+1 (208) 254-6996 [email protected]

Cloud Computing :

Discussion 1 – 

Don't use plagiarized sources. Get Your Custom Essay on
Cloud Computing And Operational Excellence
Just from $13/Page
Order Essay

 This is a required assignment worth 75 points (75-points/1000-points). Assignment must be submitted by the due date. No late assignments are allowed. Please discuss the following topics and provide substantive comments to at least two other posts. Select from the following list four (4) topics and discuss. Use only 50-words max per topic to discuss and present your answer.  The discussion questions this week are from Chapter’s 10-13  (Jamsa, 2013).Chapter 10 topics:

  • Define and describe business continuity.
  • Define and describe disaster recovery.
  • Discuss pros and cons of cloud-based backup operations.
  • Discuss threats to an IT data center infrastructure and provide cloud-based solutions to mitigate the risks.
  • Create a DRP for a company with which you are familiar.

Chapter 11 topics:

  • Define software architecture.
  • Define and describe SOA.
  • Compare and contrast a web page and a web service.
  • Search the Web for companies that offer web services and then describe three to five web services that programmers might integrate into the applications they create.
  • Discuss what it means for a web service to be interoperable.

Chapter 12 topics:

  • Discuss key items that should be included in an SLA.
  • Define predictive analytics and discuss how an IT manager might use such analytics.
  • Discuss how an IT manager might use load testing on a site.
  • Define and discuss vendor lock-in and identify steps a company should take to mitigate this risk.
  • With respect to cloud-based solutions, list and discuss 5 to 10 operations or tasks an IT manager should oversee.

Chapter 13 topics:

  • List and describe common system requirements one should consider before moving an application to the cloud.
  • Discuss why a company should consider using a consultant to oversee a cloud migration and list specific skills you would expect the consultant to have.
  • List and discuss resource utilization characteristics one should monitor for an application prior to moving the application to the cloud.
  • List possible training requirements for an SaaS solution integration, a PaaS application migration, and an IaaS application migration.
  • List and describe budget considerations one should evaluate before moving an application to the cloud.
  • List and describe IT governance considerations one should evaluate before moving an application to the cloud.
  • Define and describe cloud bursting.

Note: You are required to use at least two-peer reviewed sources (besides your textbook) to answer the above questions.   

Discussion 1 page needed…

Operational Excellence Course :

Discussion 2 – 

 This week we focus on the knowledge management cycle noted in Figure 5.3 in the Information Technology and Organizational Learning text. Note the various aspects of knowledge management, continuous innovation, and competitive advantage and how they integrate with one another.

Your response should be 250-300 words.  Respond to two postings provided by your classmates.

Discussion 1 Page needed…

Paper – 1

 Information Systems for Business and Beyond Questions:

  • Chapter 5 – study questions 1-9, Exercise 1 & 3

Information Technology and Organizational Learning Assignment:

  • Chapter 5 – Review the Roles of Line Management and Social Network and Information Technology sections.  Note the various roles in the organization and note the similarities and differences within each role.  Also, note how innovation technology management shapes how we communicate amongst coworkers within an organization. 

The above submission should be one-page in length and adhere to APA formatting standards.**Remember the APA cover page and the references (if required) do not count towards the page length**Note the first assignment should be in one section and the second section should have the information from the Information Technology and Organizational Learning assignment.  The paper requirements for the two-pages applies to the second part of the assignment directly related to the  Information Technology and Organizational Learning assignment. 

School of Computer & Information Sciences

ITS-532 Cloud Computing

Chapter 13 – Migrating to the Cloud

Learning Objectives • Define requirements for migrating an application to the cloud. • Describe the importance of backing up data before and after moving an application to the

cloud. • Appreciate the benefit of using experienced consultants to assist with a cloud migration. • Describe an application in terms of its resource use. • Define and describe vendor lock-in and discuss ways to avoid it. • Describe the importance of training employees before, during, and after a cloud migration. • Describe the importance of establishing a realistic cloud-deployment schedule. • Discuss key budget factors impacted by the cloud. • Discuss potential IT governance issues related to the cloud. • Define and describe cloud bursting.

Migration to the Cloud • An application can be moved to the cloud quickly.

