Discussion Points
1. Do some Internet research to identify businesses who have suffered because of cloud security weaknesses or failures. What can companies who are contemplating cloud computing services learn from the negative experiences of these businesses?
2. Do some Internet research on security mechanisms associated with virtualization. How can virtualization be used by cloud service providers to protect subscriber data?
3. Choose one of the following cloud services categories: SaaS, IaaS, PaaS. Do some Internet research that focuses the security issues associated with the selected cloud service category. Summarize the major security risks associated with the cloud service category and identify mechanisms that can be used to address these risks.
I have attached Case study PDF, Please read that and answer above questions.
Read the Case Study and answer the “Discussion Points” in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.
Pages: 2
APA Format References
APA Format Citation
No Grammar MistakesC11-1
CASE STUDY 11
CLOUD COMPUTING (IN)SECURITY
Cloud computing is reshaping enterprise network architectures and
infrastructures. It refers to applications delivered as services over the
Internet as well as the hardware and systems software in data centers that
provide those services. The services themselves have long been referred to
as Software as a Service (SaaS) which had its roots in Software-Oriented
Architecture (SOA) concepts that began shaping enterprise network
roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS
(Platform as a Service) are other types of cloud computing services that are
available to business customers.
Cloud computing fosters the notion of computing as a utility that can be
consumed by businesses on demand in a manner that is similar to other
services (e.g. electricity, municipal water) from traditional utilities. It has the
potential to reshape much of the IT industry by giving businesses the option
of running business software applications fully on-premises, fully in “the
cloud” or some combination of these two extremes. These are choices that
businesses have not had until recently and many companies are still coming
to grips with this new computing landscape.
Security is important to any computing infrastructure. Companies go to
great lengths to secure on-premises computing systems, so it is not
surprising that security looms as a major consideration when augmenting or
replacing on-premises systems with cloud services. Allaying security
C11-2
concerns is frequently a prerequisite for further discussions about migrating
part or all of an organization’s computing architecture to the cloud.
Availability is another major concern: “How will we operate if we can’t access
the Internet? What if our customers can’t access the cloud to place orders?”
are common questions [AMBR10].
Generally speaking, such questions only arise when businesses
contemplating moving core transaction processing, such as ERP systems,
and other mission critical applications to the cloud. Companies have
traditionally demonstrated less concern about migrating high maintenance
applications such as e-mail and payroll to cloud service providers even
though such applications hold sensitive information.
Security Issues and Concerns
Auditability is a concern for many organizations, especially those who must
comply with Sarbanes-Oxley and/or Health and Human Services Health
Insurance Portability and Accountability Act (HIPAA) regulations [IBM11].
The auditability of their data must be ensured whether it is stored on-
premises or moved to the cloud.
Before moving critical infrastructure to the cloud, businesses should do
diligence on security threats both from outside and inside the cloud
[BADG11]. Many of the security issues associated with protecting clouds
from outside threats are similar to those that have traditionally faced
ce