1
4
Security Design
Shared Responsibility Model
A shared responsibility model is a safety framework that involves a cloud provider transferring responsibilities to a security team. This is done to improve security accountability. Each user's responsibility, especially in the setting of many clouds, is to reduce the risks associated with vulnerability. This paradigm could shift differently depending on the type of infrastructure being utilized. The model also varies depending on the company that provides the security. In contrast to Microsoft Azure, which defines its shared model as security ownership of the host, data centers, and general networks, Amazon Web Services mandates that customers take full responsibility for the upkeep of all hardware, networking, and software, in addition to general security precautions (Demissie & Ranise, 2021). Under the shared model, the user is responsible for performing some responsibilities, such as those of the data controller. Essentially, it is up to the user to decide when and how their data will be exploited. This responsibility falls squarely on the user's shoulders.
Expounding The Shared Responsibility Model
The cloud environment is one of a kind because of the shared responsibility model's capability to allow test groups of developers to spin up servers utilizing self-service methods. Even while these settings have the potential to stimulate creativity, they are often tied to your production assets. If they are not set up effectively, they pose major security hazards. Even if the cloud is inherently safe from the perspective of the provider, to have a secure cloud, the infrastructure has to be configured properly and access carefully monitored.
Security Threats
Even though the cloud environment is more secure than on-premise commercial operations infrastructure, security concerns still need to be addressed. One of the security threats associated with working in the cloud is the possibility of experiencing a data breach. These types of breaches can occur when an unauthorized user or program views, copies, or sends personal data due to an attack on cloud computing security. The cloud environment is also susceptible to the security threat of data loss, which may occur due to natural disasters or man-made disasters brought on by the destruction of servers or human error. This type of data loss can occur due to any of these events. Another common threat is the possibility of a denial of service attack (DoS) (Kim et al., 2020). To overload the system, attackers use enormous amounts of bandwidth, resulting in the server providing cloud services at a much slower rate. Even if the systems in the cloud environment are perfectly secure, the presence of third-party services inside the cloud environment may still introduce additional vulnerabilities to the cloud's data protection. Attackers can use insecure application programming interfaces (APIs) to access data stored in cloud environ ...
Interactive Powerpoint_How to Master effective communication
Shared Responsibility Model Security Design
1. 1
4
Security Design
Shared Responsibility Model
A shared responsibility model is a safety framework that
involves a cloud provider transferring responsibilities to a
security team. This is done to improve security accountability.
Each user's responsibility, especially in the setting of many
clouds, is to reduce the risks associated with vulnerability. This
paradigm could shift differently depending on the type of
infrastructure being utilized. The model also varies depending
on the company that provides the security. In contrast to
Microsoft Azure, which defines its shared model as security
ownership of the host, data centers, and general networks,
2. Amazon Web Services mandates that customers take full
responsibility for the upkeep of all hardware, networking, and
software, in addition to general security precautions (Demissie
& Ranise, 2021). Under the shared model, the user is
responsible for performing some responsibilities, such as those
of the data controller. Essentially, it is up to the user to decide
when and how their data will be exploited. This responsibility
falls squarely on the user's shoulders.
Expounding The Shared Responsibility Model
The cloud environment is one of a kind because of the
shared responsibility model's capability to allow test groups of
developers to spin up servers utilizing self-service methods.
Even while these settings have the potential to stimulate
creativity, they are often tied to your production assets. If they
are not set up effectively, they pose major security hazards.
Even if the cloud is inherently safe from the perspective of the
provider, to have a secure cloud, the infrastructure has to be
configured properly and access carefully monitored.
Security Threats
Even though the cloud environment is more secure than
on-premise commercial operations infrastructure , security
concerns still need to be addressed. One of the security threats
associated with working in the cloud is the possibility of
experiencing a data breach. These types of breaches can occur
when an unauthorized user or program views, copies, or sends
personal data due to an attack on cloud computing security. The
cloud environment is also susceptible to the security threat of
data loss, which may occur due to natural disasters or man-made
disasters brought on by the destruction of servers or human
error. This type of data loss can occur due to any of these
events. Another common threat is the possibility of a denial of
service attack (DoS) (Kim et al., 2020). To overload the system,
attackers use enormous amounts of bandwidth, resulting in the
server providing cloud services at a much slower rate. Even if
the systems in the cloud environment are perfectly secure, the
3. presence of third-party services inside the cloud environment
may still introduce additional vulnerabilities to the cloud's data
protection. Attackers can use insecure application programming
interfaces (APIs) to access data stored in cloud environments
through third-party services.
