Most modern IaaS infrastructure will offer adequate security features, however, the leasing organization (like Webb) should enforce them in their own resources rather than expect the service providers to do so. Nevertheless, there are key types of security measures to implement:
Data encryption – it’s outlined as the main and most important methods of protecting data as it meticulously manages security systems including the access keys as they are thoroughly encrypted.
Network encryption – most cloud service providers (CSP) will empathize on the encryption of the communication channel to deter interception threats that prey on the vulnerabilities of data transportation.
Access control – to create accountability, Webb’s Stores, must know the people accessing their critical database hosted in the IaaS resources. This accountability is enforced using access control measures that manage user’s activities.
Finally, a security access brokers – known as CASBs, these are tools that help administrators to identify and locate risks within the database thus providing a high-end level encryption (Walker, 2015).
Benefits and issues of the security features
- First, protection against attacks more so, denial of service attacks that intercept cloud services.
- Security of the data – the features would protect the critical database and its data.
- Flexibility – with good security the users do not worry about server crashes or excessive down time due to traffic congestion.
- Regulatory compliance – these features would ensure Webb’s Stores meet the regulatory requirements for financial and personal data (Walker, 2015).
- Data privacy – most of these procedures would require the users to surrender their personal data which could infringe on their personal and privacy rights.
- Ambiguity in security roles – challenges may arise between the CSP and the store because of the considerations of access control and data ownership.
- Conflict of security features – some security measures may identify others as intrusion thus may regularly disable or slow the entire IaaS infrastructure (Mehtra, 2014).
Risks of cloud migration
Security – although most CSPs will have better security features than in-house facilities, migrating an entire database to a foreign infrastructure raises the concerns of its security. Furthermore, the database will operate in a different environment where the physical accountability is non-existence on behalf of the owner (leasing party, Webb’s Stores).
Migration – moving an entire database resource to the cloud is a daunting task that requires project-like considerations. Therefore, it requires implementation procedures that might fail.
Advanced change – the database will have many changes that may affect its functionalities more so, to the end users (Healy, 2015).
Security problems – IaaS offers excessive control to the user who may fail to implement the necessary security features thus expose the entire structure to attacks. For one, access may be given to unknown and unverifiable parties.
Control – having excessive control does not necessarily guarantee complete control and thus the subscriber may lose control over the resources hosted in the cloud infrastructure.
Downtime – when all is said and done, the IaaS platform will require IT resources to operate more so the internet which may fail or have downtime periods. Therefore, it will subject the infrastructure to delays and downtime periods (Healy, 2015).
Communication between IaaS (CSP) and Webb’s Stores
Data security – any communication conducted between the IaaS resource and the store may be intercepted through various attack methods such as malware intrusions. Therefore, the subscriber must be aware of this risk and apply the necessary solutions.
Data privacy – having hosted the data online, the communication between the two parties will mostly involve the access of confidential information stored in the cloud resource. Moreover, the subscriber will regularly update this resource with confidential information which is a serious risk.
Record retention – the communications are subject to retention requirements which can also be used to compromise the infrastructure if they fell into the wrong hands as they may contain sensitive data including access procedures (Romes, 2013).
Backup and archival of records
- Risks of cloud backups
- Backing up data
Large backup window – on-premise backups take shorter windows as the process is conducted using LAN speeds. In fact, the only limitation is on the tape’s throughput, however, cloud backups are limited by the internet resources i.e. speeds, bandwidth, and throughput. Therefore, congestions and delays will put the backup procedures at risk particularly when faced by a time sensitive scenario.
Small restoration window – consequently, when faced with a disaster, the subscribing organization will require all its data at once, an outcome that will be delayed by the access factors i.e. speeds, throughput and bandwidth.
Loss of data – with the onsite resource (tapes) the user can backup data based on a certain framework e.g. weekly, monthly and yearly. This outcome can help retrieve certain archives based on the user’s needs, however, with cloud resources, backups overwrite the previous versions. Therefore, older versions of data cannot be accessed if needed (Manes, 2012).
Storage of data in the cloud
Access risk – with on-site resources, storage is closely monitored which ensure the right personnel accesses it. However, with cloud storage, the subscribers depends on the CSP to ensure the data is secure and that the storage is only accessed by them.
Storage management –consider the number of subscribers supported by a single CSP. Now, due to the number of subscribers, the CSP may fail to isolate the data properly thus leak information from one subscriber to another. Moreover, misconfiguration is a notable risk that may expose the storage facilities to the public at large.
System outage – unlike in-house resources, a subscriber storage resource is usually subject to downtimes and outages just like any other online resource. Therefore, despite the advantages offered by cloud storage, there is always the possibility of losing access to the data. This outcome can be caused by many factors including the existence of system breaking bugs (Healy, 2015).
Retrieval of data
Retrieval time – the critical concern as the retrieval process may be time sensitive thus delay the application of the said data. While using the cloud resource, the subscriber’s retrieval process is subject to the factors of accessing online resources which are quite extensive.
