Saturday, December 7, 2019
Migration of Business to Cloud Computing â⬠Free Samples to Students
Question: Discuss about the Migration of Business to Cloud Computing. Answer: Introduction In this new world of technology, Cloud computing has been offering solution for the problems those have been taxed IT departments for years and plagued the organizations. Managing and Maintaining IT in-house has been resulting in heavy burden for the organizations that have been implementing IT infrastructure for the smaller and big organizations. This has been also resulting in beneficial manner for the SMEs (Small and Medium Sized Enterprises) in both managing and securing those data properly and in efficient budget. Cloud computing is availing the consumers with data access at anywhere via connecting to the internet and managing them to keep safe while transferring to its stakeholders for operational activities. One side this is providing facilities and security at low budget but also raising creation security issues that might affect the organization. Cloud computing performs on basically three platforms that are: IaaS (Information-as-a-service), PaaS (Platform-as-a-service), SaaS (Sofytware-as-a-Service) that are enhancing the performance of the Cloud computing services. These are being delivered through deployment of following models: Community Cloud, Public Cloud and private cloud. Australian finance industry is in its very early stage of Cloud adoption as many of the financial industries are using a limited range of Cloud based services. The approach of using Cloud based services has not been strategically placed and for some of the cases the consumers would not be aware of the services that could be provided by the Cloud computing. Based on the survey made by (Chang, Walters Wills, 2014) almost 88% of the financial industries are using cloud-based services and implementation of Cloud computing is rapid manner and among them 81% of the industries were aware with the services offered by Cloud computing. The survey resulted that about 50% of the Australian Finance industries are using hybrid of Private Cloud and Public Cloud as this is a common approach for financial industries. Other than this 42% of the industries are practicing in-house IT and moving non-critical services like collaboration, content management tools, and email management to the Cloud based services (Schulte et al., 2015). Some of the financial industries are using Cloud services as a testing environment in manner to plead the development of use cases that could be better option for assessing the hybrid of Public Cloud and on premises, in-house hosting of the Cloud services. It is also being used by the financial industries as test beds for new and innovative applications and among all the industries only 8% of the industries are using strict Private Cloud only policy. Main objectives are compliance and privacy concerns including the confidence that the Private Cloud can satisfy the business requirements of the org anization (Gai, 2014). The strength that are using Cloud based services among them 92% of the industries have an already developed strategy that is based on hybrid of Private and Public Cloud hosted both in-house and externally IT services. Based on this it can be stated that the confidence among the financial industries have been increasing towards adopting Cloud Computing services within the system of the organization. On the other hand it can be noted a certain level of prudency on the context of migration towards Cloud computing. Some of the consumers are avoiding migration of data to the Cloud and instead of that they are choosing it to use for the digital transformation of the business. Cloud adoption Example (Finance Industries) NASDAQ OMX Data on-demand: It is a Software-as-a-service (SaaS) Cloud service that provides flexible and easy access to the massive amounts of historical dataand is produced in the market with the support of Xignite. It can be accessed through API (Application programming interface) and is a web application that can be helpful in managing users to purchase data online. It can also be used as plain texts (Mahmood et al., 2014). CME Clearport OTC Data on-demand: It is an on-demand Software-as-a-services (SaaS) web service that has the same Xignite platform and can be helpful in offering accesses to end-of- day OTC volume, open interest, and settlement data in manner to provide support to the markets that are available through CME Clearport (Pattnaik, Prusty Dash, 2016). Australian Banks using Cloud for risk analysis and non-core processes: There has been use of IBM iDataPlex servers in various banks of Australia as a part of an Infrastructure-as-a-service (IaaS) strategy in manner to evaluate and build programs related to risk analysis. More than one separate computer can be turned into a pool of shared resource that can be referred as cloud.PaaS Cloud vendor Force.com has been being used by Morgan Stanley for its recruiting applications that is providing many benefits in extensive Cloud penetration in strategy