• There are a myriad of cloud-solution providers who will eagerly assist by giving you instant access to cloud- based servers, data storage, and support.

• Like all IT projects, the process of moving an application to the cloud, or the process of creating and deploying a new cloud application, should be well planned.

System Requirements

• All IT projects should begin with specific requirements. The process of taking an application to the cloud, known as cloud migration, is no exception. The cloud- migration process should start with defined requirements.

Common Cloud System Requirements

• Data security and privacy requirements • Site capacity plan—the resources that the application initially

needs to operate • Scalability requirements—the measurable factors that should drive

scaling events • System uptime requirements • Business continuity and disaster requirements • Budget requirements • Operating system and programming language requirements

Common Cloud System Requirements Continued

• Type of cloud: public, private, or hybrid • Single- or multitenant solution requirements • Data backup requirements • Client device requirements, such as computer, tablet, or smartphone

support • Training requirements • Help desk and support requirements • Governance and auditing requirements • Open source software requirements

Common Cloud System Requirements Cont.

• Programming API requirements

• Dashboard and reporting requirements

• Client access requirements

• Data export requirements

Real World: CloudSwitch Cloud Migration

• Many companies have enterprise-based applications that are widely used by their employees.

• These applications, therefore, are mission critical.

• CloudSwitch provides a downloadable application that companies can install within their data center and that securely maps the company’s on-site applications to a cloud-based solution in a matter of minutes.

Protect Your Existing Data • Before you begin your application migration to a cloud provider,

make sure that you back up your data so that you can revert, if necessary, to a known point.

• Then, be sure that you and the provider agree to the backup procedures that will be employed after they take control of your data.

• It is easy to move a solution to a cloud provider. You need to ensure that it is equally easy to move out of the cloud if necessary.

Protect Your Data Privacy

• If your company has specific privacy requirements, such as those of the Health Insurance Privacy and Portability Act (HIPAA) for health care, or of the Family Educational Rights and Privacy Act (FERPA) for education, have your provider state explicitly, in writing, its data privacy policies and procedures.

Use an Experienced Cloud Consultant

• Moving a solution to the cloud is a learning experience. • The process has many options and a wide range of potential

pitfalls. • Many companies provide consultants who are experienced in the

cloud migration process. • Before you begin your application’s migration to the cloud, you

should consider hiring a consultant. In most cases, you will find that hiring a consultant saves you money in the end and helps you avoid costly mistakes.

Know Your Application’s Current Characteristics

• Before you move your application to the cloud and risk facing scaling issues, be sure that you monitor your application to identify its key performance indicators.

Common Characteristics • Demand periods—Does the application have periods of

high or low demand, such as 8 a.m. to 5 p.m.? • Average users—How many users typically use the

system simultaneously? • Disk-storage requirements—What are the application’s

typical disk-storage needs? Are the files permanent or temporary? Are most operations read or write operations?

Common Characteristics Continued • Database-storage requirements—What are the application’s

database requirements? Is the database replicated in real time? What is the application’s database read/write ratio?

• RAM use—What is the application’s range of physical and virtual memory use?

• Bandwidth consumption—What is the application’s bandwidth requirement?

• Caching—How does the application currently cache data?

Remember Vendor Lock-In • Occurs when a vendor makes it difficult for a company to switch to

another provider, even if the vendor has failed to fulfill the SLA. • This lock-in may occur because the vendor is unable to export data

completely, or because the vendor provides services its competitors do not.

• A cloud-service provider should make it easy for clients to move to another provider in the event that the provider fails to meet one or more of the SLA requirements.

Real World: Kayako Help Desk Solutions

• Change-management consultants often cite the integration of a trained help desk staff as key to an application’s successful integration. Kayako, provides a variety of key help desk tools that a company should consider before migrating a solution to the cloud: – Support ticket management – Ticket escalation support – Live support desk chat software – VoIP phone integration – Remote computer access

Define Your Training Requirements

• To reduce employee stress during an application’s migration to the cloud and to increase employee productivity with the cloud-based tools, you should consider training before, during, and after the cloud migration.

Training Requirements • Employee preparedness for the SaaS solution • Developer training on the solution APIs • Administrator training for cloud-based operations • IT-audit group training for corporate governance issues

and internal controls • Help desk support preparedness training • Business continuity and disaster preparedness training

Real World: RightScale Cloud Application Management

• RightScale provides a fully automated cloud-management platform that lets companies deploy cloud-based solutions across one or more clouds.

