ASSIGNMENT 2 BRIEF

Qualification BTEC Level 5 HND Diploma in Computing

Unit number Unit 16: Cloud Computing

Assignment title Cloud’s implementation and security threats

Academic Year 2021 – 2022

Unit Tutor Ho Hai Van

Issue date Submission date

IV name and date

Submission Format:

Format:
A report (in PDF format)
You must use font Calibri size 12, set number of the pages and use multiple line spacing at
1.3. Margins must be: left: 1.25 cm; right: 1 cm; top: 1 cm and bottom: 1 cm. The reference
follows Harvard referencing system.
Submission Students are compulsory to submit the assignment in due date and in a way requested by
the Tutors. The form of submission will be a soft copy posted on
http://cms.greenwich.edu.vn/
Note: The Assignment must be your own work, and not copied by or from another student or from
books etc. If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you
must reference your sources, using the Harvard style. Make sure that you know how to reference
properly, and that understand the guidelines on plagiarism. If you do not, you definitely get failed

Unit Learning Outcomes:

LO3 Develop Cloud Computing solutions using service provider’s frameworks and open source tools.

LO4 Analyze the technical challenges for cloud applications and assess their risks

Assignment Brief and Guidance:

Task 1

Base on the scenario and architecture design in the first assignment provide the
implementation. Because of the time constraint of the assignment, the implementation just

Page 1
provides some demo functions of the scenario. The implementation includes two parts:

 A step-by-step instruction
o which shows which functions are implemented
o How to config, deploy and test the services (Web application, Database Server,
Source code management, server logs...) using service provider’s frameworks
and open-source tools.
o Images for the built functions
 A brief discussion about difficulties which one can face during the development
process(optional)
 The source code for the built application

Task 2

The table of contents in your security manual (which should be 500–700 words) should be
as follows:

1. Analysis of the most common problems and security issues of a cloud computing
platform.
2. Discussion on how to overcome these issues.
3. Summary.

Page 2
 Learning Outcomes and Assessment Criteria

Pass Merit Distinction

LO3 Develop Cloud Computing solutions using service provider’s

frameworks and open-source tools
P5 Configure a Cloud
Computing platform with a
cloud service provider’s
framework.
D2 Critically discuss how one
can overcome these issues and
constraints.
M3 Discuss the issues and
constraints one can face during
the development process.

P6 Implement a cloud platform

using open-source tools.

LO4 Analyse the technical challenges for cloud applications and

assess their risks

P7 Analyse the most common M4 Discuss how to overcome D3 Critically discuss how an
problems which arise in a Cloud these security issues when organisation should protect
Computing platform and building a secure cloud their data when they migrate
discuss appropriate solutions to platform. to a cloud solution.
these problems.
P8 Assess the most common
security issues in cloud
environments.

Page 3
 TABLE OF CONTENTS
P5. Configure a Cloud Computig platform with a cloud service provider’s framework …………………………… 5
P6. Implement a cloud platform using open source tools ……………………………………..………………………………. 5
P7. Analyse the most common problems which arise in a Cloud Computing plarform and discuss
appropriate solutions to these problems …………………………………………………………………………………………….. 10
P8. Assess the most common security issues in cloud environents ………………………………………………………. 17

Page 4
P5. Configure a Cloud Computing platform with a cloud service provider’s framework.
P6. Implement a cloud platform using open source tools.
In order to be able to deploy the application to the cloud platform, we need to select a cloud service
provider and include a cloud service provider. I chose Heroku as a cloud platform to provide application
drivers .
Below I will show you the steps to take:
You need to create a Heroku account to be able to use this service. If you already have an account, please
log in, if you do not have one, you must register an account to use the free Heroku service.