and analytics (Asatiani et al., 2014). Gridglo real-time energy apps: The startup, Gridglo, is developing SaaS services for their startup in manner to sell information to utilities in Australia. It can be described as a mining energy consumption data from smart meters and thereafter the combination of these data with data from other sources like data related to demographic and weather, real estate, energy credit scoring and demand response analytics in manner to categorize different types of consumers for providing tools that can be helpful in energy forecasting, including an energy tool for financial risk (McConky et al., 2015). Microsoft Azure DataMarket for the Energy Industry: Cloud services offered by Microsoft DataMarket SaaS can be a helpful in enabling the exploration, discovery and consumption of data from the commercial data sources and trusted public domains for example, health, demographics, weather, real estates, navigation, transportation, and location- based services, and many more. Analytics for enabling insight from that data and visualization is also included in it (Coleman et al., 2016). A common API can also be used for incorporating these data into software applications for any of the devices. Many of the energy industries have been using these platforms in manner to create analytic applications and energy forecasting. There are certain challenges in implementation of Cloud computing which can be listed as: data security, data privacy, vendor lock-in (Absence of standards), availability, and compliance into the existing system of the financial industries (Sanei et al., 2014). Following are the ways in which these challenges may impact the Australian finance industries: Financial organizations are apprehensive about the data might get compromised on a public Cloud or monetization of the data related to the customers may happen by Cloud vendors. An example can be a better explainer such as traders in a firm might be worrying about migrating their proprietary strategies related to trading in a Cloud because there are chances that the competitor might be using the same Cloud and get access to the saved data (Moreno-Vozmediano, Monentro Liorente, 2013). This implies that risk analyst and portfolio managers are much apprehensive about the location for the assets as it may lead to barrage of lawsuits or have reputational implication on the firms. Vendor lock-in is another concern in the implementation of Cloud computing as most of the service providers access to their resources through APIs to their resources. Shifting from one vendor to another might cost a lot for the organization which will neglect the first priority of using Cloud hosted application which was low cost (Avram, 2014). Compliance risks which includes providing enough evidence for care taking of the data and proving risk management processes are the another challenges in the clod hosting application adoption for finance industries. Loss of governance and Isolation Failures are the challenges that could put the challenge to control sufficiently resources in the Cloud affecting the security and an unauthorized Cloud computer has the capability to influence the systems on which the Cloud application has been adopting (Tossi, Colheiros Buyya, 2014). Security Issues Isolation Failure: Shared resources and multi-tenancy have been defining the Cloud computing which put this in the category of risk covering the failure of mechanism related to the memory, storage, and reputation between different tenants and routing among them such as guest-hopping attacks (Hashizume et al., 2013). Attacks on resource isolation mechanism can be considered very less numerous and much difficult for an intruder to gain access to it than on traditional operating systems. Management Interface compromise: Public Cloud service provider provides customer management interfaces that can be accessible through the mediate access and internet to the large resources this implies in possessing higher rate of risk, mainly in the circumstances when it is being accessed remotely and web browser vulnerabilities (Almorsy, Grundy Muller, 2016). Data breaches: One of most concerning and debating topic for any technology that is being used in this century for all the technologies that are connected to the internet or using internet as a medium. Data that are being saved in the Cloud or being transferred using internet are vulnerable to cyber-attacks. If proper security is not provided to the network an unauthorized user can get access to the data that is being saved in the Cloud and could cause severe damage to the organization in all the way. Modi et al. (2013) stated recent example can be the JP Morgan Chase m Co data breach in which millions of people were affected and this causes damage to the reputation of JP Morgan Corporation and also its share markets were down for some time. Incomplete or insecure data deletion: Request made to the Cloud vendors for the deletion of data could result in incompletely wiping those data. Timely or adequate data deletion might be not possible