SlideShare a Scribd company logo

Iaetsd design and implementation of secure cloud systems using

I
Iaetsd Iaetsd

The document proposes a Business Continuity Management (BCM) framework to address data security issues when transforming cloud systems into a meta cloud. BCM is a holistic management process that identifies risks and reduces the impacts of data leakage. It involves understanding the organization, determining continuity strategies, developing response plans, and exercising/reviewing plans. The framework contains components like business continuity leads, working groups, and links to emergency preparedness. It uses a plan-do-check-act approach and aims to embed continuity into the organization's culture.

1 of 7
Download to read offline
Design and Implementation of secure cloud systems using Meta cloud Perumalla Gireesh M.Tech 2nd year, Dept. of CSE, ASCET, Gudur, India Email:perum.giri7@gmail.com _____________________________________________________________________________________ Abstract – Cloud computing has recently emerged as a new paradigm for hosting and delivering services over the Internet. Cloud computing is attractive to business owners as it eliminates the requirement for users to plan ahead for provisioning, and allows enterprises to start from the small and increase resources only when there is a rise in service demand. However, despite the fact that cloud computing offers huge opportunities to the IT industry, the development of cloud computing technology is currently at its infancy, with many issues still to be addressed. In this paper, we present a survey of cloud computing, highlighting its key concepts, architectural principles, and state-of-the-art implementation as well as research challenges. Meta cloud based on a combination of existing tools, concepts and provides the convenient to organize the private clouds. This can consider the only vendor lock-in problem of different vendors in cloud. For that Meta cloud provides an abstract way from existing schemes to solving this problem effectively. But it does not consider the users data privacy in transforming Meta cloud. To address this problem, we introduce Business Continuity Management (BCM). This is defined as a holistic management process that identifies to an organization and reduces the impacts of data leakage issues. Index terms – Meta cloud, Cloud Privacy, private clouds, security. I. INTRODUCTION With the rapid development of processing and storage technologies and the success of the Internet, computing resources have become cheaper, more powerful and more ubiquitously available than ever before. This technological trend has enabled the realization of a new computing model called cloud computing, in which resources (e.g., CPU and storage) are provided as general utilities that can be leased and released by users through the Internet in an on- demand fashion. 127 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
The cloud computing paradigm has achieved widespread adoption in recent years. Its success is due largely to customers’ ability to use services on demand with a pay-as-you go pricing model, which has proved convenient in many respects. Low costs and high flexibility make migrating to the cloud compelling. Despite its obvious advantages, however, many companies hesitate to “move to the cloud,” mainly because of concerns related to service availability, data lock-in, data security and legal uncertainties. A previous study considers the data lock-in problem and provides a convenient way to solve this using Meta cloud. The problem is that once an application has been developed based on one particular provider’s cloud services and using its specific API, that application is bound to that provider; deploying it on another cloud would usually require completely redesigning and rewriting it. Such vendor lock-in leads to strong dependence on the cloud service operator. The Meta cloud framework contains the following components: Meta cloud API, Meta cloud proxy, resource monitoring and so on. But sometimes, transforming cloud as meta cloud data security issues are raised which are not consider in the previous study. a) The Key Challenges Being virtual in concept, the cloud environment generates several questions in the minds of users with respect to confidentiality, integrity and availability. The key challenges for the adoption of the cloud are as given below: Assurance of the privacy and security The cloud users are wary of the security and privacy of their data. The multi-tenant environment of the cloud is causing concerns amongst enterprises. As the same underlying hardware may be used by other companies and competitors, it may lead to a breach of privacy. Moreover, any data leakage or virus attack would have a cascading effect on multiple organizations. Reliability and availability Instances of outages at the facilities of the cloud service providers have raised concerns over the reliability of the cloud solutions. Enterprises are recognizing that they would have to deal with some level of failures while using commodity- based solutions. Also, the cloud providers cannot give an assurance on the uptime of their external internet connection, which cloud shut all access to the cloud. Data Security is Key Concern There are a number of concerns surrounding the adoption of the cloud especially because it is a relatively new concept. Assuring customers of data security would be one of the biggest challenges for cloud vendors to overcome. The 128 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
