ITC 561 Security Management and Migration Proof Reading Services

ITC 561 Security Management and Migration Proof Reading Services

Executive Summary

In this report, the discussion of Webb’s organisation is discussed so that they can easily migrate their data to the cloud storage. This report consists of four task which deals with the different factors like Backup risk management, migration risk management, and access management. In the first task different type of security factors like SSO, IAAM and Network management software are discussed so that Webb’s can be easily provided with the security. Also, different benefits like detection of malware in early stage are discussed. Intellectual property issues and licensing issues are also discussed in the first task. Different risk which is associated with the database IaaS infrastructure and communication with the Webb’s and IaaS is also discussed. Different factors like small restoring windows, large backup window are discussed in the backing up data, security, outages, and control over information are discussed in the risk and issues related to storage of data cloud. Accessibility, reliability, and efficiency are discussed to describe the effect of cloud backup which can affect the data recovery plans. And in the fourth section discussion is done on the recommendation to protect the access of Webb’s board.  Controlling endpoint access, Limiting the administrative services and multi-factor authentication is discussed for IaaS structure. Physical and logical layer are discussed in cloud network infrastructure access. Patch management and knowing the user is discussed in the protecting the access to cloud network infrastructure. And guarding all the failures, keeping the private data safely are discussed in providing the protection against the cloud backup and restore infrastructure.

Task 1

a. Describe the type of security that you would deploy to protect this mission critical database once it is moved to an IaaS instance in a public cloud.

Different security mechanism is required in securing the environment of IaaS which is as shown below:

1. While transmitting the data different mechanism like hashing, encryption, PKI mechanism and digital signature can be used so that the data can be securely transmitted.

2. A different mechanism like SSO and IAM can be used inside the Webb’s IaaS infrastructure. Through this accessing and of the system is going to take place on the basis of user’s capabilities like authentication, authorization, and identification.

3. Virtual server images can be hardened for the external and internal available virtual server environment.

4. Tracking the abnormal usage pattern through the provisioned virtual IT resources. Through this step, the usage pattern can be traced essential steps can be taken by the IT professional to improve it.

5. Through the network management software, isolation of the virtual environment is done. This is done by segmenting the networks or hypervisors. Through this is security group can be secured easily (Erl, Puttini & Mahmood, 2013). 

b. Describe the benefits and issues that would be the result of your deployment of these security measures.

Benefits of deploying the security measures

Benefits of scale can get in a secure manner. Employer of Webb’s can easily fetch the information from multiple locations in a secure manner. By detecting the malware in an early manner, the stable and effective system can be provided to Webb’s organization. Also by migrating the data to the IaaS, the data can be secured against threats. Latest security patches can be delivered to the Webb’s on regular and periodic fashion. Also, IaaS allows snapshots of the virtual infrastructure which can be easily compared with the baseline. Through this, the cross-check of the firewall rule can be done. IaaS provider can easily reallocate the resources like encryption, filtering, traffic shaping etc. Through these resources, the defensive measures are going to be increased in Webb’s organisation.   

Issues in deploying the security measures

Licensing Issues:

If the which provided by the supplier is violated, then it may lead to the disruption of services or financial penalties. The probability of this type of attack is going to be high due to fact that the software licensing agreements are not properly conscious of “cloud aware”.

Intellectual property issues

Task 2

a) Database

There is different type of issues that come under the data migration from the database. As per the survey nearly around the 38% of the data migration project fails. This is due to the different factors which are listed below:

Less familiarity of source data:

There are different types of problems like missing information, erroneous data, duplicates, and misspellings are present inside the database. Due to all these factors, the data inside the new database is not accepted.

Misjudging the data analysis

Due to the presence of the constraints inside the compute the data can be present inside different obscure places. As a result, the outdated and inaccurate information is transferred during the migration. And the error is going to be noticed at the end of the day when all the data is migrated. The result of this effect is that the data is inaccessible and of no use.

Lack of Integrated Process

If disparate technology is used in data transferring, then it may be a great failure. A lot of time is required in translation which is completely waste of time and cost.  So Webb’s has to look for the devices which can easily translate the data so that time and cost can be saved (Dumbleton, 2013).

b) The IaaS infrastructure

There is the symbiotic type of relationship between the IaaS and 3^rd party vendor who is going to provide the cloud stack trio. Webb’s has to pay for the services like servers, networks, storage, virtual machines, and other web service provider like Amazon Web Services. Based on these things there are different risks which are shown below:

In Webb’s department, there is certain type of the users who are not having the access to specific set of resources. These are termed as a rogue user. But if they come under the list of IaaS then they can also access that set of resources also. Although “control” is treated as the key concept a lot of effort is required in maintaining it.