Security Services
The three types of security services include data
protection, identity and access management, and network and
application protection. Through the use of data security,
unauthorized access is prevented to data accounts as well as
workloads. The AWS data security service incorporates
identification of potential dangers, encryption of sensitive
information, and key management. The combination of identity
management with access control makes it feasible to securely
manage many identities, resources, and permissions. Network
and application protection is responsible for implementing fine -
grained security rules at network control points across an
organization. The AWS service contributes to monitoring and
filtering traffic, which helps prevent unauthorized access to
resources.
Mitigating Threats
The security services contribute to the risk reduction effort
by helping to define, detect, and identify potential threats. First,
to understand how to reduce the risks posed by insiders, it is
necessary to precisely define such risks. An insider threat can
be anybody who has permitted access to or knowledge of an
organization's resources, such as its people, facilities,
information, equipment, networks, or systems. This includes
anyone who has this access or knowledge. Effective insider
threat programs proactively employ a mitigation strategy that
includes detecting, identifying, evaluating, and managing to
protect their companies from potential harm (Spooner et al.,
2018). The capacity of the program to notice and identify
observed behaviors and acts that should raise red flags is
essential to the program's efficacy. The terms "threat detection
4. and identification" relate to the process of bringing to the
attention of an organization or an insider threat team the
behaviors of persons who may constitute an internal threat to
the organization.
References
Demissie, B. F., & Ranise, S. (2021, September). Assessing the
Effectiveness of the Shared Responsibility Model for Cloud
Databases: the Case of Google’s Firebase. In 2021 IEEE
International Conference on Smart Data Services
(SMDS) (pp. 121-131). IEEE.
Kim, J., Kim, J., Kim, H., Shim, M., & Choi, E. (2020). CNN-
based network intrusion detection against denial-of-service
attacks. Electronics, 9(6), 916.
Spooner, D., Silowash, G., Costa, D., & Albrethsen, M. (2018,
May). Navigating the insider threat tool landscape: low cost
technical solutions to jump start an insider threat program.
In 2018 IEEE Security and Privacy Workshops (SPW) (pp.
247-257). IEEE.
1
5
5. RETAIL CASE
BSA/531
The 21st century is an era of technology during which
organizations of all sizes, geographical locations, and sectors
are adopting cloud-based services. In recent years, there has
been a growth in cloud-based services as a way to boost
productivity, expand flexibility, and lower management
expenses. Offering on-demand services like processing power,
content distribution, database storage, and more allows
organizations to grow and prosper. Amazon Web Services
(AWS) offers a basic, flexible, and dependable foundation
platform for cloud computing.
Performance architecture
Performance architecture integrates the Work, Worker,
Workplace, and the World into a system framework.
Performance architecture is a diagnostic-prescription method
for examining and developing human performance systems. The
term "architecture" often conjures up images of structure,
power, wisdom, beauty, and, most importantly, creativity.
Building architects have a wide perspective. They are worried
about the structure's energy needs and physical design,
6. including how it will be heated and cooled. They consider a
wide variety of variables, including how easily the structure can
be maintained, emergency access, wind deflection, and many
more. They see the whole building as a dynamic system that
must be analyzed in terms of its constituent pieces (Gautam &
Basava, 2019). Performance architects view the organization as
a dynamic system in which each component influences and is
influenced by each other.
Case studies
HalloFresh is one of the popular and rapidly expanding meal kit
companies worldwide. Their kits are delivered right to
consumers' doors and are the main reason for their popularity.