Figure 1 shows the chart of the key barriers to cloud adaptation. Figure 1 Chart of the key barriers To address this problem this paper introduce the Business Continuity Management (BCM) is defined as a holistic management process that identifies to an organization and reduces the impacts of data leakage issues. This contains following stages Project initiation, understand the organization, BC strategies, develop Business continuity planning, and Apply BCP. The Business Continuity Planning is shown in the following Figure 2. Figure 2 Business Continuity Management Overview II. PROPOSED WORK In this section we introduce a novel solution Business continuity management (BCM) and provide the overview of the Business Continuity Management. a) Business Continuity Management (BCM) The BCMS will use to Plan Do Check Act approach. The PDCA approach can be applied to every element of the BCM lifecycle. Business Continuity leads (BC leads) Leads for business continuity management will be appointed in each directorate, regional, area team and hosted bodies within the strategy.  BC leads will perform the following:  Promote business continuity Management  Receive BC training  Facilitate the completion of BIAs  Develop BCPs  Ensure that BCPs are available during incident response  Ensure that incident responders receive training appropriate to their role  Ensure that plans are tested, reviewed and updated  Participate in the review and development of the BCMS. 129 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
Business Continuity working Groups Working groups may be established to: Take control of resource allocation Set priorities Set continuity strategies in line with the organization’s objectives and responsibilities Establish the measures that will be used to assure the BCMS remains current and relevant Report to top management on the performance of the BCMS. Emergency preparedness resilience and response (EPRR) The business continuity program will have close links to EPRR because both desciplines aim to ensure the organization is resilient and able to respond to threats and hazards. The BCMS described in this strategy will ensure that the organization is able to manage risks and incidents that directly impact on its ability to deliver business as usual. Assurance The National support centre will maintain an overview of the BCMS. BC leads will be reuired to report on progress within their areas. BCM Documentation The National Support Centre will be given access to related documentation by areas within the scope, such as BCPs, training records, incident records and exercises to facilitate the sharing of good practice throughout the organization. The Business Continuity management has the following stages: Stage 1- Understanding the Organization Understanding the business is essential in developing an appropriate BCM Programme. A detailed understanding of what processes are essential to ensure continuity of prioritized activities to at least the minimum business continuity objective level will be achieved by undertaking BIA. The BIA will incorporate continuity requirements analysis which may include the staff skills, competencies and qualifications required for prioritized activities. BIAs will describe as follows:  The prioritized activities of departments/ teams;  The impact that the incidents will have on prioritized activities  How long we could continue using the emergency measures before we would have to restart our normal activities;  A description of the emergency measures we have in place to deal with an incident;  The threats to the continued delivery of priority activate. Stage 2 – Determining BCM strategy  BIAs will create a picture of the organizations dependencies, vulnerabilities and business continuity risks. This information will be used to: 130 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
 To assist in deciding the scope of the BCM programme.  To provide the information from which continuity options can be identified and evaluated.  To assist the preparation of detailed plans Decisions that determine business continuity strategies will be made at an appropriate level  Recovery  People  Premises  Technology and information  Suppliers and partners Stage 3 – Developing and implementing a BCM response This stage considers the incident reporting structure, business continuity plans, and Prioritized activity recovery plans. Incident Reporting Structure There are various sources of information pertaining to business continuity threats such as severe, flooding and soon. The impact of all incidents will vary. It is important that the response to an incident is appropriate to the level of impact and remains flexible as the situation develops. Business continuity plans will be based on different levels of response and escalation. Business Continuity Plans Various plans will continue to be developed to identify the actions that are necessary and the resources which are needed to enable business continuity. Plans will be based upon the risks identified, but will allow for flexibility. Prioritized activity recovery plans (PARPs) Priority activities are those activities to which priority must be given following an incident in order to mitigate the impact. Activities of the highest priority are those that if disrupted, impact the organization to the greatest extent and in the shortest possible time. Stage 4 – Exercise, Audit, Marinating and reviewing Exercises It is essential that regular BC exercises are carried out to ensure that plans are tested and continue to be effective and fit-for-purpose as operational processes and technology configurations are constantly changing. Exercise will rise awareness of BCM procedures. Audit  To validate compliance with the organizations BCM polices and standards  To review the organizations BCM solutions  To validate the organizations BCM plans  To verify that appropriate exercising and maintenance activities are taking place. To 131 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
