Cloud Computing Models - Case Study Example

Case Study: Cloud Computing Models Number: Lecturer: Cloud Computing Models Acting on my man as the CIO of a US-based international shoe manufacturing company, I am ready to initiate geographically distributed cloud-based computing model. In implementing this option, the leading concerns include security, policy, and redundancy. This extends my mandate to tackle these issues and maintain high redundancy rates of 99.999% availability so that international shareholders such as web customers, manufacturers and retailers could be served well. In deciding which option to make, reference must be made to addressing foreign policy and national security provisions made by the Export Control. As such, my analysis will be based on reading Addressing Export Control in the Age of Cloud Computing and recommending the best path for the company to take. Key policy questions and issues the company might face Export Control in the United States plays a critical role in ensuring that the national interests and foreign policy regulations are adhered to. United States places restriction on the export of some software, items and technology. The Departments of Commerce, Defense, Interior, Energy and other US agencies control the flow of software out of United States. Cloud computing is a new and emerging concept. One of the most fascinating aspects of cloud computing is the autonomy it offers. Though it has been with us not for long, it is undisputable it has proven to be a major commercial and SME success catalyst and hopefully will continue for the next decades. Clouds are of particular interest not only with expanding tendency to outsource IT to cut on management overheads and to widen existing limited IT infrastructures, but even more notably, they reduce the entrance barrier for new players to deliver their respective goods and services to a wider market with minimal entry and exit costs and infrastructure. The lack of term or volume commitments, pay as you go pricing model, and unrestricted entry and exit seem to offer a license to behave impulsively. Tempting as it may be to shift deployment to the cloud, IT manager realize that their business depend on thoughtful planning (Lorna Uden, 2012). The key policy questions that the company is likely to face include privacy, jurisdiction, and security. The concept of jurisdiction is applicable where data originates from one location i.e. US and find itself in another location i.e. Europe. Because export control primarily concerns movement of data, then the question of whether the company will satisfy expose control regulations when it adopts the cloud need to be answered (Villasenor, 2011). The products and services offered by the company also need to be scrutinized to establish whether they comply with Export Regulations. This company is a shoe manufacturing company and the first question that should come to mind is whether shoe products are subjected to export control regulations. Information concerning the products and the technologies used to manufacture the products is of great concern. The flow of information in the clouds is ubiquitous and it remains notable if export control regulations apply to them as well. This is because method of processing information and the information technology environments utilized for production are complex and fall under export control. Notably, software deployment and utilization techniques explicitly implemented to leverage cloud computing environments may arise export control violations when some components of the cloud are based outside the US (Villasenor, 2011). Cloud-based services recommended affording high redundancy It also facilitates collaboration between remote locations. Hence, it is economical and facilitates valuable service delivery. There are a number of cloud service providers in the market. The two major industry players analyzed for this paper includes Microsoft Azure and Amazon’s Web Services (Lorna Uden). Cloud computing can be offered in four major types. These include private clouds, public clouds, community clouds and hybrid clouds. Private clouds are developed for an exclusive group of trusted users that uses a single tenant operating environment. An example of this offering is an organizations data centre that provides services to employees or users in remote locations. The services are designed to fit their demands and access privileges are restricted to them alone. This defines private cloud computing. Though the user can access the pool of resources necessary for their operations, they are not located in their proximity. Public clouds are an opposite of private clouds. Services and resources in public clouds are provided to organizations who do not which to invest in an in-house hosting. A subscriber will access the services via internet. Examples of this offering are Amazon’s Elastic Compute Cloud (EC2), Simple Storage Services S3 and Simple DB (Rittinghouse JW, 2009). Community clouds are a development by a group of people pursuing a common objective. NIST defines community clouds as an infrastructure shared by several organizations in a community with specific shared concerns. It is a subset of public clouds that is tailored to perform a specific function in government, healthcare, finance and educational industries (Claybrook, 2014). Amazon S3 is the preferred cloud solution to be implemented by the US-based shoe manufacturing company. Amazon S3 is a cloud storage service provided by Amazon. It has a simple web-service interface that allows storage and retrieval of any amount of data, at any instance from anywhere in the world. It provides users with highly scalable solutions, reliability, security, and efficiency. The service is especially important for web developers or organizations who want to develop their own applications because it is designed to simplify web-scale computing. Other than storage and development, Amazon S3 provides data transfer service such as AWS Govcloud Region for USA government. The recommendation for Amazon is based on compliance with export control rules and regulation compliance and security and performance guarantees (Amazon, Amazon SimpleDB, 2014). The pricing model for Amazon’s S3 is pay as you use. The prices are computed on a monthly basis based on the services provided and the location of S3 bucket. It attracts no minimum fee, hence a favorable