Learning Objectives
By the end of this section, you will be able to:
- Identify the technology components in cloud computing
- Discuss migration strategies and best practices
- Identify cloud-based standards in industry
The technical components of cloud computing range from advances in networking to the possibilities of virtualization. For each aspect of cloud computing technology, there is a component that creates a feature, service, or tool that a consumer needs. These components interlock to build the foundation for cloud computing.
When organizations choose to migrate their systems, data, and services to the cloud, they should identify and follow best practices. Each organization will develop its own best practices based on trial and error, lessons learned, and the plans that other organizations have used. Each organization will build its migration strategies to accomplish its goal, which is to have a successful transformation to the cloud.
As part of any transition in service, an organization will need to verify the applicable industry standards and regulatory requirements and ensure they adhere to them. There may be international, federal, and state regulatory requirements they need to follow.
Technology Components in Cloud Computing
Since the development of the cloud environment, there has been specific network architecture needed, such as more availability to control the flow of data, how it manages access to the applications, and bandwidth capabilities. Traditional network architectures did not meet these requirements, which led to the development of SDNs. The SDNs changed the way networking components worked and handled traffic, and they opened new methods of controlling the network architecture. The SDNs move from the proprietary software and configurations of network equipment manufacturers to develop a mechanism to enable control at specific levels of the network architecture. The other aspect of SDNs is their ability to virtualize the network infrastructure, enabling the network manager to control the network infrastructure from the SDN controller (Figure 7.11). The SDN controller provides centralized management of the network environment, the application layer manages the applications and provides information to the SDN controller regarding the needs of the applications, and the infrastructure layer is the layer where the physical network hardware resides.
Advances in virtualization have changed the realm of network storage. Virtualization has enabled network storage to be expanded, meaning that cloud consumers can access more storage. It has also offered more options for developing customized storage solutions for customers.
Today, there are cloud computing providers that specialize in storage only. They have taken the storage-area network (SAN), which is a network that provides high-speed connectivity to a storage environment, and introduced virtualization to it and expanded the storage capabilities (Figure 7.12). Changing the traditional SAN into a virtualized environment creates a pool of virtual servers that can now be used as a cloud storage environment. This virtualization of SAN has also changed the requirement for a large amount of physical storage, thus changing the cost factor for both the cloud provider and the cloud consumer.
With every change comes challenges, such as the introduction of broadband networks, which provided cloud providers with needed bandwidth but also created greater security concerns. Increasing throughput and network capacity along with the increased bandwidth means an increase in the need for security tools for cloud providers and their consumers. The cloud consumer expects to be able to trust that the cloud provider has the necessary security tools in place to protect their data at the same time they provide availability to the data.
Link to Learning
The use of virtualization tools in the cloud environment is a necessity—especially in the area of server virtualization—as a way to increase the performance, availability, and reliability of a cloud service. Read this article about the specific placement of the virtual machine in the cloud system to understand how researchers determined that placement can affect efficiency.
Migration Strategies and Best Practices
When an organization evaluates the possibility of migrating (moving) their systems, data, and infrastructure to a cloud-based environment, they must determine their migration strategy, which is the plan an organization will follow to move to the cloud. This migration must be laid out in a manner that upholds the organization’s business strategies. Some best practices that an organization might consider for migration are the following:
- Identify the goals and objectives of the organization. This process will help the organization better understand its need for a cloud-based environment and what advantage the environment will offer the organization.
- Evaluate cloud providers to select the one that maximizes the business’s strategies. The evaluation process is a step that will identify the advantages and disadvantages of each of the cloud providers considered for the transition to the cloud.
- Design a plan for the migration. This process will require the involvement of the different departments in the organization. The final plan should be assessed to ensure it adheres to IT governance.
- Implement a methodology for communication about the migration. This step is needed to create the procedures for communicating the progress of the migration to the different departments in the organization.
- Develop a test plan for the migration, and conduct a practice run. The migration process should have a test environment in the plan to validate the data migration tool, which is a software-based tool that is designed to move data from one data repository to another, and the ability to migrate into the cloud-based environment. The practice run will prove or disprove the ability to migrate into the cloud.
- Conduct the migration. During this step, the migration process moves forward, and the systems are moved to the cloud-based environment.
- Employ a specialist for the migration on the new platform. This aspect of the migration may be covered by the cloud provider, or the organization migrating will have personnel to accomplish the process.
To select the migration tool to be used during the process, it is necessary to have chosen a cloud provider. Each cloud provider will have migration tools specific to their systems and specialists trained in them. Part of the practice run process will include testing the migration tools that the cloud provider uses, based on the amount of data to be transferred, the type of data to be transferred, and network constraints.
Another point in the migration plan is the funding of the project. This funding will require management support and the financial resources of the organization. In most migrations, the cloud provider offers an estimate for the cost of the process. This is only an estimate because there are variables that may change during the process. One such variable is the actual amount of data that are migrated because the volume will change between the time the migration plan is developed and when the process starts.
