The document proposes a Business Continuity Management (BCM) framework to address data security issues when transforming cloud systems into a meta cloud. BCM is a holistic management process that identifies risks and reduces the impacts of data leakage. It involves understanding the organization, determining continuity strategies, developing response plans, and exercising/reviewing plans. The framework contains components like business continuity leads, working groups, and links to emergency preparedness. It uses a plan-do-check-act approach and aims to embed continuity into the organization's culture.
Report
Share
Report
Share
1 of 7
Download to read offline
More Related Content
Iaetsd design and implementation of secure cloud systems using
1. Design and Implementation of secure cloud systems using
Meta cloud
Perumalla Gireesh
M.Tech 2nd year, Dept. of CSE, ASCET, Gudur, India
Email:perum.giri7@gmail.com
_____________________________________________________________________________________
Abstract – Cloud computing has recently emerged
as a new paradigm for hosting and delivering
services over the Internet. Cloud computing is
attractive to business owners as it eliminates the
requirement for users to plan ahead for
provisioning, and allows enterprises to start from
the small and increase resources only when there
is a rise in service demand. However, despite the
fact that cloud computing offers huge
opportunities to the IT industry, the development
of cloud computing technology is currently at its
infancy, with many issues still to be addressed. In
this paper, we present a survey of cloud
computing, highlighting its key concepts,
architectural principles, and state-of-the-art
implementation as well as research challenges.
Meta cloud based on a combination of existing
tools, concepts and provides the convenient to
organize the private clouds. This can consider the
only vendor lock-in problem of different vendors
in cloud. For that Meta cloud provides an abstract
way from existing schemes to solving this problem
effectively. But it does not consider the users data
privacy in transforming Meta cloud. To address
this problem, we introduce Business Continuity
Management (BCM). This is defined as a holistic
management process that identifies to an
organization and reduces the impacts of data
leakage issues.
Index terms – Meta cloud, Cloud Privacy, private
clouds, security.
I. INTRODUCTION
With the rapid development of processing and
storage technologies and the success of the
Internet, computing resources have become
cheaper, more powerful and more ubiquitously
available than ever before. This technological
trend has enabled the realization of a new
computing model called cloud computing, in
which resources (e.g., CPU and storage) are
provided as general utilities that can be leased and
released by users through the Internet in an on-
demand fashion.
127
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
2. The cloud computing paradigm has achieved
widespread adoption in recent years. Its
success is due largely to customers’ ability to
use services on demand with a pay-as-you go
pricing model, which has proved convenient
in many respects. Low costs and high
flexibility make migrating to the cloud
compelling. Despite its obvious advantages,
however, many companies hesitate to “move
to the cloud,” mainly because of concerns
related to service availability, data lock-in,
data security and legal uncertainties.
A previous study considers the data lock-in
problem and provides a convenient way to
solve this using Meta cloud. The problem is
that once an application has been developed
based on one particular provider’s cloud
services and using its specific API, that
application is bound to that provider;
deploying it on another cloud would usually
require completely redesigning and rewriting
it. Such vendor lock-in leads to strong
dependence on the cloud service operator.
The Meta cloud framework contains the
following components: Meta cloud API, Meta
cloud proxy, resource monitoring and so on.
But sometimes, transforming cloud as meta
cloud data security issues are raised which are not
consider in the previous study.
a) The Key Challenges
Being virtual in concept, the cloud environment
generates several questions in the minds of users
with respect to confidentiality, integrity and
availability. The key challenges for the adoption
of the cloud are as given below:
Assurance of the privacy and security
The cloud users are wary of the security and
privacy of their data. The multi-tenant
environment of the cloud is causing concerns
amongst enterprises. As the same underlying
hardware may be used by other companies and
competitors, it may lead to a breach of privacy.
Moreover, any data leakage or virus attack would
have a cascading effect on multiple organizations.
Reliability and availability
Instances of outages at the facilities of the cloud
service providers have raised concerns over the
reliability of the cloud solutions. Enterprises are
recognizing that they would have to deal with
some level of failures while using commodity-
based solutions. Also, the cloud providers cannot
give an assurance on the uptime of their external
internet connection, which cloud shut all access to
the cloud.
Data Security is Key Concern
There are a number of concerns surrounding the
adoption of the cloud especially because it is a
relatively new concept. Assuring customers of
data security would be one of the biggest
challenges for cloud vendors to overcome. The
128
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
3. Figure 1 shows the chart of the key barriers to
cloud adaptation.
Figure 1 Chart of the key barriers
To address this problem this paper introduce
the Business Continuity Management (BCM)
is defined as a holistic management process that
identifies to an organization and reduces the
impacts of data leakage issues. This contains
following stages Project initiation, understand the
organization, BC strategies, develop Business
continuity planning, and Apply BCP. The
Business Continuity Planning is shown in the
following Figure 2.
Figure 2 Business Continuity Management
Overview
II. PROPOSED WORK
In this section we introduce a novel solution
Business continuity management (BCM) and
provide the overview of the Business Continuity
Management.
a) Business Continuity Management (BCM)
The BCMS will use to Plan Do Check Act
approach. The PDCA approach can be applied to
every element of the BCM lifecycle.
Business Continuity leads (BC leads)
Leads for business continuity management will be
appointed in each directorate, regional, area team
and hosted bodies within the strategy.
BC leads will perform the following:
Promote business continuity Management
Receive BC training
Facilitate the completion of BIAs
Develop BCPs
Ensure that BCPs are available during
incident response
Ensure that incident responders receive
training appropriate to their role
Ensure that plans are tested, reviewed and
updated
Participate in the review and development
of the BCMS.