or may be not desired by the customers at all and this happens because of the unavailability of the extra copies of data or other case may be that the disk that is about to destroyed might stores the data from other clients (Ahmed Hossain, 2014). This mainly happens in the case of multi-tenancy services and reusing the hardware resources which could raises higher risk than the customer who is using the same dedicated hardware resource. Expectation of the customers security: The customers perception on the data security might be different from the data security being provided by the Cloud Providers and the availability of the data security that is being offered by them. In real the actual temptation for the Cloud service provider is to reduce costs without concerning the data security of the individuals (Stojmenovic Wen, 2014). Malicious insider: This is an unusual risk but probably happen to the organization in which the damage might be caused by the individual who have credentials and access to the network of the firm and had been retired or been a formal employee of the organization. He or she might get access to the network and harm the organizational data and information for personal benefits through selling it to the organization or expose those data to an unwilling individual for personal revenge. These are the extremely high risk for the firm and might cause severe damage to the proper functioning of the organization. Availability chain: There could be the creation of single point of failures in many cases because of the reliance on internet connectivity at the end of the customer. Loss Governance: Using Cloud services or Cloud hosted application for managing the data and in formation of the customer, there is the possibility that the client necessarily cedes control to the CP (cloud provider) on various issues as stated above that could be the reason of security issues to those data. At the same moment the Service Legal Agreements (SLAs) might be insufficient to provide any of such promise to provide these services from the side of the Cloud service provider, which creates a gap between the security defenses of the services that are being offered by them. Loss of governance includes compliance issues as the investment made in achieving the agreement or certification might put the process of migration to the Cloud at risk for example regulatory requirements or the industry standards that can be stated as: firstly, The Cloud Service provider does not allows the permission to audit by the Cloud Customers and secondly, there are the chances that Cloud Provider wou ld not be able to provide the evidence of their proposed compliance with the relevant requirements of the Cloud customers (Khetri, 2013). There are many such cases in which the implementation of Cloud computing results specific kind of compliance cannot be achieved for example PCI DSS etc. Lock-in: The guarantees assured by the Cloud service provider towards application, data and service portability is not yet completely achieved as there is still not much flexibility in the tools, standard data formats or procedures that are being offered (Hashem et al., 2015). This could create problem and raise various types of risks (sometimes even impossible) in migrating the data and information related to the customer to another Cloud service provider and back to an in-house infrastructure. This results in complete dependency on the Cloud service providers for the Cloud customers especially for data portability, service provision because most of the fundamentals aspects have not been enabled yet (Ryan, 2013). Threats, Assets, Vulnerabilities, and Risks Risk can be defined as the combination of vulnerabilities and risks those have the capability to affect the assets. For the risk assessment following are the list of risk and vulnerabilities including their impact probability and risk rates with a risk priority matrix have been plotted. VL- Very Low, L-Low, M- medium, H-High, VH-Very high Sl. No. Risk/Vulnerabilities Description Likelihood Impact Priority R1. Lock-in Depending strongly on single service provider for their services could lead to several difficulties in moving to different service provider and may cause serious issues. This could even lead to an impossible attempt to move to another Cloud service provider (Chou, 2015). H M H R2. Loss of Governance Availing Cloud services need a must factor that is a third party involvement that results in Cloud customers necessarily cedes control to the Cloud provider on various issues that will probably affect the security of the system and the data that is being migrated to the cloud. VH VH VH R3. Supply Chain Failure The Cloud Providers might outsourced a part of their production chain to third parties too and could even use another Cloud service providers as a part of their services that might results in the possibilities of cascade failures. L M M R4. Conflicts between the Cloud environment and customer hardening procedures The Cloud Service providers might not be able to provide compliance according