Types of IaaS security

a.  Types of IaaS security

There are many different types of security that can be implemented to protect the database instance hosted on the IaaS infrastructure. These security systems or features are critical to the success of the cloud facility as it hosted within a public domain where different operations, services and users exist. Therefore, the following security measures are proposed for the IaaS instance:

Tokenization or encryption: As stated above, all the communications and operations of the cloud facility will exist within a public system which does not guarantee safety. In addition to this, the IaaS instance is most likely to be accessed by many individuals within the organization. Therefore, the content and the facilities used should be encrypted using high levels encryptions such as SHA and AES, while using passwords that are generated using the best access procedures (Joshi, Shrivastava, & Joshi, 2016).

IaaS isolation: Secondly, the IaaS instance should be compartmentalised to contain intrusions in case they happen. In essence, this security feature would create system isolations similar to those of system partitions. The isolated sections would then be accessed by the users based on their privileges and access levels.

Access policy and authentication: Finally, the access given to the users i.e. employees of Webb’s Stores should be based on clear-cut policy. Again, this policy would stem from the roles held by the employees, offering different access privileges based on their requirements. Furthermore, their access would be monitored by intrusion detection system having created personalized accounts that would be accessed using authentication procedures having access multiple factor (Vordel, 2011). 

b.  Benefits and risks of these security features

Benefits:

Virtualization conveniences – cloud computing offers a wide range of benefits such as the flexibility and scalability of IT resources. These benefits can only be achieved if the IaaS infrastructure is protected and well managed, an outcome facilitated by these security features.

Cost saving – in addition to the benefits of virtualization, the organization at hand would have minimal expenditures owing to the minimal repairs needed to maintain the IaaS instance. Webb’s Stores would have minimal system congestion and damages, inconveniences that are caused by system intrusions (staff, 2017).

Data security and privacy – another key benefit of having good security features which protect the data being used. Webb’s Stores uses a lot of data owned by its customers which needs the utmost security features to avoid its exposure.

Risks:

Data security and privacy – while these security features may increase the security of the data, they also risk its exposure as they require the users to provide confidential information in order to access the IaaS resources.

The ambiguity of resources – because two different parties are involved (Webb’s and service provider), the challenges of data ownership and the security protocols used may arise. Therefore, a state of ambiguity may arise as their responsibilities may be unknown (Potter, 2016). 

The risk of cloud migrations on:

a.  Database

Data ownership and control – while the data hosted on the cloud facility is legally owned by the leasing organization, its control is usually unknown. For one, the leasing organization cannot account for all the resources hosted online. Secondly, it cannot adequately track the same resources (Hexatier, 2016).

Benefits and risks of these security features

System security – the database system is migrated to a foreign environment which in most cases in unknown to the user. This process eliminates the physical security exhibited by on-premise storage facilities which are a considerable security risk.

Migration problems and changes – in addition to the security problems, the entire database system owned by Webb’s Stores will have to be migrated to a new facility. Now, consider the size of this database as determined by its content. There are considerable challenges of losing some of the data during the migration process. Furthermore, it presents many advanced changes to the operations of the organization.

b.  IaaS resource

Loss of system control – of all the service models offered by cloud computing, IaaS is said to offer the best control to the user because of the ability to moderate and control the physical infrastructure. However, this control is based on a virtualized system which generally is unreliable unlike physical systems (Katsanos, 2017).

Security – the same features that promote the extensive control of the IaaS infrastructure also exposes the model to many security problems. For one, if the system is compromised the entire cloud facility is affected as the user has extended access, a considerable security risk.

Downtime occurrence – cloud resources are online facilities that depend on the availability of the internet. Therefore, outages and delays will affect the business operations of the organization as the IaaS resource will be unavailable.

c.  Communication between Webb’s Stores and IaaS resource provider

Privacy – to improve the security of the systems being used, the service subscriber is often required to use confidential information to access online resources. This information will include addresses and identification numbers. Now, this requirement is precisely required for communication facilities as sensitive information is exchanged between the service provider and customers such as access problems (passwords) and payments (financial transactions). Therefore, the privacy of both the service provider and subscriber is at risk as this information may be lost or exposed in the public domain (Islam, Fenz, Weippl, & Mouratidis, 2017).

