Wednesday, May 6, 2020
Cloud Computing and Security Management â⬠MyAssignmenthelp.com
Question: Discuss about the Cloud Computing and Security Management. Answer: Introduction Cloud computing has been structured to utilize the advantages of economies of scale by using resources that are shared. This technology has made it possible resource sharing and has enhanced security and availability. For this case the clients pay for the services that they want. Either to act as their storage, application server or any other service that is provided by the cloud vendor. Cloud based refers to the services such as data, applications, servers, or other resources that are accessed by clients over the internet. Governments, institution, businesses and companies have implemented cloud based solution strategies so as to increase their service delivery, enhance resource availability, improve data security, enhance functionalities among other benefits. Data ownership in cloud computing has brought about dilemma around the health sector. It is still a complex matter and its solution cannot be determined any time soon. The aspect of data ownership is still one of the factors that is discouraging companies and businesses from shifting to cloud based solutions. Headspace hold a lot of sensitive data and transferring to cloud needs assurance that such data will remain theirs, control by them at all times without any other third party getting hold of these information. Cloud vendor have been working extra hard to resolve this problem that is with them, but until now there is no absolute answer to it. (Antonopoulos Gillam, 2017). When Headspace decides to implement cloud based solutions they are basically transferring their data to be by a third party individual. The biggest riddle that comes up after this is who actually owns the data in the cloud? Generally, the client, for this case Headspace have the thought that because the data originally came from them then it is them who owns it, but also they have to accept the fact that a third party, for this case cloud vendor have some possession of it. but it is important to note that it is the responsibility of the cloud vendor to ensure security of the data at all cost, because that one of the key objective that they have to meet without compromise. (Ruparelia, 2016). Making this issue more complicated is the fact that many countries are still using laws that are outdated regarding data ownership. It is a fact that data ownership laws are catching up with the evolving technology, that is, technology is always advancing while laws remain the same for a long period. The essential take away fact is that this issue is addressed by the agreement between the client and the cloud vendor, this is where it all boils down to. Several contracts states and clearly outlines who is the data owner. For instance, Amazon web services have stipulated that the client reserves the right of data ownership within its terms and conditions. Data Security Data security is a very important aspect when it comes to headspace. The Institution holds very sensitive data about their patients and is important that the cloud vendor that they are selecting stipulate clearly what they plan to do about the security of the data. Headspace will need clear information on the data security. Data security revolves around data integrity, availability, confidentiality and privacy. (Tilley Rosenblatt, 2016). Integrity of data is a very crucial factor that has to be critically considered. The cloud vendor should ensure that headspace data is not fabricated, deleted or modified by unauthorized party. This element can be attained by implementing database constraints and transactions which are normally managed by the database management system. To ensure data integrity any access or transaction by Headspace should depict the ACID properties of a transaction, that is, Atomicity, consistency, isolation and durability. It is the responsibility of the cloud vendor to ensure that data integrity is kept and maintained at all times and no unauthorized party is accessing the data and information. Implementing different level of data by the different levels of Headspace management ensures control access which is key to data integrity. (Fox Riemann, 2012). Headspace is an institution that deals with special people with special needs thus special information that needs high level of confidentiality. To ensure confidentiality of data, the cloud vendor should implement access control and authentication features. Also cloud vendor should increase reliability of its services and trustworthiness so as to gain this factor. Also to enhance this feature of security Headspace can encrypt their data before storing them in the cloud. This will help deal with the potential threats from the inside with bad motive of maybe selling such information. (Wicklund, 2011). For an institution such as headspace to operate normally, it needs data and information, to make decisions and to offer prescriptions to its patients. It is the responsibility of the cloud vendor to ensure that such data and information is available at all times even it times of crisis and downfall. It should have such sophisticate data recovery techniques to ensure that no single data is lost In case of accidents and other disasters. Cloud vendor has a role to share all the concern with Headspace in good time so as to build good relationship. The provider has a duty to make sure that data is safe and outline jurisdiction of the laws governing them to the client. (Kulkarni, 2013). Headspace holds such private data about their patients. It is too private to be leaked out even to non-potential threats. Therefore, to ensure privacy of the patients attended by Headspace, the cloud provider should ensure that their data is kept safe and confidential. If it is to be accessed, then the person accessing it should have proper clearance. When privacy of data is tempered with, this will have direct negative impact on the person associated with the data compromised. To enhance data privacy, the cloud vendor should be able to clearly outline the following; how can user have controlled over their information processed and stored in the cloud, how can data replication be guaranteed consistently, who is concerned with the legal needs of private data and to what level do cloud subcontractors get involved in private data processing. (Jamsa, 2013). Non-Functional Requirements of Cloud Based Solution Headspace opted to cloud based solution because they expect certain institution objective to mbe met. Also the cloud services should have the capabilities to meet their needs and requirements fully. To enhance functionality, cloud providers should make sure that their systems are made up of the latest technology so as to keep up with the fast changing technology. There services should also limit Headspace on what platform to use. It should enable them to access the cloud services from any end device like a mobile phone, laptop, PC regardless of the technology it is built be it IOS, android, MacOS, Windows or any other platform. The cloud provider should also make sure that their systems have abilities to scale and raid provisioning that cannot be provided in different environments. (Tilley Parveen, 2013). This requirement will differ depend on who the client is. In any case the cloud vendor should ensure that the systems are easy to use and with a user friendly interface that assure simple and easy navigation through the system. If possible it should also