• RightScale provides its cloud-management software as an SaaS solution that lets customers deploy and manage their solutions quickly.

• The RightScale website also features valuable videos, white papers, and forums that focus on cloud computing.

Establish a Realistic Deployment Schedule

• Cloud providers can quickly deploy solutions. • You should set a deployment schedule that provides

sufficient time for training, testing, and benchmarking. • Many organizations will use a beta-like release schedule that

gives employees a prerelease chance to interact with the software and provide feedback.

• The testing period may provide time for the company to establish early system-performance benchmarks.

Budget Factors • Current data center costs breakdown, including:

– Rent – Power and air conditioning – Collocation costs – Server costs – Data storage costs – Network costs

Budget Factors Continued • Current payroll costs for existing site administrators and

projections for possible staff reduction opportunities • Current costs for software licenses that may shift to the

cloud, and the (lower) projected cloud-based costs for the software

• Current payroll costs for patch management and software version updates

• Current hardware maintenance costs

Real World: GoGrid Hosting • GoGrid is a very large IaaS solution provider that

provides scalable solutions to thousands of customers.

• At GoGrid, customers can acquire on-demand solutions for physical, virtual, or hybrid servers at cost effective pricing levels.

• Additionally, GoGrid offers solutions for load balancing, collocation, and cloud-based data storage.

IT Governance • Before you migrate an application to the cloud, consider the

following governance requirements: – Identify how the cloud solution aligns with the company’s business

strategy. – Identify and define the internal and external controls the company will

need within the application, and at what control points, in order to validate that the application is performing correctly and is free from possible external modification.

– Describe risks the IT staff is trying to mitigate and ways the cloud can help.

IT Governance Continued – Describe who within the company will have access to data within

the cloud and how they will get it. – Determine who within the cloud provider’s organization will have

access to data within the cloud and how they will get it. – Discover how the cloud provider logs errors and system events

and how you can access them. – Determine how and when the cloud provider performs system

updates and patches. – Discover which performance-monitoring tools are available for

your use.

Cloud Bursting • When an on-site application encounters increased user

demand, the application expands into the cloud. • When the user demand declines, the application leaves

the cloud. • Cloud bursting is most common for seasonal demand,

or event-driven demand, such as the load on Google Maps when an earthquake or other natural disaster occurs.

Cloud Bursting Continued • Cloud bursting lets a company extend an on-site application into the cloud to scale

temporarily to meet user demand.

Key Terms


• Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

School of Computer & Information Sciences

ITS-532 Cloud Computing

Chapter 12 – Managing the Cloud

Learning Objectives • Discuss components often found within a service-level

agreement (SLA). • Define and discuss vendor lock-in and specify steps a

manager should take to reduce this risk. • Discuss a manager’s potential use of audit logs to

identify system bottlenecks and resource use. • List the specific aspects of the cloud deployment that a

manager must oversee.

Cloud Management

• By moving a solution to the cloud, IT managers shift a great deal of day-to-day management from their in-house department to the cloud- solution provider.

Service Level Agreement (SLA) • When you contract with a cloud-solution provider, part of

your contract will contain a service-level agreement (SLA), which defines the levels of service the provider will meet.

• SLA Components – System uptime, normally expressed as a percentage, such as 99.9% – Run-time monitoring capabilities and event notification – Billing policy for various types of resource use (e.g., CPUs, disk space, and databases) – Technical support operations (e.g., call-time delay and event response time) – Data-privacy policy – Multitenant systems and applications – Customer and provider roles and responsibilities – Backup policies and procedures – Resolution steps in case provider fails to meet the service levels

SLA Best Practices • Mapping Business Cases to SLAs • Consider cloud and on-premise SLAs as cloud based solutions often have higher level SLAs • Understand scope of SLA (application, infrastructure etc.) • Understand the scope of SLA monitoring – where it is performed and where calculated • Documents Guarantees at appropriate granularity • Defining penalties for non-compliance • Incorporate non-measurable requirements – security, location of data, etc. • Disclosure of compliance verification and management • Archiving of SLA data • Disclosing cross-Cloud dependencies

Real World: APICA Load Testing • A key responsibility of cloud managers is to monitor system

performance. • Several sites in the cloud provide response-time-based cloud

performance monitoring; others provide load testing, which measures how a site will perform during high user demand.

