High-level System Description

Dalis Consultants is a Wellington based small multi-media consultancy and is owned by Dave & Lisa Evans. The company was set up in the year 2010 to provide consultancy to the small and medium scale companies for improvement in the online digital presence. With the expansion of the business operations, it is now becoming difficult to manage the current human and non-human resources. The company has recently won a contract with a major tourism agency and there will be four new staff members required to be engaged for the project. The company has therefore decided to move to the town and the company will meet the new opportunities through Activity Based Working (ABW) strategy.

The high-level system will be based on the cloud architecture and network. There will be data servers present on the cloud that will be synced with the virtual network. Gateway will be used to connect to the on-premises network of Dalis Consultants which will comprise of the virtual machines. Each of these virtual machines network will be connected to the router and these routers will be connected with a switch. The switch and the gateways will connect and communicate with each other to establish a connection between cloud and on-premises network. The virtual machines present on the on-premises network will include the hardware as Laptops, Computer Systems, Personal Digital Assistants (PDAs), and Printers.

The operating systems that will be deployed on the laptops and computer systems in Dalis Consultants site will include Windows, Macintosh, Linus, and UNIX.

There will be business applications as development tools, design tools, testing tools, Big Data tools, database engines, and implementation tools.

The database servers that will be used for the system will be Microsoft SQL Server, MySQL, and NoSQL databases, such as MongoDB. Apple Filing Protocol (APF) and Network File System (NFS) are the file servers that will be involved in the system. Microsoft Exchange Server is the exchange mail server that will be utilised in this case. The firewalls that will be used in this case will be packet filtering firewalls and application level gateways.

Networking peripherals, such as routers, switches, and gateways will be involved.

The network architecture and diagram has been shown below. There are various cloud models that have been developed, such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The model that will be used in this case will be Software as a Service (SaaS) (Kulkarni, 2012). There will be data servers present on the cloud that will be synced with the virtual network. Gateway will be used to connect to the on-premises network of Dalis Consultants which will comprise of the virtual machines. Each of these virtual machines network will be connected to the router and these routers will be connected with a switch. The switch and the gateways will connect and communicate with each other to establish a connection between cloud and on-premises network. The virtual machines present on the on-premises network will include the hardware as Laptops, Computer Systems, Personal Digital Assistants (PDAs), and Printers.

Logical Representation of the Major Systems

The cloud computing model that will be used in the case of Dalis Consultants shall be Software as a Service (SaaS). SaaS is defined as a model in which the software is owned and delivered by the cloud vendor. The delivery of the software code and services is made on the basis of common data definitions and codes. The pay per use or subscription pricing model is used in this case of cloud model.

There are various reasons that are present behind the recommendation of SaaS as the cloud model for Dalis Consultants. The approach that Dave and Lisa have decided to go for will be Activity based Working. The requirements in this case will be dynamic and may change rapidly (Tan, Liu, Sun & Spence, 2013). The company therefore will not be required to purchase too many additional hardware tools and equipment as the applications and services will be hosted by the cloud vendor and providers. The vendor will arrange for the Application Programming Interface (APIs) to allow Dalis Consultants to carry out their activities. Pay per Use model will be involved as a pricing model that will make sure that the overall model and its associated services are cost-effective (Palos-Sanchez, Arenas-Marquez & Aguayo-Camacho, 2017). The ready-to-use time involved in this case will be less. The tourism agency that is the new client for the company will want the development, deployment, and implementation activities to begin quickly. SaaS model will ensure that rapid demonstrations and prototyping is quickly done. Technology is witnessing several changes with each passing day. The dynamic needs of Dalis Consultants along with the requirement of technology will be met by SaaS model as the updates and security patches will be released by the vendor at regular intervals. The management of these upgrades and security will be the responsibility of the vendor and any security occurrences will also be handled by the cloud provider. SaaS models also have higher adoption rates and lower learning curves as compared to PaaS and IaaS. Scalability is another primary reason and benefit that is associated with the SaaS model. It may be necessary to keep the applications and services scaled up or down as per the requirement (Garon, 2011).

