KMBI IT04: CLOUD COMPUTING FOR BUSINESS (UNIT – II)

CLOUD DEPLOYMENT MODEL

It works as your virtual computing environment with a choice of deployment model depending on
how much data you want to store and who has access tothe infrastructure.

Different Types of Cloud Computing Deployment Models

Most cloud hubs have tens of thousands of servers and storage devices to enable fast loading. It is
often possible to choose a geographic area to put the data “closer” to users. Thus, deployment
models for cloud computing are categorized based on their location. To know which model would best
fit the requirements of your organization, let us first learn about the various types.

1. Public Cloud
The name says it all. It is accessible by the public. Public deployment models in the cloud are perfect
for organizations with growing and fluctuating demands.It also makes a great choice for companies
with low-security concerns. Thus,you pay a cloud service provider for networking services, compute
virtualization & storage available on the public internet. This is also a great delivery model for the
teams with development and testing. Its configuration and deployment are quick and easy, making it
an ideal choice for test environments.

2. Private Cloud
What it means is that it will be integrated with your data center and managed by your IT team.
Alternatively, you can also choose to host it externally. When it comes to customization, the private
cloud offers bigger opportunities that help meet specific organization’s requirements. It’s also a wise
choice for mission- critical processes that may have frequently changing requirements.

3. Community Cloud
The community cloud operates in a way that is similar to the public cloud. There’s just one
difference – it allows access to only a specific set of users who share common objectives and use
cases. This type of deployment model of cloud computing is managed and hosted internally or by a
third-party vendor. However, you can also choose a combination of all three.

4. Hybrid Cloud
As the name suggests, a hybrid cloud is a combination of two or more cloud architectures. While
each model in the hybrid cloud functions differently, it is all part of the same architecture. Further, as
part of this deployment of the cloud computing model, the internal, or external providers can offer
resources.

A company that has critical data will prefer storing on a private cloud, while less sensitive data can be
stored on a public cloud. The hybrid cloud is also frequently used for ‘cloud bursting’. It means,
suppose an organization runs an application on-premises, but due to heavy load, they can burst into
the public cloud.

1
 CLOUD MIGRATION APPROACHES

These three approaches are lift and shift, application refactoring, and re- platforming –each of which
we’ll get into, discussing their purpose and migration process.

1. The Lift and Shift Migration Approach

The lift and shift migration approach is about migrating your application and associated data to the
cloud with minimal or no changes. Applications are effectively “lifted” from the existing
environments and “shifted” as-is to new hosting premises; i.e. in the cloud. As such, there are often
no significant changes to make in the application architecture, data flow, or authentication
mechanisms.

2. The Refactoring Migration Approach

Re-imagining how the application is architected and developed, typically using cloud-native features.

This is typically driven by a strong business need to add features, scale, or performance that would
otherwise be difficult to achieve in the application’s existing environment.

Are you looking to migrate from a monolithic architecture to a service-oriented (or server-less)
architecture to boost agility or improve business continuity (I’ve heard stories of mainframe fan belts
being ordered on e-bay)? This pattern tends to be the most expensive, but, if you have a good product-
market fit, it can also be the most beneficial.

3. The Re-platforming Migration Approach

Replatforming is a cloud migration strategy that involves modifying a legacy system to work
optimally in the cloud without rewriting its core architecture. The replatform strategy goes by other
names, like Lift and Reshape, Move and Improve, or the Lift, Tinker, and Shift application
migration strategy.

You can retool a legacy application to work in a cloud environment without spending extra time or
money to change the core architecture. So, with only a few updates to your app, you can use a
cloud-native feature like auto-scalability and support Agile DevOps processes.

Replatforming is possible with either on-premises or previously rehosted apps and workloads.

2
 INFORMATION SECURITY & DATA PROTECTION
Phases in information lifecycle: Here are the 6 data lifecycle phases in order

1. Data creation: How does the data enter your enterprise? When an employee creates a file,
design research compiles results in a spreadsheet, data comes in through capture forms on your
website, or any other form of data creation, that information automatically becomes part of
your company’s data. This active data is stored locally on servers, in the cloud, or a host data
center.
2. Data maintenance: This is when data gets processed and synthesized in a variety of tasks.
This is a fairly broad range of management actions, such as how data is supplied to the end
users and how analytics such as modeling are performed.
3. Data usage: Now is when the data is used and moved around your enterprise. Maybe it’s
being transformed and enhanced by end users. Data usage can even be a product or service that
your enterprise offers. This is where governance and compliance challenges arise.
4. Data publication: This is one way that data can leave your enterprise. Say you publish a
white paper that is downloaded by multiple companies, or you use data you’ve collected to
send out invoices or investment statements to customers.
5. Data archiving: At some point in time, the data in your system will haveno immediate use,
and it’s time to archive it in case it might be needed in the future. This removes the data
from your active environment and moves it off to storage.
6. Data destruction: When you no longer need data, it must be destroyed. This is another
point in the data lifecycle where a governance and compliance issue might be raised.
It’s important to ensure that the data has actually been destroyed properly.

