MetaSoft Ltd's Essay On Hybrid Cloud And Microservices Strategy.

MetaSoft Ltd is a software development company which works across Australia and New Zealand. The company is considering the following strategic proposal:

They plan to close down the Melbourne data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Sydney data centre, which has the most up to date infrastructure, as well as capacity to expand.
They plan to move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. This would entail changing their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring).
They also plan to use the Cloud Infrastructure to increase flexibility and availability for some of the LoB (Line of Business) applications that will continue to run on their own internal infrastructure. However, they are hoping to take advantage of the Cloud infrastructure to help manage and balance demand on internal resource use.
The Board of MetaSoft is contemplating this strategy as a way to increase the company’s flexibility and responsiveness, particularly for its overseas operations. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing the oldest existing data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.

MetaSoft has again approached you to advise them on this strategy. You have already advised MetaSoft that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.

MetaSoft also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. Your team will be required to organise, run and facilitate this workshop.

The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.

1. Describe the risks that you see associated with this new Hybrid Cloud and Microservices strategy. You should name and describe each risk that you identify, and then describe a possible control for the risk. This should be presented in a tabular form.

2. Describe the general Information Security steps and controls that you would recommend to the Board to secure the Hybrid Cloud.

Meta Soft Ltd is the software development company that is working n New Zealand and Australia. They have decided to update and replace their old infrastructure. There is existing data as well as services within the data centre that is to be moved to the respective data centre in Sydney (Arora, Parashar & Transforming, 2013). The flexibility as well as scalability is maintained with this specific type of cloud. They have decided to run a workshop of risk and security for assessing the various security issues and risks and eve the possible methodologies for controlling the approach of hybrid cloud.

The various risks associated with the hybrid cloud and micro services strategy are as follows:

The information security steps for Meta Soft Ltd are provided below:

i) Identity and Access Management Controls: The first and the foremost step in the information security is that the identity as well as the access management controls should be properly managed (Arora, Parashar & Transforming, 2013).

ii) Encryption of Data: The second important step for this information security in hybrid cloud is the proper encryption of confidential data for the company.

iii) Protection of APIs: The APIs should be protected in the third significant step of information security.

iv) Collection and Utilization of Security Logs: The several security logs is collected and utilized in this step (Rittinghouse & Ransome, 2016).

The recommendations for the security of hybrid cloud in Meta Soft Ltd are as follows:

i) The first recommendation for the hybrid cloud security within Meta Soft Ltd is to implement legal and compliance issues.

ii) The next recommendation for the security of hybrid cloud is to check for the compatibility of security tools.

iii) Risk assessment is also mandatory for Meta Soft Ltd to properly mitigate the issues.

iv) Another important and significant recommendation for Meta Soft for their hybrid cloud is to implement encryption technique for the data or information.

References

Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.

Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.