Discuss about the Transactions on Information Forensics and Security.
Information security or simply InfoSec is the perfect practice for the prevention of the unauthorized access, disclosure, recording, inspection, utilization, modification, destruction and disruption of data or information. This information security could be eventually utilized for the data form they are undertaking (Carlin & Curran, 2013). The main focus of the information security is the significant balanced protection about the CIA or confidentiality, integrity and availability of information and data. An efficient policy implementation is easily done with the information security by not hampering the productivity of the organization. This type of achievement is obtained from the multi step risk management procedure, which eventually recognizes various assets, sources of threats, potential impacts as well as vulnerabilities that are well followed by the proper assessment of an effective plan of risk management (Hashem et al., 2016). For the proper standardization of this particular discipline, all the users seek or collaborate in setting the guidance, policies or industry standards over the passwords. Moreover, the antivirus, firewalls, legal liabilities, encryption software and many more are the best information securities in this process.
With the increment of laws and regulations that would be affecting the proper data accessing, processing, storing and transferring, the entire phenomenon of information security would be increasing the overall security of various organizational systems and assets (Li et al., 2013). For the purpose of reducing the complexities of data loss and data prevention, information security measures or controls should be implemented and incorporated within the organization of Regional Gardens Ltd. Since, the organization of Regional Gardens Ltd. has decided to shift their business to cloud and Micro services strategy and thus information security is the mandatory step in their business. This would help them in enhancing their business to a greater level. The various information security steps as well as controls, which would be securing the Hybrid cloud, are given below:
Security from the Advanced Threats: The most important and significant security step or control for the security of hybrid cloud in the Regional Gardens Ltd is the proper and perfect security from various and several advanced threats. Each and every storage, network and the every computing environment are eventually secured and protected from the several advanced threats (Krishna, 2013). These advanced threats are nothing but the several kinds of dangerous and hazardous attacks, which are faced by the entire technological and cyber world. All of these advanced attacks have become the core and significant issues or problems for the company that are facing with them within their various information systems or adapted hybrid cloud. This type of security is the very first step for securing the hybrid cloud in Regional Gardens Ltd.
Scaling of the Security: The next significant and vital step for information security within the company of Regional Gardens Ltd is scaling of the security. This is majorly done to change as well as amend to the new providers of cloud. The overall scaling of security is very much vital for the specific organizational hybrid cloud, since this would be incrementing the proper security. It must be perfectly done in the company.
To Keep Low Operational Costs: The next significant and important step for information security within the company of Regional Gardens Ltd is keeping the operational costs much lower than others. All of these operational costs and expenses must be checked as well as kept lower to provide organizational competitive benefits to the company. All of these operational costs should also be reduced for another significant reason for reduction of the various complexities.
- iv) To Get Optimized Security: Another important and significant step in securing the information for the organization of Regional Gardens Ltd is to get the optimized security for their business. The security of the information should be optimized properly for the successful reduction of security related issues and complexities (Almorsy, Grundy & Müller, 2016). The deployment of the hybrid cloud and the various virtual environments eventually need all the optimized networks and hence checking should be done. The several mitigation strategies are taken in the process. This type of security optimization would be vital for this organization and hence Regional Gardens Ltd must take the step for the company.
- v) To Obtain Visibility: The next important step for security control for this company of Regional Gardens Ltd is the obtaining of visibility within the hybrid cloud. This data or information is hence protected or secured in the manner and thus the data storage never makes any difference within the phenomenon (Yang & Jia, 2013). For this type of visibility, the team of information security has the ability in noticing each and every vulnerability or risk in the company and hence removing all the threats from the business processes. This visibility was thus required to provide better competitive advantages within their company.
- vi) Involving Passwords: The involvement of passwords is another important step for controlling and securing the hybrid cloud of the organization. The passwords would be thus required to provide proper security to the hybrid cloud and micro services strategy of the company. They should incorporate several passwords in every sector of their cloud and a unique username and password should be provided to every employee and client of the cloud. This would thus reduce the complexity of data theft and data loss to a greater level.
Increased Secured Browser: The next important step for controlling the security of the organization of Regional Gardens Ltd is to secure the browser of their organization (Khan et al., 2013). Proper security measures should be undertaken by them to secure their browser and thus reducing the chance of information theft to a higher level.
Controlling Access: The access control is yet another important and significant step in information security of the organization of Regional Gardens Ltd. The entry to the cloud by the unauthorized users is checked by this step.