• The Apica website, provides both types of testing, as well as cache-utilization assistance, which the company says will significantly improve a site’s responsiveness.

Ensure and Audit System Backups • Managers should consider different forms of backups. • A company may back up user files from on-site

computers to disks that reside within the cloud. • Hopefully the company will never require these

backups; but regardless, the company should periodically audit the backups, perhaps by checking that you can successfully restore randomly selected files of different users.

Real World: Distributed Management Task Force

• The Distributed Management Task Force (DMTF) consists of hundreds of organizations and thousands of members who work to provide IT standards.

• The DMTF provides standards and recommendations for managing the cloud and virtual solutions.

Cloud Backups • If the cloud provider stores some or all of your

company data, you must understand the provider’s backup process (and include it in the SLA).

• For governance purposes, you should know if the data is encrypted, who has access to it, and if it is replicated to a remote facility. If it is backed up to another location, you must know where and how often.

Know Your System’s Data Flow

• Managers should create a detailed process- flow diagram that shows the movement of company data throughout the cloud solution.

• They should also identify within the dataflow various points for the placement of internal controls or auditing.

Real World: Embionics Cloud Virtualization and Management

• Embotics offers V-Commander, an off-the-shelf- product that offers life cycle solutions for managing private cloud deployments and optimizing the underlying virtual devices.

• Embotics states that with its product an IT team can install the software and manage the cloud within one hour.

Vendor Lock-In • Relationships can go bad—even those with a cloud-solution

provider. • The agreement you sign with a cloud provider should stipulate exit

procedures in case the provider fails to meet the service levels or breaches any other aspect of the contract.

• Vendor lock-in occurs when a provider does not support data export or when a provider’s service is unavailable through others. Thus, the customer is “locked in” to the relationship with the vendor.

Source-Code Escrow • Companies fail. Therefore, managers, should perform due

diligence on a cloud solution provider before they enter into an agreement.

• The manager may want to arrange a source code escrow agreement, which places a copy of the provider’s programming- language source code with a third-party escrow company.

• If the solution provider fails, the company can acquire and deploy the source code, put it on its own system, and implement the provider’s solution.

Determine Technical Support and Help Desk Procedures

• Depending on the solutions it places in the cloud, a company may have various help desk support requirements.

• There may also be shared support responsibilities.

• In all cases, an IT manager should ensure that the support specifics are defined within the SLA.

Determine Training Procedures • To be successful, large-scale cloud applications often require

user training before, during, and after the integration. • For SaaS solutions, the cloud-service provider normally

provides user training. • Depending on the application’s processing, the company

may need to augment the training with in-house instruction. • The IT manager should stipulate the training responsibilities

within the SLA.

Real World: Netuitive Predictive Analytics and Cloud

• Predictive analytics tools perform statistical analysis to predict future behavior.

• Netuitive integrates predictive analytics to provide IT managers with insights into how a solution will work under different conditions.

• Netuitive software can monitor a group of integrated or stand- alone cloud-based solutions.

• The software’s self-learning capabilities allow the software to identify demand trends and more.

Security Policies and Procedures • Many clients are apprehensive about storing their data

in the cloud. • To reduce these concerns, IT managers should

thoroughly understand the provider’s security plans, policies, and procedures.

• Specifically, a manager should be aware of the provider’s multitenant use, e-commerce processing, employee screening, and encryption policy.

Security Policies and Procedures Continued

• The manager should examine the provider’s use of firewalls, intrusion detection, and security mechanisms.

• These security factors should be defined in the SLA.

Real World: New Relic Cloud-Performance Monitoring

• When it comes to cloud-performance monitoring, most managers spend 80 percent of their time monitoring 20 percent of a solution’s code (Pareto Principle).

• New Relic, provides monitoring software that will examine system performance to identify potential bottlenecks.

• New Relic software supports most common programming languages and can be easily integrated into a site.

Real World: Strangeloop Site Optimization

• Across the cloud, developers strive for web pages that load in two or three seconds or less.

