7.3 Cloud Computing Technologies

Technology Components in Cloud Computing

Since the development of the cloud environment, there has been specific network architecture needed, such as more availability to control the flow of data, how it manages access to the applications, and bandwidth capabilities. Traditional network architectures did not meet these requirements, which led to the development of SDNs. The SDNs changed the way networking components worked and handled traffic, and they opened new methods of controlling the network architecture. The SDNs move from the proprietary software and configurations of network equipment manufacturers to develop a mechanism to enable control at specific levels of the network architecture. The other aspect of SDNs is their ability to virtualize the network infrastructure, enabling the network manager to control the network infrastructure from the SDN controller (Figure 7.11). The SDN controller provides centralized management of the network environment, the application layer manages the applications and provides information to the SDN controller regarding the needs of the applications, and the infrastructure layer is the layer where the physical network hardware resides.

Figure 7.11 The components of a software-designed network (SDN) are broken into three layers: application, controller, and infrastructure. Each layer has its function within the SDN structure. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license; credit "Routers": modification of work "Router (16624) - The Noun Project" by Christopher Pond/Wikimedia Commons, CC0 1.0)

Advances in virtualization have changed the realm of network storage. Virtualization has enabled network storage to be expanded, meaning that cloud consumers can access more storage. It has also offered more options for developing customized storage solutions for customers.

Today, there are cloud computing providers that specialize in storage only. They have taken the storage-area network (SAN), which is a network that provides high-speed connectivity to a storage environment, and introduced virtualization to it and expanded the storage capabilities (Figure 7.12). Changing the traditional SAN into a virtualized environment creates a pool of virtual servers that can now be used as a cloud storage environment. This virtualization of SAN has also changed the requirement for a large amount of physical storage, thus changing the cost factor for both the cloud provider and the cloud consumer.

With every change comes challenges, such as the introduction of broadband networks, which provided cloud providers with needed bandwidth but also created greater security concerns. Increasing throughput and network capacity along with the increased bandwidth means an increase in the need for security tools for cloud providers and their consumers. The cloud consumer expects to be able to trust that the cloud provider has the necessary security tools in place to protect their data at the same time they provide availability to the data.

Figure 7.12 The first component to virtualize a server is a physical server. The next is a virtualization interface tool to inventory the resources of the physical server and allocate them into the virtual server environment. Once the tool is implemented, the virtual server environment can be built out. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

Migration Strategies and Best Practices

When an organization evaluates the possibility of migrating (moving) their systems, data, and infrastructure to a cloud-based environment, they must determine their migration strategy, which is the plan an organization will follow to move to the cloud. This migration must be laid out in a manner that upholds the organization’s business strategies. Some best practices that an organization might consider for migration are the following:

1. Identify the goals and objectives of the organization. This process will help the organization better understand its need for a cloud-based environment and what advantage the environment will offer the organization.
2. Evaluate cloud providers to select the one that maximizes the business’s strategies. The evaluation process is a step that will identify the advantages and disadvantages of each of the cloud providers considered for the transition to the cloud.
3. Design a plan for the migration. This process will require the involvement of the different departments in the organization. The final plan should be assessed to ensure it adheres to IT governance.
4. Implement a methodology for communication about the migration. This step is needed to create the procedures for communicating the progress of the migration to the different departments in the organization.
5. Develop a test plan for the migration, and conduct a practice run. The migration process should have a test environment in the plan to validate the data migration tool, which is a software-based tool that is designed to move data from one data repository to another, and the ability to migrate into the cloud-based environment. The practice run will prove or disprove the ability to migrate into the cloud.
6. Conduct the migration. During this step, the migration process moves forward, and the systems are moved to the cloud-based environment.
7. Employ a specialist for the migration on the new platform. This aspect of the migration may be covered by the cloud provider, or the organization migrating will have personnel to accomplish the process.

To select the migration tool to be used during the process, it is necessary to have chosen a cloud provider. Each cloud provider will have migration tools specific to their systems and specialists trained in them. Part of the practice run process will include testing the migration tools that the cloud provider uses, based on the amount of data to be transferred, the type of data to be transferred, and network constraints.

Another point in the migration plan is the funding of the project. This funding will require management support and the financial resources of the organization. In most migrations, the cloud provider offers an estimate for the cost of the process. This is only an estimate because there are variables that may change during the process. One such variable is the actual amount of data that are migrated because the volume will change between the time the migration plan is developed and when the process starts.

One process that an organization should require is compliance with the CIA triad (refer to Figure 5.2). Security in the migration process is a priority when selecting the cloud provider. There are many security standards that should be followed in the handling of data, such as the General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard, which are discussed in Chapter 6 Enterprise Security, Data Privacy, and Risk Management. These security standards are dictated by international standards, federal regulations, and even state statutes. Security processes should then be laid out with the cloud provider to determine what type of identity and access management, network security, and data encryption the cloud consumer will require. This service will have to be accounted for in the estimate to fund the migration.

Cloud-Based Standards in Industry

When designing cloud-based solutions for an organization, the organization will need to research the cloud providers, the services available, the service levels required, contractual obligations, and even arbitration policies. After performing this due diligence, the organization will need to select and implement an international, federal, or state standard for the design process. One standard is the NIST Cloud Computing Reference Architecture, which is a federal standard that can provide direction for an organization in the selection process, industry definitions, and components of a cloud architecture. The NIST document will be informative and resourceful for an organization that is considering a cloud environment for the first time. Some cloud providers have frameworks in place to help organizations migrate into their cloud environment. The framework provides guidance, tools, and processes to migrate into the new platform, accounting for operations, performance, security, and cost.

When reviewing industry standards for cloud-based computing, organizations will need to continuously reference the different cloud service models, cloud deployment models, and cloud security standards that each provider offers. One such model is Security as a Service (SECaaS), a cybersecurity service that a cloud provider offers to protect cloud consumers. It can be implemented across community, public, private, and hybrid cloud deployment models. Another model is Firewall as a Service (FWaaS), which is a cybersecurity service that a cloud provider offers to protect the perimeter of a company’s network.

Figure 7.13 The three main parts of the cloud provider infrastructure are SaaS, PaaS, and IaaS. The SECaaS is a component of the SaaS infrastructure. The DBaaS is a component of the PaaS infrastructure. The FWaaS is a component of the IaaS infrastructure. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

One decision that an organization needs to make is the security standards to follow. The NIST Cybersecurity Framework, which, as you learned in 5.3 Information Security and Risk Management Strategies, is a federal standard that works in any computing environment. The framework provides guidance in the following areas (Figure 7.14):

• identifying, determining what in the organization needs to be protected;
• protecting, putting safeguards in place to build a structure for the protection of assets;
• detecting, implementing tools needed to identify cybersecurity threats;
• responding, implementing a strategy for the containment of any cybersecurity incidents; and
• recovering, restoring any system to operational status after a cybersecurity occurrence.

Figure 7.14 Each component of the NIST Cybersecurity Framework has a specific function in the cybersecurity framework. Organizations can create their own functions for each of the components. (credit: modification of work from Introduction to Computer Science. attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

The NIST Cybersecurity Framework provides a foundation for an organization to develop a cybersecurity program. It can be used in the development of policies for cybersecurity, risk management, business continuity, and disaster recovery plans.