14 Pages
3462Words
Introduction of CO704 Cloud Security Coursework
The company's three locations (two in Europa and one located in Asians) allow it to better assist clients in those regions, although the headquarters is the only place where administrative services are offered. Every single one of our locations offers standard-level services that are both reliable and affordable over the long haul. It's common knowledge at this point that "cloud computing" refers to a system that enables users to store and retrieve data from remote locations.
Achieve academic success with New Assignment Help's specialized services offered in the UK.
The improvement of cloud computing and network connections In order to provide the services that businesses need, the National Academy of Science (NIST) has defined the distributed computing model. However, after deploying a cloud system, any company, according to NIST guidelines, can make adjustments with a small budget and few resources. As we all know, there are several drawbacks to using a conventional file processing system to store data; as a result, we need to implement the AWS cloud computing deploying framework in the present day business to provide superior standard level services.
As a result, Amazon is widely used since it offers adequate support for both government and private sector organisations. APIs are made available by AWS so that even the most basic services can be run in a global context, improving the quality of service overall. Since the AWS API can manage various resources on a tight budget, many customers value it for its high level of service. Since it provides a variety of services at a low cost, AWS is also in the running for "best reliable service."
The following is the business case that should be employed for this project: The "MMCloud" company, which operates in the global multimedia industry, is planning to relocate its infrastructure to Amazon Web Services' cloud. There are three locations for the company all around the earth (the head-quarter is in India). In this endeavor, you will use the AWS Amazon platform, applications, and facilities to build and install a secure cloud-based system, and then write a scientific report that thoroughly describes and defends this design.
Goal of this Project
The goal of this project is to provide you an opportunity to show off what you've learned about cloud security ideas and terminology so far in this semester. This is a chance for you to build a sophisticated method of administering and setting up a company's cloud-based system securely. We will use the Amazon web services cloud computing platform to conduct standard-level research and write technical documentation in order to provide a cloud secure environment for the MMCLOUD company. A solid understanding of cloud computing is required for the overall setup. After this is done, we will be able to meet the company's needs for cloud security and implement a suitable solution within the available funds.
Various Security Policies in Accordance with Network Users (Part 1)
Since all businesses need a place to put things like photos, videos, and audio files, storage is an obvious requirement. However, it is essential to implement various security policies in accordance with network users. Amazon Web Services (AWS) uses Amazon Simple Storage Facility to store data for websites and other internet services. The primary benefit of this service is that it allows multiple developers to use Amazon Simple Storage Service (S3), and that their data is accessible from anywhere in the world. The Bestbuy.com Simple Storage Service (S3) is used in the same way to access remote script execution and packages using the latest capabilities offered by the AWS distributoring organisation. The storage space allows users to store files and other items in numerous folders based on various criteria (Image, audio, and video). There was only remote access to the images folder. It is possible to store archives in one of our European locations.
The headquarters building houses the company's web server, server application, and mistress and slave hard drives. Internet and email servers are located at different locations. The corporate website's primary server has strict security settings that only permit HTTP traffic.
We will begin by launching an EC2 instance on AWS and installing LINUX server administration. This Linux machine will oversee several email accounts and handle all HTTP requests from various users. We're ready to roll out the hosting of the firm website so that we can start offering our customers a variety of web services via HTTP requests.
- Deploying a Web Server on Amazon's Cloud (Figure 3) (no date). Amazon Web Services (AWS) (Accessed: December 3, 2022).
- Security measures are in place for ALL virtual private networks, servers, and network segments.
VPC, or Periodic College Validation (2016) Valladolid's official medical college is entitled the Conservatory of music Official de Pueden de la Provincia, and it's available on Amazon. Accessible at this address: https://eu-west-3.console.aws.amazon.com/vpc/home?region=eu-west-3 (Last allowed to access: December 3, 2022).
The system's (technical and financial) security is monitored and controlled by means of a technologically established facility using an AWS platform service. The system offers high levels of availability, resilience, and protection from calamity and loss. The system must be completely expandable and have the capacity to intelligently track and distribute application loads. It is recommended that the following settings be used while setting up a highly available database: While the databases in the other offices are only used for monthly reports, the European location can handle swift and intensive applications.
Administration and Governance
When it comes to administration and governance, MMCLOUD Systems Manager needs to work with AWS tools including Cloud Formation, Atmosphere retains, Amazon Cloud Observe Logs, Kindle Event Bridge, AWS Bios settings, and Iam Trusted Advisor. Because AWS Cloud Formation streamlines Amazon Web Services' modelling and provisioning, it frees MMCLOUD from worrying about its infrastructure. The references in Parameter Store can evolve over time. MMCLOUD's Array Data stack templates may include dynamic references to external values saved and managed by many other services.