• There are a variety of site performance monitoring tools you can use to measure a site’s responsiveness. That’s the easy part. The hard part is making slow pages load faster.

• Often, that requires a company to take steps such as eliminating or compressing graphics, compressing text, and improving cache utilization.

Strangeloop Continued • In the age of increasing bandwidth, many web

managers may ask, “What’s the big deal about a one- to two-second delay?”

• Research shows, however, that such delays are why customers log off of websites!

• Strangeloop provides a site-optimizing solution that companies can easily deploy to improve their site’s performance.

Monitor Capacity Planning and Scaling Capabilities

• For SaaS solutions, the cloud-solution provider will scale the site to match user demand.

• An IT manager, however, must define in advance key response-time metrics the solution must provide and then include those measures within the SLA.

• For PaaS and IaaS solutions, the IT manager must initially estimate the solution’s capacity plan, which defines the resources the solution will need to operate satisfactorily.

Capacity Planning and Scaling Continued

• The IT manager should also estimate the site’s potential growth and define, with the help of the solution provider, the plan for scaling the site resources as well as the related costs.

• Several sites within the cloud provide system- performance reports that managers can use to measure current performance and the potential system benefit from scaling specific resources.

Monitor Audit-Log Use • To identify potential system bottlenecks, detect errors within

the system, and identify system-resource use, the IT manager may examine various system log files.

• In a PaaS or IaaS solution, the manager can likely turn on the log file reporting that meets needs.

• For an SaaS solution, the manager should discuss in advance with the cloud service provider the various available logs and the costs of running them, both in terms of dollars and performance.

Real World: Uptime Software

• Too often, cloud-solution managers do not know that a system error has occurred until a user reports one.

• With Uptime, IT managers can easily monitor a wide range of servers, and produce resource utilization reports.

Solution Testing and Validation • Just because a company provides a solution does not mean

that the solution is error free. • An IT staff using a cloud-based solution must test the

solution and periodically audit key processing to confirm that the application is providing correct results.

• In particular, a cloud-service provider will often perform patch management and version updates. The IT staff should be aware of all system modifications and test accordingly.


Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security

and more. Burlington, MA: Jones & Bartlett Learning.


Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud computing: concepts, technology, & architecture. Upper

Saddle River, NJ: Prentice Hall.

School of Computer & Information Sciences

ITS-532 Cloud Computing

Chapter 11 – Service Oriented Architecture

Learning Objectives • Define and describe SOA. • Compare and contrast the roles of web services and web

pages. • List common examples of web services. • Discuss the benefits of treating a web service as a black box. • Discuss governance challenges in using web services. • Discuss the role of the Web Service Description Language

(WSDL) to describe a web service and its methods.

Services Oriented Architecture (SOA)

• Describes the major components that comprise a system, their relationships, and the information the components exchange.

• The distributed nature of the cloud has provided an ideal platform to support service-oriented architecture (SOA), an architectural approach to building solutions through the integration of services.

SOA and Web Services • Within SOA, programs make remote-procedure calls to services that reside on servers distributed

across the Web.

Web Services Are Not Web Pages • A web service is program code that resides on the Web and

performs a specific task that other programs, not people, use. The following are examples of tasks performed by a web service: – Return the weather conditions for a specific zip code – Return real-time traffic conditions for a road or highway – Return a stock price for a particular company – Return driving directions to a specific location – Return the country associated with an IP address

Message Passing to a Web Service • A program exchanges messages with a web service to call a specific method and then normally

waits for the web service to return its result.

Real World: Xmethods.com • As programmers develop web services, often they will

share them with others—sometimes free, sometimes not.

• At the XMethods website, you can find a wide variety of web services available for use within programs.

• Even if you are not a developer, you should visit the site to gain a better understanding of the types of tasks performed by web services.

Advantages of Web Services • Primarily because of their distributed nature, web services

provide advantages to developers, the most important of which is ease of code reuse.

• When programmers develop code, they break large, complex operations into smaller, more manageable tasks.

• Then they implement the well-defined tasks as functions. Ideally, each function should perform one task only.

Advantages of Web Services Continued • Programmers can reuse the function code in other programs, which saves

development and testing time and ultimately reduces costs. • A common rule of programming is not to “reinvent the wheel,” which

means that if another programmer has written code that performs the task that your program needs, you should reuse that code.