In only one year, HelloFresh, a company with operations in 14
countries, delivered more than 600 million meals to 5.3 million
clients. The main challenge for HelloFresh was to better
understand their consumers while maintaining a laser-like focus
on their business needs, including the growth of new products,
manufacturing, and delivery (Hou, Krishnakumar & Lucke,
2021). They also wanted a solution that provided performance,
security, data availability, and scalability. AWS met these
criteria by updating HelloFresh's data capabilities and migrating
them to a global cloud architecture that can swiftly scale up or
down to match its demands. Additionally, AWS could leverage
data from many sources and analytical tools that helped the
company enhance its client services and raise customer
satisfaction levels. Finally, AWS gave HelloFresh better
administrative chores for database management, scalability,
security, and flexibility to adapt to their rapidly expanding meal
delivery services.
Since 2008, Netflix has been one of AWS's biggest clients.
By using and relying nearly entirely on AWS for its data
storage, streaming, and content, Netflix has saved a significant
amount of money. This allowed the company to solve the
challenge of high operational costs that the company used to
experience. In a matter of minutes, Netflix uses hundreds of
servers for various instances totaling many terabytes of data.
7. AWS developed specialized apps like Blox for its EC2 container
service to provide Netflix the control and agility it needed
(Bögelsack et al., 2022). This gave Netflix greater independence
inside the cloud infrastructure. For almost all its compute and
storage requirements, Netflix reportedly employs over 100,000
server instances on Amazon Web Services (AWS). Databases,
analytics, search engines, and video encoding are all included.
AWS has the flexibility to simultaneously shift over 89 million
customers in different regions in a short time.
Aldo is a shoe company located in the UK and North
America. Every day, more than 50,000 people walk into their
stores. Initially, a salesperson would speak with the backroom
employee using a smartphone app to find exact shoe sizes and
models. The staff in the storeroom would then get the shoe and
give it to the client. It was expected to take less than a minute
to complete this activity. Customers were, however, dissatisfied
with the app's persistent downtime. With the help of the AWS
AppSync service, which allowed them to build a customizable
API to securely access and aggregate data from many sources,
AWS was able to help Aldo solve this particular challenge
(Kvasnikova & Wang, 2021). Since the integration of AWS,
there have been no more outages with Aldo's new mobile app. It
offers a real-time workflow so that sales representatives and
other team members can interact effectively, improving client
satisfaction and experience.
Conclusion
Global Technology Retailers (GTR) is a rapidly expanding
business with the potential to reach greater heights. Part of its
rapid growth includes opening new locations, employing more
staff, stepping up marketing initiatives, adding franchisees, and
adding new product lines. In light of this, Amazon Web
Services (AWS) would be the ideal option to meet GTR's
expanding demands for a cloud-based architecture. AWS now
offers a 12-Month free subscription that can be used to start the
transition process of moving GTR from its present on-premises
structure to a cloud-based solution. Additionally, they provide a
8. variety of payment alternatives, including the pay-as-you-go
service option. With this option, customers can avoid long-term
contracts and license agreements by paying for the specific
services they need.
References
Bögelsack, A., Chakraborty, U., Kumar, D., Rank, J.,
Tischbierek, J., & Wolz, E. (2022). SAP S/4HANA on AWS
Elastic Compute Cloud–Concepts and Architecture. In SAP
S/4HANA Systems in Hyperscaler Clouds (pp. 119-186).
Apress, Berkeley, CA.
Gautam, B., & Basava, A. (2019). Performance prediction of
data streams on high-performance architecture. Human-centric
Computing and Information Sciences, 9(1), 1-23.
Hou, A., Krishnakumar, S., & Lucke, J. (2021). Smart Pantry.
Kvasnikova, V., & Wang, Y. (2021). MARKETING RESEARCH
OF THE GLOBAL FOOTWEAR MARKET. In Тезисы
докладов 54-й Международной научно- технической
конференции преподавателей и студентов (pp. 57-58).
1
5
Leadership of GTR
9. Reasons for switching to cloud architecture
One of the reasons for switching to cloud architecture is
Cost Savings. A significant amount of money can be saved by
using a cloud-hosted desktop since it provides you with scalable
computing capability while reducing the need for IT support and
physical data storage. The second reason is safety. During the
early days of cloud computing, concerns around data security
were likely the weakest link. However, an increasing number of
people conclude that these concerns are groundless (Ravi &
Shalinie, 2020). The other reason is faster deployment. Cloud-
based services can be put into operation in as little as an hour or
as few days, in contrast to the weeks or even years it could take
to create and install an internal IT infrastructure.
