Adoption of the cloud computing in the Aztek organization:

n this research paper, we are going to focus on the IT risks associated with the migration of the business application of Aztec organization with the external cloud hosting for managing data sources. The Aztec organization is looking forward for the risk identification, assessment, and mitigation plan associated with the transformation of the business operation to the cloud computing platform.

Adoption of the cloud computing in the Aztec organization:

The Aztec is moving towards the migration of business operation with the deployment of the cloud environment. With the increasing demand of cloud computing to improve the business tactics, the cloud model is adopted for carrying over the business operation (Buhalis, 2010). The following diagram shows the pattern followed by the Aztec organization to implement the cloud platform in the working functionality of the business.

The cloud platform enables the data centre for the cloud environment. The processes and the business activities can be improved with the effective utilization of the cloud services. The complex problem can be solved by managing the availability of the resources at the user end. The risks associated with the security infrastructure of the company can be solved with the inclusion of intrusion detection system and intrusion prevention system. The cloud models which are used for changing the working practices of the Aztec organization are platform as a service and infrastructure as a service.

The platform as a service model of the cloud is used for managing the life cycle of the application. Resources used for the implementation of the application, creating the beneficial environment of the working of the business processes, The management of the activities associated with the application should be taken under consideration for the effective utilization the resources, and the integration of the data and activities (Betcher, 2010). The infrastructure as a service cloud model is used for providing platform to develop the cloud infrastructure, administration and control should be taken under consideration for the management of business processes, compliance and security associated with the working model of the enterprise, and the development of accounting system for the management of resources on the demand of the user. The smart cloud framework should be used for migrating the business processes of the Aztec with the cloud computing environment.

Research methodologies:

The migration of Aztec business processes to the cloud computing environment is based on following research methodologies programs:

• Questionnaire: The organization and formulization of the formal questions associated with the risks, issues, and benefits associated with the deployment of the cloud computing environment on the working platform of the enterprise. The consideration should be given on formulating the questions associated with security infrastructure required for migration, security associated with the PaaS and IaaS model of clouds, and threats associated with the cloud infrastructure from the participating professionals. The focus should be given on designing the question related with cloud vulnerabilities and mitigation procedures chosen for resolving the issues. After analysing the cloud computing environment, the set of questions will be prepared for the questionnaire which includes probability of the occurrence of risks, what harmed can be caused by the risks, what relevant action company takes to overcome the situation of IT risks, what type of methods and technologies used for controlling the risks environment, how the functionality and the working of employees will be affected by the risks, and many other. The analysis of the answer helps in presenting the clear understanding of risks and their impact on the business operation.
• Collection of information from multiple sources: The evaluation of the research study helps in identifying the best alternatives which helps in providing security to the cloud infrastructure. It helps in identifying the gaps which exist in the traditional security system for resolving the risks associated with the cloud platform. The literature review on business tactics used by the professional in implementing and adopting cloud environment in the working portal of their organization.
• Review: The selection of the policies should be tested, verified, and validated before the implementation of it in increasing the productivity of the enterprise. The research study should be conducted in the areas of discovering threats associated with the cloud environment, possibility of vulnerabilities occurrence, development of standards and policies used for overcoming the situation of attacks, provision given to the data security procedures, and the security associated with the Paas and IaaS model which are used for deploying the cloud architecture in the business operational activities.
• Participants: The pilot interview of the professionals helps in analysing the real structure of the security issues which exist during the migration of business processes

Financial services sector review of Aztec with the cloud:

The need of automation arises with the development of the business activities. The virtualization is the basic need for deploying the cloud environment within the enterprise. The operational efficiency of the business can be improved by adopting the virtual server for the implementation of storage, application, resources, and the network application (Jayachandran, 2013). The smart cloud architecture helps in providing operational benefits to the working environment by managing the resources on the demand of the user. The user orientation is involved in accessing the control over the issues related with the process of identification, authorization, and authentication. The availability of the dynamic services helps in optimising the IT services. Basic structure of the cloud is composed of the following:

• Foundation of smart cloud: The development of the cloud enables the handling of the cloud services with the deployment of hybrid and private cloud in the infrastructure of the Aztec enterprise. The scaling of the cloud services can be done by utilizing the parallel time of the associated with the integration of services (Angelo, 2009).
• Services provided by the cloud: The cloud services helps in providing control to the delivery of application on the cloud infrastructure for utilizing the application to its full extent. The services provided by the cloud environment helps in making effective utilization of the resources (Williams, 2012).