option for many organizations. Gateway security is offered in three choices: Gateway-Stored volumes, Gateway-Cached Volumes and Gateway-Virtual Tape Library (Amazon, Amazon, 2014). One of the most important considerations that is applicable to the shoe-manufacturing company is import and export security. AWS provides a simple but robust Import/Export security framework. If there is a requirement to transfer large amounts of data across different geographic locations, AWS transfers data directly to the desired location using its high-speed Import/Export internal network. AWS Import/Export requires the user to authenticate the storage device using a digital signature and a unique job identifier. Security reasons for selecting the options The AWS cloud infrastructure is based on highly secured data centers that employ state-of-the-art surveillance techniques and multi-factor access control systems. Its data centers are located in geographically dispersed locations and are staffed 24/7 with security personnel as well as controlled access. S3 provides a number of security features which ensure that its data is protected on the data centers. AWS Storage Gateway Security is one feature where the cloud-based storage is connected with the on-premise software appliance to facilitate seamless integration between IT environments and AWS infrastructure. Amazon S3 is designed to be fault tolerant even with infrastructure failures. Its data centers are built in clusters in many regions across the world, and every data center is online, serving customers concurrently. In case one of the data centers goes down, customer requests and traffic are routed away from affected areas. For the manufacturing company, they have the option of storing data in multiple geographic locations; say US, Germany and Switzerland (Rittinghouse JW, 2009). Redundancy reasons Amazon provides highly durable storage infrastructures in its S3 offering. Objects are stored redundantly across many S3facilities and the guarantee of data protection against loss is very high. Whether S3 is used for permanent storage or not cloud provision, the level of durability and availability is ultimately guaranteed. The durability of an object stored in S3 is 99.999999999% implying that the probability of losing a single object out of 10,000 of them is one in every 10 million years. This level of redundancy surpasses what the US manufacturing company requires. The storage in S3 architecture is designed in such a manner that the concurrent loss can be sustained in two separate storage facilities. Another choice for S3 is that every object stored in it is simply a cloud copy of an original copy stored somewhere permanently. This means that the object can be regenerated or re-derived in case a need arises. In cases where this is a disadvantage, S3 introduced standard storage classes where objects are stored with eleven 9’s of redundancy. For objects that require low redundancy, the reduced redundancy storage is suitable (Amazon, Amazon, 2014). Extent that export controls play in your cloud-based solution The shoe-manufacturing company is intended to open branches across the globe. This implies seamless integration and exchange of information. In one way or another, export violations may be occurring daily. For instance, if the facility will leverage time zone differences between US and Europe and transfers most of its processing to any particular location when the servers there are not busy (night), then, violations might be occurring frequently. Even though the violation is occurring, the user and the provider are not privy to it owing to the physical location of the servers which is intentionally abstracted. The Department of Commerce Bureau of Industry and Security has given two advisories which related to provider activities in export control issues, and this advisories will affect the shoe manufacturing company. The first refers to the aspect of providing computational capacity to the user without providing the necessary technical control, data or assistance. If Amazon AWS provides the cloud solution without the technical knowledge on how to use it, it would not be subjected to EAR, but if technical assistance is required to facilitate its use, then the technology is subjected to EAR. Notably, a cloud solution requires some expertise on how to use it, security configurations and other related aspects which are provided by the service provider technical personal. If this path is followed, then Amazon and the company would be affected by EAR controls (Villasenor, 2011). The second aspect regards deemed exports and concerns the release of technology to a foreign national. To iron out the issue, BIS made a distinction with respect to this provision between cloud providers and cloud service users. The activity of providing computational services to a client within or outside the United States is not subjected to EAR because, the service provider, in this case Amazon, is not an exporter of technology. Therefore, the shoe manufacturing company will not be affected by sourcing cloud service provision from Amazon. In conclusion, it is recommended that the cloud provider and the vendor reach a common ground with respect to control of physical location with which cloud services are to be offered. This will help in ironing out issues and preventing unintended export control violations (Villasenor, 2011). Graphic representation of solutions References Amazon. (2014). Amazon. Retrieved from APC Back-UPS ES 8 Outlet 550VA 120V: http://www.amazon.com/APC-Back-UPS-Outlet-550VA-120V/dp/B0019804U8/ref=lp_764572_1_1?s=pc&ie=UTF8&qid=1415911499&sr=1-1 Amazon. (2014, Nov 11). Amazon SimpleDB. Retrieved from Amazon Webservice: http://aws.amazon.com/simpledb/ Claybrook, B. (2014). Comparing four cloud computing strategies. TechTarget. Gardner. (2013 October). Gartner Says Cloud Computing Will Become the Bulk of New IT Spend by . Cloud Strategies and Adoption at Gartner Symposium/ITxpo 2013 October 21-24 in Goa. India. Lorna Uden, F. H. (2012). 7th International Conference on Knowledge Management in Organizations: Service and Cloud Computing. Springer. Rittinghouse JW, R. (2009). Security in the Cloud. In: Cloud Computing. Implementation, Management, and Security,. CRS. Villasenor, J. (2011). Addressing Export Control in the Age of Cloud Computing. Brookings: Center for Technology Innovation. Read More