Incorporation of Encryption: Encryption is another significant step in securing the confidential data or information for the organization of Regional Gardens Ltd (Botta et al., 2016). This type of encryption implementation would be extremely important for them to secure the data to a greater extent.
Business Continuity Planning or BCP
The BCP or business continuity planning eventually refers to the proper creation of the particular strategy with perfect identification of several risks as well as threats, which could be faced by the organization of Regional Gardens Ltd with a proper assurance of accurate security of the personnel and assets and also the proper ability to function for the various disasters (Tao et al., 2014). This BCP or business continuity planning exclusively involves each and every important risk or threats, which would be beneficial for determining the procedure of the risks or threats affecting every operation of this organization. Furthermore, various significant safeguards and security controls must be incorporated and all the processes will be designed in such a way that they comprises of the capability to mitigate every risk or threat. This subsequently results when the testing of every process is done to ensure the major fact that these processes could be reviewed to make these up to date. The organization of Regional Gardens Ltd must develop a particular BCP or business continuity planning in their business. Any disaster has the ability of leading the failure of any system properly. Various significant issues or problems are possible for the application resilience, backup and DR in the environment of hybrid cloud (Alshamaila, Papagiannidis & Li, 2013). There are some of the major steps in the BCP for Regional Gardens Ltd in the proper adoption to the hybrid cloud as well as Micro services strategy. These steps are given below:
The first and the foremost step in this BCP or business continuity planning in the proper conduction of the analysis of business impact for their proper identification of time sensitiveness and several important business processes and operations and resources those are important for the support of their processes.
The next step in the BCP or business continuity planning is the proper recognition, documentation and implementing the several measures of security for the perfect recovery of business functions and processes (Wei et al., 2014).
The third step in the BCP or business continuity planning within the organization of Regional Gardens Ltd is to properly use the business continuity team and thus compilation of the BCP to perfectly manage the business disruption.
The final step in the BCP or business continuity planning for the organization of Regional Gardens Ltd is to conduct perfect training of the business continuity team and thus testing or exercising of the strategy evaluation is done significantly.
The various issues that are related to the backup, disaster recovery and application resilience in the hybrid cloud environment are given below:
Slow Adoption of Cloud: The first and the foremost issue within application resilience is the slow adoption of cloud. The cloud adoption is very much slower than the others than the normal data protection strategies. Thus, protection of data or information is majorly challenged in this procedure (Sanaei et al., 2014). The target of the traditional data storage is then limited or restricted and hence the issue should be properly mitigated. This BCP has the ability in resolving the issue without involvement of complexities by proper segregation of various cloud activities.
Slow Recovery of Data: The second issue is the slower recovery of data or confidential information. Business continuity planning is much effective in this case as the several security measures should be present within this planning and hence making the cloud safe and secured.
The cloud computing technology helps in managing various resources. The resource management can be eventually developed for the organizational resources whenever they are needed (Rong, Nguyen & Jaatun, 2013). These specific resources can include several things such as inventory, financial resources, inventory, information technology or IT, human skills and finally overall production resources. Cloud computing is the significant part of the information technology that is utilized for enabling the complete access to all the shared pools of the configurable system resources and also the high level service, which is being properly monitored or provisioned by minimum management effort over the Internet connectivity (Whaiduzzama et al., 2014). This technology of cloud computing eventually relies on the proper resource sharing for the purpose of achieving coherence as well as scale economy.
The most significant advantage of this cloud computing technology is that the users do not need to spend much on the computer maintenance and infrastructure. Rather the overall expenses are reduced to a greater level. The total expenses of the information technology infrastructure are eventually reduced or minimized (Arora, Parashar & Transforming, 2013). In some of the companies, the companies even have the ability to avoid this expense completely and thus providing a major advantage to all of them. Moreover, the overall speed of the applications is subsequently increased with the help of this particular technology.
Regional Gardens Ltd has decided to move their applications and services to the Micro services strategy and hybrid cloud. For this specific reason, the remote server administration, service level agreement management and resource management are to be properly conducted by them (Gupta, Seetharaman & Raj, 2013). This is also for the proposed infrastructure as a service and platform as a service instances. Cloud computing has emerged as the most popular and important computing paradigm for the purpose of hosting larger computing systems or services.