to the need of the Cloud customers security measures those results in making their implementation impossible (Pearson, 2013). M M M R5. Social Engineering Attacks (Phishing) It can be refereed as the technique of manipulating individuals into divulging confidential information or performing actions. It can be categorized as the simple fraud or confidence trick and can also be referred as the trickery of the information for the purpose of fraud, information gathering, or access to the systems sensitive information. Most of the case the attackers does not come face-to-face of the victims. M H M R6. Technical risks Cloud services are on-demand service (IaaS, PaaS, SaaS) there are the possibilities that Cloud providers will not be able to maintain the service level that has been promised and he might also not be able to meet the demands that is being increased in a certain shared resources (Drissio, Houmani Medromi, 2013). M Ms M Failing in maintaining the services level L H M Failing in meeting increased demand R7. Isolation Failure In the environment like this where data R8. Malicious Insider (Cloud Provider) The damage to the data information related to the operational activities of the organization of the Cloud Customers assets because of the malicious insider at the Cloud service provider M VH H R9. Interface compromises (availability of infrastructure, manipulation) When combined with web browser vulnerabilities and remote access there are chances of risk to the data security. This is because the customer management interfaces of the public Cloud service providers are mediate access and accessible to the internet to the applications that have been hosting traditionally by the service providers. M VH H R10. Intercepting data in transit During the transfers of the data between the different clouds or the computers using a network, there is the probability that there transfer gets blocked or intercepted by an unwanted or unauthorized user. This generally happens during the transfer of data between the service provider and the customers (Theoharidou, Tsalis Gritzalis, 2013). M H M R11. Ineffective deletion of data or Insecure Deletion of data from the Cloud on the call of the customers does not in real deletes all the data from the Cloud rather than that data are being transferred to the eventual backup media or removed from the storage. During this if the storage had been not encrypted properly, this data could be accessed by other users that might harm the data and misuse it for their personal benefits. M VH H R12. DDOS (Distributed Denial of Service) The particular aim of such attacks is to overload a resource, service interface, or network by flooding the network with continuous request from more than one source that are being distributed across a wide topological or geographical area. This implies that the legitimate users will not be able to use the resources as intended (Juliadotter Choo, 2015). M H M R13. EDOS (Economic Denial of Service) Attacks may result in the poor-configuration or budget planning might be altered that will result in the increase of the cost for this implementation into the system and thus it might becomes unaffordable for the consumers willing to take the services. L H M R14. Service Engine Compromised It is one of the most important fundamental part f a Cloud service and compromising this could let an unauthorized user or intruder to access al the related to the customer that has been saved into the cloud (Albakri et al., 2014). L VH H R15. Loss of Cryptographic keys Compromising or losing cryptographic keys that have been used for the digital scanners, authentication, or encryption could affect the data by compromising with an unauthorized users and it could lead to financial damages, denial of services, an loss of data (Furuncu Sogukpinar, 2015). L H M R16. Cloud-specific network related technical attacks or failures Such type of attacks and failures could affect the Cloud services that might also occurred in the classic IT settings. This could cause loss of the internet connectivity because of the failures or attacks on the site of the customers. Or the internet service provider of the customer because of the temporarily reduced in the network bandwidth on the bath that connects the service provider and the customers. Another cause is the global internet conjunction, and the failures in the connectivity path between the service provider and the consumer. M M M R17. Loss of Backups There is the probability that the backup of the data kept by the service provider about the costumers data could get lost or might get damaged or ob the physical medium there has been data saved. L H M R18. Natural Disasters Calamities like earthquakes, flooding, tsunamis and many others could affect the infrastructure of the service provider and will alternatively affect the Customers as most of the service providers have different and far locations (Latif et al., 2014). VL H M R19. Legal Risks Australian Government authorities might ask the operators that are providing services to provide information