Background of Aztec

Question:

Discuss about the Service Delivery Models of Cloud Computing.

In the process of evaluating the implementation of the project on the migration of critical IT apps and sources of data to an external cloud in Aztec, the comparison will be made between different service providers and through negotiating, issues relating the law will be resolved. The standard regular act of cloud computing is to choose service provider available in the market by the offers they are given. IT does not support the negotiating philosophy. This contract will be open to cloud computing system prospective customers. Cloud computing has a nature that that opens a way for additional reviewing to ensure standard contract which is unique from the conventional internet service system (Martson et.al, 2011). The customers present in the contract direct particular attention to their legal duties and rights in the presence of any breach in the service system (George & Kumar, 2015). The cloud is a powerful media to facilitate the outsourcing of the infrastructure that is vital too. Interruption to the infrastructure can result in broad-ranging effects which is the reason why allocations of the liability should be taken in light of standard limitations for the stakeholders with responsibility. The service providers and the customers should go through the contract terms regarding the security risks till any issue happens about particular security related to the cloud system (Gangwar & Date, 2016).

Aztec is a re-known established financial service organization which deals with millions of dollar transactions and thus is therefore exposed to numerous risks that are common to conservative groups. The organization takes great care of the protection of the integrity and integration as well ensuring availability of its information data (Kousalya, Balakrishnan & Raj, 2017). The organization (Aztek) has an intention to migrate its critical IT operations and data sources to an external cloud hosting solutions. Since it is an enterprise, cost saving is seen as a highly important driving factor behind the idea of the Aztek movement of its critical operations to the cloud. But migrating the project requires being evaluated critically for risks and vulnerabilities associated with the cloud computing in the line of legal, market picture and complying frameworks of Australia. The data handled by Aztec is highly sensitive and confidential since the company is a financial services firm. There should be an extensive thought process undertaken in each stage a decision is made by the management of Aztec specifically if the decision is focusing an IT project that can involve working or exposing sensitive information. This type of decisions can expose the company to high risks and vulnerabilities. A single mistake in the data security can cost Aztec huge problems regarding money, reputation, compliance and can impend penalties from the government regulators (Kshetri, Fredriksson & Torres, 2017). Despite the Australian government encouraging the movement of the IT assets of corporate or non-corporate companies to cloud specifically for purposes of cost saving, the case study (Aztec) need to conduct a review on the migration of cloud computing project thoroughly via the following lines:    

• In the basis of the Commonwealth procurement rules, would the suggested cloud shifting be of value for the organization’s money?
• Will the project be in line with the rules as they are in the protective security frameworks?
• Do all the apps need to be shifted to the cloud?

Cloud Computing and Service Models

Through means of cloud computing, companies are enabled to access convenient access to a network that presents a range of computing assets like networks, services, storage services and many others which can fast be provision are availed once required. The key features of the cloud-based infrastructure include: 

• Self-provision of services according to customers’ demands.
• Use of services is monitored based on pay per use model and is transparent to the client.
• The services offered are available on the internet and can be accessed from across many places.
• Cloud computing based resources can be concentrated in one area and shared to many users

The cloud services are provided through three types of service models which are PaaS, SaaS, and Iaas. Aztek will be provided with the possibility to use software applications from the external hosting party, which is executed based on the infrastructure of the cloud, for instance, a web-based e-mail (El-Gazzar, Hustad & Olsen, 2016). The external provider manages the infrastructure and Aztek will be charged according to the usage of the services.

At present, Aztek maintains all of its IT applications and on its own internally, which openly shows its security posture as being within a closed perimeter. To access information on the organization resources is a must that one should have a connection to the company’s network which is managed and run by Aztek IT specialists internally (Mann & Shah, 2017). Also for the organization’s staff who work remotely, or for customers who want to access resources from the company, authentication mechanisms are highly employed to ensure that the people who access the information and company’s resources are legalized. The process gives Aztek a huge boost in ensuring its resources are more secure since the security framework will be run through the company’s own will (Khajeh-Hosseini, Greenwood & Sommerville, 2010). However, this type of safety posture has some dangers but presents the organization with surety that their data will be secure in their own hands rather than other parties. Aztek being a financial service provider to a large number of customers should tread carefully about the safety of the information that they hold and if it would be reasonable migrating their IT applications to an outside provider (Adamatzky, 2017).