There is the risk termed as “vendor lock-in” which is more likely to be had with the vendor’s side. Different vendors have different mechanism or guidelines to bind organisation data with their infrastructure. So the Webb’s has to choose correct vendors while opting for IaaS options (Goriawala, 2016).

c) The communications between Webb’s and their IaaS database in the cloud

There is a different type of risk that is available in Webb’s store and the IaaS store. These risks are as follows:

Transient connectivity issues:

This type of risk is going to occur when the IaaS database is reconfigured or it losses the connection with the SQL database. This event is going to occur on planned or unplanned event. Majorly these reconfiguration errors are going to have short-lived and completed in less than 60 seconds. But transient connection lasts for hours. This time is going to increase during long-running recovery time.

Persistent errors:

This type of error is due to any factor which is shown below:

User error:This type of error is going to happen when the connection is mistyped or the name of the server is missing from the string.

Network reconfiguration:this is generally at the client side. Common examples of this type of error are new IP address.

Firewall configuration:This type of error is going to cause when the client side firewall is blocking the connection to the database (Chen, Rabeler, Lin & Miller, 2017).

Task 3

a. What are the risks and issues associated with backing up data to the cloud? You should name and describe each risk that you identify that applies to:

(i) Backing up data to the Cloud

There are different type risks that are associated with the backup of data to the cloud. These risks are listed down below:

Backup window is very large:

Backing up of data to the database is purely based on the LAN speed. If the internet speed is high, then the data can be uploaded or downloaded at high speed. So there is the need the bandwidth which Webb’s has to see so that the data can be uploaded/downloaded smoothly.

Smaller restoring windows:

During the time of the there is need of services which has to be as fast as it can. And uploading of the database done in months or year. So this huge uploaded data need ample of time to download.

Unauthorized access of data

If the data is saved inside the premises of the Webb, then there is s surety of data safety. But if the data is saved the cloud then the data can be sure against security. This is due to the fact that in the data can be accessed by anyone. So its vendor responsibility to provide the proper data authentication so that the data can't be accessed by the person (Manes, 2012).

(ii) Storage of data in the Cloud

There are different types of risk that are associated with the storing of data in the cloud. These risks are shown below:

Security

The most prevalent concern of the Webb is of security. Passwords and user login are the most important things which provided by the cloud provider. But these things can be easily overcome by the attackers. To steal the information, the attacker is becoming the craftier.

1. Lack of standardization
2. vendor does not follow standard protocol which is needed to support the business. Different vendors provide different resources and uptime. So Webb has to select the vendor with utmost care otherwise this vendor may put Webb in dark during the time of disaster.
3. Control over information

Whenever the data present inside the hardware then data is going to be safe. As soon as the data is shifted to the cloud there is a risk. So the vendor has to provide a agreement in which he must ensure Webb that the data is going to be safe inside the cloud and there is not any case of data leaking.

Outages

IaaS anytime and anywhere service but of internet is a . During any disaster if goes down then, or in if the vendor network goes down then data fetching is difficult. So to avoid this Webb’s has to keep the backup solution so that they can retrieve their data easily (Giacinto, 2016).

(iii) Retrieval of data from the cloud

There is a different risk that associated with the retrieval of data. These are shown below:

During the time of data retrieval from the cloud, it must be ensured that the files must be downloaded by the authenticated persons only. Since in IaaS immutable is hard to achieve therefore a strict track has to be maintained. For that, the detailed log book can be used to keep the record of the user activities inside the archive.

Cloud has to be designed in such a manner so that the data inside the database remain for a long time until the user deletes it. So for that, the well-defined deletion policies and data retention techniques have to be implemented. This retention period can be varied by file type or by setting the metadata during the process of file archiving (ComputerWeekly, n.d.).

b. How does Webb’s use of a Cloud backup affect their DR plans? Describe how you see that their backup and restore strategy will change as a result of this service.

By choosing the cloud backup their DR plan is going to effect in a positive manner. This is due to the certain advantage of cloud backup over data recovery which is shown below:

Reliability and efficiency

Cloud provider generally uses different technologies such as compression, disk-based backup, server , data duplication, and compression. security cane provided by taking the help of management, and reporting features. These features are missing inside the data recovery plans.

Recovery time can be improved for small data sets

File recovery from the cloud storage is much faster. There is no requirement of the physical transportation from the location of offsite. The files that to be recovered can be easily and streamed through the WAN connection. Through this method lot of time can be saved. Whereas in the data recovery option the tape has to be recalled, then the data present inside it has to be located, and at data has been recovered. As a result, the data recovery requires a of time when with the file backup.

1. Accessibility
2. who can’t afford the maintenance and investment of the data recovery infrastructure, cloud backup is the perfect solution for this organisation. A huge amount of money can be saved by outsourcing the data to the cloud backup. Whereas the cost associated with the data recovery plans are high (Whitehouse, 2009).  