for any criminal case or legal lawsuits and could access the storage media and the hardware storage devices. H M H R20. Risks from changing jurisdictions When the physical location of the service provider is situated in the country other than the customers change in jurisdiction will affect the security of the information. For example: data may be seized in the name of country security, data may even get seized because that does not belong to the same country. H H H R21. Data protection services Legislations and policies of the different country could lead to the issues related with the security of the data and the information that is being saved on the Cloud in different country. Another issue related with it is the data protection authority from different government cannot be accessed. H H H R22. Licensing Issues Violating licensing agreements of the software supplier could result in financial penalties and several others like disruption of services and many more. M M M R23. Intellectual property issues For both the cases storing data in the Cloud or using any Cloud hosted application could let to the security issues related to the information that is being saved and being executed during the application of software. L M M Risk Assessment Matrix Probability Very High R.2 High R.19 R.1 R.7 R.20 R.21 R.8 R.9 Medium R.6 R.16 R.22 R.10 R.6 R.5 R.4 R.12 R.11 Low R.3 R.23 R.13 R.15 R.10 R.14 Very Low R.18 Very Low Low Medium High Very High Impact Measures to Mitigate Security Issues Following are the measures that could be helpful in enhancing the security of the information and data that are being uploaded on the Cloud and could help in mitigating the issues that may rise due to this implementation into the system. Two-factor authentication technology can be preferable situation for securing the information and data including critical protection or even declining to share the credentials to individual other than companys head can also be a better option (Smith et al., 2013). Making thorough research on the service provider and comparing whether the agreement is matching with the compliance and SLAs or not with the policies of the organization. The research should be accurate and exact. Single Sign-on (SSO) utilization in the organization can also help in boosting the security of the organization. Financial industries use a number of loud applications and services and the individuals might have different credentials to access those services and the applications (Pearce, Zeadally Hunt, 2013). For example OneLogIn provides this facility that could be used for one login password. Another option related to the password can be the use of automatically generated password. End-to-end encryption could also be helpful in ensuring the security of the data and information that is being saved in the cloud. It should be ensured by the customer that the service provider is putting encryption on the files or not, it could also help in protecting files in the hand of hackers. In manner to minimize the risk to the extent level there should be proper encryption over the files before uploading it to the Cloud and should be encrypted by a single decryption code (Fernandis et al., 2014). Secured communication protocol like SSL/TLS could be helpful in protecting the data and information that is travelling in the network. The hardware and software that are being used to operate these systems and services should be up-to-date with the new and latest versions that will also help in minimizing the threats and issues related to the security (Barlow et al., 2013). Conclusion Based on the above report it can be concluded that both the firm and vendors needs to make their contribution in manner to fight back the issues and threats that arises due to the implementation of cloud computing within the organization. The NYSE Euronext community Cloud could be helpful in paving the path for such collaborative contribution that will let multiple firms motivate to have a proportionate stake. Cloud Computing is the most advanced, innovative, and efficient computing utilities that can be implemented within the existing system as services. Recommendation can be made for the finance industries for implementing hybrid cloud system with appropriate differentiating the types of data and information that is about to be uploaded in the cloud. Cloud computing is playing a vital role in changing the face of the computing operations in the finance industries and providing facility to exchange data and access at anywhere. Cloud computing is being contributing in the changes to the provisioning and licensing and of methodologies and infrastructure for application deployment, delivery, and development. References: Ahmed, M., Hossain, M. A. (2014). Cloud computing and security issues in the cloud.International Journal of Network Security Its Applications,6(1), 25. Albakri, S. H., Shanmugam, B., Samy, G. N., Idris, N. B., Ahmed, A. (2014). Security risk assessment framework for cloud computing environments.Security and Communication Networks,7(11), 2114-2124. Almorsy, M., Grundy, J., Mller, I. (2016). An analysis of the cloud computing security problem.arXiv preprint arXiv:1609.01107. Asatiani, A., Apte, U., Penttinen, E., Ro?nkko?, M., Saarinen, T. (2014, January). Outsourcing of disaggregated services in cloud-based enterprise information systems. InSystem Sciences (HICSS), 2014 47th Hawaii International Conference on(pp. 1268-1277). IEEE. Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective.Procedia Technology,12, 529-534. Barlow, J. B., Warkentin, M., Ormond, D., Dennis, A. R. (2013). Don't make excuses! Discouraging neutralization to reduce IT policy violation.Computers security,39, 145-159. Chang, V., Walters, R. J., Wills, G. (2014). Review of Cloud Computing and existing Frameworks for Cloud adoption. Chou, D. C. (2015). Cloud computing: A value creation model.Computer Standards Coleman, S., Gb, R., Manco, G., Pievatolo, A., Tort?Martorell, X., Reis, M. S. (2016). How can SMEs benefit from big data? Challenges and a path forward.Quality and Reliability Engineering International,32(6), 2151-2164. Drissi, S., Houmani, H., Medromi, H. (2013). Survey: Risk assessment for cloud computing.International Journal of Advanced Computer Science and Applications,4(12), 2013. Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M. M., Incio, P. R. (2014). Security issues in cloud environments: a survey.International Journal of Information Security,13(2), 113-170. Furuncu, E., Sogukpinar, I. (2015). Scalable risk assessment method for cloud computing using game theory (CCRAM).Computer Standards Interfaces,38, 44-50. Gai, K. (2014). A review of leveraging private cloud computing in financial service institutions: Value propositions and current performances.International Journal of Computer Applications,95(3). Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., Khan, S. U. (2015). The rise of big data on cloud computing: Review and open research issues.Information Systems,47, 98-115. Hashizume, K., Rosado, D. G., Fernndez-Medina, E., Fernandez, E. B. (2013). An analysis of security issues for cloud computing.Journal of Internet Services and Applications,4(1), 5. Juliadotter, N. V., Choo, K. K. R. (2015). Cloud attack and risk assessment taxonomy.IEEE Cloud Computing,2(1), 14-20. Kshetri, N. (2013). Privacy and security issues in cloud computing: The role of institutions and institutional evolution.Telecommunications Policy,37(4), 372-386. Latif, R., Abbas, H., Assar, S., Ali, Q. (2014). Cloud computing risk assessment: a systematic literature review. InFuture Information Technology(pp. 285-295). Springer, Berlin, Heidelberg. Mahmood, M. A., Arslan, F., Dandu, J., Udo, G. (2014). Impact of Cloud Computing Adoption on Firm Stock PriceAn Empirical Research. McConky, K., Viens, R., Stotz, A., Galoppo, T., Fusillo, T. (2015).U.S. Patent No. 9,098,553. Washington, DC: U.S. Patent and Trademark Office. Modi, C., Patel, D., Borisaniya, B., Patel, A., Rajarajan, M. (2013). A survey on security issues and solutions at different layers of Cloud computing.The Journal of Supercomputing,63(2), 561-592. Moreno-Vozmediano, R., Montero, R. S., Llorente, I. M. (2013). Key challenges in cloud computing: Enabling the future internet of services.IEEE Internet Computing,17(4), 18-25. Pattnaik, M. S., Prusty, M. R., Dash, M. (2016). Cloud in financial services: Building value across enterprise.International Journal of Research in IT and Management,6(6), 25-32. Pearce, M., Zeadally, S., Hunt, R. (2013). Virtualization: Issues, security threats, and solutions.ACM Computing Surveys (CSUR),45(2), 17. Pearson, S. (2013). Privacy, security and trust in cloud computing. InPrivacy and Security for Cloud Computing(pp. 3-42). Springer London. Ryan, M. D. (2013). Cloud computing security: The scientific challenge, and a survey of solutions.Journal of Systems and Software,86(9), 2263-2268. Sanaei, Z., Abolfazli, S., Gani, A., Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges.IEEE Communications Surveys Tutorials,16(1), 369-392. Schulte, S., Janiesch, C., Venugopal, S., Weber, I., Hoenisch, P. (2015). Elastic Business Process Management: State of the art and open challenges for BPM in the cloud.Future Generation Computer Systems,46, 36-50. Smith, P., Haberl, H., Popp, A., Erb, K. H., Lauk, C., Harper, R., ... Masera, O. (2013). How much land?based greenhouse gas mitigation can be achieved without compromising food security and environmental goals?.Global Change Biology,19(8), 2285-2302. Stojmenovic, I., Wen, S. (2014, September). The fog computing paradigm: Scenarios and security issues. InComputer Science and Information Systems (FedCSIS), 2014 Federated Conference on(pp. 1-8). IEEE. Theoharidou, M., Tsalis, N., Gritzalis, D. (2013, June). In cloud we trust: Risk-Assessment-as-a-Service. InIFIP International Conference on Trust Management(pp. 100-110). Springer, Berlin, Heidelberg. Toosi, A. N., Calheiros, R. N., Buyya, R. (2014). Interconnected cloud computing environments: Challenges, taxonomy, and survey.ACM Computing Surveys (CSUR),47(1), 7.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.