facilitate Headspace to customize its user interface depending maybe on the department or the level of access. In todays world, effective design of user interface is more critical than ever. (In Chao, 2016). This is measure by the time the cloud vendor offers services continuously including downtimes and scheduled maintenance. Availability should be at 99.99%. this means that the cloud provider should ensure availability of data at all times. Also it should have a mechanism for disaster recovery in case of any accidents. (Hua Wang, 2016). Headspace expect the solution to enhance and improve service delivery and add value. Implementing cloud based solution will help do away with maintenance cost of storage devices, infrastructure and applications. Also the system should conctrate on satisfying the user by meeting their needs and requirements. (Srivastava Kumar, 2015). It is important for the cloud provider to categorically outline the security measure it has in place toward data security and availability. Data integrity, confidentiality, privacy and availability should be key issues that the cloud vendor should answer and state clearly on how to achieve them. (Yang Borg, 2012). Some of the benefits that Headspace institution will receive by implementing cloud based solutions include; Flexibility- through the use of internet connection, users are able to scale services to meet their needs, access cloud services and facilitate customization of applications from anywhere. Efficiency- users can acquire applications to quickly market their services without the worries of infrastructure or maintenance expenses. Strategic value- Cloud services offer innovative technology thus enhancing competitive advantage to enterprises. Reduced hardware and support requirements- as headspace moves more vital applications into the cloud, the likelihood of upgrading computers too often is less. Most employees manage to perform without the use of computers of higher end. This is because there is no occurrence of actual computing. (Wicklund, 2011). Anytime, Anywhere Collaboration- cloud services simplify workload of the headspace institution. Employees are able to carry out their duties anywhere either at home or in the office. Also, there is no need of setting up VPN if the staff members are using a secure or private Wi-Fi. Cloud items simplifies collaboration with fellow staff members from outside the institution. For instance, one can build a basecamp project where everyone is able to view each others jobs. Individuals working in the same institution benefits from collaboration of the team tools such as file sharing, shared calendars, instant messaging and video conferencing. (Kulkarni, 2013). Disadvantages of cloud-based solutions Availability and security- there exist many cases of breaches of security in cloud based services. These breaches are normally caused by human errors. Cloud providers Going Out of Business- Cloud computing is a field that is quickly changing. As such there is threat that a business may deviate from its services. Service sudden change may not affect the organization if it was using the system for a one-time project but can cause problems if it was designed for the whole donor database. (Jamsa, 2013). This is a one of the straightforward methodology of system development life cycle. It is a pre-determined approach where there are stages and for one to move to the next stage the previous stage should have been completed because there is no turning back. This approach is best when the project has limited time and flexibility is not required. Furthermore, Management of this particular approach is easy and simple. However, this approach is slow as it is used to review at every stage before the next stage is started. This approach also as very limited space for corrections and modifications, therefore, corrections are only made at the maintenance phase. In addition, since the requirements are predetermined, if a wrong requirement is purchased or missing, it may not be identified until the late phases of development. (Langer, 2012). This is an iterative approach that development of a product or its component is repeated several times until the best result is obtained. Some advantages attributed to this approach include thorough testing during development, continuous involvement of the user to ensure that the user requirements are made, it stresses on integration through involvement of all the stakeholder, it quickly delivers a working product as compared to predictive approach. In addition is easy to develop the correct system due to continuous involvement o all the stakeholders. However, the project can be headed in the wrong direction if the user doesnt specifically know what s/he want. (Roebuck, 2012). Conclusion When it comes to product development then adaptive approach has always been the best option over predictive. This is because of the certainty of developing a more accurate product and errors are reduced. It may seem costly but actually t is cheap compared to predictive. In predictive, if a wrong system is developed this means that the product has to be developed again. For Adaptive there will be iterative process until an ideal product or components obtained. Recommendation Headspace institution should keep in mind that security and system uptime cant be perfect, and there may lack staff focused to management of information technology. Dedicated and trained experts are the ones who handle management and security issues. When analyzing cloud vendors, it is advisable to look for options available for extracting and backing up data. The best services help the institution download it information in a nonproprietary and standard format. References Antonopoulos, N., Gillam, L. (2017).Cloud computing: Principles, systems and applications. Cham, Switzerland: Springer. Fox, S., Riemann, L. (2012).Professional SharePoint 2010 cloud-based solutions. Indianapolis, Ind: Wrox/John Wiley Sons. Hua, Z. Wang, X. (2016). Cloud Computing and the Essentials of Security Management.Open Access Library Journal,3, 1-4. doi:10.4236/oalib.1102618. In Chao, L. (2016).Handbook of research on cloud-based STEM education for improved learning outcomes. Hershey, Pennsylvania IGI Global Jamsa, K. (2013).Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones Bartlett Learning. Kulkarni, M. (2013).Gradeboard: A cloud-based solution for a student grading system. M.S. California State University, San Bernardino. Langer, A. M. (2012).Guide to Software Development: Designing and Managing the Life Cycle. London: Springer. Roebuck, K. (2012).Systems Development Life Cycle (SDLC): High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors. Dayboro: Emereo Publishing. Ruparelia, N. (2016).Cloud computing. Cambridge, Massachusetts : The MIT Press. Srivastava, H. Kumar, S. (2015) Control Framework for Secure Cloud Computing.Journal of Information Security,6, 12-23. doi:10.4236/jis.2015.61002. Tilley, S. R., Parveen, T. (2013).Software testing in the cloud: Perspectives on an emerging discipline. Hershey, PA: Information Science Reference. Tilley, S., Rosenblatt, H. J. (2016).Systems Analysis and Design. Boston, MA: Cengage Learning US. Wicklund, P. (2011).Deploying cloud-based Microsoft SharePoint 2010 solutions. Place of publication not identified: Microsoft Press. Yang, Y. Borg, K., (2012). "Regulatory Privacy Protection for Biomedical Cloud Computing,"Beijing Law Review, Vol. 3 No. 4, pp. 145-151. doi:10.4236/blr.2012.34020.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment