It is extremely risky to manage the data and hence often the users undergo some of the major issues.
|
A distinct plan for the transfer of data to any other location like public cloud system is the best control for reducing this particular risk (Rittinghouse & Ransome, 2016).
|
|
4.
|
Lack of Privacy as well as Security
|
The next significant risk within the hybrid cloud for the company of Meta Soft Ltd is the lack of privacy as well as security. The public and private cloud components are combined together for issuing this type of risk (Garg, Versteeg & Buyya, 2013). This specific risk is extremely vulnerable and dangerous for all organizations and thus proper security measures should be undertaken properly to avoid any type of complexity.
|
The proper set up for data handling is the best control for properly reducing this issue of lacking the privacy and security in data.
|
|
5.
|
Latency as well as Bandwidth Issues
|
The fifth important and significant issue that is quite common for the hybrid cloud and micro services strategy in Meta Soft Ltd is the issue related to latency as well as bandwidth (Hashem et al., 2015).
|
The major control for this particular risk is by utilizing high end applications.
|
|
6.
|
Lack of Disaster Recovery
|
Another significant and noteworthy risk for the organization of Meta Soft Ltd is the lack of disaster recovery. There are certain policies that should be reviewed properly for stopping the major complexities.
|
The most significant and important method for reducing this type of risk is by linking the aspects of private cloud with the various aspects of public cloud eventually (Fernando, Loke & Rahayu, 2013).
|
The information security steps for Meta Soft Ltd are provided below:
i) Identity and Access Management Controls: The first and the foremost step in the information security is that the identity as well as the access management controls should be properly managed (Arora, Parashar & Transforming, 2013).
ii) Encryption of Data: The second important step for this information security in hybrid cloud is the proper encryption of confidential data for the company.
iii) Protection of APIs: The APIs should be protected in the third significant step of information security.
iv) Collection and Utilization of Security Logs: The several security logs is collected and utilized in this step (Rittinghouse & Ransome, 2016).
The recommendations for the security of hybrid cloud in Meta Soft Ltd are as follows:
i) The first recommendation for the hybrid cloud security within Meta Soft Ltd is to implement legal and compliance issues.
ii) The next recommendation for the security of hybrid cloud is to check for the compatibility of security tools.
iii) Risk assessment is also mandatory for Meta Soft Ltd to properly mitigate the issues.
iv) Another important and significant recommendation for Meta Soft for their hybrid cloud is to implement encryption technique for the data or information.
References
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