Various techniques for resource management have taken into consideration, which would focus on the effective sharing of various cloud resources amongst the several users (Dinh et al., 2013). All of these techniques of resource management within cloud are being designed for the applications of computing as well as workload intensive, having various parameters of optimization. There are some of the major requirements of resource management in hybrid cloud. The only important requirement in resource management is the shared resources. These shared resources are extremely important as well as significant for the infrastructure as a service and platform as a service instances. If these requirements are not fulfilled, it is not possible for any organization to manage their resources properly (Xia et al., 2016). Thus, Regional Gardens Ltd should check for their shared resources for the resource management in their company.
The remote administration eventually refers to the specific method to control any system from the remote location. The software that is responsible for allowing remote administration has become explicitly enhanced as well as common to use when it is absolutely difficult or impractical in using (Pearson, 2013). It is not always possible to be physically present near the system for the purpose of using it. The remote location might refer to the computer or system that is not nearby. Legal as well as hacking or remote administration is possible for the hybrid cloud. For this particular organization of Regional Gardens Ltd, the remote administration is referred to the proper monitoring or controlling any particular computer or system that is associated with the hybrid cloud or Micro services strategy. The most significant requirements of this type of administration are Internet connection and connection with the host computer. For the internet connection, the systems should be properly incorporated with the connectivity of Internet, Local Area Network or LAN or the presence of TCP/ IP protocol (Herbst, Kounev & Reussner, 2013). For the connection with the typical host computer, the client should be connected with this host for perfect connection with the organizational resources. All of these are required for the perfect management of the remote administration within the organization of Regional Gardens Ltd.
The third part is the service level agreement management. The SLA or service level agreement is the commitment within the client and the service provider. There are various aspects of the service. They are the quality, availability and responsibility. All of these aspects are eventually agreed within the service user and the service provider. The most significant element of the service level agreement is that all these services must be provided to the relevant customer (Fernando, Loke & Rahayu, 2013). The various important and vital requirements of the SLA management are cloud services and resources. This type of agreement is helpful for any user in perfectly managing each and every cloud resources or services within the infrastructure as a service and platform as a service. The perfect SLA negotiation is again done in this type of network.
Migration of email to Amazon Web Services
The organization of Regional Gardens Ltd has taken the decision in moving all of their email instances to the specific PaaS or platform as a service for starting their entire process of migration to the hybrid cloud and thus finally testing their strategies (Avram, 2014). AWS or Amazon Web Services is the proper subsidiary of the multi national organization of Amazon.com, providing various platforms of on demand cloud computing to their respective clients. This particular technology is extremely effective and thus enables the subscribers for having a complete virtual cluster of various computers at the disposal for making them available every time on the Internet connection.
The entire version of the virtual computers of Amazon Web Services for having all the attributes of the real computer, which involves hardware, central processing unit and graphical processing units for the purpose of processing, local or RAM memory, the storage of SSD and hard disk (Oliveira, Thomas & Espadanal, 2014).
For the proper execution of migration of electronic mail instances to the Amazon Web Services or AWS from their traditional existing web services, various important and significant steps are to be executed. All these steps with relevant details are eventually given below:
Prepare to Migrate: The first and the foremost step in the migration of their electronic mail instances to the Amazon Web Services or AWS from their traditional existing web services is to prepare for their successful migration. A perfect planning is required in this case.
Planning and Discovery of Portfolio: The second important step is the planning as well as discovery of the portfolio (Hashizume et al., 2013). All the dependencies of their portfolio within these applications and the several types of strategies of migration, which could be easily employed to meet the business goals or objectives, are highly required. Hence, it is extremely important.
Proper Application Designing: The third important step to migrate to the Amazon Web Services or AWS is the perfect designing of their applications. If the applications are not made perfectly, the applications may not work properly.
- iv) Migration as well as Validation of Applications: The fourth vital step to migrate to the Amazon Web Services or AWS from their traditional existing web services is to migrate as well as validate all the applications (Jain & Paul, 2013). This is extremely important for this type of migration.
- v) Operation of Migration: The last step in the entire process of migration from their traditional existing web services to AWS is the operation of migration.
All of the above mentioned steps are extremely important and significant for the organization of Regional Gardens Ltd.
Critical Points as well as Issues for the Steps
Each and every above mentioned step comprises of a critical point or issue within it. These critical issues make the entire execution of processes much difficult than the rest and thus these should be mitigated within time.