Virtual Private Networks (VPN) will be used for internet connectivity. It will provide long-distance and secure connections to allow Dalis Consultants to establish a secure network infrastructure. The primary reason behind the recommendation of VPN for the company is the enhanced security that comes along with it (Sobh & Aly, 2011). There are various security threats and attacks that are observed in associated with the cloud networks and architectures. The use of VPNs will make sure that the data and information sets are encrypted and are kept protected at all times. Remote access, monitoring, and control will be possible for Dave, Lisa, and other senior resources in the company with the aid of a VPN. It may also be required for the company to share files with the tourism agency and other clients for longer periods of time. Such utility will be securely made possible through a VPN. These networks will also provide enhanced performance and bandwidth along with anonymity that may be required in certain scenarios. The maintenance cost that is associated with VPNs is generally low as compared to the other network connections. In this case these networks will be implemented and managed by a third-party and therefore surveillance and network setup will not be an issue (Kim & Yang, 2010).

Network Topology Diagram

High-speed fibre optic transmission will be used for transmitting the information. It will offer the benefits as:

• Extremely High Bandwidth: The other transmission mediums, such as coaxial cables and twisted pair cables do not offer the bandwidth as high as the one offered with fibre optics. Transmit per unit time that comes along with these cables is the best.
• Longer Distance: There is low power loss that is associated with the fibre optics which indicates that the long distance transmissions can be easily carried out.
• Resistance to Electromagnetic Interference and virtually noise free.
• Low Security Risk: There is a lot of concern regarding the data security risks and attacks and the use of fibre optics will provide alternate mechanism which will lead to the prevention and control of the data security risks as well.
• Signal Transmission. There is a use of light in the transmission of data or signals through fibre optics. As a result, the chances of data leakage or breaches are nullified providing a highly secure infrastructure (Al-Lawati, 2015).
• Small Size: These cables come with an extremely small diameter. The single multimode fibre comes with a diameter of about 2mm which is way smaller as compared to that of coaxial copper cable. This leads to enhanced space savings and better utilization.

Cisco Wi-Fi router will be used for establishing the network connectivity and it will be connected with the virtual machines as laptops, printers, computer systems, and other network peripherals. It will provide enhanced mobility and connections along with the improved responsiveness and better access to the information and data sets.

Purpose

The purpose of the procurement policy is to highlight the terms, conditions, and matters of agreement that will be considered as legal guidelines during the purchase of hardware necessary for new set-up of Dalis Consultants.

Scope

The scope of the policy is limited to the purchase of hardware tools and equipment necessary for Dalis Consultants.

Guidelines

• The head of IT will provide the list of the hardware that shall be procured and it would be essential to attach an IT Procurement Authorization form with each tool or equipment. The user’s line manager must sign and approve the same.
• A receipt of the form will be shared with the IT department and an acknowledgement of the same shall be shared followed by processing.
• The decision on the rejections or approvals of the requirements will be with the Head of IT.
• The decision of either acceptance or denial of a request by the Head of IT shall come along with a brief description and explanation behind the decision.
• In case of the change in quantity or type of the equipment then the IT needs to provide a confirmation on the changes to the suppliers.
• The preferred list of the suppliers for each of the equipment shall be shared with the procurement team. However, it must not be mandatory to go for the same set of suppliers. A market study shall be done as well (Hofstra, 2015).
• The equipment and tools procured shall be first sent to the IT department wherein it shall be checked in terms of adherence to the ordered quantity and product specifications. Any sorts of damage will also be verified in this stage and the equipment will then be transferred to its designated unit.  
• The delivery of the equipment from the IT department to the designated unit will be arranged by the IT department itself.
• The installation of the equipment and notification to the management regarding the completion of the delivery will be performed by the resources in the IT department.
• The set procedure will be followed in the process of configuration and installation and the security guidelines and protocols must also be followed during the process.
• A third-party contractor shall also be present at the time of installation and shall assist the IT staff in the process. The regulatory, security, and quality standards and guidelines shall be followed.

