Cloud Computing and Governance

Week 1 Blog Entry

BSIT 400

I am Jeff Fackler.  I have been in the Air Force for 19 years now.  I have only dealt with cloud computing in my past BSIT 375 class.  I am a Cyber Systems Operator in the AF, and love my job.  For my first blog entry I would like to point out that you can become certified through CompTIA in Cloud Computing Essentials.  To do this you can take their exam.  What that entails is a 50 question test that is multiple choice.  You have 60 Minutes to take the test and you must score above a 720 on the exam in order to pass.   It cost $119 to take.  The exam covers clouds services from a company perspective.  The test validates if you know the business value of cloud computing, cloud types, steps to a successful adoption of the cloud, the impact and changes on IT services management, as well as risks and consequences of cloud computing.  If you are interested and would like to look into this certification further, please follow the link below for more information.

https://certification.comptia.org/certifications/cloud-essentials

 

Week 2 Blog Entry

As I am more familiar with Network Area Storage, I decided that I would look up some info regarding it and cloud computing.  I did a little bit of research on the differences and some comparisons of a NAS and Cloud Computing.  Below is the information that I came across that I would like to share.  There are some features that are kind of must haves in regards to building NAS as your type of storage for your company.

  1. Security – Your NAS will be storing confidential company data, consider the use of SSL to protect the Web management interface a bare minimum.  Cloud Computing Services have security as a main priority with every service that I have researched.
  2. Power Consumption – Because your NAS is likely to be switched on 24/7, energy starts becoming more important in the way of environmental impact and your electricity bill.  The cloud alleviates this issue, but is normally factored into the cost.
  3. iSCSI Support – An increasing number of NAS come with iSCSI support, making this a de facto feature.  In cloud computing this is not a factor as you will be connecting to all of your storage remotely, which keeps you from having to purchase a certain type of storage.
  4. Ability to sync/backup to another NAS – Storing a copy of the data with another NAS at another physical location is invaluable in ensuring data survivability.  Cloud Computing Services offer assured recovery in the event of a disaster.
  5. Multi-functional Capabilities – Extra features built into a NAS can be very useful.  The availability of FTP services can be used for staging and transferring large files across the Internet – with the right firewall configuration. The ability to host Web files can be used to host internal websites or intranet portals.  Cloud Services offer many different capabilities, to include scaleability on the fly which is one of their best features.
  6. Deduplication – Depending on the compression ratio gained and preferred backup regime, this might be invaluable to some Small/Medium Business.
  7. On-board, hardware-accelerated encryption –  If possible, opt for NAS with on-board encryption support that can perform encryption at much faster speeds. Encryption is the best defense against vendors or business partners simply walking away with one of the companies hard drives.  Although not necessarily defined as a feature of Cloud Computing, they do offer Cloud Bursting which replicated the hardware acceleration, as they open up the private cloud to join in the public cloud for processing calculations for the time that “acceleration” is needed.
  8. Support for syncing with cloud storage – This allows your business to do without configuring a firewall or VPN that is required for NAS-to-NAS backups. With that some cloud-based services have high levels of redundancy, which can reinforce data survivability a second layer of backup for data.

All of these are items to look into if your company is going to be using a NAS or going to a Cloud Service platform.  Do you feel like there were any items that I missed?  Please feel free to let me know on the discussion board.  Thank you.

 

Week 3 Blog Entry

In doing research for this weeks paper I found that their are many companies that help a company bridge the gap between having a lengthy contract and providing needed cloud services to a company wanting to grow.  I find it interesting that even with cloud service companies that you would have to sign an over 1 year contract.  As the scale-ability with them is almost instantaneous.  This allows a company to, on short notice, increase the amount of storage space, computing power, or hardware acceleration that they would need during peak times.  I did not find where they would be locked-in to that contract for an extended period of time, but then I do not think that the regular internet user is going to be pr ivied to the view of actual contracts.  I would think that it might be similar to our cell-phone contracts where if during the year you want to add more bandwidth, or more data, then you might be locked-in to another year on that contract.  I have had this happen to me before.  Those are just my thoughts on this issue.  I wish I had more information.

 

Week 4 Blog Entry

In my research into our group project I found that there are 3 big companies that are offering cloud services that are names most people should be familiar with.  Those companies are Apples ICloud, Amazon Web Service, and Microsoft OneDrive.  All of these companies offer storage to its users on a fairly inexpensive pricing scheme.  For the average user just wanting to store pictures and videos as most of us do, you can get up to 5GB of free storage without signing a contract.  But for families and small businesses that need more storage they will need to look at the pricing available from each of the vendors.

