Cloud Computing

          Part of the strategic shift towards a more agile, scalable, and secure infrastructure, revolves around the organization's transitions from the traditional on-premise data center to a hybrid cloud architecture. It consists of its transformation that has seen the total removal of the on-premise data center that will lead to the choice of CSP that hosts business-critical applications in a hybrid model. A hybrid cloud approach is one that Carvalho sees as being able to enjoy the best of both worlds in the current environment, leaving control of sensitive data in a private cloud while, at the same time, enjoying the agility and scalability of the public cloud- balancing cost, security, and performance (Goyal, 2014).

 

          Public and private cloud environments will be integrated into the hybrid cloud architecture. This design ensures that the organization will:

 

a.       Host sensitive applications and data within a private cloud for compliance with strict regulatory requirements such as CMMC.

b.      Benefit from lower costs with scalability using the public cloud for those not as sensitive loads, such as customer-facing web applications, non-critical databases, and test environments.

This hybrid model allows for dynamic allocation of resource control to be based on changing business needs and ensures that the highest level of security for critical assets is provided (Buyya et al., 2010).

 

          Amazon Web Services (AWS) is the chosen CSP for the transition. AWS has been selected because of its capabilities range from operational excellence to world-class security, scalability, and an extensive and ubiquitous global infrastructure (Dillon et al., 2010). AWS offers the following advantages for the host, making it the right cloud option for the organization:

a)      Security and Compliance: AWS guarantees CMMC compliance thus confirming that the infrastructure is adequate in the provision of cybersecurity. AWS's specialized features of encryption, network, and compliance are ISO 27001 compliant and meet FedRAMP requirements (Zissis & Lekkas, 2012).

b)      Scalability and Global Reach: AWS gives the organization an opportunity to either expand it or mini and this is a plus. AWS also has its region and availability zone globally through many areas, making it solve the problem of latency and availability both internally and externally (Armbrust et al., 2010).

c)      Compute Power: The organization uses AWS’s Elastic Compute Cloud (EC2) which offers the organization a broad range of compute instances depending on the computation requirements. These are tasks extending from data analysis, computationally intensive machine learning, and huge database operations (Buyya et al., 2010).

d)      Cost Efficiency: AWS has an open management system which means it’s based on the pay-as-you-go model and doesn’t include extra expenses. AWS also provides reserved instances to achieve cost optimization for recurring operational tasks (Armbrust et al., 2010).

e)      Integration with Existing Systems: More so, it is made easy to integrate with the existing systems, such as AWS Direct Connect and AWS VPN that allow secure connection between cloud and on-premise structures (Zissis & Lekkas, 2012).

          CMMC is one of the foremost priorities for an organization, and this completes the AWS platform with effective compliance to direct compliance controls over the hybrid cloud-stack architecture. It monitors such items as AWS IAM, KMS, and AWS CloudTrail for stringent access provisions, encryption, and auditing settings called for by the CMMC standard.

          CMMC Compliance Program has been initiated by AWS to help defense contractors and groups achieve and maintain targeted security maturity. The program provides perspective and tools to help bring workloads running in the AWS environment in accordance with the right cyber protection requirements.

          This public cloud will house less sensitive applications that need to reach high scalability and capacity all over the globe. Such applications include:

 

·         Customer-facing applications

·         Non-critical databases

·         Testing and development environments

          Using a public cloud with these workloads would give the organization the opportunity to scale its resources up or down with speed while being more effective in their process, without compromising on financial costs (Fernando et al., 2013).

 

          These sensitive applications will be hosted in the private cloud environment, where security and data control are vital. Such applications include:

·         Finance applications

·         HR applications

·         Customer information management systems

          These systems will be kept in the private cloud to comply with various regulatory requirements and also to ensure maximum data security measures. The private cloud environment will also enhance the capacity for disaster recovery and encryption of data in order to protect sensitive data.

 

          The hybrid cloud architecture must provide high computation power while at the same time conforming to stringent security needs. The organization can combine these workloads into the AWS EC2, a virtual server, with configuration brought into life as per specific requirements. The compute instances will enjoy a full security spectrum that is enhanced through Virtual Private Clouds (VPC), Security Groups, and Network Access Control Lists (NACLs) all working to check and monitor the network traffic (Zissis & Lekkas, 2012).

          For sensitive data in transit and at rest, AWS provides server-side encryption using AWS KMS. Also, under the remit of AWS with more advanced logging and monitoring tools like AWS Config and Amazon CloudWatch, visibility into security compliance and operational performance can be achieved on an ongoing basis (Fernando et al., 2013).

          The architecture should satisfy the requirements of internal and external customers by proposing secure and efficient access to the systems. The organization will use AWS Identity and Access Management (IAM) to control access to their cloud resources. IAM permits the organization to set policies to enforce role-based access control (RBAC), whereby users get the minimum permissions required for users in that particular role.

·         Internal users will be allowed secure access to the private cloud resources using a VPN coupled with the IAM policies.

·         External users (customers) will have access to public-facing applications hosted by the Public Cloud with security features including Multi-Factor Authentication (MFA) and SSL Encryption that will ensure a secure connection.

         On top of that, AWS Direct Connect will be set to establish a dedicated network connection from the organization's premises to AWS providing faster, more secure, and higher-availability links for Hybrid Cloud operations.

          The proposed hybrid cloud architecture using AWS gives the organization flexible, scalable, and secure infrastructure support to enable operations. It provides a secure environment to host critical applications, keeping compliant with standards such as CMMC, while less sensitive workloads run cost-efficiently and with high scalability in the public cloud. By balancing the deployment workloads across Public and Private clouds and harnessing the advanced services of AWS, the organization can gracefully migrate from its on-premises data center into a future-proof cloud solution.

 

 

 

 

 Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D.A., Rabkin, A., Stoica, I., and Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4): 50–58.

Buyya, B. J., & Goscinski, A. (2010). Cloud computing: Principles and paradigms. Wiley. ISBN: 9780470887998.

Dillon, T, Wu, C. & Chang, E. (2010). Cloud computing: Problems and tiers. International conference on advanced information networking and applications: 24th IEEE international conference on AINA – 2010, 27-33.

 Nurul Fernada, S.W.Loke, & W.Rahayu. (2013). Mobile cloud computing: A survey. IEEE Computer Society, Future Generation Computer Systems, 29, No. 1, pp. 84-106.

Goyal, S. (2014). Public vs private vs hybrid cloud computing: A critical review. International Journal of Computer Network and Information Security March 2014, Volume 6, Issue 3, pp. 20-29.

 Zissis, D., & Lekkas, D. Presidents Konstantin Zissis Konstantin Zissis Hermes Airports Cyprus Security challenges of cloud computing. Vol 28 No 3 2012 pp 583- 592 Future Generation Computer System.