Heroku login page: https://signup.heroku.com/login

Create new app

Page 5
 Overview the code

Overview after complete upload websit to heroku

Page 6
Adding new product

Page 7
Update, you can change the info of the product or delete it

Page 8
Updating product info Deleting product info

Page 9
 P7. Analyse the most common problems which arise in a Cloud Computing platform and discuss
appropriate solutions to these problems.
To answer the main question of what are the challenges for cloud-based computing, below we have
expanded upon some of their findings and provided additional problems that businesses may need to
address. Let’s start with the ever-pressing subject of cybersecurity.

1. Security issues

We mentioned the hot debate surrounding data protection in our definitive business intelligence
trends guide. Like many other branches of technology, security is a pressing concern in the world of cloud-
based computing, as you are unable to see the exact location where your data is stored or being processed.
This increases the risks that can arise during the implementation or management process.

Currently, 93% of leading companies across sectors are highly concerned about experiencing a significant
data breach within their cloud-centric ecosystems. 

The main concerns surrounding cyber threats across the board are:

 Compromised credentials
 Broken authentication
 Human error
 Mass sensitive data breaches
 Hacked interfaces and APIs 
 Account hijacking

Page 10
In an age where cybersecurity is expected to cost a collective $10.5 trillion by 2025, these concerns are
urgent and certainly not far-fetched fallacies. 

All of this makes trusting sensitive and proprietary data to a third party hard to stomach for some and,
indeed, highlights the challenges of cloud computing. Luckily as providers and users, mature fortification
capabilities are constantly improving. To ensure your organization’s privacy and cybersecurity are intact,
verify the SaaS provider has secure user identity management, authentication, and access control
mechanisms in place. Also, check which database privacy and security laws they are subject to.

While you are auditing a provider’s protection and privacy laws, make sure to also confirm the third biggest
issue is taken care of: compliance. Your organization needs to be able to comply with regulations and
standards, no matter where your data is stored. Speaking of storage, also ensure the provider has strict
data recovery policies in place.

By keeping your finger on the pulse of emerging trends and understanding the cybersecurity capabilities of
every entity within your ecosystem, you will reduce the threat of breaches or attacks significantly.

The risks of cloud computing have become a reality for every organization, be it small or large. That’s why it
is important to implement a secure BI cloud tool that can leverage proper security measures.

2. Cost management and containment

The next part of our cloud computing risks list involves costs. For the most part, modern computing can
save businesses money. In the cloud, an organization can easily ramp up its processing capabilities without
making large investments in new hardware. Businesses can instead access extra processing through pay-as-
you-go models from public providers. However, the on-demand and scalable nature of cloud computing
services make it sometimes difficult to define and predict quantities and costs.

Luckily there are several ways to keep cloud costs in check, for example, optimizing costs by conducting
better financial analytics and reporting, automating policies for ruling, or keeping the management
reporting practice on the course, so that these issues in computing could be decreased.

Another recent innovation that helps mitigate costs and tackle this most pressing of issues in cloud
computing is multi-cloud computing tools. Currently, 32% of businesses use multi-cloud cybersecurity tools
to reduce the financially devastating risk of data breaches, while 31% of leading enterprises use direct
multi-cloud cost management tools to mitigate financial efficiency across the organization. In both cases,
the return on investment (ROI) is healthy. As such, we expect to see an increase in adoption in the near
future.

3. Lack of resources/expertise

One of the cloud challenges companies and enterprises are facing today is a lack of resources and/or
expertise. Organizations are increasingly placing more workloads in the system while cloud technologies
continue to rapidly advance. Due to these factors, organizations are having a tough time keeping up with
the tools. Also, the need for expertise continues to grow. These challenges can be minimized through
additional training of IT and development staff. A strong CIO championing cloud adoption also helps. As
Cloud Engineer Drew Firment puts it:
Page 11
“The success of adoption and migrations comes down to your people — and the investments you make in a
talent transformation program. Until you focus on the #1 bottleneck to the flow of cloud adoption,
improvements made anywhere else are an illusion.”