Cybercrime – secondly, the communication process takes place in a public environment i.e. the internet which is well known for its cybersecurity problems. Therefore, exchanging data within this framework is an inherent risk owing to the countless attack methods that can be used by intruders.

a.    Risks of using cloud backups and retrieval services

i.  Data backups

Unknown access windows/time – on-premise facilities are convenient for backup facilities as they are adequately accessed based on the network resources available. In essence, accessing the backup tapes is based on LAN speeds which are efficient. However, cloud resources rely on the speeds of the internet which will vary based on the existing network conditions  (Manes, 2012).

Data loss – while using backup tapes, organizations and users can access resources stored at any point in time. This resources can be old and even unrelated to the existing infrastructure as needed by the user. However, cloud backups overwrite the existing records which mean, the user cannot access old resources.

ii.  Cloud as data storage facilities

Data security – while using on-premise infrastructure for data storage, its security is almost guaranteed depending on the security measures put in place. However, the same conclusion cannot be achieved while using cloud resource because of the security risk involved i.e. virtualized storage and access methods that use online facilities (Lord, 2017).

The risk of cloud migrations on:

Minimal data control and management – cloud resources have been known to offer minimal control to the subscribers. This inconvenience extends to the storage facilities as the user is unable to track all the data migrated to the online facilities. Furthermore, the service provider can mix up resources owned by different subscriber leading to data exposure.

iii.  Data Retrieval

Access window and time – a similar risk as that experienced during the backup process, where the variations in the cloud connections affect the retrieval process of the backup resources. In essence, internet delays and congestion generally affect the process of re-acquiring the content stored online.

Data security – in addition to the inconveniences of time, the retrieval process is also subject to the security risks of the internet. Therefore, the subscriber can acquire intrusions such as malware while accessing the backup resources  (Healy, 2015).

b.    Webb’s DR plan based on the acquired cloud facilities

Although the recovery procedures of cloud facilities are rocked with many challenges as highlighted above, they also do provide the same benefits of virtualization. Now, based on this conveniences, Webb’s Stores disaster recovery plan would shift from a physical strategy to a virtualized system having several resources in an online infrastructure. This outcome would increase the reach of the DR plan, as multiple backup resources would be accessed by all business locations owned by the organization. Moreover, it would facilitate the isolation of the physical and the software resources an outcome that would minimize the replication expenses of the foundational elements of backup equipment. In all, the cloud resources would lower the overall cost of the DR plan while extending the benefits of virtualization to the recovery procedures. Moreover, they would also minimize the time of the recovery procedures, a key component of DR plans (Crump, 2017).

Access protection:

a.    IaaS resource

Multiple factor authentication – authentication is the main strategy of protecting the access procedures of any given digital system. This strategy will use different factors to give access to the resource. Therefore, in this instance, several factors should be used such as the combination of passwords with fingerprint scans (Healy, 2015).

Resource control and isolation – authentication should also collaborate with good management facilities where the IaaS resources would be isolated based on the needs of the user. This control/isolation would increase the accountability of the resources.

b.    Ms SQL server instance

SQL authentication and encryption – following the security features provided on all logical database instances of SQL systems, additional access procedures should be implemented. In this case, the access procedures would involve authentication and encryption protocols that would secure the SQL statements and instances  (Microsoft, 2017).

Packet filters – many people (Webb’s employees) would access the SQL database, either as front-end users or as back-end users. Therefore, all requests directed to the SQL server should be monitored and filtered for intrusions. In essence, the access resource should stop all unverified requests. Furthermore, it should keep an accurate record of the access given to the users.

c.    The cloud network infrastructure

Network administration – the networks used to access the cloud resources should be monitored to avoid intrusions and downtime instances. This administration would be conducted using network support tools such as firewalls and intrusion detection systems.

