Loading...
Please wait, while we are loading the content...
Similar Documents
Development Of A Model Integrated Framework of Risk Identification and Governance for Hybrid Cloud Infrastructure
| Content Provider | Semantic Scholar |
|---|---|
| Author | Dikshit, Neeraj Kumar |
| Copyright Year | 2018 |
| Abstract | After the practical implementation of the cloud technology across various type of Organizations Including commercial and non-Commercial organizations, it has been realized that Keeping entire IT resources and services on Public Cloud is too risky and not always a cost effective proposition. Perhaps it’s best to distribute your IT resources — and not rely on just one: IT Cloud Service, but multiple services including having Private cloud On-premises (“On-premises cloud”) or Virtualized On –Premise IT Infrastructure along with Legacy IT resources. James Kaplan, Chris Rezek, and Kara Sprague of McKinsey in their report on cloud remarked “Having a Mixed portfolio of cloud services, as well as on-premises capabilities, may be the best way to guard Sensitive data, they suggest. This is especially important since simply “refusing to use cloud Capabilities is not a viable option for most institutions”. Hybrid cloud is a cloud computing environment which uses a mix of on-premises, private cloud and third-party, public cloud services with orchestration between the two platforms. By allowing workloads to move between private and public clouds as computing needs and costs change, hybrid cloud gives businesses greater flexibility and more data deployment options. Hybrid cloud is particularly valuable for dynamic or highly changeable workloads. In Nut shell, below table explains the overall benefits of Hybrid Cloud over other Cloud Models: Security Risks and Challenges in Hybrid Cloud: Hybrid cloud isn't perfect and still includes a few of security obstacles. Hence if any business maintaining a hybrid cloud, they have to keep the following Major security issues in their Mind: 1. Absence of data redundancy: Hybrid cloud is a complex system. Limited experience in identifying and managing security challenges in the cloud environment creates great risk. Cloud architects need redundancy across data centers to moderate the impact of an outage in a single data center. A lack of redundancy can become a serious security risk in hybrid cloud, specifically if redundant copies of data are not distributed across data centers. 2. Compliance : In a hybrid cloud maintaining and demonstrating compliance are more difficult. Not only you have to ensure that your public cloud provider and private cloud are in compliance, but you also must demonstrate that the means of coordination between the two clouds is compliant. 3. Poorly constructed SLAs: You have to be very confident that your public cloud provider can consistently meet expectations detailed in the service-level agreement (SLA). Ascertain your private cloud live up to that same SLA. If not, you may need to create SLAs based on expectations of the lesser of the two clouds and that may be your private cloud. Collect data on your private cloud's availability and performance and look for potential problems with integrating public and private clouds that could disrupt service. 4. Risk management: It is extremely difficult to manage Information security and risk perspective of a business organization. Cloud computing (hybrid cloud in particular) uses new application programming interfaces (APIs), requires complex network configurations, and pushes the limits of traditional Security System administrators' and Solution experts ‘s knowledge and abilities. These factors introduce new types of threats. 5. Security management: The existing security controls such as authentication, authorization and identity management should work in both the private and public cloud. But Hybrid Cloud is the combination of all modes of Cloud models integrated with Internal Virtualized Infrastructure. Hence to integrate these security protocols in hybrid environment and prove compliance could be fairly complex issue to handle. Objective of the Study: This research an informed assessment of the security risks and benefits of using Hybrid Cloud Computing providing security guidance for potential and existing users of cloud computing. Hybrid Cloud computing security is an important aspect to be evaluated and mitigation of the Same has to be reviewed since there is no integrated framework of the Risks Identification and Governance for the Hybrid IT. This research will highlight the key concepts of cloud security, Industry recognized various IT Security Standards/Best Practices/Frameworks and Processes .being adopted in SMEs and Enterprise Organizations as well as cloud service providers. The purpose of this Research is to propose /develop a Model Integrated Framework of IT Security Risk Management for Hybrid Cloud Infrastructure where the focus is on Risk Identification and Governance The objectives of this Research are following: 1) To analyze the current Hybrid Cloud and Virtualization Environment with respect to potential risks and regulatory /statutory compliance challenges. 2) Study and analyze available Standards/Frameworks/Methodologies/Best Practices for the Risks Identification, Assessment and Governance of the Hybrid Cloud and OnPremise Virtualized IT Infrastructure. 3) To establish the urgent need and requirement for An Integrated Risk Identification /Assessment and Control Framework for the Hybrid Cloud and On-Premise Virtualized IT Infrastructure . 4) To Develop and Propose the Risk Identification and Governance Framework. 5) To conclude the applicability of the Proposed Governance Framework in The Hybrid Cloud: Public, On -Premise Private Cloud, On-Premise Virtualized Infrastructure along with Legacy IT Resources. Scope: The scope of this research study is restricted to the following: 1) To Identify and Analyze all the Standards/Frameworks/Best Practices for the overall risk identification and control to secure the Cloud and On-Premise Virtualization Infrastructure specially focusing Hybrid Cloud Infrastructure. 2) To establish the absence of an Integrated and Standard Framework for the Hybrid Cloud Risk Governance and Compliance and prove the urgent requirement of the same by the organizations and IT industry at large. 3) To Develop and propose an Integrated and Standardized Model for the Risk Identification and Governance Framework for Hybrid Cloud. 4) The Proposed framework will explain the applicability of the same in Hybrid cloud environment as well as all the other mode of cloud deployments including Virtualized IT Infrastructure. 5) The Practical Testing of this framework on different segments of organizations including Cloud Service Providers /Business Organizations and IT Solution Providers is out of the scope of this Research Study. B. Proposed Methodology : This proposed research study involves the study of already available various frameworks, standards and concepts related to Security, Risk Identification, Assessment and Governance for the In-Premise and /or Cloud Computing. This involves the study of the research already done and being done for the Risk Assessment and Governance for the Cloud /In-Premise and especially for the Hybrid Cloud as well to prepare the case for the Model framework. Underlining the gaps or limitations in these frameworks /standards and concepts when implemented in the complex Hybrid Cloud Environment for the End to End Risk Assessment and Governance is one of the motive of this study. Views and concerns from the CxOs of various organization are also required to be collected to highlight the need for a Model Integrated Risk Identification and Control Frame work. Proposing the Model Integrated Framework for Hybrid Cloud Infrastructure is the ultimate objective of this study. So the research methodology and approach planned for this project is explained below: 1. The nature of the study: This Study is Qualitative and Descriptive in nature as this involves the study of the Present situation of a phenomena in this case Risk Assessment and Governance in Hybrid Cloud Infrastructure. This Study can be categorized in Applied Research as well as it try to find out the solution for an existing practical problem being faced by the Organizations at large while adopting Hybrid IT approach . 2. The purpose of the study : The purpose of this study is to propose a Model Integrated Framework of Risk Identification and Governance for Hybrid IT Infrastructure which is an attempt to address the existing practical problem of inability to Measure the Risks and Devise the Control in Hybrid Cloud to by CxOs and Organizations at large to ensure the compliance and assure the stakeholders. As outlined above in the Research Objective section, the main objectives of this research Are following: 1. To analyze the current Hybrid Cloud and Virtualization Environment and establish the need and requirement for An Integrated Risk Identification and Control Framework for the same. 2. To Develop and Propose the Risk Identification and Governance Framework, 3. To conclude the applicability of the Proposed Governance Framework in The Hybrid Cloud: Public, On -Premise Private Cloud, On-Premise Virtualized Infrastructure along with Legacy IT Resources. 3. The location where the study would be conducted: The study will be conducted in Primarily National Capital Region (NCR) but not restricted to other locations within India. Google, Shodh Ganga, Shodh Gangotri and various Online Free Research Journals will be used to find out the research done and being done in the field of Risk Identification and Governance for Hybrid Cloud and other related areas. 4. Research Questions : From the previous section i.e. Introduction Section, it is not hard to accept the fact that in the area of Hybrid Cloud, `security' is still a challenge. As long as this new paradigm does not evolve into a more secure computing platform, which users (organizations/individual) can trust, depend on and utilize in everyday work, harnessing the benefit of Hybrid Cloud is not possible. Preliminary studies show that most of the organizations are concerned about security when considering Hybrid Cloud Infrastructure applications. There is no standa |
| File Format | PDF HTM / HTML |
| Alternate Webpage(s) | https://shodhgangotri.inflibnet.ac.in/bitstream/123456789/5773/1/neeraj%20dixit.pdf |
| Language | English |
| Access Restriction | Open |
| Content Type | Text |
| Resource Type | Article |