ICloud offers 50GB – $.99 up to 2TB – $9.99

Amazon Web Services offers many different plans from 50TB to 500+TB of storage at $0.021 GB/month.

Microsoft OneDrive offers 50 GB for $1.99/month up to 5TB at $9.99/month

I found it very interesting to see that cloud storage was not that expensive on a personal basis.  I could see myself utilizing cloud storage in the future.  I have had to deal with my fair share of dead hd’s and trying to recover data from those drive taking me days to do so.  This would ensure that my files would be available to me whenever I had an internet connection and keep it from loss during a disaster.

 

Week 5 Blog Entry

In doing some research on cloud storage in relation to email, I was reminded that the DoD had moved their email services to the cloud a few years ago.  This move was called the DoD Enterprise Email of DEE as it is known.  When I first joined the Air Force, we had an Exchange server at each base.  It was locally managed by the communications squadron that was based there.  Anytime that the Exchange server had an issue it would take down email for the entire base.  One of us server admins would get called in to fix it immediately.  Then about 10 years ago we moved all the Exchange servers to each of the INOSC (Integrated Network Operations and Security Center) locations.  There they had a team of folks that were there 24/7 so that if there was an issue it could be troubleshot and fixed in a more timely fashion.  Now we have the DEE, which has freed up our communications subject matter experts work on issues dealing more in tune to war fighting.  This also reduced the cost of operations and maintenance.  It is also secure to military and civilian standards.  This is just one of the ways the military has worked to save money and also changed the way they do business in one aspect that allows others to adapt and change for the better as well.

Reference:

https://www.disa.mil/Enterprise-Services/Applications/DoD-Enterprise-Email

 

Week 6 Blog Entry

In my research this week I came across many Cloud Company security breaches.  I found these very interesting.  It seems that we trust these companies with vital data, that when not protected can cause tremendous damage to a company or to individuals.  I would like to name a few of those breaches just so that you can see some of the ramifications of not having proper security to protect you data while it is in the cloud.

In 2013 Target has a massive data breach that saw some 41 million customers information being downloaded by hackers.  Due to this data breach, the brick and mortar stores saw a huge loss in revenue due to being linked to the store that had such a massive break in security.  It is estimated that the 2015 holiday season saw Target sales drop 46% which they calculated to be at a cost of $148 Million.

In 2012 hackers stole 68 million user account information from Dropbox.  These accounts were sold on the darkweb market place and helped to rise the price of bitcoins.  After the hack was discovered Dropbox saw that some companies lost faith in them and moved onto services such as Bitcasa and YouSendIt.

“The web titans of today are using cloud infrastructures almost exclusively. That includes internet pioneer Yahoo, who found itself on the wrong side of the history books. For whatever reason, it took the better part of three years to tally all the damage, but Yahoo finally disclosed the final numbers on the breach that occurred in 2013. Apparently more than one billion user accounts were compromised in the attack. This includes first and last names, email addresses, dates of birth, and questions and answers to security questions. This incident is on record as the largest data breach in history and unrelated to a separate incident that exposed 500 million accounts months prior. (StorageCraft, 2018)”

7 Most Infamous Cloud Security Breaches – StorageCraft. (2018, March 19). Retrieved July 13, 2018, from https://blog.storagecraft.com/7-infamous-cloud-security-breaches/

 

Week 7 Blog Post

This weeks research led me to thinking about how to get data from one specific device to another while traversing the cloud.  One way of doing so is through a GRE (Generic Routing Encapsulation) Tunnel.

“GRE encapsulates data packets and redirects them to a device that de-encapsulates them and routes them to their final destination. This allows the source and destination switches to operate as if they have a virtual point-to-point connection with each other (because the outer header applied by GRE is transparent to the encapsulated payload packet). For example, GRE tunnels allow routing protocols such as RIP and OSPF to forward data packets from one switch to another switch across the Internet. In addition, GRE tunnels can encapsulate multicast data streams for transmission over the Internet.

Data is routed by the system to the GRE endpoint over routes established in the route table. (These routes can be statically configured or dynamically learned by routing protocols such as RIP or OSPF.) When a data packet is received by the GRE endpoint, it is de-encapsulated and routed again to its destination address.