List of Hardware to be procured 

• Gateway will be used to connect to the on-premises network of Dalis Consultants which will comprise of the virtual machines.
• Each of these virtual machines network will be connected to the router and these routers will be connected with a switch.
• The switch and the gateways will connect and communicate with each other to establish a connection between cloud and on-premises network.
• The virtual machines present on the on-premises network will include the hardware as Laptops, Computer Systems, Personal Digital Assistants (PDAs), and Printers.

Roles & Responsibilities

• Head of IT: Approval/Rejection of the purchase orders along with explanation of the decision that is made.
• IT Manager & Staff: Assistance in the configuration and installation process, verification of the equipment received
• User’s Line Manager: Assurance that the procurement processes adhere to the policy and the standards specified.
• Supplier’s Head: Negotiations with the suppliers and contractors
• Market Analyst: Analysis of the market data and information on the hardware equipment performing the best and suitable for the company

Purpose

The purpose of the policy is to make sure that the software applications to be used and implemented in the organization are adequately done.

Scope

The scope of the policy is to provide the guidelines on the configuration, purchasing, licensing, and implementation of software applications.

Guidelines

• The CIO will provide the list of the software that shall be purchased and it would be essential to attach an Software Requirements Form along with the same.  
• A receipt of the form will be shared with the IT department and an acknowledgement of the same shall be shared followed by processing.
• The decision on the rejections or approvals of the requirements will be with the CIO.
• The decision of either acceptance or denial of a request by the CIO shall come along with a brief description and explanation behind the decision.
• In case of the change in specifications or type of the software package then the IT needs to provide a confirmation on the changes to the suppliers.
• The preferred list of the suppliers for each of the software shall be shared with the procurement team. However, it must not be mandatory to go for the same set of suppliers. A market study shall be done as well.
• The software packages purchased shall be first sent to the IT department wherein it shall be checked in terms of adherence to the ordered quantity and product specifications. Any sorts of compatibility or technical issues shall be reported immediately.   
• The configuration of the software package from the IT department to the designated unit will be arranged by the IT department itself.
• The installation of the software application and notification to the management regarding the completion of the delivery will be performed by the resources in the IT department.
• The set procedure will be followed in the process of configuration and installation and the security guidelines and protocols must also be followed during the process.
• A third-party contractor shall also be present at the time of installation and shall assist the IT staff in the process. The regulatory, security, and quality standards and guidelines shall be followed.
• The licensing and warranty details shall be validated.

List of Software Applications to be purchased

• Database Engines and Servers: Microsoft SQL Server, MySQL Database, and MongoDB NoSQL Cloud Database.
• Development & Design Tools: Microsoft Visual Studio, Adobe Dreamviewer, Microsoft Visio.
• Testing Tools: HP Quality Centre, Bugzilla, TestLink
• Microsoft Project
• Operating Systems: Windows, Macintosh, Linux, UNIX

Roles & Responsibilities

• CIO: Approval/Rejection of the purchase orders along with explanation of the decision that is made.
• IT Department: Assistance in the configuration and installation process, verification of the software package received
• Supplier’s Head: Negotiations with the suppliers and contractors
• Market Analyst: Analysis of the market data and information on the hardware equipment performing the best and suitable for the company
• Legal Representative: Verification on the licensing and warranty requirements

There are a number of security risks and attacks that may take place with the decision that has been taken by Dave and Lisa. It is because the use and involvement of cloud architecture and networks will lead to the presence of a number of access points. These access points may be utilized by the malevolent entities to give shape to the security attacks.

The common attacks that may occur include malware attacks, eavesdropping attacks, data breaches and leakage, exploitation of vulnerabilities, account hacking, man in the middle attacks, spoofing attacks, SQL injection attacks, denial of service attacks, distributed denial of service attacks, and phishing attacks (Rabai, Jouini, Aissa & Mili, 2013).

The security strategy that the organization shall follow and implement has been explained using the three types of controls that shall be used.

These shall include the development of an Information Security Plan & Policy for the company. This document shall list out all the possible types of security attacks that may take place along with the control strategy that shall be used for dealing with the same.