highlight decencies and issues and ensure their resolution Management Review An annual review of this strategy will be undertaken. However, events may prompt more frequent re-examination, such as:  A BIA revision which identifies substantive changes in processes and priorities;  A significant change in the threat assessment and/or risk appetite of the organization  New regulatory or legislative requirements.  Embedding BCM in the Organization’s culture  BCM must be an accepted management process, full endorsed and actively promoted by directors. The communication of high-level endorsement to all is essential. There are various ways in which this be achieved:  Business continuity will be part of the organization’s induction for new starters  Participation in BIA and writing BCPs  Communication of risks, alerts and incidents  Business continuity information will be available on the staff intranet  Business continuity training  Business continuity exercises CONCLUSION In this paper we introduce a novel solution to provide a convenient way to process to identify the various security threats. This paper considers a survey of Business continuity management (BCM) to avoid the security risks. REFERNCES [1] ISO 22301 Societal Security - Business Continuity Management Systems Requirements. [2] NHS England Core Standards for Emergency Preparedness, Resilience and Response (EPRR). [3] J. Skene, D.D. Lamanna, and W. Emmerich, “Precise Service Level Agreements,” Proc. 26th Int’l Conf. Software Eng. (ICSE 04), IEEE CS Press, 2004, pp. 179–188. [4] Q. Zhang, L. Cheng, and R. Boutaba, “Cloud Computing: State-of-the-Art and Research Challenges,” J. Internet Services and Applications, vol. 1, no. 1, 2010, pp. 7–18. [5] The Route Map to Business Continuity Management: Meeting the Requirements of ISO 22301. 132 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
AUTHORS Mr.P.Gireesh received the Vaishnavi Instutiate of Technology, Tirupathi, B.Tech degree in computer science & engineering from the Jawaharlal Nehru technological university Anantapur, in 2011, and received the Audisankara College of Engineering and Technology, Nellore M.Tech degree in computer science engineering from the Jawaharlal Nehru technological university Anantapur in 2014, respectively. He Participated National Level Paper Symposiums in different Colleges. He interests Computer Networks, Mobile Computing, Network Programming, and System Hardware. He is a member of the IEEE. 133 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in

More Related Content

Iaetsd design and implementation of secure cloud systems using

  • 1. Design and Implementation of secure cloud systems using Meta cloud Perumalla Gireesh M.Tech 2nd year, Dept. of CSE, ASCET, Gudur, India Email:perum.giri7@gmail.com _____________________________________________________________________________________ Abstract – Cloud computing has recently emerged as a new paradigm for hosting and delivering services over the Internet. Cloud computing is attractive to business owners as it eliminates the requirement for users to plan ahead for provisioning, and allows enterprises to start from the small and increase resources only when there is a rise in service demand. However, despite the fact that cloud computing offers huge opportunities to the IT industry, the development of cloud computing technology is currently at its infancy, with many issues still to be addressed. In this paper, we present a survey of cloud computing, highlighting its key concepts, architectural principles, and state-of-the-art implementation as well as research challenges. Meta cloud based on a combination of existing tools, concepts and provides the convenient to organize the private clouds. This can consider the only vendor lock-in problem of different vendors in cloud. For that Meta cloud provides an abstract way from existing schemes to solving this problem effectively. But it does not consider the users data privacy in transforming Meta cloud. To address this problem, we introduce Business Continuity Management (BCM). This is defined as a holistic management process that identifies to an organization and reduces the impacts of data leakage issues. Index terms – Meta cloud, Cloud Privacy, private clouds, security. I. INTRODUCTION With the rapid development of processing and storage technologies and the success of the Internet, computing resources have become cheaper, more powerful and more ubiquitously available than ever before. This technological trend has enabled the realization of a new computing model called cloud computing, in which resources (e.g., CPU and storage) are provided as general utilities that can be leased and released by users through the Internet in an on- demand fashion. 127 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