Task 4

a.Their IaaS infrastructure

Webb’s Board can protect the IaaS infrastructure by

Multi-factor authentication

Access of the IaaS can be given to the user by providing multiple of authentication. Through this only user of Webb’s can access the IaaS services. identity theft and other cybercrimes can be easily stopped through this authentication procedure. Through this employee can easily access the services by signing in the services.

Limiting the administrative services

Integrity and confidentiality a huge role in maintaining the data. internal attack causes severe damage to the . So to avoid this, the administrative services to be limited to the persons only. Through this proper monitor, management and control of the access can be established inside .

Controlling endpoint access

Endpoints can be accessed by taking the help of network security group. Through this access can be limited to the administrative endpoint. Also through the network communication can be tightly controlled through this process (Microsoft, 2017).

b.Their Ms SQL Server 2012 R2 cloud instance

Webb’s Board can protect the access to MS SQL Server 2012 R2 cloud instance by the following manner:

Physical security

In this type of security, the access is limited strictly the hardware components and physical server. all the document and media of the Webb access has to be limited and securing of the file has to be done in the offsite location. This is implemented by keeping the user that in view of Webb’s has to off from the network.

Operating system security

In all the upgrades and updates that are tested on the database application has to be implemented inside the operating system. Also by implementing the firewall security inside operating system security can be achieved easily. This is done by providing the so that the main focus can be shifted to the security measures.

c. Their Cloud network infrastructure

Webb’s can protect access to cloud network infrastructure by:

1. Knowing the user who is accessing the system. They have to make sure that only authenticated user is going to access the cloud infrastructure.

2. By changing the level of access insider the cloud. This is going to be completely based on the which person is using the data.

3. By installing the patch management agent inside the device Webb’s data can be isolated from the personal data on the mobile device (Marx, 2013).

d.Their Cloud backup and restore infrastructure

Webb’s can protect access to cloud backup and restore infrastructure by:  

1. Installing the recovery and backup windows which are very strict.

According to this is possible by eliminating the accidental data loss and data corruption.

2. Guarding all the failures

This Can be achieved by meeting the requirements of RTO and RPO. all the site outage and local system must be protected.

3. Keeping all the private data separately.

This can be achieved by managing the data security .

4. Fulfilling all the regulations which are applicable

Through enabling the WORM for file locking and making efficient use of enterprise storage infrastructure.

References

Chen, D., Rabeler, C., Lin, T., & Miller, A. (2017). Troubleshoot common connection issues to Azure SQL Database. Retrieved from https://docs.microsoft.com/en-us/azure/sql-database/sql-database-troubleshoot-common-connection-issues

ComputerWeekly. Storage retrieval strategies: Retrieving data from archives. Retrieved from http://www.computerweekly.com/feature/Storage-retrieval-strategies-Retrieving-data-from-archives

Dumbleton, J. (2013). 8 Hurdles of a Data Migration [Blog Post]. Retrieved from https://www.edq.com/uk/blog/8-hurdles-of-a-data-migration/

Erl, T., Puttini, R., & Mahmood, Z. (2013). Cloud Computing. Concepts, Technology & Architecture.

Giacinto, B. (2016). 4 Risks Associated With Storing Data In The Cloud [Blog Post].  Retrieved from http://novabackup.novastor.com/blog/4-risks-associated-with-storing-data-in-the-cloud/

Goriawala, S. (2016). Understanding Risks Associated With the 3 Cloud Computing Stack: SaaS, PaaS, IaaS [Blog Post] . Retrieved from https://blog.perfectcloud.io/understanding-risks-associated-with-saas-paas-iaas/

Haeberlen, T., & Dupré, L. (2012). Cloud Computing Benefits, risks and recommendations for information security. Retrieved from http://Cloud Computing Benefits, risks and recommendations for information security

Manes, C. (2012). What are the risks of backing up your business data in the cloud?. Retrieved from https://www.drj.com/articles/online-exclusive/what-are-the-risks-of-backing-up-your-business-data-in-the-cloud.html

Marx, G. (2013). Can cloud computing be secure? Six ways to reduce risk and protect data [Blog Post] . Retrieved from https://www.theguardian.com/media-network/media-network-blog/2013/sep/05/cloud-computing-security-protect-data

Microsoft. (2017). Security best practices for IaaS workloads in Azure. Retrieved from https://docs.microsoft.com/en-us/azure/security/azure-security-iaas

Whitehouse, L. (2009). The pros and cons of cloud backup technologies. Retrieved from http://searchdatabackup.techtarget.com/tip/The-pros-and-cons-of-cloud-backup-technologies