SME (small and medium-sized) organizations may find adding specialists to their IT teams to be
prohibitively costly. Luckily, many common tasks performed by these specialists can be automated. To this
end companies are turning to DevOps tools, like Chef and Puppet, to perform tasks like monitoring usage
patterns of resources and automated backups at predefined time periods. These tools also help optimize
the cloud for cost, governance, and security.

4. Governance/Control

There are many challenges facing cloud computing and control is in place number 4. Proper IT governance
should ensure IT assets are implemented and used according to agreed-upon policies and procedures;
ensure that these assets are properly controlled and maintained, and ensure that these assets are
supporting your organization’s strategy and goals.

In today’s cloud-based world, IT does not always have full control over the provisioning, de-provisioning,
and operations of infrastructure. This has increased the difficulty for IT to provide the governance,
compliance, risks, and data quality management required. To mitigate the various risks and uncertainties in
transitioning to the cloud, IT must adapt its traditional IT control processes to include the cloud. To this
effect, the role of central IT teams in the system has been evolving over the last few years. Along with
business units, central IT is increasingly playing a role in selecting, brokering, and governing cloud services.
On top of this third-party cloud computing/management providers are progressively providing support and
best practices.

5. Compliance

One of the risks of cloud computing is facing today is compliance. That is an issue for anyone using backup
services or storage. Every time a company moves data from the internal storage to a cloud, it is faced with
being compliant with official regulations and laws. For example, healthcare organizations in the USA have
to comply with HIPAA (Health Insurance Portability and Accountability Act of 1996), public retail companies
have to comply with SOX (Sarbanes-Oxley Act of 2002), and PCI DSS (Payment Card Industry Data Security
Standard).

Depending on the sector and requirements, every organization must ensure these standards are respected
and carried out.

This is one of the many challenges facing cloud computing, and although the procedure can take a certain
amount of time, the data must be properly stored.

Customers need to look for vendors that can provide compliance and check if they are regulated by the
standards they need. Some vendors offer certified compliance, but in some cases, additional input is
needed on both sides to ensure proper compliance regulations.

6. Managing multiple clouds

Page 12
 Challenges facing cloud computing haven’t just been concentrated in one, single cloud.

The state of multi-cloud has grown exponentially in recent years. Companies are shifting or combining
public and private clouds and, as mentioned earlier, tech giants like Alibaba and Amazon are leading the
way.

The survey by Flexera mentioned above shows that 89% of enterprises have a multi-cloud strategy.
Enterprises with a hybrid strategy (combining public and private clouds) reach 80%, while organizations
with a strategy of multiple public clouds or multiple private clouds grew slightly but stay under 10%.

While organizations leverage an average of almost five clouds, it is evident that the use of the cloud will
continue to grow. That’s why it is important to answer the main questions organizations are facing today:
what are the challenges for cloud computing and how to overcome them?

To achieve multiple management success and overcome the continual difficulties associated with systemic
complexity, here are some best practices to consider:

 Work with a multi-management specialist or partner that will help you integrate every key component of
your system based on your specific needs
 Work with hybrid operating models if possible, as these innovations will help you manage public and
private information both securely and seamlessly
 Adopt different protocols and management styles for each component of your ecosystem rather than
taking a one-size-fits-all approach

7. Performance

Page 13
 When an organization moves to the cloud it becomes dependent on the service providers. The next
prominent challenges of moving to cloud computing expand on this partnership. Nevertheless, this
partnership often provides businesses with innovative technologies they wouldn’t otherwise be able to
access. On the other hand, the performance of the organization’s BI and other cloud-based systems is also
tied to the performance of the provider when it falters. When your provider is down, you are also down.

This isn’t uncommon, over the past couple of years all the big players have experienced outages. Make sure
your provider has the right processes in place and that they will alert you if there is ever an issue.

For the data-driven decision making process, real-time data for organizations is imperative. Being able to
access data that is stored on the cloud in real-time is one of the imperative solutions an organization has to
consider while selecting the right partner.