• Web services are ideal for code reuse. • Disadvantage:

– Because web services require network operations, a web service will be considerable slower than a program’s call to a function that resides on the same computer.

Scaling a Web Service • Using a load-balancing model, developers can scale a web service solution.

Coupling • Describes the degree of dependence between a calling program and the

web service. • Ideally, to use a web service, a program only needs to know the location

of the web service (its URL), the name of the functions (methods) the web service provides, and parameters the program can pass to the functions.

• In this way, programs and web services are said to be loosely coupled. • Because of a program’s loosely coupled relationship to a web service, it is

possible for a developer to update a web service with a newer version (perhaps a faster version) and for programs that use the service to use the new version immediately without requiring any modifications.

Web Services as Black Boxes • The term black box describes a module for which the

software developer does not care how the processing is performed, but instead, knows that the code, when provided valid inputs, will produce predictable results.

• Developers should treat the web service as a black box, and not worry about how it performs a task. Instead, the developer trusts that, with valid input, the web service will function consistently.

Web Services and Interoperability

• One of the biggest advantages of web services is their interoperability.

• In other words, they can be called from programs using a variety of programming languages.

• Meaning, the same web service can be called by PHP, Java, or C#.

Web Service Description Language (WSDL)

• A web service consists of one or more functions, each of which performs a specific task and normally returns a specific result.

• Within the web service, each function has a unique name and may receive zero or more parameter values.

• Behind the scenes, the web service uses a Web Service Description Language (WSDL) file to describe the web service and its methods.

• Programs that use the web service will use the WSDL file to determine the available functions, parameter types, and more.

Governing Web Services

• Before a developer uses a web service within an application, the company’s IT staff should ensure that the web service implementation and deployment satisfies their policies and procedures.

Considerations for Web Services • The solution must be developed and deployed by a

reputable company. • The solution cannot be dynamically changed without the

company’s notification/approval. • The solution must provide secure communications to avoid

threats such as a man-in-the-middle attack. • The solution must be scalable to meet potential demand. • The solution must be able to be validated.

Key Terms


• Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

School of Computer & Information Sciences

ITS-532 Cloud Computing

Chapter 10 – Disaster Recovery and Business Continuity and the Cloud

Learning Objectives • Define and describe business continuity. • Define and describe disaster recovery. • Describe the benefits of cloud-based or off-site backups. • Evaluate the risk of various threats and steps to mitigate each. • Discuss the role of colocation for continuity and disaster recovery. • Identify and discuss a variety of system threats. • Describe the benefits of a cloud-based phone system. • Describe the benefit of cloud-based data storage for continuity. • Describe the importance of testing/auditing the business continuity and disaster

recovery plan. • Create a business continuity and disaster recovery plan.

Thread Disk Failure

• Disk drives are mechanical devices, and as such they will eventually wear out and fail.

• Further, other threats, such as fire, flood, theft, or power surges, can result in the loss of disk-based data.

Understanding MTBF • All mechanical devices have an associated mean time

between failure (MTBF) rating. For a disk drive, the MTBF may be 500,000 hours of use (about 8 years).

• It is important that you understand how manufacturers calculate the MTBF.

• To start, the manufacturer may begin running 1000 disk drives. When the first disk drive fails, the manufacturer will note the time—let’s say after 500 hours (less than a month).

Understanding MTBF Continued • The manufacturers then multiply that time by the number of

devices that they tested to determine the MTBF:

MTBF = (500) × (1000) = 500,000 hours

• It’s important to note that no device in the group ran near the 500,000 hours!

Reducing Disk Failure Threat • The first and foremost risk mitigation for disk failure is to have up-

to-date disk backups. • If a disk fails, the company can simply replace the disk and restore

the backup. • That implies, of course, that the cause of the disk failure (fire,

smoke, flood, or theft) did not also damage the disk backup. • To reduce such risk, most companies store their disk backups at an

off-site storage facility.

Real World: Iron Mountain

• Since 1951, many companies have used Iron Mountain to store the tape backups securely. If the company ever needs to restore a disk or retrieve an archived letter, e-mail, or other data for legal or compliance reasons, the company can simply retrieve and restore the magnetic tape.

