Security Controls implemented by AWS to protect IaaS instance

Discuss About The Resource Allocation Using Virtual Machines?

Webb’s Stores is a popular retailer of food items and specialty stuffs in Australia. The two major centres of data re in Sydney and Melbourne. The regional centres of data are in Wagga, Brisbane, Bathurst, Port Macquarie and Auckland. They have decided to migrate their database. Webb’s Stores is migrating their database from MS SQL to Amazon Web Services or AWS instance of IaaS (Garg, Versteeg & Buyya, 2013). AWS is one of the best infrastructures of cloud computing. The main advantage of AWS is that it is extremely safe and secure. Moreover, it is absolutely cost effective.

Cloud Service Provider or CSP is a public or private entity, which provides cloud infrastructure, security, applications, and storage or platform services for an entity or organization (Fernando, Loke & Rahayu, 2013). Amazon Web Services or AWS is one of the best cloud infrastructures available in the market. The main advantage of AWS is that it is extremely safe and secure. Moreover, it is absolutely cost effective (Xiao, Song & Chen, 2013). There are various security controls that are implemented by the Amazon Web Services for protecting their IaaS instance. The security controls of AWS are as follows:

Te above mentioned security controls have several advantages and disadvantages. They are as follows:

 Passwords: The main advantage of password is that it secures the entire infrastructure and the infrastructure becomes secured and protected due to this (Avram, 2014). The disadvantage of password is that there are certain software that can easily hack passwords. Often, it is considered as not absolutely secured.

Encryption: The advantage of encryption is that it encrypts or encodes a message and maintains the confidentiality (Dinh et al., 2013). The disadvantage of encryption is that it often creates problems while decoding the message.

Multi Factor Authentication: The main advantage of this type of authentication is that it protects or authenticates the infrastructure of AWS (Hashem et al., 2015. The disadvantage of multi factor authentication is that it is little complicated than other security measures.

Restrictive Firewall Policy: The main advantage of firewall policy is that it detects or prevents all type of virus or malware and thus protects the infrastructure (Fernando, Loke & Rahayu, 2013). The disadvantage is that it has several numbers of vulnerabilities within it.

Intrusion Prevention System: The major advantage of intrusion prevention system is that it detects and prevents intrusion in a system by intruders (Xiao, Song & Chen, 2013). The disadvantage of this system is that they cannot process any encrypted packets in the infrastructure.

Benefits and limitations of the Security Controls

Webb’s Stores will be getting benefitted by the security controls implemented by Amazon Web Services as their infrastructure will be protected by this.

There are several types of risks associated in the migration of database for Webb’s Stores (Avram, 2014). These types of risks are extremely dangerous for both the database and the organization.

The common threats that are associated with migrating of their database are as follows:

Loss of Data: Data might get lost while the database is migrated from MS SQL to AWS instance and it might not be recovered at all.

Database Corruption: Another significant risk associated with database migration (Sanaei et al., 2014). This is extremely common when the database consists of bulk amount of data.

The common risks that are associated with migrating of their IaaS infrastructure are as follows:

Attacks like DoS: Denial of service attacks are the most common risks associated with the migration of the IaaS infrastructure (Whaiduzzaman et al., 2014). The intruder denies the service and the service is slowed down.

Insider Threats: The cloud provider has all the access to the infrastructure. This can turn out to be risky.

The common risks that are associated with communications within Webb’s Stores and their IaaS infrastructure are as follows:

Breaching of Data: Data can be easily and quickly breached while there is any type of communication within Webb’s Stores and the IaaS database of the cloud (Xiao, Song & Chen, 2013). Hacker are responsible for data breaching.

Incompatibility in Database: This is another common risk while there is communications between Webb’s Stores and their IaaS infrastructure.

Backup and archival of records are extremely important for any database. Cloud plays the most significant role in case of backup and archival of records. Amazon Web Services follows extra security while backup and archival of their records (Avram, 2014). There are three steps of movement of records. They are the backup, storage and retrieval of records. However, there are few security issues regarding these steps.

Periodical data back ups are done in AWS.  During this step, certain threats can occur. They are as follows:

Security Issues: Data might get lost while the back up of data is done in the AWS instance and it might not be recovered at all (Whaiduzzaman et al., 2014). This is extremely vulnerable for any organization.

Control over Data: Data back ups are always done by cloud provider. There is always a chance that the confidential data can be intercepted during this (Sanaei et al., 2014). Amazon Web Services take extra care so that the control does not shift to any unauthorized entity.

Risks associated in the Database Migration

Webb’s Stores would be getting extreme benefit from this particular service and their data backup would be easier.

Data is stored for once and when it is done, it should be kept in mind that there are no vulnerabilities present within the storage. Cloud is the best storage for any types of data (Hashem et al., 2015). Amazon Web Services or AWS can help Webb’s Stores so that the data is stored in secured and perfect storage. During this step, certain threats can occur. They are as follows:

Security Issues: Data might get lost while it is stored in the storage of the AWS instance and it might not be recovered at all (Wei et al., 2014). This is extremely vulnerable for any organization.