When it comes to management, compliance, functional, and risk evaluation on AWS, MMCLOUD may conduct audits with the help of AWS Cloud Trail. Events in Cloud Trail can be initiated by a user, a role, or an AWS service. Transactions involving the Cloud services SDKs, APIs, Interfaces, and CLI are considered events (Yadav, K., 2020, n.p). As a result of Cloud Trail’s integration with Systems Manager, MMCLOUD is able to log all API calls made to Systems Manager, regardless of whether they were generated by human operators or by code. Using Cloud Environment Watch Logs, MMCLOUD is able to collect and examine data from all of its systems, apps, and AWS services. MMCLOUD has the ability to review, search for alerts or tendencies, filtering based on specified fields, and safely archive these reports. The Systems Manager logs are uploaded the Cloud Watch Logs via the SSM Agent, Execute Command, and Session Manager.
MMCloud Architecture Diagram and Services Budget
AWS Developer Tools
AWS Code Build and other services from AWS Developer Tools can be integrated with MMCLOUD's Systems Manager. A fully-managed build service, Code Build is available in the cloud. To create deployable artefacts, Code Build may compile the compute source code, run integration testing, and generate them (Kaye, 2002). A company can save time and money on global deployment, upkeep, and growth with Code Build.
Security tools and Procedures to Safeguard VPC, AZ, and EC2 (Part 2)
Discuss in depth and shown with examples. Give an example of how one of your tools was used in a real-world scenario.
As everyone knows, thanks to the development of cloud computing, businesses may now execute a variety of digital functions in real time. As a result, several businesses are being encouraged to make the switch to the cloud. Because of the foregoing cloud computing arrangements, performance has increased dramatically, and all key advanced level services of public cloud are being utilised via the AWS network operator (5 arguments why cloud security is vital for all enterprises!). Organizations can benefit from having access to this kind of public cloud and agreements, as it helps them run more efficiently and gives them the digital infrastructure they need.
However, in order to continuously enhance cloud security, it is essential for businesses to preserve records of all solutions and share them with others. There is a wide variety of cloud security options to choose from, but we must carefully tailor the implementation of each layer to the specifics of our infrastructure. As an organization's needs change, it might shift to using private cloud services for a variety of computing needs. After implementing such a security mechanism, an organisation can provide a variety of services at a baseline quality. That's why, thanks to cloud security, businesses may pool their network resources and share them with other entities. However, the cost of deploying cloud services and security measures is prohibitive for many smaller businesses. To ensure the safety of their data and the best possible speed, they would rather use an alternative cloud computing security layer.
Cloud Formation, Air Trail, Cloud Computing Watch Records, Prime EventBridge, AWS Httpd.conf, and AWS Trusted Advisor are just some of the AWS administration and governance services that MMCLOUD's Systems Manager needs to be compatible with. Because AWS CloudFormation streamlines Amazon Web Services' modelling and provisioning, it frees MMCLOUD from worrying about its infrastructure. The references in Parameter Store can evolve over time. MMCLOUD's AWS CloudFormation stacking templates may include dynamic references to external values saved and handled by other services.
AWS Cloud Trail
When it comes to management, compliance, operational, and portfolio management on AWS, MMCLOUD may conduct audits with the help of AWS CloudTrail. Events in CloudTrail can be initiated by a user, a role, or an AWS service. Transactions involving the Microsoft azure SDKs, Endpoints, Console, and CLI are considered events (Yadav, K., 2020, n.p). As a result of CloudTrail's integration with Systems Manager, MMCLOUD is able to log all API calls made to Systems Manager, regardless of whether they were generated by human operators or by code. Using Amazon Cloud Observe Logs, MMCLOUD is able to collect and examine data from all of its systems, apps, and AWS services. MMCLOUD has the ability to review, search on software bugs or trends, filter according to specific fields, and safely archive these reports. The Systems Manager logs are uploaded to Cloud Watch Logs via the SSM Agent, Run Direct, and Session Manager.