CHALLENGES IN DATA LIFECYCLE SECURITY

Cloud vendors provide a layer of security to user’s data. However, it is still not enough since the
confidentiality of data can often be at risk. There are various types of attacks, which range from
password guessing attacks and man-in-the- middle attacks to insider attacks, shoulder surfing attacks,
and phishing attacks.Here is a list of the security challenges which are present within the cloud:

1. Data Protection and Misuse: When different organizations use the cloud to store their
data, there is often a risk of data misuse. To avoid this risk, there is an imminent need to secure
the data repositories. To achieve this task, one can use authentication and restrict access
control for the cloud’s data.
2. Locality: Within the cloud world, data is often distributed over a series of regions; it is
quite challenging to find the exact location of the data storage. However, as data is
moved from one country to another, the rules governing the data storage also change;
this brings compliance issues and data privacy laws into the picture, which pertain to the
storage of data within the cloud. As a cloud service provider, the service provider has to
inform the users of their data storage laws, and the exact location of the data storage server.
3. Integrity: The system needs to be rigged in such a manner so to providesecurity and access
restrictions. In other words, data access should lie with authorized personnel only. In a cloud
environment, data integrity should be maintained at all times to avoid any inherent data loss.
Apart from restricting access, the permissions to make changes to the data should be
limited to specific people, so that there is no widespread access problem at a later stage.
4. Access: Data security policies concerning the access and control of data are essential in the
3
 long run. Authorized data owners are required to give part access to individuals so that
everyone gets only the required access for parts of the data stored within the data mart. By
controlling and restricting access, there is a lot of control and data security which can be
levied to ensure maximums security for the stored data.
5. Confidentiality: There is a lot of sensitive data which might be stored in the cloud. This
data has to have extra layers of security on it to reduce the chances of breaches and
phishing attacks; this can be done by the service provider, as well as the organization.
However, as a precaution, data confidentiality should be of utmost priority for sensitive
material.
6. Breaches: Breaches within the cloud are not unheard. Hackers can breach security
parameters within the cloud, and steal the data which might otherwise be considered
confidential for organizations. On the contrary, a breach can be an internal attack, so
organizations need to lay particular emphasis in tracking employee actions to avoid any
unwanted attacks on stored data.
7. Storage: For organizations, the data is being stored and made availablevirtually. However,
for service providers, it is necessary to store the data in physical infrastructures, which
makes the data vulnerable andconducive to physical attacks.

These are some of the security issues which come as a part of the cloud environment. However,
these are not exactly difficult to overcome, especially with the available levels of technological
resources these days. There is a lot of emphasis on ensuring maximum security for the stored data so
that it complies with the rules and regulations, as well as the organization’s internal compliance
policies.

DATA CENTER

A data center (or datacenter) is a facility composed of networked computers andstorage that businesses
and other organizations use to organize process, store and disseminate large amounts of data. A
business typically relies heavily upon the applications, services and data contained within a data
center, making it a focal point and critical asset for everyday operations.

How do data centers operate?

Data center services are typically deployed to protect the performance andintegrity of the core
data center components.

1. Network security appliances. These include firewall and intrusion protection to

safeguard the data center.
2. Application delivery assurance. To maintain application performance, these
mechanisms provide application resiliency and availability via automatic failover
and load balancing.

Types of data centers

1. Enterprise data centers

These are built, owned, and operated by companies and are optimized for their end users. Most often
they are housed on the corporate campus.

4
 2. Managed services data centers

These data centers are managed by a third party (or a managed services provider) on behalf of a company.
The company leases the equipment and infrastructure instead of buying it.
3. Colocation data centers

In colocation ("colo") data centers, a company rents space within a data center owned by others and
located off company premises. The colocation data center hosts the infrastructure: building, cooling,
bandwidth, security, etc., while the company provides and manages the components, including servers,
storage, andfirewalls.
4. Cloud data centers

In this off-premises form of data center, data and applications are hosted by a cloud services provider
such as Amazon Web Services (AWS), Microsoft (Azure), or IBM Cloud or other public cloud
provider.

DATA CENTER SECURITY AND

SAFETY
Data center designs must also implement sound safety and security practices. For example, safety is
often reflected in the layout of doorways and access corridors, which must accommodate the
movement of large, unwieldy IT equipment, as well as permit employees to access and repair the
infrastructure. Fire suppression is another key safety area, and the extensive use of sensitive, high-
energy electrical and electronic equipment precludes common sprinklers. Instead, data centers often
use environmentally friendly chemical fire suppression systems, which effectively starve a fire of
oxygen while mitigating collateral damage to the equipment. Because the data center is also a core
business asset, comprehensive security measures, like badge access and video surveillance, help to
detect and prevent malfeasance by employees, contractors and intruders.