Cloud Computing - Planning

• Before deploying applications to cloud, it is necessary

to consider your business requirements. Following are
the issues one must have to think about: --

• Data Security and Privacy Requirement

• Budget Requirements
• Type of cloud - public, private or hybrid
• Data backup requirements
•  Training requirements
Cloud Computing - Planning

•  Reporting requirements
•  Client access requirements
•  Data export requirements

• To meet all of these requirements, it is necessary to

have well-compiled planning.
1. Strategy Planning Phase

• In this, we analyze the strategy problems that

customer might face. There are two steps to
perform this analysis:
•  Cloud Computing Value Proposition
•  Cloud Computing Strategy Planning
CLOUD COMPUTING VALUE PROPOSITION
• In this, we analyze the factors influencing the
customers when applying cloud computing mode
and target the key problems they wish to solve.
These key factors are:
•  IT management simplification
•  operation and maintenance cost reduction
•  business mode innovation
•  low cost outsourcing hosting
•  high service quality outsourcing hosting.
• All of the above analysis helps in decision making
for future development.
Strategy Planning Phase

• CLOUD COMPUTING STRATEGY PLANNING

• The strategy establishment is based on the
analysis result of the above step. In this step, a
strategy document is prepared according to the
conditions a customer might face when applying
cloud computing mode.
2.
Cloud Computing Tactics Planning Phase

• This step performs analysis of problems and risks

in the cloud application to ensure the customers
that the cloud computing successfully meet their
business goals. This phase involves the following
planning steps:
•  Business Architecture Development
•  IT Architecture development
•  Requirements on Quality of Service
Development
•  Transformation Plan development
2.
Cloud Computing Tactics Planning Phase
• BUSINESS ARCHITECTURE DEVELOPMENT
• In this step, we recognize the risks that might be
caused by cloud computing application from a
business perspective.
• IT ARCHITECTURE DEVELOPMENT
• In this step, we identify the applications that
support the business processes and the
technologies required to support enterprise
applications and data systems.
2.
Cloud Computing Tactics Planning Phase
• REQUIREMENTS ON QUALITY OF SERVICE
DEVELOPMENT
• Quality of Service refers to the non-functional
requirements such as reliability, security, disaster
recovery, etc. The success of applying cloud
computing mode depends on these non-
functional factors.
• TRANSFORMATION PLAN DEVELOPMENT
• In this step, we formulate all kinds of plans that
are required to transform current business to
cloud computing modes.
3.Cloud Computing Deployment Phase
• This phase focuses on both of the above two phases. It
involves the following two steps:
•  Cloud Computing Provider
•  Maintenance and Technical Service
• CLOUD COMPUTING PROVIDER
• This step includes selecting a cloud provider on basis of
Service Level Agreement (SLA), which defines the level of
service the provider will meet.
• MAINTENANCE AND TECHNICAL SERVICE
• Maintenance and Technical services are provided by the
cloud provider. They must have to ensure the quality of
services.
Cloud Computing security
• Cloud computing security or, more simply, cloud security
refers to a broad set of policies, technologies,
applications, and controls utilized to protect virtualized IP,
data, applications, services, and the associated
infrastructure of cloud computing

• Cloud computing security consists of

Policies
Controls
Procedures
Technologies
Cloud Computing security
• While cloud service providers offer a range
of cloud security tools and services to secure
customers’ networks and applications, the
organizations’ administrators have to implement the
necessary security policies, controls, tools and the
appropriate procedures and methodologies for
implementation. In addition, when companies move
their sensitive data and applications to the cloud, user
access takes place remotely. Consequently,
administrators also have to implement cloud-based
user access controls.
Policies

• A cloud security policy is a formal guideline under

which a company operates in the cloud. These
instructions define the security strategy and guide all
decisions concerning the safety of cloud assets. Cloud
security policies specify: Data types that can and cannot
move to the cloud.
Controls

• In cloud computing security controls are execution of the

policies and guidelines that are specified in the cloud
environment to ensure security and privacy measures.

• Cloud security control is a set of security controls that

protects cloud environments against vulnerabilities and
reduces the effects of malicious attacks
Technologies

• Cloud computing technology gives users access to

storage, files, software, and servers through their
internet-connected devices: computers, smartphones
and tablets. Cloud computing providers store and
process data in a location that's separate from end
users.
Common Cloud Computing Security Risks/Issues/Challenges

• All organizations that rely on cloud platforms need

enhanced security that still allows team members,
customers, and other stakeholders to access their
applications and online data from a wide range of
locations.
• As a cyber security professional, it’s important to be
aware of the security threats, issues, and challenges
your customer’s or employer’s cloud infrastructure
faces. Some of the most common ones include:
Common Cloud Computing Security Risks

• As a cyber security professional, it’s important to be aware

of the security threats, issues, and challenges your
customer’s or employer’s cloud infrastructure faces. Some
of the most common ones include:

• Data loss due to cyber attacks

• Security system misconfiguration
• Denial-of-Service (DoS) attacks
• Hacked infrastructures and API’S
• Account Hijack
• Unsecure access control points
• Inadequate threat notifications and alerts
Data loss due to cyber attacks

• Losing valuable data through human error, natural

disasters that destroy physical servers, or malicious
attacks that aim to destroy data can be disastrous for
any company. Moving business-critical data to the
cloud can increase these security concerns, since
organizations won’t be able to access the affected
servers on site. Functional and tested disaster recovery
and backup processes need to be in place to counter
this risk. Security solutions will need to be built into
every network layer to protect against data loss from
cyberattacks.
Security system misconfiguration

• Cloud misconfiguration refers to any glitches, gaps,

or errors that could expose your environment to
risk during cloud adoption. These cyber threats come
in the form of security breaches, external hackers,
ransom ware, malware, or insider threats that use
vulnerabilities to access your network.
Denial-of-Service (DoS) attack
• A Denial-of-Service (DoS) attack is an attack meant
to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks
accomplish this by flooding the target with traffic, or
sending it information that triggers a crash.
• DOS can cause a machine or a network to crash,
making it no longer accessible to users. Malicious
attackers can either send information to the target that
causes it to shut down or flood it with traffic to
overwhelm it and cause a crash.
Accounts Hijacking

• Cloud account hijacking occurs when a malicious

actor manages to gain control of one of your
employee's cloud-based accounts. Once in the
account, they can access a wealth of sensitive data or
even impersonate your employee to commit fraud.
Unsecure Access Control Points

• One of the main attractions of cloud networks is their

accessibility from anywhere, which allows teams and
customers to connect regardless of their location.
Unfortunately, many of the technologies with which
users interact, like application programming interfaces
(APIs), are vulnerable to attacks if cloud security is not
correctly configured and optimized. Since these
vulnerabilities give hackers an entry point, it’s important
to use web application firewalls to confirm that all HTTP
requests originate from legitimate traffic, thus ensuring
that web applications and operations relying on APIs are
constantly protected.
Inadequate Threat Notifications and Alerts

• One of the cornerstones of any effective network or

computer security system is how quickly threat
notifications and alerts can be sent to website or security
personnel. Cloud-based systems are no different. Instant
notifications and alerts enable proactive threat mitigation,
which can prevent successful hacks and minimize
damages.