Iron Mountain Continued • Today Iron Mountain provides a variety of services

beyond digital tape storage: – Document management – Cloud-based automatic backups – Records management and storage (including health

records) – Secure document shredding – And more

Disk Replacement: The Problem • The problem with the remote tape backup system is that it

takes time. • To start, the company may need to purchase a replacement

disk. • Then the company must install and format the disk for use. • Finally the company’s tape storage facility must locate and

return the tape that contains the data.

RAID Disk Systems • Many data centers use of a redundant array of independent (or

inexpensive) disks (RAID) to reduce the impact of disk failure. A RAID system contains multiple disk drives.

• Rather than simply store a file on one drive, the RAID system stores the data across several drives along with data that can be used to reconstruct the file if one of the drives fail.

• If a disk drive fails, no file recovery is required from the tape backup. Instead, the IT staff can simply replace the failed disk and the RAID system will rebuild the disk’s contents on the fly!

Cloud-Based Disk Storage • Most cloud-based data storage facilities provide automatic data replication to another cloud-based

data repository.

Cloud-Based Data Backups • Because cloud-based backups reside at a remote

storage facility, the backups immediately introduce a level of protection.

• Because the backup files are immediately available from any device, anywhere, the backups reduce potential downtime because no time is needed to find, retrieve, and restore a tape backup from a traditional backup storage facility.

Power Threats

• Computers are sensitive electronic devices. When a computer loses power, the user’s current unsaved data is lost.

• Further, an electrical spike can permanently damage the computer’s electronic components, rendering the device unusable or destroying disk- based data.

Power Threats Continued

• Although power blackouts can be caused by storms, accidents, or acts of terrorism, the more common power brownout is typically more damaging.

• Unfortunately, power brownouts can be quite common, especially in the hot summer months when electrical demands spike.

Uninterruptible Power Supply (UPS) • Users plug devices into surge suppressors to protect the devices from power spikes.

• A UPS provides users with a few minutes of battery backup power so the users can save their work and shut down their systems in an orderly way.

Diesel-Powered Generators • Many data centers have diesel-powered generators to produce power in the event of a long-term


Cloud-Based Power Loss Risk Mitigation

• When you consider the expensive infrastructure needed to reduce the impact of power interruption, that alone should make you consider housing your data center off-site within the cloud.

• Most PaaS and IaaS solution providers have effectively dealt with power loss issues.

• Remember, such providers can share the infrastructure costs across many customers. Also, most of the providers have colocated facilities on different power grids.

Threat: Computer Viruses • As users surf the web (potentially downloading and installing software)

and share drives (such as junk drives), their systems and those in the same network are at risk for a computer virus attack or spyware.

• It is estimated that within the United States alone, lost productivity time due to computer viruses exceeds $10 billion per year!

• The best defense against computer viruses and spyware is to ensure that every system has antivirus software installed.

• Most antivirus solutions today automatically update themselves across the web, as often as daily, with the most recent virus and spyware signatures.

Firewall Protection • Home computer users and business users should protect their systems by placing a firewall

between the systems and the Internet.

Other Virus Protection Steps • Many organizations prevent users from installing their own

software. • Not only does this practice reduce the chance of a computer

virus infection, it also aids the company in preventing the installation of software that the company does not own.

• Companies must train users to not open e-mail attachments in messages they receive from users they do not know.

Threat: Fire • Fire can damage computer resources, data stored on disks,

and local copies of system backups. If the fire itself does not damage the equipment, the smoke or the process of putting out the fire will.

• Most offices have sprinkler systems, which, as you can imagine, destroy computers when they deploy. Often there is no good way to protect office hardware other than simply to insure it.

Halon-based Fire Systems

• Within a data center, you normally won’t find sprinkler systems, but rather halon systems, based on compounds of carbon and one or more halogens, that stop fire by removing all the oxygen from the room.

Cloud-Based Fire Suppression • If you house your data center in the cloud, your system

will reside in a state-of-the-art data center that provides fire suppression systems and, in most cases, colocated system redundancy.

• Again, because the PaaS and IaaS solution providers share their costs across many customers, they are able to provide their customers with top-level service at a relatively low cost.

