Webb's Store, the retail store in Australia has a proposed plan to shift their business activities to the cloud. The various parameters of the Webb have been explained in the report (Beck, Hao & Campan, 2017). The report will highlight risks, threats and the vulnerabilities and risk diminishing procedures. The report will highlight why Webb should adopt Amazon AWS for good.
Webb’s decision to migrate their MS SQL Server 2012 R2 database to IaaS instance
Security deployment to protect this migration of database to IaaS instance
Webb has planned to shift their business operations to the cloud, therefore they have to consider the issues relevant to the cloud technology (Shufeng & Xu, 2012). The problems associated with the cloud technology are an illegitimate entry to APIs, the attacks conducted by the hacktivists alike the malware attack and the virus attack. Webb Store should follow certain policies to stay protected from all kinds of threats and the risks.
Follow-through: The Webb Store's database administrators must be acknowledged about every aspect of the cloud technology and the risks associated with the cloud (Azam et al., 2013). They must arrange the files stored in the database accordingly so that they can acquire files stored in the database with ease and that is why they have planned to mark the files
Security associated with network information: The rules and regulations and policies must be implied on both the customers and the employees to limit their access to the database, that will protect the data of Webb's database to the maximum extent (Sadooghi et al., 2017).
Security Intelligence process: The defence mechanism for the Webb system must be really strong enough to restrict hacktivists of any kind, proper cryptographic methodologies applied within the system can protect the Webb Store from all kinds of data breaches. The cryptographic methodologies are not easy to decipher by the hackers (Dinh et al., 2013). Therefore, the security Intelligence must look upon the defence system in a constant manner to keep the database of Webb Store protected all the time.
Benefits and issues related to deployment of these security measures
Benefits of security -
- DDoS attack and security-The cloud solutions provided by the cloud vendor are capable to cater the security and privacy to the customers, the cloud vendor's security is also responsible to provide authentication, integrity and confidentiality.
- Security of the data-The enhanced cloud security solutions providing security and privacy features of the sensitive information to Webb can help Webb to stay protected from all kinds of threats and risks that can make the Webb database vulnerable to attack.
- Regulatory compliance-The bank details and the purchase records of Webb’s customers, all kinds of financial information of Webb can be regulated or governed by means of advanced security solutions provided by cloud vendor (Varia & Mathew, 2014).
- Probable solutions-The server currently being used by the customers can get crashed and the Webb has the scope to cut down the heavy costs when the cloud traffic gets improved.
- Allowing 24x7 services-The cloud solutions enable the customers and the organisation to communicate all day long.
- Costing-Webb will have to pay a minimal charge to the cloud vendor, Amazon AWS for hiring their cloud platform to perform the business activities over the cloud. They do not have to worry about purchasing costly application programs, hardware and software and also the operating system.
- Integrity-The data integrity grandstands that Amazon being a reputed company must be loyal to the customers and should not leak their customers’ data at any cost. The enhanced security solutions provided by Amazon is sure to provide the maximum benefits to Webb Store (Dillon & Vossen, 2015).
The primary issue is that Webb will have to pay heavy revenues to Amazon on a yearly basis and monthly basis to acquire the enhanced cloud solutions and the security solutions, Amazon will provide the latest software, hardware and operating system to Webb in lieu of money. This latest configuration will help Webb to get the competitive edge and security from the hackers and malware.
Fig 1: SQL Server and its features
(Source: Tsai et al., 2014, pp-1-15)
Risks associated with migrating database to the cloud with respect to-
The risks involved within the database are-
Data breaches- Webb Store database's data can get breached by a malware attack. This malware attack is conducted by intruders intentionally to steal sensitive information, to harm one company's reputation as well. Webb due to the attack from the hackers can face huge monitory loss. The reputation of Webb can be threatened as well.
Account hijacking of customers and employees- The malware attack can cause severe damage to one’s company (Tsai et al., 2014). The DDoS attack can affect Webb's employees, Webb's system can get disrupted due to this attack. Again by means of phishing, the customers' credentials like their username, the password can get stolen due to the phishing attack.
The IaaS infrastructure
The risks involved in IaaS Cloud are-
Misconfigure issues- Webb’s existing hardware, software and the application programs must comply with Amazon AWS cloud architecture. The misconfiguration may arise if hardware, software, operating system and application programs failed to comply with the cloud vendor’s components.
Threat issues- The elements associated with IaaS cloud framework that is vulnerable to malicious threats can be foreseen by the Prioritize and Scan and Remediate methodologies (Manvi, & Shyam, 2014).
Shadow-IT- Shadow-IT generally addresses the assets and the resources that are not being used for long. After adopting the cloud technology, Webb will certainly not use the prevalent database or if used they will not use one or two database components for sure. That unused component scan is vulnerable to threats.
Fig 2: SQL Server risks and their detection
(Source: Gai, & Steenkamp, 2014, pp-28)
Communications between Webb’s and their IaaS database in the cloud
Amazon AWS is known to cater the best cloud solutions and they are highly appreciated all over the globe (Gai, & Steenkamp, 2014. Webb in order to adhere to the cloud architecture catered by Amazon they have to make littlest changes to their existing hardware, software components so that they can go well with the cloud architectural components of Amazon AWS.
