Migration of the MS SQL Server 2012 R2

Infrastructure as a service offers computational resources to subscribers which increases their overall system control as compared to other cloud services. This extended control comes with high-security requirements as many resources are provided to the subscribers. Due to this requirement, most CSP (Cloud Service Providers) will offer adequate security feature to safeguard the IaaS resources however, their implementation should be supplemented with extended user feature to protect the resources. Therefore, for the database system at hand, the following security features would be used to protect the IaaS resource in a public domain  (Walker, 2015).

Overall data encryption – the most significant type of security used in online systems as it protects the content being ferried through public systems. In essence, only the verified members can access the real content using encryption/decryption keys which prevents intrusion instances (Microsoft, 2017).

Access control – while encryption does protect the data involved, the organization must also ensure that only the authorized members access the IaaS infrastructure. This security feature increases accountability by outlining those who access the database system.

Access brokers – outlined by CSPs as the answer to system administration, access brokers are tools that identify, locate and mitigate operational risks. Furthermore, they increase cloud security by expanding data protection through higher levels of system encryption notwithstanding the data encryption (Walker, 2015).

Security – Webb’s Stores will be able to protect the resources it uses more so, the data stored in the MS SQL servers. Furthermore, it will ensure that the mission-critical data is used by the verified members across the public infrastructure of IaaS.

Accountability – a security feature such as access control will provide detailed accounts of those accessing the IaaS system thus provide a record for boosting system accountability ().

Operational flexibility – having established the security features outlined, the users/subscribers need not worry about the security risks involved. For instance, operational inconveniences such as server crashes and congestion are drastically minimized which improves the overall functionalities (Shumaker, 2016).

Conflict of security systems – the security features outlined will offer protection to the IaaS system using different parameters and protocols. These protocols may conflict by mutually identifying each other as security risks thus interfere with the operation of the cloud resources  (Mehtra, 2014).

Data privacy – a common challenge today as digital systems more so, online systems require extensive records of user information which may infringe on their personal privacy rights. In essence, the users may be required to present confidential information in order to safeguard their IaaS accounts which outline the privacy risks involved (Seclud, 2017).

Migration challenges – although the statement may seem ambiguous, the migration process outlines many sustainable risks. For one, moving the data involved in cloud computing can be classified as an extensive process that requires a project-like approach to successfully accomplish it, and like any other project, it may fail on some occasions due to the complexities of the duties involved  (Healy, 2015).

Security and privacy – first the CSP will store data in unknown locations which raises the first security concern as the data may be interfered with. Moreover, the subscriber gives a third party member access to confidential resources which raises privacy concerns among the users.

Types of IaaS Security

Operational complexities – as the end user, organizations such as Webb’s Stores will have to adapt to many, new and drastic changes owing to the data migration. Therefore, new complexities are introduced into the database operations (Seclud, 2017).

System control – as outlined before, IaaS offers extensive control to subscribers. This control has many associated challenges most of which are related to its security where intruders may access resources by compromising some subsidiary features of the resources. Furthermore, with cloud resources, the subscriber is unable to track all the resource used which interferes with their overall control (Badola, 2015).

Downtime instances – IaaS infrastructure will depend on the internet to provide the resources at hand. Therefore, the operation of these resources will inherently depend on the features and parameters of online systems including latency, bandwidth and throughput among others. A consequence of this dependence is downtime instances when system connections are affected by delays and other operational inconveniences (Healy, 2015).

Security – since the IaaS database system will be located in a public domain, the communication between the two parties will also be conducted through public channels. This outcome presents many considerable risks as intruders can access them interfering with the communication process  (Romes, 2013).

Data privacy – the parties involved will continuously exchange confidential information which again is exposed to a public infrastructure. Therefore, the users will have to contend with the potential risk of exposing their sensitive information to the public.

Content retention – accurate records of the communication processes are maintained by online resources which may compromise the entire system if these records fall into the wrong hands. These records will also include log files which detail the access procedures used.

Data loss – although they are outlined as traditional and conventional systems, backup tapes offer a convenient resource for backing up data. Moreover, they provide this convenience based on the time requirements of the users which means a subscriber can retrieve records from any given period of time. However, cloud backups are designed in using a structure that erases the existing records to cater for the new content. This outcome prevents the user from accessing old records if they are needed (Manes, 2012).

Extended backup windows – while transferring the records to be stored in the cloud backups, the subscribers are subject to the delays of online infrastructures. Therefore, unlike on-premise resources, the speed of the backup structure will be subject to the internet speeds which is a substantial risk as the process may be time sensitive. Moreover, the backup process must also have to contend with the security risks of online infrastructures which could also impose more delays and congestion.

Restoration time – similar to the backup process, the data restoration process is also subject to the same delays of the online infrastructure. In essence, the subscribers will have a limited window while accessing their online backups which is another risk as the restoration process may be time sensitive (O’Sullivan, 2017).

Data management – control is outlined as a substantial risk of cloud resources as the subscribers are unable to tag and track the resources involved. The same risk extends to the data used as the subscribers is not able to track all the records ferried across the cloud infrastructure. Therefore, the subscriber may lose some of the data, only to discover the problem when the content is needed (Healy, 2015).

Benefits and Issues of Security Features

Downtimes (Online resource) – unlike in-house facilities which can be used even without an internet connection, cloud resources will only function when an internet connection is available. Therefore, in case of a system outage, the storage process will be halted and thus will affect the operation process.

Access time – retrieving data from any facility is always time sensitive as the resources are usually needed for a certain functionality. This requirement may be affected by the cloud infrastructure which as outlined before is subject to the operational parameters of online resources i.e. delays and bandwidth.