In almost real time, EventBridge logs all changes made to AWS resources. Based on minute-long criteria, MMCLOUD can pair events and transmit them about one maybe more functions or streams. When there is a change in how things work, EventBridge gets informed. EventBridge keeps tabs on processes and adjusts as necessary. In response to external conditions, messages, capabilities, and status information are transmitted. Thanks to EventBridge, MMCLOUD can process System Manager events and take action as necessary. The MMCLOUD AWS configurations are displayed in AWS Config. Changes in the infrastructure can be tracked thanks to the interconnectedness of resources and their associated settings. In order to keep tabs on its EC2 instances, MMCLOUD can use Systems Controller and AWS Config.
Using these indicators, the Systems Manager can determine which EC2 instances are under his or her management and which are not. This includes the ability to manage the instances' operating systems, patches, applications, and network configuration. Trusted Advisor is a web app that offers timely advice on optimal AWS procedures (Yadav, K., 2020, n.p). MMCLOUD uses the Explorer feature in Systems Manager to connect to Trusted Advisor. Using AWS Organizations, MMCLOUD is able to centrally manage its many individual AWS accounts. We are able to fulfil our administrative, regulatory, and legal responsibilities with the help of account management and centralized billing.
Administrator with Organizations
One administrator can handle all change requests, themes, and approvals by integrating Administrator with Organizations. Costs will be reduced, data will be more secure, connections will be faster, and users will have a number of other advantages, including easier access, less chance of data loss, speedier cloud deployment, and better productivity, cooperation, and efficiency across MMCLOUD. Resilience may save lives in disasters by allowing people to be better prepared for them and by creating systems that can "learn" from their surroundings (Djonov & Galabov, 2020, p. 223). In the event of data loss, clouds can quickly recover and adjust, preventing the problem from occurring again. Rarely do we see any companies Amazon Web Services (AWS) is a dependable cloud storage platform that offers server computing resources, cloud computing, and content distribution. The company should store its information in the cloud, so that it can be accessed from anywhere. There are a number of reasons why MMCLOUD should use AWS. It's possible that AWS's follow-up meetings might make customers happier.
What follows is a description of how a business works with its clients. The last justification is to gain a competitive edge with MMCLOUD and improve one's skills. Amazon Web Services manages enterprise tasks in the cloud. It's possible that MMCLOUD will send out mass emails to clients without them knowing it.
Instantaneous document recovery and global collaboration are now possible with MMCLOUD. Third, MMCLOUD is an idea for storing information in the cloud and providing fast access to administrative personnel. MMCLOUD should move to AWS despite certain concerns about security and performance. AWS improves the speed and agility of the cloud. Its ease of use and adaptability could assist MMCLOUD steer its cloud activities, resulting in time savings and increased productivity for the company. And second, learning how to work with AWS is simple. If MMCLOUD had more AWS customers, they wouldn't need to create their own cloud infrastructure.
Due to AWS's expensive technical support, MMCLOUD will inevitably rack up large upkeep charges. And second, there could be computational challenges with MMCLOUD. Difficulties with MMCLOUD's cloud infrastructure have slowed its AWS operations (Vichi, 2015). It needs to plan for downtime while problems are being fixed. The Global Streaming Assets Company, in conclusion, must adopt Amazon Web Services in order to boost safety and service distribution across all three of its locations. Since the market and technology are currently gravitating toward cloud solutions, migrating to AWS cloud makes a lot of sense.
Using the AWS cloud, MMCLOUD may quickly and easily increase its size. Furthermore, MMCLOUD will be able to better share data, save costs, streamline operations, and reduce its environmental footprint as a result of the move. Costs will be reduced, data will be more secure, connections will be faster, more people will have access to it, data loss will be less likely, and MMCLOUD will be able to quickly install its cloud infrastructure, leading to improved productivity, efficiency, and collaboration. A resilient society could save lives in the midst of a disaster by planning ahead for disasters and building in adaptable infrastructure that can "learn" by their surroundings.
System administrator security can be greatly improved by utilising AWS public key infrastructure (PKI) and cryptography services like AWS Key Management Service. The encryption keys used by MMcloud are controlled by the client, although AWS Key Management Service (KMS) makes that process easier. Secure String parameters for Session Manager Encryption could be generated using Key Management Service (KMS).
Conclusion:
After much debate, we have a clearer picture of cloud computing's value and the safety of his resources. For context, we looked at a case study in which a company's cloud computing environment was inadequate, prompting us to form a team of cloud computing experts tasked with finding the best tools for the job and ensuring the safety of the company's data. Similarly, data security was not a priority before the advent of the internet and computers, but that has changed as both the positive and detrimental uses of these technologies have proliferated. As a result, it's safe to say that cloud computing is a cutting-edge technology with great potential to cut down on operational and maintenance expenses. Although cloud computing has many benefits, it also faces a number of challenges. One such challenge is the persistent possibility of cyber attacks.