Webb’s consideration for the use of the Cloud for backup and possibly also for archival of records
Risks associated to
I. Backing up data to the Cloud
The threats and the security risks associated with backup of data are-
- High-speed Internet bandwidth is required to carry out business activities over the cloud platform that is uploading and downloading data. Webb will have to pay a huge amount to get the high-speed Internet bandwidth access.
- The Webb’s financial records, personal files can get compromised while those sensitive data get passed on over the cloud (Manvi, & Shyam, 2014).
- The server crash can cost Webb a lot as there is a chance that Webb can lose all the data of their company.
II. Storage of data in the Cloud
- If the data of the database is not encrypted properly while storing data in the database, the data can be hacked very easily from the database.
- Webb must be careful while processing the data over the cloud and storing the file in the database otherwise those data can be a risk, they can get compromised (Manvi, & Shyam, 2014).
III. Retrieval of data from the cloud
- The high-speed Internet is required to retrieve files from the database, Webb will have to spend extra for the high-speed Internet.
- The files while being transmitted may get affected by the virus and thus those files when get downloaded may affect Webb's system.
Webb’s use of a Cloud backup and its impact on the company and DR plan
The benefits that Webb is about to get-
- The existing database of the Webb can be enhanced to get best solutions and profitable solutions from the cloud.
- Amazon AWS provides the cloud services to Webb, they provide the maintenance and the updating of the cloud database as well (Sharma et al., 2017).
- Amazon is widely known to cater best security solutions so Webb will not have to worry about the security matter and can carry out their normal business activities with peace.
They should have a disaster recovery plan ready, they must store their important files, financial record on the external drive so that they can retrieve those files offline in the absence of Internet. Moreover, offline business activities leave no chance for hackers to attack Webb’s database
Fig 3: Securing Cloud Data
(Source: Manvi, & Shyam, 2014, pp-424-440)
Recommendations to Webb for protecting access to the following services that they want to move to the Cloud
Their IaaS infrastructure
Webb Store can enjoy the Amazon's AWS services and can carry out their business operations in the fast efficient way (Dillon & Vossen, 2015). Webb though will have to pay to Amazon annually for subscribing their cloud platform, however, they must know that the Amazon's cloud service will help them in their business in the long run.
Their Ms SQL Server 2012 R2 cloud instance
Amazon RDS for the SQL server caters excellent services to Webb Store in deploying web applications on the cloud (Varia & Mathew, 2014). Along with that, Web must apply physical security and along with that they must apply digital certificate for ensuring security of their database.
Their Cloud network infrastructure
Webb can flourish their business activities with the aid of Amazon's advanced cloud and security solutions and the latest configuration of AWS has the capability to provide them with the facility to run cloud apps and cloud relevant tasks (Sharma et al., 2017).
Fig 4: Amazon AWS and its services
(Source: Muthui & SISAT, 2013)
Their Cloud backup and restore infrastructure
Webb’s data gets transmitted via the secured channel and this channel is a capacity to cater secure services to defend the hacktivist (Gai, & Steenkamp, 2014).
It can be concluded from the above discourse that Webb Store can be greatly facilitated by the advanced cloud solutions catered by Amazon AWS. The risks, threats and vulnerabilities related to the cloud platform have been elaborately defined in the report. The procedures to reduce the risks associated with the cloud has been explained in the report as well.
Azam, Abdollahzadehgan; Ab Razak Che Hussin; Gohary , Marjan Moshfegh Gohary & Mahyar Amini (2013), The OrganizationalCritical Success Factors for Adopting Cloud Computing in SMEs, Journal of Information Systems Research and Innovation (JISRI), Volume 4, Issue 1, pp. 67-74.
Beck, M., Hao, W., & Campan, A. (2017, January). Accelerating the Mobile cloud: Using Amazon Mobile Analytics and k-means clustering. In Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual (pp. 1-7). IEEE.
Dillon, S., & Vossen, G. (2015). SaaS cloud computing in small and medium enterprises: A comparison between Germany and New Zealand. International Journal of Information Technology, Communications and Convergence, 3(2), 87-104.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Gai, K., & Steenkamp, A. (2014). A feasibility study of Platform-as-a-Service using cloud computing for a global service organization. Journal of Information Systems Applied Research, 7(3), 28.
Manvi, S. S., & Shyam, G. K. (2014). Resource management for Infrastructure as a Service (IaaS) in cloud computing: A survey. Journal of Network and Computer Applications, 41, 424-440.
Muthui, M., & SISAT, C. (2013). Amazon Web Services.
Sadooghi, I., Martin, J. H., Li, T., Brandstatter, K., Maheshwari, K., de Lacerda Ruivo, T. P. P., ... & Raicu, I. (2017). Understanding the performance and potential of cloud computing for scientific applications. IEEE Transactions on Cloud Computing, 5(2), 358-371.
Sharma, P., Lee, S., Guo, T., Irwin, D., & Shenoy, P. (2017). Managing Risk in a Derivative IaaS Cloud. IEEE Transactions on Parallel and Distributed Systems.
Shufeng Gao & Xu, Ai, (2012) Boosting Electronic Business Applications by Digitally Enabling SMBs with Cloud Computing Model, 11th International Symposium on Distributed Computing and Applications to Business, Engineering & Science, pp-214-218.
Tsai, W., Bai, X., & Huang, Y. (2014). Software-as-a-service (SaaS): perspectives and challenges. Science China Information Sciences, 57(5), 1-15.
Varia, J., & Mathew, S. (2014). Overview of amazon web services. Amazon Web Services.