Intrusion – while retrieving data from an online resource, the subscriber will provide the CSP with extended access to on-premise resources. This extended access can be used by intruders to compromise systems owned by a subscriber. In essence, the intruder may track the retrieval process back to the subscriber having compromised the cloud facility  (Sovetkin, 2017).

Webb’s Stores will shift its disaster recovery plan to include virtualized structures which will increase the efficiency of the recovery process. In essence, the DR plan which includes the backup servers will be moved to cloud resource having all the operational parameters i.e. Software, operating systems and even system patches. Moreover, the physical infrastructure will also be leased from the CSP which generally will lower the overall cost of the DR plan. In addition to this, the recovery tools will be independent of the physical infrastructure which will facilitate their application in the different branches of the organization  (tech, 2017). Therefore, in case of a disaster, the organization will be able to retrieve its original data from the cloud facility while being stationed in any backup location. In the end, the cloud resources will improve the DR plan by lowering the overall cost and time of the recovery procedures.

Access control strategy – using the triple-A mantra (Authentication, authorization and accountability), all users accessing the IaaS resources should be known and authorized based on an access policy having different accessibility. This strategy would improve accountability and would be offered using a wide range of security protocols as well as applications (Mehtra, 2014).

Management of resources – to maintain the integrity of resources acquired from the CSP, the subscriber should monitor and track all the data and infrastructure used. This process can be accomplished using firewalls and intrusion detection systems to verify the authenticity of the resources used.

First, SQL authentication – any logical database created using any SQL instance will contain access parameters i.e. usernames and passwords. These parameters should be implemented using the utmost security procedures including brute force resilient codes e.g. those having special characters. Moreover, these authentication parameters should be changed regularly to boost their effectiveness.

System firewalls – consisting of packet filters, this feature would assess all the data packets exchanged between the subscriber and cloud provider. Through this assessment, the firewalls would account for those getting access to the online resources based on specified access criteria  (Microsoft, 2017).

IDS and Firewalls – network intrusion detection systems monitor network nodes and alert the administrators in case of any variations. These systems would monitor the general access to the cloud network infrastructure where based on the access policy, only verified members and data packets would be allowed.

Access policy – consisting of different access levels or limitations, the users from the subscribing organization would be able to isolate network access based on the employees’ roles. This policy would increase accountability and improve the effectiveness of the access procedures used (Healy, 2015).

Tokenization – also known as encryption, tokenization is the process of encrypting data to ensure only the verified members are able to view and understand the content being used. Since the backup and restoration processes are conducted using public channels, tokenization would ensure only the verified members (company branches and employees) access the organization’s data (Sovetkin, 2017).

Security brokers – security brokers’ offers end to end access encryption which protects the parties involved. In this instance, there are two different parties who have different security procedures. By implementing the security brokers, the subscriber and CSP would ensure that their communication is safeguarded particularly during backup/restoration procedures.

References

Badola, V. (2015). Cloud migration: benefits and risks of migrating to the Cloud. Cloud Migration for Enterprises , Retrieved 22 September, 2017, from: https://cloudacademy.com/blog/cloud-migration-benefits-risks/.

Healy, R. (2015). The Top 5 Risks of Moving to the Cloud. Retrieved 09 September, 2017, from: https://www.annese.com/blog/top-5-risks-of-moving-to-the-cloud.

Manes, C. (2012). What are the risks of backing up your business data in the cloud? DR Journal, Retrieved 22 September, 2017, from: https://www.drj.com/articles/online-exclusive/what-are-the-risks-of-backing-up-your-business-data-in-the-cloud.html.

Mehtra, H. (2014). Issues and Standards in Cloud Security. Retrieved 09 September, 2017, from: https://www.cse.wustl.edu/~jain/cse571-14/ftp/cloud_security/index.html.

Microsoft. (2017). Azure SQL Database access control. Microsoft Azure, Retrieved 09 September, 2017, from: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-control-access.

Microsoft. (2017). Security Considerations for SQL Server in Azure Virtual Machines. Microsoft Azure, Retrieved 22 September, 2017, from: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sql/virtual-machines-windows-sql-security.

O’Sullivan, F. (2017). Top Ten Major Risks Associated With Cloud Storage. Cloudwards, Retrieved 22 September, 2017, from: https://www.cloudwards.net/top-ten-major-risks-associated-with-cloud-storage/.

Romes, R. (2013). The Benefits and Risks of Cloud Computing. Cla connect, Retrieved 09 September, 2017, from: https://www.claconnect.com/resources/articles/the-benefits-and-risks-of-cloud-computing.

Seclud. (2017). The 3 main Security risks in IaaS Cloud . Product News, Retrieved 22 September, 2017, from: https://secludit.com/en/blog/3-main-security-risks-in-iaas-cloud/.

Shumaker, L. (2016). 5 key benefits of the Microsoft Azure Cloud Platform. Menlo Technologies, Retrieved 22 September, 2017, from: https://info.menlo-technologies.com/blog/5-key-benefits-of-the-microsoft-azure-cloud-platform.

Sovetkin, M. (2017). IaaS Security: Threats and Protection Methodologies. eSecurity planet, Retrieved 09 September, 2017, from: https://www.esecurityplanet.com/network-security/iaas-security-threats-and-protection-methodologies.html.

tech, O. (2017). Benefits of Disaster Recovery in Cloud Computing. Retrieved 09 September, 2017, from: https://www.onlinetech.com/resources/references/benefits-of-disaster-recovery-in-cloud-computing.

Walker, S. (2015). 5 Benefits of a Cloud Computing Security Solution. TBCONSULTING, Retrieved 09, September, 2017, from: https://www.tbconsulting.com/blog/5-benefits-of-a-cloud-computing-security-solution/.