With an inherent lack of control that comes with cloud computing, companies may run into real-time
monitoring problems. Make sure your SaaS provider has real-time monitoring policies in place to help
mitigate these potential difficulties.

8. Building a private cloud

Although building a private ecosystem isn’t a top priority for many organizations, for those who are likely
to implement such a solution, it quickly becomes one of the main challenges facing cloud computing –
private solutions should be carefully addressed.

Creating an internal or private cloud will cause a significant benefit: having all the data in-house. But IT
managers and departments will need to face building and gluing it all together by themselves, which can
cause one of the challenges of moving to cloud computing extremely difficult.

It is important to keep in mind also the steps that are needed to ensure the smooth operation of the cloud:

 Automating as many manual tasks as possible with the help of a modern BI software (which would require
an inventory management system)
 Orchestration of tasks which has to ensure that each of them is executed in the right order.

As this article stated: the software layer has to grab an IP address, set up a virtual local area network
(VLAN), put the server in the load balancing queue, put the server in the firewall rule set for the IP address,
load the correct version of RHEL, patch the server software when needed and place the server into the
nightly backup queue.

That being said, it is obvious that developing a private cloud is no easy task, but nevertheless, some
organizations still manage and plan to do so in the next years.

9. Segmented usage and adoption

Most organizations did not have a robust cloud adoption strategy in place when they started to move to
the cloud.  Instead, ad-hoc strategies sprouted, fueled by several components. One of them was the speed
of adoption. Another one was the staggered expiration of data center contracts/equipment, which led to

Page 14
 intermittent cloud migration. Finally, there also were individual development teams using the public cloud
for specific applications or projects. These bootstrap environments have fostered full integration and
maturation issues including:

 Isolated projects lacking shared standards

 Ad hoc security configurations
 Lack of cross-team shared resources and learnings

In fact, a recent survey by IDC of 6,159 executives found that just 3% of respondents define their cloud
strategies as “optimized”.  Luckily, centralized IT, strong governance and control policies, and some heavy
lifting can get usage, adoption, and cloud computing strategies in line.

Nearly half of the decision-makers believe that their IT workforce is not completely prepared to address the
cloud computing industry challenges and manage their cloud resources over the next 5 years. Since
businesses are adopting the strategy more often than ever, it is eminent that the workforce should keep up
and carefully address the potential difficulties.

10. Migration

One of the main cloud computing sector problems in recent years concentrates on migration. This is the
process of moving an application to the cloud. Although moving a new application is a straightforward
process, when it comes to moving an existing application to a new environment, many cloud difficulties
arise.

Many leading companies are currently migrating their applications to the cloud, and over half of them find
it more difficult than expected – projects are over budget and deadline.

What are the problems faced during storing data in a cloud-centric ecosystem? Most commonly cited
were:

 Extensive troubleshooting
 Cybersecurity challenges
 Slow data migrations
 Migration agents
 Cutover complexity
 Application downtime
 Dependency mapping
 Assessing technical feasibility
 Understanding application dependencies
 Cost-optimization after migration

In a recent sector report from Flexera, 51% of businesses confirm that understanding app dependencies is
a significant roadblock to successful migration, while 49% state that assessing technical feasibility is their
primary issue.

Page 15
 But while this is the case, a greater understanding of migration concepts and frameworks, as well as an
evolution of tools or platforms within the sector, has driven down these difficulties from 2021, with slightly
fewer organizations struggling with these types of cloud computing issues. 

11. Portability and interoperability

The next of our cloud computing risks is a decidedly operational roadblock. When organizations scale or
expand their intangible IT ecosystems, one of the biggest problems with cloud computing from a logistical
standpoint is moving from one provider or platform to another.