The information on the security roles and responsibilities shall also be specified so that there are no risks regarding the communication gaps and confusions among the resources. The Chief Information Security officer, Security Manager and senior advisors shall also carry out security audits and reviews. The adherence to the security protocols and standards shall be verified in this process (Julisch & Hall, 2010).

There are a number of logical and technical controls that may be used and must be implemented to deal with the security risks and attacks.

The primary set of tools include anti-malware and anti-denial tools to avoid and prevent the attacks by viruses, ransomware, adware, and other forms of malware along with the prevention against the denial of service attacks. There shall also be use of encryption mechanisms as well on the data and information sets. The proposed architecture makes use of Virtual Private Networks that will enhance the same. The use of encryption algorithms such as advanced encryption algorithm, hashing algorithms, multi-path asymmetric encryption, etc. shall be used. There are also multiple attacks that may take place due to network access points. These shall be avoided, detected, and controlled with the use of network-based intrusion detection and prevention systems, network logs, automated network monitors and scanners (Srivastava & Kumar, 2015).

The use of multi-fold authentication and advanced access control measures will be extremely essential. It is because the case of data breaches and leakages may occur because of the violation of the authorization principles. There are newer forms of access control measures such as role based and attribute based access control that shall be used along with the use of Biometric recognition and single sign on and one time passwords for authentication.

There are scenarios that occur with the involvement of cloud computing that lead to the violation of security principles. There shall be disaster recovery schemes and plans that must be developed by the organization to be ready with the strategies for damage control and recovery. There shall also be backup plans and schemes ready along with automated backup of the data and information sets that are used.

It is often seen that physical security is now disregarded with the advancement of technology. However, Dalis Consultants must place security guards and personnel at the entry and exit points to make sure physical security violation is not occurred.

There shall also be measures that must be taken for physical security of the devices that are used along with the data centres and server rooms that will be set up in the new location.

References

Al-Lawati, A. (2015). Fiber optic submarine cables cuts cost modeling and cable protection aspects. Optical Fiber Technology, 22, 68-75. doi: 10.1016/j.yofte.2015.01.009

Garon, J. (2011). Navigating Through the Cloud – Legal and Regulatory Management for Software as a Service. SSRN Electronic Journal. doi: 10.2139/ssrn.2025246

Hofstra. (2015). Information Technology Procurement Policy. Retrieved from https://www.hofstra.edu/pdf/about/it/it_equipment_purchasing_policy.pdf

Julisch, K., & Hall, M. (2010). Security and Control in the Cloud. Information Security Journal: A Global Perspective, 19(6), 299-309. doi: 10.1080/19393555.2010.514654

Kim, K., & Yang, H. (2010). VPN (Virtual Private Network) SW’s examination example analysis. Journal Of The Korea Academia-Industrial Cooperation Society, 11(8), 3012-3020. doi: 10.5762/kais.2010.11.8.3012

Kulkarni, G. (2012). Cloud Computing-Software as Service. International Journal Of Cloud Computing And Services Science (IJ-CLOSER), 1(1). doi: 10.11591/closer.v1i1.218

Palos-Sanchez, P., Arenas-Marquez, F., & Aguayo-Camacho, M. (2017). Cloud Computing (SaaS) Adoption as a Strategic Technology: Results of an Empirical Study. Mobile Information Systems, 2017, 1-20. doi: 10.1155/2017/2536040

Rabai, L., Jouini, M., Aissa, A., & Mili, A. (2013). A cybersecurity model in cloud computing environments. Journal Of King Saud University – Computer And Information Sciences, 25(1), 63-75. doi: 10.1016/j.jksuci.2012.06.002

Sobh, T., & Aly, Y. (2011). Effective and Extensive Virtual Private Network. Journal Of Information Security, 02(01), 39-49. doi: 10.4236/jis.2011.21004

Srivastava, H., & Kumar, S. (2015). Control Framework for Secure Cloud  Computing. Journal Of Information Security, 06(01), 12-23. doi: 10.4236/jis.2015.61002

Tan, C., Liu, K., Sun, L., & Spence, C. (2013). A design of evaluation method for SaaS in cloud computing. Retrieved from https://dx.doi.org/10.3926/jiem.66