Cybercrime – several serious attacks have occurred in the recent past which outline the risk of using cloud infrastructures. Now, while retrieving data from a compromised cloud facility, the process can be tracked back to the subscriber to infect the in-house facilities. Therefore, a subscriber can deliberately grant access to intruders while having the false assumption that they are retrieving their original data (Sovetkin, 2017).
How DR plan is affected by the cloud resource
In general, the DR plan considered by Webb’s Stores will change into a cloud DR having a virtualization approach. In this approach, the entire server which includes the operating systems, Softwares and system patches will be combined to form a single virtualised structure. Therefore, in case of a disaster, the entire copy including the data lost will be required in a matter of minutes if the single virtual structure is physically acquired from the CSP. This outcome will drastically affect the company’s DR plan as it will use fewer resources while meeting the same objectives.
Moreover, the virtualization tools and resources will be independent of the hardware resources. Therefore, the software resources such as OS, applications and patches will be transferred from one data centre to another without reloading each and every operational component. Again, this outcome will reduce the overall recovery time used to restore resources in case of disasters. In all, with cloud resources, Webb’s backup and restoration strategy will become more cost effective while having a better recovery time. These outcomes will be facilitated by the benefits outlined above and also by the ability to tune the performance of the cloud resources based on the immediate needs (tech, 2017).
Cloud access protection
AAA strategy – IaaS offers excessive control to the user which means there are a lot of resources disposed to the subscriber. The AAA strategy would require the authentication, authorization and accountability of resources. This can be done using verifiable all-inclusive tools available in the market including some that are provided by CSPs.
Resource management – the organization should monitor all the resources exchanged between them and the CSP in order to verify the security of the IaaS structure. In essence, the resource should not alter in operation (Mehtra, 2014).
Ms SQL cloud server instance
SQL authentication – when the logical server is created for the SQL instance, specific access resources are given including username and passwords. Now, these resources should me made using the best security procedures, for instance, they should be unique having strong and undetectable characters.
Firewall – this security feature will manage the access given to the cloud instance. This process will be conducted using the access information presented by the users more so, the IP addresses (Microsoft, 2017).
Cloud network structure
Network management – intrusion detection systems should be used to monitor the services offered by the cloud infrastructure. These systems would alert the administration of any access problems/threats thus help mitigate them before they cause any substantial damage.
Firewalls – similar to the cloud instance, the network structure should only be accessed by verifiable members. This consideration would be made using the firewalls which would also manage the data streams based on a verifiable checklist (Microsoft, 2017).
Cloud back-up and restoration structure
CASB – backup and restoration procedures will involve two different systems and in this case, two different parties will be used. Now, the CASB as outlined before will offer end to end access protection based on the user's considerations. Furthermore, this platform will offer endpoint protection using proxies and verifiable APIs.
Encryption – also known as tokenization, encryption would ensure that the backup procedures are conducted safely despite that nature of the channels used. Cloud resources will operate within the online platform where security is never guaranteed. Therefore, by tokenizing the backup and restoration data, the integrity and authenticity of the resources are maintained more so after the occurrence of a disaster (Symantec, 2017).
Healy, R. (2015). The Top 5 Risks of Moving to the Cloud. Retrieved 09 September, 2017, from: https://www.annese.com/blog/top-5-risks-of-moving-to-the-cloud.
Manes, C. (2012). What are the risks of backing up your business data in the cloud? Disaster recover journal , Retrieved 09 September, 2017, from: https://www.drj.com/articles/online-exclusive/what-are-the-risks-of-backing-up-your-business-data-in-the-cloud.html.
Mehtra, H. (2014). Issues and Standards in Cloud Security. Retrieved 09 September, 2017, from: https://www.cse.wustl.edu/~jain/cse571-14/ftp/cloud_security/index.html.
Microsoft. (2017). Azure SQL Database access control. Microsoft Azure, Retrieved 09 September, 2017, from: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-control-access.
Romes, R. (2013). The Benefits and Risks of Cloud Computing. Cla connect, Retrieved 09 September, 2017, from: https://www.claconnect.com/resources/articles/the-benefits-and-risks-of-cloud-computing.
Sovetkin, M. (2017). IaaS Security: Threats and Protection Methodologies. eSecurity planet, Retrieved 09 September, 2017, from: https://www.esecurityplanet.com/network-security/iaas-security-threats-and-protection-methodologies.html.
Symantec. (2017). Symantec Cloud Data Protection & Security. Symantec, Retrieved 09 September, 2017, from: https://www.symantec.com/products/cloud-data-protection-security.
tech, O. (2017). Benefits of Disaster Recovery in Cloud Computing. Retrieved 09 September, 2017, from: https://www.onlinetech.com/resources/references/benefits-of-disaster-recovery-in-cloud-computing.
Walker, S. (2015). 5 Benefits of a Cloud Computing Security Solution. TBCONSULTING, Retrieved 09, September, 2017, from: https://www.tbconsulting.com/blog/5-benefits-of-a-cloud-computing-security-solution/.