GRE tunnels are stateless-–that is, the endpoint of the tunnel contains no information about the state or availability of the remote tunnel endpoint. Therefore, the switch operating as a tunnel source router cannot change the state of the GRE tunnel interface to down if the remote endpoint is unreachable.”

So if you have networks at 2 separate locations you can set them up to share data specifically and securely between the 2 devices.  This will also help with your hop count if you are using an older protocol such as RIP that has a maximum hop count of 15.

If you have anymore questions on GRE Tunnels please look at my reference below.

References:

Juniper Networks (2018, April 25). Ethernet Interfaces Feature Guide for Switches. Retrieved July 19, 2018, from https://www.juniper.net/documentation/en_US/junos/topics/concept/gre-tunnel-services.html

 

Week 8 Blog Post

Well I have learned a lot during this last week on what are some of the critical factors when going through the process of moving a company to the cloud.  There were a few of them that I had never thought of.  To me, the most important factor would be the scalability.  In particular, what would be the cost differences for making the change on the fly (dynamically), and what are the costs associated with the degree of the change.  Such as going from 50TB of storage to 75TB of storage.  Is it going to be scalable to the increase?  If 50TB cost me $100, will moving up to 75TB be $150, as one might think?  Or will it be $200, kind of like how you go over your data limit with your cell phone company and the extra GB of data cost you considerably more in comparison to how much you paid for your first 3GB of data.  My second highest of the factors to consider was security.  You have to know that all you data and the transfer of that data is secure.  how do you measure that security?  Do they publish a quarterly report?  Are they inspected by a third party service?  It is better if they are transparent to their customers on these issues.  That is all I am going to say this week on this.  If you are reading this I hope you liked it and it gave you some items to think about.

 

Week 9 Blog Post

Well here we are.  One week left in this class.  Looking back on what I have learned in Cloud Computing has been an interesting ride.  I take into account all the years that I have been working with computers and networks and all the changes that I have seen them take.  I have to say that in cloud computing the most interesting thing that I have learned about was scaling of resources.  I have dabbled in this with my own Hyper-V server and how it has been configured to increase hard drive space when reaching a certain threshold.  And with adding more virtual memory when the memory for a particular server or pc is maxing out.  One that I could not configure to increase was that of the cpu.  I have read how the Cloud Service companies can increase the available speed in calculations for their customers.  I wish that I could see how this is done.  I wonder what is on the back end that is making this happen and happen automatically.  I am also sure that this feature would be configured only if it was part of the agreed upon SLA.  If the customer opted out of this service then they would just be limited to the resources at the start of the contract.

 

Week 10 Blog Post

As I think the majority of us did, my first blog was about me.  A simple introduction to who I am and my thoughts on Cloud Computing Essentials.  Week 2 was geared more towards the differences in Network Area Storage and how Cloud Computing operates differently that it.  My next week was about contracts between companies and starting cloud services for a business.  Week 4 was about the different big companies that provide cloud services to people and to businesses and some of the price differences between those companies.  In my week 5 blog I talked about how the Air Force moved to a cloud service to run its exchange email services. I had to deal with this personally and I know that most people have not had to make a move to a cloud service for email yet.  My next week was about the several security breaches that have happened over the years dealing with companies that use cloud services.  Week 7 I talked about part of my research paper in how to build a GRE tunnel to encapsulate your data and encrypt it from one point to another.  In week 8 I talked about the scalability factor for cloud services.  I find this to be one of the best benefits for using the cloud.  In my last week I described the scaling of resources for calculations and how an SLA might keep a company from scaling depending on how their contract is written.  I would have to say that over the last 10 weeks I have written on a variety of topics.  I think that I chose my topics based on what we were talking about in class mostly, but there were a few times that I strayed and decided to talk about a topic that I was interested in or was talked about at work.  I used several different sources for my material over the last 10 weeks.  I used sources such as CompTIA, juniper.net, different articles, disa.mil and my own experiences.  I like to blog, but I think that this form of assignment is very similar to our discussion board posts.  I think that these types of blogs are useful to IT Security Professionals as they provide information on different subjects, areas and troubleshooting that someone visiting the blog might not have thought of to try.  It gives an “out of the box” type of perspective.  If we had to comment on each other’s blog like our discussion post, or maybe in-place of the discussion posts then it would be more beneficial.

Advertisements