Access control/policy – having established the networks, the administration process can only be guaranteed if the users are monitored based on their access privileges. Again, this outcome will require an access strategy led by an adequate policy that would isolate the access given to different users of the cloud resource (Hexatier, 2016).

d.    Backup and restoration of the cloud facilities

Data encryption – since backup and restoration facilities majorly involve data, this resource should be protected against unauthorized access. The best security feature to provide this protection is encryption as it would only offer access to authorized members based on their access keys. Moreover, it would also protect the cloud resources as they are hosted on online facilities and are transported using public channels (Vordel, 2011).

End to end protection – an important access policy that guarantees the safety of the cloud resources as they are used by two different parties. Now, the security of digital systems is never guaranteed and is further intensified by the existence of multiple parties. End to end protection would ensure both parties implement standard security features to protect the access to the cloud resources. Now, this strategy (end to end protection) can be achieved using several procedures e.g. the use of end to end encryption (E2EE), a system that encrypts services based on specialized cryptographic keys.

References

Crump, G. (2017). A guide to a better cloud disaster recovery plan. Tech target, Retrieved 25 September, 2017, from: https://searchdisasterrecovery.techtarget.com/feature/A-guide-to-a-better-cloud-disaster-recovery-plan.

Healy, R. (2015). The Top 5 Risks of Moving to the Cloud. Retrieved 09 September, 2017, from: https://www.annese.com/blog/top-5-risks-of-moving-to-the-cloud.

Hexatier. (2016). Security Best Practices for Migrating your Database to the Cloud. Hexatier, Retrieved 25 September, 2017, from: https://www.hexatier.com/security-best-practices-for-migrating-your-database-to-the-cloud/.

Islam, S., Fenz, S., Weippl, E., & Mouratidis, H. (2017). A Risk Management Framework for Cloud Migration. Journal of risk and financial management, Retrieved 25 September, 2017, from: www.mdpi.com/1911-8074/10/2/10/pdf.

Joshi, B., Shrivastava, M., & Joshi, B. (2016). Security threats and their mitigation in infrastructure as a service. Science direct (Abstract), Retrieved 25 September, 2017, from: https://www.sciencedirect.com/science/article/pii/S2213020916301306.

Katsanos, K. (2017). Migration to Infrastructure-as-a-Service Is Putting Businesses at Risk. IT Biz Advisor, Retrieved 25 September, 2017, from: https://itbizadvisor.com/news/migration-to-infrastructure-as-a-service-is-putting-businesses-at-risk/.

Lord, N. (2017). Communicating the Data Security Risks of File Sharing & Cloud Storage. Data insider, Retrieved 25 September, 2017, from: https://digitalguardian.com/blog/communicating-data-security-risks-file-sharing-cloud-storage.

Manes, C. (2012). What are the risks of backing up your business data in the cloud? Disaster recover journal , Retrieved 09 September, 2017, from: https://www.drj.com/articles/online-exclusive/what-are-the-risks-of-backing-up-your-business-data-in-the-cloud.html.

Microsoft. (2017). Azure SQL Database access control. Microsoft Azure, Retrieved 09 September, 2017, from: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-control-access.

Potter, D. (2016). SaaS, PaaS and IaaS: What are all the risks? Arrow, Retrieved 25 September, 2017, from: https://ecsnamagazine.arrow.com/saas-paas-and-iaas-what-you-and-your-customers-need-to-know-about-the-risks/.

staff, S. t. (2017). 5 Important Benefits of Infrastructure as a Service. State tech, Retrieved 25 September, 2017, from: https://statetechmagazine.com/article/2014/03/5-important-benefits-infrastructure-service.

Vordel, M. (2011). SaaS, PaaS, and IaaS: A security checklist for cloud models. CSO from IDG, Retrieved 25 September, 2017, from: https://www.csoonline.com/article/2126885/cloud-security/saas–paas–and-iaas–a-security-checklist-for-cloud-models.html.