In case Aztek opts to migrate its IT information assets like apps and database, the type of threshold that the cloud migration will experience on the company’s security posture will highly rely on the kind of service model and the model deployment that Aztek will decide to embrace in its operations (Buzin, Fournier & Arcushin, 2013). Going to a public cloud model and community cloud model implementation will expound on the security perimeter of the company to the cloud infrastructure provider because they will be overseeing the infrastructure and thus the organization will also incorporate the resources of the service provider in its operations. Migrating critical IT applications and resources at Aztek will increase the company’s obligations and thus should take all this into account before the adoption of the project. The duties will involve, reporting, SLAs, arrangements, networking security among many others which will be communicated to Aztek during the period of contract of cloud migrating project (Subashini & Kavitha, 2011). The company will now involve more parties in its operations when deciding on issues and this can drag the process of decision-making within the organization (Sturm, Pollard & Craig, 2017). By taking the critical information technology applications to an external provider, the organization will be laying practical customers information to a third party which breaches it and pose threats to confidential data.

Security Risks and Challenges

The responsibilities to maintain security in this project should be deliberated and shared between the hosting party (provider) and the customer who is Aztek Corporation. Hosting critical information such as payroll data of staff or clients’ account details and personal information on the external cloud can put the organization in great danger of data theft and attacks. The security responsibility sharing agreement between the organization and the provider becomes vital on this occasion so that each party can act at maximum security in its area of delegation. The public can be the likely choice if Aztek wants to move information which should be availed for public use and bears lower risks. Public cloud infrastructures are well equipped with adequate security measures compared to others, and this information in it has small risks. Therefore, this project may improve the security measures related to infrastructure when compared to the current security posture of the organization (Ramgovind, Eloff & Smith, 2010). A community-based cloud can have chances for applications that have a medium level of risks since it has features similar to those of a public cloud while upgrading the security requisitions. Systems that handle high-risk information for instance customer account information cannot be safe in the hands of a public or a community cloud because it can easily result in loss of control over the organization information security and infrastructure (Ward et.al, 2010). Thus, the anticipated migration of cloud computing and other critical IT applications at Aztek can be at high risk to company’s management because the underlying security risks which can lead to loss of customers’ data and tarnish the organization’s picture. A private cloud remains the best option for the company because the level of sensitivity of the information dealt with aids reduces the security risks and challenges at the same time opposing the effects of the existing security posture.

When taken to a larger scale, all types of security measures starting from the minimum size to the larger one become less expensive and therefore, similar investments result to an improved quality of security level. Preventive measures such as management of patch, tightening of virtual machines and hypervisors, as well as filtering, are put into consideration too with some locations, edge networks that make the content to be processed of conveyed to the final point nearer to it and within less time which is all scale benefits.

A standardized and opened interface is of benefit to managed security service. This interface is provided by a high number of external and private providers of cloud computing systems (Jamshidi, Ahmad & Pahl, 2013). It plays a key role in the creation of a more open market in the perspective of secure services availability.

Deployment Options and Considerations

Reallocation ability for resources used in authentication, shaping, traffic, filtering, and encrypting dynamically specifically for issues such as DDoS attack is surely a merit for the resilience of the moving cloud computing applications (Williams, 2010).

A devoted, pay per use representations of a virtual machine can be availed by the cloud computing service provider which also adopts the virtualization philosophy is done through a taking a forensic analysis of the infrastructure online. The cloud computing system comes with a low-cost method of logging with no compromises to the level of quality of the service offered by the cloud.

Risk assessment is evaluating the possibility of disaster phenomenon which is measured against the adverse effect (Mather, Kumaraswamy & Latif, 2009). The adverse effect is also estimated. The threshold of every incidence and its impact on an organization can be given by skilled human resources in that field and is important for an organization or cloud provider designing a given cloud model.  The assessment of the risks likely to be faced by Aztek in the anticipated project is given on a scale of 0 to 8. The scale implies;

In a cloud system, the clients always make an effort of gaining control from the CP or the hosting party regarding some problems that can adversely impact the cloud computing security system (Mohapatra & Lokhande, 2014). However, the SLAs at other times are unable to avail the same for the provider. This is where a change in security breaching of defense system occurs.  

The probability of the risk occurring is very high as well as the risk.

Security posture impact	Very high in SaaS Low in SaaS
Effect	Very high
Vulnerabilities	v Insufficient standards of solutions and technologies v Poor role of divisions and adoption v Difficulties in measuring up to the set or promised obligations externally to cloud computing v Numerous data centers in many places hence low transparency v Ownership of resources become hard to decide.
	v Loss of customer trust v Bad picture of Aztek in the market due to loss of customer data v Possible loss of staff personal information v Low service delivery
Risk	High

Cloud computing systems are identified through their ability to share as well as the ability to hold many parties together. The risk associated with this is highly linked with failure occurring in the cache, separation system, routing, storage and relation between many tenants which is also referred to as guest hopping attack (Gatewood, 2009). The risk is high.