One process that an organization should require is compliance with the CIA triad (refer to Figure 5.2). Security in the migration process is a priority when selecting the cloud provider. There are many security standards that should be followed in the handling of data, such as the General Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard, which are discussed in Chapter 6 Enterprise Security, Data Privacy, and Risk Management. These security standards are dictated by international standards, federal regulations, and even state statutes. Security processes should then be laid out with the cloud provider to determine what type of identity and access management, network security, and data encryption the cloud consumer will require. This service will have to be accounted for in the estimate to fund the migration.
Cloud-Based Standards in Industry
When designing cloud-based solutions for an organization, the organization will need to research the cloud providers, the services available, the service levels required, contractual obligations, and even arbitration policies. After performing this due diligence, the organization will need to select and implement an international, federal, or state standard for the design process. One standard is the NIST Cloud Computing Reference Architecture, which is a federal standard that can provide direction for an organization in the selection process, industry definitions, and components of a cloud architecture. The NIST document will be informative and resourceful for an organization that is considering a cloud environment for the first time. Some cloud providers have frameworks in place to help organizations migrate into their cloud environment. The framework provides guidance, tools, and processes to migrate into the new platform, accounting for operations, performance, security, and cost.
When reviewing industry standards for cloud-based computing, organizations will need to continuously reference the different cloud service models, cloud deployment models, and cloud security standards that each provider offers. One such model is Security as a Service (SECaaS), a cybersecurity service that a cloud provider offers to protect cloud consumers. It can be implemented across community, public, private, and hybrid cloud deployment models. Another model is Firewall as a Service (FWaaS), which is a cybersecurity service that a cloud provider offers to protect the perimeter of a company’s network.
One decision that an organization needs to make is the security standards to follow. The NIST Cybersecurity Framework, which, as you learned in 5.3 Information Security and Risk Management Strategies, is a federal standard that works in any computing environment. The framework provides guidance in the following areas (Figure 7.14):
- identifying, determining what in the organization needs to be protected;
- protecting, putting safeguards in place to build a structure for the protection of assets;
- detecting, implementing tools needed to identify cybersecurity threats;
- responding, implementing a strategy for the containment of any cybersecurity incidents; and
- recovering, restoring any system to operational status after a cybersecurity occurrence.
The NIST Cybersecurity Framework provides a foundation for an organization to develop a cybersecurity program. It can be used in the development of policies for cybersecurity, risk management, business continuity, and disaster recovery plans.
Future Technology
Cybersecurity Issues in Artificial Intelligence Use in Cloud Computing
Consider the future of cybersecurity as it pertains to cloud computing and then add a tool like AI. The use of AI in cybersecurity can greatly enhance the methodology used to identify potential threats to the cloud environment. The full extent of the opportunities that AI can add to the tools cybersecurity specialists use is unknown at this time, yet it can play a role in the defense of data. In fact, the Cybersecurity and Infrastructure Security Agency (CISA) has published its “Roadmap for Artificial Intelligence” to demonstrate how the U.S. cyber defense agency believes they can use AI responsibly to enhance and protect critical infrastructure.4 The future of cybersecurity involves AI, so it is important to learn how to use it responsibly to protect and secure data. Reading about how CISA is using AI in cybersecurity can provide a foundation for this knowledge.
Case Study: Migrating to the Cloud
A company wants to restructure its IT resources and has determined that the cloud meets its requirements. It has compared the use of a cloud-based environment to the goals and objectives of the organization and concluded that the cloud-based environment will offer a competitive advantage in the organization’s industry. This restructuring will require the migration of the company’s systems to the cloud.
The organization will have project managers work with IT to develop a migration plan and submit it for approval for those specializing in IT governance. The plan will require that IT provide resources to configure the migration tool needed to move to this cloud provider’s environment. The plan is laid out as follows:
- Identify all assets to be migrated to the cloud.
- Identify all licensing associated with the software currently used.
- Meet with the cloud provider to determine which licensing will transfer or if licensing is provided in the contract.
- Establish a test environment in the cloud.
- Decide on the migration tool to be used and develop the migration application.
- Test the migration tool in a practice run.
- Review the information from the practice run to determine if the migration will be successful.
- Establish a migration date and communicate it across the organization.
- Conduct the migration.
- Test and validate the migration.
- Conduct a follow-up to the migration and create a lessons-learned document.
This is a simple outline of a process an organization might follow to migrate to the cloud. Each migration is different and has requirements that will vary depending on factors associated with the organization and the cloud provider.
Footnotes
- 4Cybersecurity and Infrastructure Security Agency, “Artificial Intelligence,” U.S. Department of Homeland Security, accessed January 20, 2025, https://www.cisa.gov/ai