The several critical points or issues that are related to the steps of migration to the Amazon Web Services or AWS from the traditional existing web services for the organization of Regional Gardens Ltd are given below:
- i) Prepare to Migrate: The first and the foremost issue or critical point in this particular migration is wrong or erroneous planning. When this type of planning is done properly, the migration is sure to become a major failure for the organization.
- ii) Planning and Discovery of Portfolio: The second step in the migration is planning as well as discovery of the portfolio (Xiao & Xiao, 2013). There are some of the major critical issues or points within the migration and thus this should be reduced on time. The inaccurate or wrong discovery as well as planning of the portfolio is the most significant issue or critical point in the step. To avoid all types of issues or critical points, the portfolio should be prepared perfectly.
Proper Application Designing: The third important step in the migration to the Amazon Web Services is the proper and perfect application designing (O’Driscoll, Daugelaite & Sleator, 2013). The wrong or incorrect design of this particular application could subsequently lead to the failure of destruction of this system.
- iv) Migration as well as Validation of Applications: The next step is the migration as well as validation of the applications. The improper validation could create major problem in this scenario and thus this should be mitigated properly.
- v) Operation of Migration: The final step in the migration process is the operation of migration (Garg, Versteeg & Buyya, 2013). The most significant critical issue or point in this step is the improper operation of various services for the organization of Regional Gardens Ltd.
These above mentioned critical issues or points often become extremely vulnerable for the organization of Regional Gardens Ltd in their successful migration to the hybrid cloud and Micro services strategy.
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Alshamaila, Y., Papagiannidis, S., & Li, F. (2013). Cloud computing adoption by SMEs in the north east of England: A multi-perspective framework. Journal of Enterprise Information Management, 26(3), 250-275.
Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.
Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.
Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.
Carlin, S., & Curran, K. (2013). Cloud computing security. In Pervasive and Ubiquitous Technology Innovations for Ambient Intelligence Environments (pp. 12-17). IGI Global.
Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.
Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.
Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.
Gupta, P., Seetharaman, A., & Raj, J. R. (2013). The usage and adoption of cloud computing by small and medium businesses. International Journal of Information Management, 33(5), 861-874.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of internet services and applications, 4(1), 5.
Herbst, N. R., Kounev, S., & Reussner, R. H. (2013, June). Elasticity in Cloud Computing: What It Is, and What It Is Not. In ICAC (Vol. 13, pp. 23-27).
Jain, R., & Paul, S. (2013). Network virtualization and software defined networking for cloud computing: a survey. IEEE Communications Magazine, 51(11), 24-31.
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013). Towards secure mobile cloud computing: A survey. Future Generation Computer Systems, 29(5), 1278-1299.
Krishna, P. V. (2013). Honey bee behavior inspired load balancing of tasks in cloud computing environments. Applied Soft Computing, 13(5), 2292-2303.
Li, M., Yu, S., Zheng, Y., Ren, K., & Lou, W. (2013). Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1), 131-143.
O’Driscoll, A., Daugelaite, J., & Sleator, R. D. (2013). ‘Big data’, Hadoop and cloud computing in genomics. Journal of biomedical informatics, 46(5), 774-781.
Oliveira, T., Thomas, M., & Espadanal, M. (2014). Assessing the determinants of cloud computing adoption: An analysis of the manufacturing and services sectors. Information & Management, 51(5), 497-510.
Pearson, S. (2013). Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). Springer, London.
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.
Rong, C., Nguyen, S. T., & Jaatun, M. G. (2013). Beyond lightning: A survey on security challenges in cloud computing. Computers & Electrical Engineering, 39(1), 47-54.
Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.
Tao, F., Cheng, Y., Da Xu, L., Zhang, L., & Li, B. H. (2014). CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), 1435-1442.
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.
Whaiduzzaman, M., Sookhak, M., Gani, A., & Buyya, R. (2014). A survey on vehicular cloud computing. Journal of Network and Computer Applications, 40, 325-344.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594-2608.
Xiao, Z., & Xiao, Y. (2013). Security and privacy in cloud computing. IEEE Communications Surveys & Tutorials, 15(2), 843-859.
Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE transactions on parallel and distributed systems, 24(6), 1107-1117.
Yang, K., & Jia, X. (2013). An efficient and secure dynamic auditing protocol for data storage in cloud computing. IEEE transactions on parallel and distributed systems, 24(9), 1717-1726.