129
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
4. Business Continuity working Groups
Working groups may be established to:
Take control of resource allocation Set priorities
Set continuity strategies in line with the
organization’s objectives and responsibilities
Establish the measures that will be used to assure
the BCMS remains current and relevant Report to
top management on the performance of the
BCMS.
Emergency preparedness resilience and response
(EPRR)
The business continuity program will have close
links to EPRR because both desciplines aim to
ensure the organization is resilient and able to
respond to threats and hazards. The BCMS
described in this strategy will ensure that the
organization is able to manage risks and incidents
that directly impact on its ability to deliver
business as usual.
Assurance
The National support centre will maintain an
overview of the BCMS. BC leads will be reuired
to report on progress within their areas.
BCM Documentation
The National Support Centre will be given access
to related documentation by areas within the
scope, such as BCPs, training records, incident
records and exercises to facilitate the sharing of
good practice throughout the organization. The
Business Continuity management has the
following stages:
Stage 1- Understanding the Organization
Understanding the business is essential in
developing an appropriate BCM Programme. A
detailed understanding of what processes are
essential to ensure continuity of prioritized
activities to at least the minimum business
continuity objective level will be achieved by
undertaking BIA. The BIA will incorporate
continuity requirements analysis which may
include the staff skills, competencies and
qualifications required for prioritized activities.
BIAs will describe as follows:
The prioritized activities of departments/
teams;
The impact that the incidents will have on
prioritized activities
How long we could continue using the
emergency measures before we would have to
restart our normal activities;
A description of the emergency measures
we have in place to deal with an incident;
The threats to the continued delivery of
priority activate.
Stage 2 – Determining BCM strategy
BIAs will create a picture of the
organizations dependencies, vulnerabilities
and business continuity risks. This information
will be used to:
130
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
5. To assist in deciding the scope of the
BCM programme.
To provide the information from which
continuity options can be identified and
evaluated.
To assist the preparation of detailed plans
Decisions that determine business continuity
strategies will be made at an appropriate level
Recovery
People
Premises
Technology and information
Suppliers and partners
Stage 3 – Developing and implementing a BCM
response
This stage considers the incident reporting
structure, business continuity plans, and
Prioritized activity recovery plans.
Incident Reporting Structure
There are various sources of information
pertaining to business continuity threats such as
severe, flooding and soon.
The impact of all incidents will vary. It is
important that the response to an incident is
appropriate to the level of impact and remains
flexible as the situation develops. Business
continuity plans will be based on different levels
of response and escalation.
Business Continuity Plans
Various plans will continue to be developed to
identify the actions that are necessary and the
resources which are needed to enable business
continuity. Plans will be based upon the risks
identified, but will allow for flexibility.
Prioritized activity recovery plans (PARPs)
Priority activities are those activities to which
priority must be given following an incident in
order to mitigate the impact. Activities of the
highest priority are those that if disrupted, impact
the organization to the greatest extent and in the
shortest possible time.
Stage 4 – Exercise, Audit, Marinating and
reviewing
Exercises
It is essential that regular BC exercises are carried
out to ensure that plans are tested and continue to
be effective and fit-for-purpose as operational
processes and technology configurations are
constantly changing. Exercise will rise awareness
of BCM procedures.
Audit
To validate compliance with the
organizations BCM polices and standards
To review the organizations BCM
solutions
To validate the organizations BCM plans
To verify that appropriate exercising and
maintenance activities are taking place. To
131
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
6. highlight decencies and issues and ensure their
resolution
Management Review
An annual review of this strategy will be
undertaken. However, events may prompt more
frequent re-examination, such as:
A BIA revision which identifies
substantive changes in processes and
priorities;
A significant change in the threat
assessment and/or risk appetite of the
organization
New regulatory or legislative
requirements.
Embedding BCM in the Organization’s
culture
BCM must be an accepted management
process, full endorsed and actively promoted
by directors. The communication of high-level
endorsement to all is essential. There are
various ways in which this be achieved:
Business continuity will be part of the
organization’s induction for new starters
Participation in BIA and writing BCPs
Communication of risks, alerts and
incidents
Business continuity information will be
available on the staff intranet
Business continuity training
Business continuity exercises
CONCLUSION
In this paper we introduce a novel solution to
provide a convenient way to process to identify the
various security threats. This paper considers a
survey of Business continuity management (BCM)
to avoid the security risks.
REFERNCES
[1] ISO 22301 Societal Security - Business
Continuity Management Systems
Requirements.
[2] NHS England Core Standards for Emergency
Preparedness, Resilience and Response
(EPRR).
[3] J. Skene, D.D. Lamanna, and W. Emmerich,
“Precise Service Level Agreements,” Proc.
26th Int’l Conf. Software Eng. (ICSE 04),
IEEE CS Press, 2004, pp. 179–188.
[4] Q. Zhang, L. Cheng, and R. Boutaba, “Cloud
Computing: State-of-the-Art and Research
Challenges,” J. Internet Services and
Applications, vol. 1, no. 1, 2010, pp. 7–18.
[5] The Route Map to Business Continuity
Management: Meeting the Requirements of
ISO 22301.
132
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in
7. AUTHORS
Mr.P.Gireesh received the
Vaishnavi Instutiate of
Technology, Tirupathi,
B.Tech degree in computer
science & engineering from
the Jawaharlal Nehru technological university
Anantapur, in 2011, and received the Audisankara
College of Engineering and Technology, Nellore
M.Tech degree in computer science engineering
from the Jawaharlal Nehru technological
university Anantapur in 2014, respectively. He
Participated National Level Paper Symposiums in
different Colleges. He interests Computer
Networks, Mobile Computing, Network
Programming, and System Hardware. He is a
member of the IEEE.
133
INTERNATIONAL CONFERENCE ON CURRENT INNOVATIONS IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT
ISBN: 378 - 26 - 138420 - 5
www.iaetsd.in