Resilient architectures.
A design is considered resilient if it considers how to build
landscape communities and regions. The ability to recover
quickly from setbacks is essential for developing resilient
systems and structures. A resilient structure can adjust to the
conditions of its surroundings.
Purpose of AWS.
AWS offers more features and services than other cloud
providers, including traditional infrastructures such as storage,
computation, and databases. AWS also offers more storage
space than other cloud providers, with more than 60 petabytes
of storage space available to customers (Cook, 2018). This
makes it possible to move your current applications to the cloud
and build something new in a way that is faster, easier, and
more cost-effective.
AWS in design resilient architectures.
10. Scaling is a tried-and-true approach to establishing
resilience since it allows an application to scale up or down per
the amount of demand it receives. The organization can grow
more efficiently because of Amazon Web Services (AWS). AWS
contributes to the development of resilient architectures by first
gaining a grasp of the concepts underlying the business
framework. The design framework may end up dictating the
outcome of the business continuity effort, particularly regarding
how to construct and carry out a recovery plan.
Advantages of AWS
One of the advantages of using Amazon Web Services is
that it provides economies of scale. Cloud computing provides
one with fewer variable costs than one can achieve on their
own. The cloud aggregates the consumption of thousands of
customers, businesses can achieve larger economies of scale,
leading to decreased pay-as-you-go pricing. Cloud computing
also offers other benefits such as increased speed and agility.
Disadvantages of AWS
The complicated nature of the payment process is one of
AWS's many downsides. Even with all of its wonderful features,
Amazon Web Services' billing system has one fundamental
shortcoming: it may sometimes be challenging. This could be
difficult to understand for a non-technical small business owner.
Another disadvantage is that there are not enough resources. A
further drawback of using AWS is that it is limited in the
resources it can provide in certain regions (Shokeen & Singh,
2019). Because of this, the number of resources that are
accessible to you can be affected by your location or the region
that you are in.
General strengths and cautions
COMPANY
STRENGTH
CAUTION
Microsoft Azure
· Microsoft Azure has a significant competitive edge over its
competitors and can easily give a helping hand to other
11. companies.
· Azure is often selected as the enterprise's primary
infrastructure provider by businesses that have made a strategic
commitment to use Microsoft technology and services.
· One side effect is the number of outages that have happened
over the years, the most one being a significant global outage
that occurred in May 2021.
· The most recent outage for AWS occurred in 2017, whereas
the most significant outage for Google Cloud occurred in
November of 2021.
Google Cloud Platform
· Google has had challenges breaking into the commercial
sector despite its good track record with innovative cloud-native
businesses and its high reputation in the open-source
community.
· The characteristics of Google Cloud in big data and other
analytics applications are appropriate for cloud-native
operations since they appeal to certain buyers.
· Due to the immaturity of Google's systems and procedures
when dealing with business customers, doing business with the
firm may sometimes be challenging.
· Regarding providing full coverage for enterprises, both in
terms of field sales and solutions, Google is lagging
significantly behind its competitors.
What the team needs to know
AWS has thousands of active clients and hundreds of
partners, making it the ecosystem with the greatest variety and
the most potential for growth globally. AWS customers come
12. from almost every business sector and size category, including
start-ups, companies, and government organizations. These
customers use AWS to carry out every conceivable use case.
References
Cook, B. (2018, July). Formal reasoning about the security of
amazon web services. In International Conference on
Computer Aided Verification (pp. 38-47). Springer, Cham.
Ravi, N., & Shalinie, S. M. (2020). Learning-driven detection
and mitigation of DDoS attack in IoT via SDN-cloud
architecture. IEEE Internet of Things Journal, 7(4), 3559-3570.
Shokeen, S., & Singh, A. (2019, December). Deploying an e-
commerce website using Amazon Web Services. In 2019
International Conference on contemporary Computing and
Informatics (IC3I) (pp. 94-100). IEEE.