Threat: Floods • As with fire, so with flood: the best defense is to have current backups and insured equipment.

• Within many data centers you will find flood sensors which sound an alarm if water is detected.

• These sensors do not exist to detect widespread flooding, but rather water leaking from an on-site pipe break.

• The new rule of thumb is to not select a PaaS or IaaS provider located in a flood zone.

Threat: Disgruntled Employees • A disgruntled employee can harm a company by launching a

computer virus, changing or deleting files, or exposing system passwords.

• It is very difficult to defend completely against a disgruntled employee, particularly one who has physical access to systems.

• For companies that use single-sign-on solutions, should the company terminate an employee, the company can quickly disable the employee’s access to all systems by simply disabling the employee within the authentication server.

Threat: Lost Equipment • Each year, within airports alone, thousands of notebook

computers are lost or stolen. • When an employee loses a notebook, not only is the computer

lost, but also the user’s local data, which may be confidential. • Today, with users carrying powerful handheld devices, the

opportunity for loss becomes greater. • Given the amount of information a user stores on such a device,

identity theft often follows the theft of a device.

Reducing Risk of Lost Equipment • To reduce the risk of data loss when a device is lost or stolen

(or broken), the user must maintain current backups. • Typically, the more a company utilizes the cloud, the less risk

the company will have with respect to a lost device. • If, for example, the user stores (or syncs) key files to a cloud-

based data repository, the user is likely to lose only minimal data.

Threat: Desktop Failure • Computers, like all devices, may eventually wear

out and fail. The cause of failure may be a bad disk drive, motherboard, power supply, and so on. The bottom line is that a user is now without a system.

• The first step in recovering from a desktop failure is to ensure that current backups of the user’s files exist.

Reducing Risk Through Virtualization

• If a company delivers the users’ desktops on demand, a user whose system has failed need only stand up, walk to another system, and log in. The employee can then resume work right where he or she left off.

• Further, if the user stores files in the cloud, he or she can likely access them from any device, and, if necessary, use software such as Office Web Apps to access and edit the files.

Blade Server Failure • Just as desktop computers can fail, so too can servers.

• Blade server replacement is normally fast and simple. Because most servers boot from a NAS device, only minimal software setup is normally required.

Threat: Network Failure • For home computer users, when a network fails, users are

going to be offline until a fix is applied. As a solution, some users are purchasing 3G and 4G wireless hotspot devices as a backup method of accessing the Internet.

• To avoid the network from becoming a potential single point of failure, some companies bring in a second Internet source from a vendor other than their primary ISP.

Database System Failure • Most companies today rely on database management systems to store a wide range of data, from

customer data, to human resources data, to application specific data.

• If a company’s database fails, many applications may also fail.

• Database Risk Reduction – Database replication creates two live copies of databases on separate servers. If one database fails, the other can immediately take over operations.

Threat: Phone System Failure • Historically, there have been few ways outside of

redundancy to reduce the impact of a phone system failure. That was the case until the advent of cloud-based phone systems.

• To avoid a single point of failure for phone systems, cloud- based phone systems have now emerged. The cloud-based systems provide the functionality of a traditional phone system and, behind the scenes, provide system replication.

Real World: RingCentral • A cloud-based phone system provider featuring:

– Free nationwide calling and faxing – Support for existing phones and faxes as well as RingCentral IP phones – Lets users place calls from any phone, anywhere, appearing to be made from the

usual office number – Caller greetings customized by the time of day – Fully customizable call forwarding – Forwarding of voice mail and faxes to e-mail – A phone directory system – Ability to let companies deliver music or corporate messaging to callers who are

on hold

Risk Mitigation • To start the risk mitigation process, make a list of the company’s potential technology risks. Then

estimate each risk’s potential for occurrence and its business continuity impact.

Disaster Recovery • Disaster recovery describes the steps a business will

take to restore operations in the event of a disaster (fire, flood, hurricane, tornado, or other event).

• By integrating cloud-based solutions, many companies have significantly reduced the cost of their business continuity programs while simultaneously reducing potential risks.

Key Terms


• Jamsa, K. A. (2013). Cloud computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. Burlington, MA: Jones & Bartlett Learning.

Order your essay today and save 10% with the discount code ESSAYHELP