Probability of risk occurring	Low in a private cloud Medium in a public cloud
Impact	Very high
Vulnerabilities	v VMs hypervisor vulnerabilities v An organization cannot change its reputational isolation v Possible attacks on cloud networks due to hacking posed by the high number of people within the network
	v Loss of customer trust v Bad picture of Aztek in the market due to loss of customer data v Possible loss of staff personal information v Low service delivery
Risk	High

The implementation of the project brings a compromise on the customer interfaces and management within a cloud which open and has broad access to resources via the internet. Here, the risk is accumulated if dangers of remote access and web browser are merged (Aceto et.al, 2013). The risk under this is medium.

Probability of risk occurring	Medium
Impact	Very high
Vulnerabilities	v Giving management console remote access v Poor management of system patches and problems with the migrated cloud applications
Consequences	v Possible loss of staff personal information v Low service delivery v Loss of customer trust v Bad picture of Aztek in the market due to loss of customer data
Risk	Medium

It is among the top threats for cloud computing, and thus the providers or cloud designers should take the role of designing the cloud in a manner that system administration and security management service is well functioning. It is possible for clients to shift the risks involved here to the cloud provider. The risk possibility is high in this threat.

Probability of risk occurring	Medium
Impact	Very High
Vulnerabilities	v Lack of proper implementation and definition of roles v No appropriate processes for handling physical and information security v Data processing is not encrypted v Main security officers have no separate application to monitor the cloud system
	v Low service delivery v Loss of customer trust v Possible loss of staff personal information v Bad picture of Aztek in the market due to loss of customer data
Risk	High

Mitigating Security Risks and Challenges

The risk here occurs when a request to delete data from the cloud is made because the deletion made through the cloud does not truly delete the data from the system (Sripanidkulchai et.al, 2010). Fast data deletion is unachievable and undesirable for a customer because the time needed for the action through the cloud cannot be accessible and thus there may be difficulties in freeing up space. This risk is medium in cloud computing.

Probability of risk occurring	Medium
Impact	Very high
Vulnerabilities	v Cloud system is not able to conduct a sensitive cleaning of media and devices.
	v Possible loss of personal critical information
Risk	Medium

Both the customer (Aztek) and the external cloud provider faces numerous risks for data protection. The problem becomes bigger if an organization or customer is also a data controller in checking and providing a means of handling the data legally. The risks are most prevalent when data is routed by several transfer methods such as clouds (Carroll, Van Der Merwe & Kotze, 2011). To reduce this, some cloud providers give their policies and procedure to be followed when handling data. The risk involved here is high, and so is the impact they cause.

Probability of risk occurring	High
Impact	High
Vulnerabilities	v Lack of transparency in data center sited in some jurisdictions in their information
	v Loss of customer trust v Bad picture of Aztek in the market due to loss of customer data v Possible loss of staff personal information v Low service delivery
Risk	High

From the view of the risks assessed in the preceding part above, it can be suggested that with the knowledge of the possible risks related to data security, migration of critical IT services and applications at Aztek should be outsourced to three differing cloud service providers. Each of the providers should avail a unique model of service and host some different type of apps (Boampong & Wahsheh, 2012). It will help reduce concentrating data in a sole provider and therefore the risk of losing data will be significantly reduced. When this is implemented, services can be joined through a way of federated management identity solution. This type of model is referred to as the federated cloud.

Through this model, the cloud provider will give the cloud infrastructure as SaaS model which will be used for apps like email systems, desktop applications, and message. The centers of the data will be located in different areas across the globe to enable access to data from a wide range to the organization’s customers. The other provider will be providing services like availing PaaS model that will involve housing the development and launching of custom apps. These apps will be used by the organization to improve on the means of providing services in the financial sector with the long-term goal being the increasing quality of services and productivity (Mohapatra & Lokhande, 2014). The last service provider will provide cloud infrastructure for supporting apps and source of data like human resource CRM, finance, accounting among others through IaaS model. At the start, the company would be liable for controlling the devices of danger recovery, and continuity of an enterprise for the apps moved to PaaS and IaaS models through the means of current infrastructure. For the apps moved by use of SaaS model, the external provider will be answerable for continuity of the company and support of data and services for a specified period. The medium and long-term disaster is recovering, and backup services can be purchased for the cloud providers in each model.

Benefits of Cloud Computing

Conclusion

Aztec is likely to witness an efficient, scalable and reliable management solution in its operations if it migrates its critical IT applications and services to the three service providers. The organization has a high chance to achieving its objectives and expounding its services to more marginalize locations. For management purposes, and the internal direct solution may not be a good choice for the organization since it will add on to the responsibilities within it. The company should go a solution that would provide one sign on or off a unison of all directory services, which only one app and interface of any kind that the management requires. The application should help establish a safe managing of encrypted signs and keys and push for the right access to control policies. A solution that presents users of cloud computing systems including the customers, employees, etc. and be in line with requisitions and security policies of Aztek would be needed in future.