Typically, when a business switches to a new platform, there is a lockdown period that puts a kink in the
network, driving down productivity in the process. This significant lack of flexibility results in a raft of issues
with:

 Safe and fluent data migration and management

 Establishing secure and compliant networks, essentially from scratch
 Restricted user or customer access

These glaring roadblocks have become more prevalent in recent years due to the increasing complexity of
tools, platforms, and systems. 

One of the most effective ways to counteract these tricky risks of cloud computing is to go through relevant
data and service laws in your region to understand your portability rights while working out concrete terms
with potential providers to prevent lockdown periods or service restrictions in advance.

12. Reliability and availability

Last but certainly not least in our definitive rundown of challenges in cloud computing is a question of
reliability and availability.

As we migrate towards an age where 94% of businesses use cloud-based service providers (CSPs) or
platforms in some way, shape, or form, being able to ensure the right data is available at any given point in
time while retaining system functionality has emerged as one of the modern age’s most significant issues
with cloud computing.

Due to the broadening of modern platforms and computing-centric ecosystems, an increasing number of
companies rely on third-party management platforms. The problem with this is that many service providers
offer round-the-clock service that results in system outages that can cause momentary devastating or
monetary losses.

To ensure that your system is both available and reliable at any given point in time, it’s important to have
stringent plans in place to monitor key performance and operational aspects, including system robustness,
core functionality, SLAs, data quality, and overall performance. Armed with a solid strategic framework,
you can ensure your providers are held fully accountable while preventing any outages or availability
problems.

Page 16
P8. Assess the most common security issues in cloud environments.
There are various particular security issues and difficulties with cloud computing. Data is stored in the cloud
with a third-party provider and accessed online. This implies that access to and management of that data
are constrained. The issue of how it can be effectively secured is also brought up. Everyone must be aware
of their own responsibilities as well as the security risks posed by cloud computing.

1. Misconfiguration

Misconfiguration of cloud infrastructure is a leading contributor to data breaches. If an organization’s cloud

environment is not configured properly, critical business data and applications may become susceptible to
an attack.

Because cloud infrastructure is designed to be easily accessible and promote data sharing, it can be difficult
for organizations to ensure their data is only being accessed by authorized users. This issue can be
exacerbated due to a lack of visibility or control of infrastructure within their cloud hosting environment.

In short, misconfiguration poses serious cloud security issues to businesses and the fallout can
detrimentally impact day-to-day operations. To prevent misconfigurations, those responsible for
overseeing their organization’s cloud solution should be familiar with the security controls provided by
their cloud service provider.

2. Cyberattacks

Cybercriminals and threat actors are constantly practicing and perfecting their hacking capabilities, and
cloud environments are quickly becoming one of their primary targets.

According to the 2020 Trustwave Global Security Report, the volume of attacks on cloud services more than
doubled in 2019 and accounted for 20% of investigated incidents. The report goes on to show that
although corporate and internal networks remain the most targeted domains – representing 54% of
incidents – cloud environments are now the third most targeted environment for cyberattacks.

It’s important for organizations to understand their cyber risk so they can make the necessary adjustments
to proactively protect their business from cyberattacks. This can be accomplished by performing
various threat assessments which will identify gaps in the organization’s current defense posture and
uncover weaknesses across a broad swath of its security technologies. From there, the organization can
undergo remediation tactics to strengthen the efficacy of its cybersecurity solution.

3. Malicious Insiders

Page 17
Cyberattacks don’t just occur from external threats – insider threats are a major concern for businesses,
too. In fact, according to the 2020 Verizon Data Breach Investigations Report, 30% of data breaches
involved internal actors.

While this is an issue for on-premises environments, it certainly creates cloud computing risk issues and
security challenges as well. Because of the nature of the cloud and the fact that the infrastructure is
accessible from the public internet, it can be even more difficult to detect suspicious activity related to
malicious insiders. And, by the time any threats are uncovered, a data breach may already be underway.

Organizations must have the proper security controls in place to identify malicious insider activity and
mitigate risks before there are any significant impacts to business operations.