Lacking in Standardization: The vendor of the cloud often becomes unsuccessful in following the standardization or standard rules of an organization (Rahimi et al., 2013). This is one of the most common risks that occur in data storage.

Webb’s Stores would be getting extreme benefit from Amazon Web Services and the storing of their data would be easier.

This is the third and final step of data migration to any infrastructure. The common risks of this step are as follows:

Data Leakage: There is always a high chance that the data would be leaked during the retrieval of data. AWS takes extra care so that the data is not leaked in the cloud. Once leaked, the data would definitely lose its integrity.(|Tao et al., 2014)

Snooping of Data: There is always a high chance that the intruders snoop in and checks the confidential data when it is retrieved (Sanaei et al., 2014). AWS provides intense care whenever data is retrieved from cloud.

AWS is the best infrastructure for any organization. It provides excess security while backups, storing and retrieval of data from the cloud. Webb’s Stores would be getting all the advantages from this particular infrastructure.

Cloud DR Plan means the backup and restore strategy in a cloud. The CSP is the cloud service provider. Here the cloud service provider is the Amazon Web Services (Arora, Parashar & Transforming, 2013). They have their innovative backup and restore plan for data. This plan helps in maintaining the security of data. Webb’s Stores must opt for the DR Plan of AWS. It is simple in nature. Moreover, it reduces the complications in data migration. The entire database is easily migrated by this strategy (Botta et al., 2012). Webb’s Stores would be the advantage of copying the entire set of confidential data thin the database. These are the major advantages of cloud backup and restore strategy of AWS.

Risks associated with the migration of the database

Access to the infrastructure or instance should be protected. Amazon Web Services protect their access to infrastructure by following few measures or approaches. They are as follows:

Any type of physical access to the infrastructure of cloud welcomes a hacker in the system. This particular access is prevented by Amazon Web Services easily (Rittinghouse & Ransome, 2016). AWS ever allows any type of unauthorized access to infrastructure.

The existing database of Webb’s Stores is the MS SQL Server R2. The access of this cloud instance can be protected by checking the access of the operating system (Rahimi et al., 2014). AWS helps in detecting the wrong access easily.

The cloud network infrastructure can be protected by regularly monitoring the server. This will check and reduce the excess and unsanctioned users from accessing the infrastructure.

The cloud backup and restoration infrastructure is needed to be checked that whether there is any risk or not (Garg, Versteeg & Buyya, 2013). If the access will be mitigated, automatically there would be more security. Two methods are given below.

Passwords: The main advantage of password is that it secures the entire infrastructure and the infrastructure becomes secured and protected due to this (Dinh et al., 2013). The access to the cloud back and restoration infrastructure can be mitigated by implementing passwords in the system.  

 Encryption: The advantage of encryption is that it encrypts or encodes a message and maintains the confidentiality (Almorsy, Grundy & Müller, 2016). The access to the cloud back and restoration infrastructure can be mitigated by implementing encryption algorithm in the system. 

References

Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.

Arora, R., Parashar, A., & Transforming, C. C. I. (2013). Secure user data in cloud computing using encryption algorithms. International journal of engineering research and applications, 3(4), 1922-1926.

Avram, M. G. (2014). Advantages and challenges of adopting cloud computing from an enterprise perspective. Procedia Technology, 12, 529-534.

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: a survey. Future Generation Computer Systems, 56, 684-700.

Dinh, H. T., Lee, C., Niyato, D., & Wang, P. (2013). A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), 1587-1611.

Fernando, N., Loke, S. W., & Rahayu, W. (2013). Mobile cloud computing: A survey. Future generation computer systems, 29(1), 84-106.

Garg, S. K., Versteeg, S., & Buyya, R. (2013). A framework for ranking of cloud computing services. Future Generation Computer Systems, 29(4), 1012-1023.

Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: Review and open research issues. Information Systems, 47, 98-115.

Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 5.

Rahimi, M. R., Ren, J., Liu, C. H., Vasilakos, A. V., & Venkatasubramanian, N. (2014). Mobile cloud computing: A survey, state of art and future directions. Mobile Networks and Applications, 19(2), 133-143.

Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and security. CRC press.

Sanaei, Z., Abolfazli, S., Gani, A., & Buyya, R. (2014). Heterogeneity in mobile cloud computing: taxonomy and open challenges. IEEE Communications Surveys & Tutorials, 16(1), 369-392.

Tao, F., Cheng, Y., Da Xu, L., Zhang, L., & Li, B. H. (2014). CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), 1435-1442.

Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. V. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386.

Whaiduzzaman, M., Sookhak, M., Gani, A., & Buyya, R. (2014). A survey on vehicular cloud computing. Journal of Network and Computer Applications, 40, 325-344.

Xiao, Z., Song, W., & Chen, Q. (2013). Dynamic resource allocation using virtual machines for cloud computing environment. IEEE transactions on parallel and distributed systems, 24(6), 1107-1117.