Research methodologies:

The deployment of the private cloud for the Aztec enterprise involves the following four processes:

The following diagram shows the clear representation of deploying Private cloud in the working environment of the Aztec organization.

 The migration of the business operational activity on the cloud platform helps in reducing the cost associated with the carrying of the activities with the help of cloud computing platform. The agility is provided to the business operation which helps in developing cost saving program for the enterprise (Murray, 2013).

The cloud computing solution are providing on-demand resources, the self-services to resolve the issues associated with the fetching of information, and inexpensive solution. The exact cost can be identified of the resources used with the use of cloud public vendor platform. The allocation of the resources to the demanding parties can be efficiently done with the deployment of three clouds public, hybrid, and private. The out-sourcing of the resources does not require any extra cost for handling it to the third party.

The overhead cost of availability of the resources can be reduced with the implementation of the secured cloud computing environment (Greenwood, 2014). The SAAS model is used for generating automatic fee management system, payments to the participating units such as suppliers, trading company, dealers, and etc. The cost benefits can be provided to the business by analysing the market activities associated with the operational platform. It is capable of providing procurement to the demanding units which help in completing the process on time. The standard policies should be used for signing the service level agreement for achieving security in the cloud environment.

The risks associated with the financial sector should be handled very carefully and at first priority because it can affect the profit of the Aztec organization. The financial services which are provided by the cloud platform are the deployment of the electronic trading system, analysis of the data collected for undertaking the market strategy, testing of the algorithms, and generation of the reports. The application programming interface is used for fetching the information from the online sources. The availability of the resources helps in minimising the budget of the enterprise to reduce the procurement of the new resources. The code of conduct which should be followed in the financial sector are:

• Establishing banking association.
• Banking code used by the customers
• Financial planning association followed by the Aztec enterprise
• Insurance policies taken into curriculum

Security Posture Review

The inclusion of cloud computing fundamentals in the working platform of the Aztec organization can affect the traditional security infrastructure of the enterprise. From the research we have analysed that the security standards which are used by the organization for the governing bodies are affected by the implementation of the cloud computing fundamentals within the working environment of the enterprise.

Assumptions:

• The upgraded devices used for the deployment on the cloud computing platform
• The project should be completed within time
• Deployment of security policies

The governing bodies which are affected by the cloud computing policies are named as documentation of the service level agreements, procedures used for auditing of the agreements, and inclusion of service providers. The traditional security architecture has to be transformed according to the requirement of the cloud computing environment.  Analysing the traditional security procedures deployed by the enterprise:

• Security used for data storage: The verification code security architecture is used for providing security to the stored data. It is difficult for providing security to the dynamic data.
• Security provided to the user Identity: The traditional security system does not work efficiently in verifying and validate the user identity for login into the user account. The account of the user can be easily hacked without the disclosure of confidential information.
• Security provided to the interoperation: The user works on separate domain. It is difficult for providing security to the every node at one time. The unavailability of resources is the second major issues which exist with the carrying out the interoperable operations.
• Trust management: The loss of data and the confidential information can affect the reputation of the company. Employees are losing their confidence on storing their data in the company database due to the poor security procedures. Employees of Aztec organization are not satisfied with the security policies of the enterprise.

Financial services sector review of Aztec with the cloud:

Risks associated with data security and flow of data:

The enterprise has to face challenges in managing connection between the cloud and the infrastructure, browser, information exchange, and registration process. The user orientation is involved in accessing the control over the issues related with the process of identification, authorization, and authentication. There are various security issues associated with the deployment of cloud infrastructure related with the virtualization in the portfolio of SAAS, IAAS, and PAAS.

The operational efficiency of the business can be improved by adopting the virtual server for the implementation of storage, application, resources, and the network application. The integration and confidentiality of the data raises the concern of security. The security issues associated with the migration of data over the cloud computing platform. The following table specifies the risks associated on the traditional security infrastructure with the inclusion of cloud computing platform.

The following diagram shows the security infrastructure with the cloud environment and the flow of data. 

The policies and strategies of the traditional security infrastructure have to be changed with the new security requirement for the cloud environment. The response should be created for deploying the prevention techniques associated with the security of the cloud environment.

Threat, Vulnerabilities and consensus assessment

The following table shows the risks assessment associated with the deployment of cloud infrastructure within the working curriculum of the Aztec enterprise.