4. Lack of Visibility

A report by Forcepoint states that only 7% of companies that offers cybersecurity consulting services have

extremely good visibility as to how employees use critical business data across company-owned and
employee-owned devices, company-approved services (e.g., Microsoft Exchange), and employee services,
while 58% say they have only moderate or slight visibility.

In a cloud environment, this lack of visibility can lead to cloud computing security issues that put
organizations at risk, including malicious insider threats and cyberattacks that we discussed above.
Partnering with a managed cloud service provider can alleviate these issues assuming that the provider has
stringent and effective security controls in place that also satisfy a business’s compliance requirements.

It is imperative organizations have comprehensive visibility into their cloud environment on a continuous
basis. Managed cloud service providers can supply business leaders with real-time reports of network and
user activity – among several other categories – to ensure quick detection and response in the event of a
threat.

5. Data Leakage

One of the major benefits of cloud computing is the ease of sharing data and the ability to seamlessly
collaborate among colleagues and even external individuals. However, because data sharing in the cloud is
typically done by direct email invitations or distributing a public link to a specified group of users, this can
cause potential security issues and challenges in cloud computing.

By sharing public links – or changing the settings of a cloud-based file to “public” – anyone with knowledge
of the link can access the information stored within them. Additionally, hackers leverage tools to actively
search the internet for instances of unsecured cloud deployments just like these.

Page 18
If these resources contain proprietary company data or sensitive information and wind up in the wrong
hands, there is an immediate threat of a potentially serious data breach, which can impact an organization.

6. Inadequate Staff

Migrating to the cloud possesses its own set of challenges, and some organizations believe once they have
transitioned all of their critical assets to a cloud environment, the hard work is done. In reality, cloud
migration is just one step in a cloud adoption journey, and to get the best results, ongoing monitoring and
management of cloud infrastructure is a necessity.

Proper planning, assessment, migration, deployment, and management of a business’s cloud solution is a
time-consuming task that requires a very specific set of skills. It is not often that organizations – especially
SMBs – commit the time, money, or resources solely to their cloud infrastructure. If any of the steps during
the cloud adoption process were missed or not adequately configured, it could lead to security issues and
challenges in cloud computing for the organization.

It is best practice for businesses to work with a partner that has all of the cloud capabilities needed to
complement in-house expertise for a comprehensive and secure cloud solution. Most providers offer
flexible resources that range from fully outsourced, contracted subject matter experts and part-time
technicians.
Page 19
7. Data Privacy

Data privacy has always been a concern for business leaders, but it is becoming even more important as
the cybersecurity landscape continues to grow in complexity and severity. There are numerous data
protection regulations in place today, including the EU’s GDPR, HIPAA, PCI DSS, and many more, which
were created to protect customer data.

However, a survey by Commvault showed only 12% of global IT organizations understand how GDPR will
affect their cloud services. This result leads us to believe businesses may be more vulnerable if they are not
compliant in the cloud under GDPR regulations.

Failure for businesses to abide by these compliance measures can lead to serious penalties, including
significant fines, or even worse, a data breach. A managed cloud provider can share the compliance
burden. Companies should choose a partner who is familiar with data protection and compliance standards
to ensure ongoing security for the organization and its customers.

Page 20
 REFERENCES
Heroku.com. 2022. Cloud Application Platform | Heroku. [online] Available at: <https://www.heroku.com/>
[Accessed 27 June 2022].
BI Blog | Data Visualization & Analytics Blog | datapine. 2022. Learn The Top Cloud Computing Challenges, Risks &
Issues. [online] Available at: <https://www.datapine.com/blog/cloud-computing-risks-and-challenges/> [Accessed
22 June 2022].
Buchanan Technologies. 2022. 7 Cloud Computing Security Issues and Challenges - Buchanan Technologies. [online]
Available at: <https://www.buchanan.com/cloud-computing-security-issues/> [Accessed 22 June 2022].

Page 21