Saturday, November 25, 2017

Infrastructure as a Service

Cloud Computing provides a conducive environment for all kind of computational requirements. In case of a company with sensitive data, the requirement is to have an infrastructure highly secure besides all the computational capabilities. Among three Cloud Computing models, the most robust one is Infrastructure as a Service (Iaas) and that will be most appropriate to meet all the requirements.
Infrastructure as a Service also known as IaaS, provides storage, networking, processing, and other basic and advanced computational capabilities. The capabilities include server management and operating system management. The company personnel will not need to manage any cloud infrastructure but they can manage the deployment of applications which will help them keep a total control.
            The implementation methods are not straightforward. It needs carefully analyzed data and understanding of the impact of transformation from legacy to cloud-based computing. Analysis needs to be done on the Total Cost of Ownership (TCO) and Return on Investment (RoI). In case of a software company, the TCO should not be a major concern but yes, the returns like the ease of access, robust setup, and strongest firewall which is non-penetrable will be some of the key things to consider.
Once the expectancy is set, the program will move and analyze whether putting all the sensitive data on a cloud which is owned by someone else and is being run at a remote location is good or not. This concern can be easily quashed as the data storage is done on top of encryption-based algorithms. Even the owner of the data who has deployed it cannot read it without the appropriate code that has token and secret keys embedded.

The implementation shall begin by writing a small piece of program for the cloud setup. This program can be a small application like allowing employees to get authenticated through a login interface. Besides deployment of the database at the backend, the company can put all the validations in a place like a number of invalid attempts against an ID and then a log generation to check which account was attempted by an intruder. This attempt may be informed as a security breach to the concerned officer and the closest available agent may check the location right at the moment to avoid any escape attempt. 
This single application can be used to test, in-house authentication as well as remote login. While the services are being tested, the existing setup will not take off. A seamless transition will require running of two systems in parallel for some time.
If there is an exposure to the public in the authentication system for the company, the same will need to be tested properly as once it goes into public, any flaws will be exposed and will increase the vulnerability of the entire system.
            Each of the implementation tests needs to be carefully conducted and all the loopholes are to be logged. The testers must be aware that the test cases should be documented as expected and achieved results. If there are deviations, the development team must be apprised of it so that system could be made foolproof at the organization level.

Iaas is a robust cloud computing model which gives a lot of control and capabilities for implementation. Even though the a company's requirements can be met with other models, the IaaS shall be the preferred one looking at the position and significance of information with the the company.

No comments:

Post a Comment

Service Level Agreement for Cloud Computing setup

SLA for Cloud Computing Service Provider As a standard practice,  the customer and service provider enters into a service based agree...