Data security:

The paradigm of the cloud computing environment involves the inclusion of communication network system for managing peer to peer information exchange, authorised and authenticated accessing management system with the authenticated protocols, and end user machine for the deployment of the cloud infrastructure. The traditional security architecture has to be transformed according to the requirement of the cloud computing environment.

The overhead cost of availability of the resources can be reduced with the implementation of the secured cloud computing environment (Shacklett, 2013). The response should be created for deploying the prevention techniques associated with the security of the cloud environment. The deployment of the security parameters in the cloud environment helps in resolving the issues related with the risks and vulnerabilities attacks associated with the cloud computing environment.

The encryption keys should be used for transferring the data and the information over the cloud. The effective security system can be developed by focusing on the quantification of the security risks associated with the cloud system and planning for proactive solution to overcome the problem of vulnerabilities associated with the project. The complex problem can be solved by managing the availability of the resources at the user end. The risks associated with the security infrastructure of the company can be solved with the inclusion of intrusion detection system and intrusion prevention system. The intrusion detection system and the intrusion prevention system are the two basic approaches which are used for securing the cloud infrastructure from the potential attack associated with the new system environment.

The antiviruses should be installed on the outsourcing units for preventing from the virus and the malware attack. The standard policies should be used for signing the service level agreement for achieving security in the cloud environment. The deployment of the security parameters in the cloud environment helps in resolving the issues related with the risks and vulnerabilities attacks associated with the cloud computing environment (Telstra report, 2011).

The roll backing of the virtual machines deployed on the cloud server helps in resolving the issues related with the malware attack on the cloud environment. The security parameter should be used for restricting the unauthorised accessing of the information from the multiple sources to minimize the risks of data loss and the loss of confidentiality and integrity of the system. The following benefits are provided for the implementation of cloud computing environment:

• Scalability of the processes helps in identifying the cloud storage
• The integration of activities helps in developing the heterogeneous environment for the unification of the processes.
• The open infrastructure helps in identifying the collaborative cloud solution for the smooth functioning of the processes.
• The capacity of the storage system can be optimized for storing the big data of the company on the cloud
• The consistency in managing the service level agreement for effectively managing the cloud storage
• The proactive decision can be taken for managing the interface between the cloud storage systems.
• Different security protocols should be used for protecting the data stored on the cloud (Wueest, 2015).

The following is the recommended security framework for managing the security and the risks associated with the migration of business processes to the cloud environment. The effective security system can be developed by focusing on the quantification of the security risks associated with the cloud system and planning for proactive solution to overcome the problem of vulnerabilities associated with the project (Patron, 2012). The priority should be determined for handling the risks issues associated with the cloud environment.

The deployment policies used for managing the security of cloud infrastructure by taking consideration on the following components:

• Designing of the program for managing the security of the resources associated with the cloud infrastructure
• The protection techniques and algorithm used for managing the confidentiality of the data
• The access control should be used for monitoring the implementation procedures of the cloud environment (Rosado, 2012)
• Method used for implementing the provisioning procedures for using application
• Method used for implementing the de-provisioning procedures for using application
• Management program used for auditing the governance procedures
• Management of the vulnerabilities
• Procedures used for testing, verification, and validation of the procedures.

Recommended mitigation plan for securing the Aztec business processes with the deployment of following business techniques:

• The requirement of security should be determined
• The development of the risks assessment matrix
• The control policies used for mitigating the risks associated with the cloud environment
• Identification of the limitation of access control used in the procedures
• Monitoring of the functional unit
• The encryption keys should be used for transferring the data and the information over the cloud.
• The identification of the private information whose confidentiality has to be maintained
• Authorization and authentication protocols should be used for restricting the unauthorised accessing of the data from the database.
• The reliability of the information should be tested before using it for business production processes.
• The scalability of the information should be maintained on the cloud environment.
• The standardized protocols should be used for managing the interface for the application deployed for carrying out business activity.
• Management of the information lifecycle for the deployment of control domains.
• Use of strong authentication protocols used for ensuring security in the flow of information (Hogmen, 2012)
• The security provided to the database by managing the private and the public key
• Use of granular policies for the financial sector of the organization
• Auditing the effectiveness of the processes
• Improving the effectiveness of the authentication policies

Conclusion:

The traditional security architecture has to be transformed according to the requirement of the cloud computing environment. The overhead cost of availability of the resources can be reduced with the implementation of the secured cloud computing environment. The research study should be conducted in the areas of discovering threats associated with the cloud environment, possibility of vulnerabilities occurrence, development of standards and policies used for overcoming the situation of attacks, provision given to the data security procedures, and etc. for analysing the security procedures used by the enterprise to overcome the critical situation of security. The intrusion detection and prevention system should be used for overcoming the risks associated with the cloud environment. The encryption keys should be used for transferring the data and the information over the cloud.