  • 2. The cloud computing paradigm has achieved widespread adoption in recent years. Its success is due largely to customers’ ability to use services on demand with a pay-as-you go pricing model, which has proved convenient in many respects. Low costs and high flexibility make migrating to the cloud compelling. Despite its obvious advantages, however, many companies hesitate to “move to the cloud,” mainly because of concerns related to service availability, data lock-in, data security and legal uncertainties. A previous study considers the data lock-in problem and provides a convenient way to solve this using Meta cloud. The problem is that once an application has been developed based on one particular provider’s cloud services and using its specific API, that application is bound to that provider; deploying it on another cloud would usually require completely redesigning and rewriting it. Such vendor lock-in leads to strong dependence on the cloud service operator. The Meta cloud framework contains the following components: Meta cloud API, Meta cloud proxy, resource monitoring and so on. But sometimes, transforming cloud as meta cloud data security issues are raised which are not consider in the previous study. a) The Key Challenges Being virtual in concept, the cloud environment generates several questions in the minds of users with respect to confidentiality, integrity and availability. The key challenges for the adoption of the cloud are as given below: Assurance of the privacy and security The cloud users are wary of the security and privacy of their data. The multi-tenant environment of the cloud is causing concerns amongst enterprises. As the same underlying hardware may be used by other companies and competitors, it may lead to a breach of privacy. Moreover, any data leakage or virus attack would have a cascading effect on multiple organizations. Reliability and availability Instances of outages at the facilities of the cloud service providers have raised concerns over the reliability of the cloud solutions. Enterprises are recognizing that they would have to deal with some level of failures while using commodity- based solutions. Also, the cloud providers cannot give an assurance on the uptime of their external internet connection, which cloud shut all access to the cloud. Data Security is Key Concern There are a number of concerns surrounding the adoption of the cloud especially because it is a relatively new concept. Assuring customers of data security would be one of the biggest challenges for cloud vendors to overcome. The 128 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
  • 3. Figure 1 shows the chart of the key barriers to cloud adaptation. Figure 1 Chart of the key barriers To address this problem this paper introduce the Business Continuity Management (BCM) is defined as a holistic management process that identifies to an organization and reduces the impacts of data leakage issues. This contains following stages Project initiation, understand the organization, BC strategies, develop Business continuity planning, and Apply BCP. The Business Continuity Planning is shown in the following Figure 2. Figure 2 Business Continuity Management Overview II. PROPOSED WORK In this section we introduce a novel solution Business continuity management (BCM) and provide the overview of the Business Continuity Management. a) Business Continuity Management (BCM) The BCMS will use to Plan Do Check Act approach. The PDCA approach can be applied to every element of the BCM lifecycle. Business Continuity leads (BC leads) Leads for business continuity management will be appointed in each directorate, regional, area team and hosted bodies within the strategy.  BC leads will perform the following:  Promote business continuity Management  Receive BC training  Facilitate the completion of BIAs  Develop BCPs  Ensure that BCPs are available during incident response  Ensure that incident responders receive training appropriate to their role  Ensure that plans are tested, reviewed and updated  Participate in the review and development of the BCMS. 129 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
  • 4. Business Continuity working Groups Working groups may be established to: Take control of resource allocation Set priorities Set continuity strategies in line with the organization’s objectives and responsibilities Establish the measures that will be used to assure the BCMS remains current and relevant Report to top management on the performance of the BCMS. Emergency preparedness resilience and response (EPRR) The business continuity program will have close links to EPRR because both desciplines aim to ensure the organization is resilient and able to respond to threats and hazards. The BCMS described in this strategy will ensure that the organization is able to manage risks and incidents that directly impact on its ability to deliver business as usual. Assurance The National support centre will maintain an overview of the BCMS. BC leads will be reuired to report on progress within their areas. BCM Documentation The National Support Centre will be given access to related documentation by areas within the scope, such as BCPs, training records, incident records and exercises to facilitate the sharing of good practice throughout the organization. The Business Continuity management has the following stages: Stage 1- Understanding the Organization Understanding the business is essential in developing an appropriate BCM Programme. A detailed understanding of what processes are essential to ensure continuity of prioritized activities to at least the minimum business continuity objective level will be achieved by undertaking BIA. The BIA will incorporate continuity requirements analysis which may include the staff skills, competencies and qualifications required for prioritized activities. BIAs will describe as follows:  The prioritized activities of departments/ teams;  The impact that the incidents will have on prioritized activities  How long we could continue using the emergency measures before we would have to restart our normal activities;  A description of the emergency measures we have in place to deal with an incident;  The threats to the continued delivery of priority activate. Stage 2 – Determining BCM strategy  BIAs will create a picture of the organizations dependencies, vulnerabilities and business continuity risks. This information will be used to: 130 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