Because of the sensitivity of data stored in the cloud, businesses and their employees have a vested interest in protecting that data. Only by adhering to established cloud security best practises can this be achieved. Similarly, the cost to businesses of preventing cyber attacks is high, and it has never been lower. Cyber security departments in many developed nations have implemented a variety of safeguards to keep private information safe.
Therefore, the percentage of countries experiencing a cyber assault has dropped to an all-time low in these modern societies. In order for the cloud system to function in an effective manner, we will need to address a number of security-related issues and adjust the corresponding settings as we work on this case study. We tackled the tasks in sections, allocating the first to the deployment of several AWS base-level cloud services. Deploying various crucial storage services for the entire working system is a necessary step toward improving the quality of cloud services. Similarly, after implementing these measures, MMCLOUD's business organisation is now linked to all other divisions, resulting in improved business performance.
References
5 reasons why cloud security is important for all businesses! (no date) Alibaba Cloud Community. Available at: https://www.alibabacloud.com/blog/5-reasons-why-cloud-security-is-important-for-all-businesses_597406 (Accessed: December 3, 2022).
Accenture (2022) Secure cloud, Accenture. Accenture. Available at: https://www.accenture.com/us-en/insights/security/secure-cloud (Accessed: December 3, 2022).
What is cloud security? cloud security defined (no date) IBM. Available at: https://www.ibm.com/topics/cloud-security (Accessed: December 3, 2022).
Vichi, M. (2015) Il console:Amazon. U. Guanda. Available at: https://eu-west-3.console.aws.amazon.com/console/home?region=eu-west-3 (Accessed: December 3, 2022).
VPC: ValidaciónPeriódica de La Colegiación (2016) Amazon. ColegioOficial de Médicos de la Provincia, Valladolid. Available at: https://eu-west-3.console.aws.amazon.com/vpc/home?region=eu-west-3#Home: (Accessed: December 3, 2022).
Whang, K.Y., Lee, J.G., Lim, H.S. and Na, I., A Bird’s Eye View of the 4th Industrial Revolution Technologies.
von Faber, E., Concept for Improving Cloud Security Standards.
Mejri, O., Yang, D. and Doh, I., 2022, February. Cloud Security Issues and Log-based Proactive Strategy. In 2022 24th International Conference on Advanced Communication Technology (ICACT) (pp. 392-397). IEEE.
Achar, S., 2022. Cloud Computing Security for Multi-Cloud Service Providers: Controls and Techniques in our Modern Threat Landscape. International Journal of Computer and Systems Engineering, 16(9), pp.379-384.
Zawaideh, F.H., Ghanem, W.A.H., Yusoff, M.H., Saany, S.I.A., Jusoh, J.A. and El-Ebiary, Y.A.B., 2022. The Layers of Cloud Computing Infrastructure and Security Attacking Issues. Journal of Pharmaceutical Negative Results, pp.792-800.
Ahmad, S., Mehfuz, S., Mebarek-Oudina, F. and Beg, J., 2022. RSM analysis based cloud access security broker: a systematic literature review. Cluster Computing, pp.1-31.
Vinoth, S., Vemula, H.L., Haralayya, B., Mamgain, P., Hasan, M.F. and Naved, M., 2022. Application of cloud computing in banking and e-commerce and related security threats. Materials Today: Proceedings, 51, pp.2172-2175.\
CHU, H.H.T. and NGUYEN, T.V., 2022. Factors Influencing Successful Implementation of Cloud ERP Solutions at Small and Medium Enterprises in Vietnam. The Journal of Asian Finance, Economics and Business, 9(5), pp.239-250.
Achar, S., 2022. Cloud Computing Security for Multi-Cloud Service Providers: Controls and Techniques in our Modern Threat Landscape. International Journal of Computer and Systems Engineering, 16(9), pp.379-384.
Hyseni, D., Piraj, N., Çiço, B. and Shabani, I., 2022. The Use of Reactive Programming in the Proposed Model for Cloud Security Controlled by ITSS. Computers, 11(5), p.62.
West, J., 2022. Data Communication and Computer Networks: A Business User's Approach. Cengage Learning.
Bajaj, P., Arora, R., Khurana, M. and Mahajan, S., 2022. Cloud Security: The Future of Data Storage. In Cyber Security and Digital Forensics (pp. 87-98). Springer, Singapore.