References:

Angelo, E. (2009). IT control objective for cloud computing. Retrieved from https://www.isaca.org/chapters2/kampala/newsandannouncements/Documents/IT%20contro%20objectives%20for%20Cloud%20computing.pdf

Betcher, T. (2010). Cloud computing: IT related risks. Retrieved from https://scholarsbank.uoregon.edu/xmlui/bitstream/handle/1794/10207/Betcher-2010.pdf

Buhalis, S. (2014). Mitigating risks in the cloud. Retrieved from https://webobjects.cdw.com/webobjects/media/pdf/Solutions/Cloud-Computing/151383-Mitigating-Risk-in-the-Cloud.pdf

Dhammeratchi, D. (2012). Reinventing business with cloud computing. Retrieved from https://www-01.ibm.com/events/wwe/grp/grp033.nsf/vLookupPDFs/CWHK_Cloud_User_Guide_IBM_May_2012/$file/CWHK_Cloud_User_Guide_IBM_May_2012.pdf

Garg, A. (2013). Cloud computing for the financial services industry. Retrieved from https://www.sapient.com/content/dam/sapient/sapientglobalmarkets/pdf/thought-leadership/GM_Cloud_Computing.pdf

Greenwood, D. (2014). Cloud migration: A case study of migrating an enterprise IT system to IAAS. Retrieved from https://www.aspiresys.com/WhitePapers/Cloud-Migration-Methodology.pdf

Hogmen, G. (2012). Benefits, risks, and recommendation for information security. Retrieved from https://resilience.enisa.europa.eu/cloud-security-and-resilience/publications/cloud-computing-benefits-risks-and-recommendations-for-information-security

Jayachandran, J. (2013). Cloud migration methodology. Retrieved from https://www.aspiresys.com/WhitePapers/Cloud-Migration-Methodology.pdf

Marston, S. (2011). Cloud computing the business perspective. Retrieved from https://www.keencomputer.com/images/KEENCOMP/CLOUD/cloud-computing-business-perspective.pdf

Murray, P. (2013). Common risks of using business apps in the cloud. Retrieved from https://www.us-cert.gov/sites/default/files/publications/using-cloud-apps-for-business.pdf

Patron, C. (2012). Cloud computing: Transforming IT and business. Retrieved from https://www-01.ibm.com/events/wwe/grp/grp033.nsf/vLookupPDFs/CWHK_Cloud_User_Guide_IBM_May_2012/$file/CWHK_Cloud_User_Guide_IBM_May_2012.pdf

Rao, R. (2016). Moving t the cloud key consideration. Retrieved from https://home.kpmg.com/content/dam/kpmg/pdf/2016/04/moving-to-the-cloud-key-risk-considerations.pdf

Rosado, D. (2012). Security analysis in the migration to cloud environment. Retrieved from https://www.google.co.in/url?sa=t&rct=j&q=Research%20paper%20pdf%20on%20IT%20risks%20associated%20with%20Migrating%20business-critical%20applications%20and%20their%20associated%20data%20sources%20to%20an%20external%20Cloud%20hosting%20solution.&source=web&cd=2&cad=rja&uact=8&ved=0ahUKEwjlnva-5b3WAhXJvI8KHbhGBN8QFggtMAE&url=https://www.mdpi.com/1999-5903/4/2/469/pdf&usg=AFQjCNGg3GaViyiwLmGSi-0834mgdwnAAQ

Shacklett, D. (2013). Need for quantum cryptography. Retrieved from https://aircconline.com/ijaia/V6N5/6515ijaia07.pdf

Telstra report. (2011). Moving to cloud. Retrieved from https://www.telstra.com.au/content/dam/tcom/business-enterprise/industries/pdf/business-govt-moving-to-cloud.pdf

Williams, I. (2012). Making the move to cloud computing. Retrieved from https://www.icaew.com/-/media/corporate/archive/files/technical/information-technology/technology/making-the-move-to-cloud-computing.ashx?la=en

Wueest, L. (2015). Mistakes in the IAAS cloud could put your data at risks. Retrieved from https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/mistakes-in-the-iaas-cloud-could-put-your-data-at-risk.pdf