  • 5.  To assist in deciding the scope of the BCM programme.  To provide the information from which continuity options can be identified and evaluated.  To assist the preparation of detailed plans Decisions that determine business continuity strategies will be made at an appropriate level  Recovery  People  Premises  Technology and information  Suppliers and partners Stage 3 – Developing and implementing a BCM response This stage considers the incident reporting structure, business continuity plans, and Prioritized activity recovery plans. Incident Reporting Structure There are various sources of information pertaining to business continuity threats such as severe, flooding and soon. The impact of all incidents will vary. It is important that the response to an incident is appropriate to the level of impact and remains flexible as the situation develops. Business continuity plans will be based on different levels of response and escalation. Business Continuity Plans Various plans will continue to be developed to identify the actions that are necessary and the resources which are needed to enable business continuity. Plans will be based upon the risks identified, but will allow for flexibility. Prioritized activity recovery plans (PARPs) Priority activities are those activities to which priority must be given following an incident in order to mitigate the impact. Activities of the highest priority are those that if disrupted, impact the organization to the greatest extent and in the shortest possible time. Stage 4 – Exercise, Audit, Marinating and reviewing Exercises It is essential that regular BC exercises are carried out to ensure that plans are tested and continue to be effective and fit-for-purpose as operational processes and technology configurations are constantly changing. Exercise will rise awareness of BCM procedures. Audit  To validate compliance with the organizations BCM polices and standards  To review the organizations BCM solutions  To validate the organizations BCM plans  To verify that appropriate exercising and maintenance activities are taking place. To 131 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
  • 6. highlight decencies and issues and ensure their resolution Management Review An annual review of this strategy will be undertaken. However, events may prompt more frequent re-examination, such as:  A BIA revision which identifies substantive changes in processes and priorities;  A significant change in the threat assessment and/or risk appetite of the organization  New regulatory or legislative requirements.  Embedding BCM in the Organization’s culture  BCM must be an accepted management process, full endorsed and actively promoted by directors. The communication of high-level endorsement to all is essential. There are various ways in which this be achieved:  Business continuity will be part of the organization’s induction for new starters  Participation in BIA and writing BCPs  Communication of risks, alerts and incidents  Business continuity information will be available on the staff intranet  Business continuity training  Business continuity exercises CONCLUSION In this paper we introduce a novel solution to provide a convenient way to process to identify the various security threats. This paper considers a survey of Business continuity management (BCM) to avoid the security risks. REFERNCES [1] ISO 22301 Societal Security - Business Continuity Management Systems Requirements. [2] NHS England Core Standards for Emergency Preparedness, Resilience and Response (EPRR). [3] J. Skene, D.D. Lamanna, and W. Emmerich, “Precise Service Level Agreements,” Proc. 26th Int’l Conf. Software Eng. (ICSE 04), IEEE CS Press, 2004, pp. 179–188. [4] Q. Zhang, L. Cheng, and R. Boutaba, “Cloud Computing: State-of-the-Art and Research Challenges,” J. Internet Services and Applications, vol. 1, no. 1, 2010, pp. 7–18. [5] The Route Map to Business Continuity Management: Meeting the Requirements of ISO 22301. 132 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in
  • 7. AUTHORS Mr.P.Gireesh received the Vaishnavi Instutiate of Technology, Tirupathi, B.Tech degree in computer science & engineering from the Jawaharlal Nehru technological university Anantapur, in 2011, and received the Audisankara College of Engineering and Technology, Nellore M.Tech degree in computer science engineering from the Jawaharlal Nehru technological university Anantapur in 2014, respectively. He Participated National Level Paper Symposiums in different Colleges. He interests Computer Networks, Mobile Computing, Network Programming, and System Hardware. He is a member of the IEEE. 133 INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT ISBN: 378 - 26 - 138420 - 5 www.iaetsd.in