References

Aceto, G., Botta, A., De Donato, W., & Pescapè, A. (2013). Cloud monitoring: A survey. Computer Networks, 57(9), 2093-2115.

Adamatzky, A., Akl, S., Burgin, M., Calude, C. S., Costa, J. F., Dehshibi, M. M.. & Margenstern, M. (2017). East-West paths to unconventional computing. Progress in Biophysics and Molecular Biology.

Boampong, P. A., & Wahsheh, L. A. (2012, March). Different facets of security in the cloud. In Proceedings of the 15th Communications and Networking Simulation Symposium (p. 5). Society for Computer Simulation International.

Buzin, M. S., Fournier, F., & Arcushin, S. (2013). FIspace Design and Release Plan.

Carroll, M., Van Der Merwe, A., & Kotze, P. (2011, August). Secure cloud computing: Benefits, risks and controls. In Information Security South Africa (ISSA), 2011 (pp. 1-9). IEEE.

El-Gazzar, R., Hustad, E., & Olsen, D. H. (2016). Understanding cloud computing adoption issues: A Delphi study approach. Journal of Systems and Software, 118, 64-84.

Gangwar, H., & Date, H. (2016). Critical Factors of Cloud Computing Adoption in Organizations: An Empirical Study. Global Business Review, 17(4), 886-904.

Gatewood, B. (2009). Clouds on the information horizon: how to avoid the storm: cloud-based solutions, such as web-based e-mail, have many advantages. But organizations must be aware of the compliance issues related to storing their information outside of their own control. Information Management Journal, 43(4), 32-37.

George, J., Kumar, V., & Kumar, S. (2015). Data Warehouse Design Considerations for a Healthcare Business  Intelligence  System. In World Congress on Engineering.

Jamshidi, P., Ahmad, A., & Pahl, C. (2013). Cloud migration research: a systematic review. IEEE Transactions on Cloud Computing, 1(2), 142-157.

Khajeh-Hosseini, A., Greenwood, D., & Sommerville, I. (2010, July). Cloud migration: A case study of migrating an enterprise it system to iaas. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 450-457). IEEE.

Kousalya, G., Balakrishnan, P., & Raj, C. P. (2017). The Hybrid IT, the Characteristics and Capabilities. In Automated Workflow Scheduling in Self-Adaptive Clouds (pp. 199-221). Springer International Publishing.

Kshetri, N., Fredriksson, T., & Torres, D. C. R. (2017). Big Data and Cloud Computing for Development: Lessons from Key Industries and Economies in the Global South. Taylor & Francis.

Mann, A., & Shah, P. J. (2017). Framework for Analyzing Security Issues in Business Intelligence and Analytics in Cloud.

Marston, S., Li, Z., Bandyopadhyay, S., Zhang, J., & Ghalsasi, A. (2011). Cloud computing—The business perspective. Decision support systems, 51(1), 176-189.

Mather, T., Kumaraswamy, S., & Latif, S. (2009). Cloud security and privacy: an enterprise perspective on risks and compliance. ” O’ Reilly Media, Inc.”.

Mohapatra, S., & Lokhande, L. (2014). Cloud Computing and Social Commerce. In Cloud Computing and ROI (pp. 41-65). Springer International Publishing.

Ramgovind, S., Eloff, M. M., & Smith, E. (2010, August). The management of security in cloud computing. In Information Security for South Africa (ISSA), 2010 (pp. 1-7). IEEE.

Sripanidkulchai, K., Sahu, S., Ruan, Y., Shaikh, A., & Dorai, C. (2010). Are clouds ready for large distributed applications? ACM SIGOPS Operating Systems Review, 44(2), 18-23.

Sturm, R., Pollard, C., & Craig, J. (2017). Application Performance Management (APM) in the Digital Enterprise: Managing Applications for Cloud, Mobile, IoT and eBusiness. Morgan Kaufmann.

Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of network and computer applications, 34(1), 1-11.

Ward, C., Aravamudan, N., Bhattacharya, K., Cheng, K., Filepp, R., Kearney, R…. & Young, C. C. (2010, July). Workload migration into clouds challenges, experiences, opportunities. In Cloud Computing (CLOUD), 2010 IEEE 3rd International Conference on (pp. 164-171). IEEE.

Williams, M. I. (2010). A quick start guide to cloud computing: moving your business into the cloud. Kogan Page Publishers.