Webb’s Stores is a successful regional retailer that operates stores in Australia and also in New Zealand. Webb’s sell a range of food stuffs as well as some speciality items. The company has two main data centres, one located in Sydney and the other in Melbourne. It also has a number of regional data centres located in Wagga, Bathurst, Port Macquarie, Brisbane and Auckland in New Zealand.
Webb’s Stores has engaged you as a consultant to advise them on the use of Cloud Computing in their daily operations. They have some 600 sales staff that work in their stores and 200 staff that work in their two main warehouses in Sydney and Melbourne. Webb’s have been facing increasing issues with application and operational complexity and the management of their data. They have been advised that a move to using a Cloud based infrastructure would be an advantage to them.
Webb’s are considering the following:
· They are considering a plan to close their Auckland data centre rather than update or replace the older infrastructure. The existing data and services in that data centre would be moved to the Cloud. If this migration is successful, then this could be a first step in the eventual migration of all Webb’s services to the cloud.
· They are concerned at the increasing costs of LTO 6 tapes that are being used for their backup of mission critical data. They are also concerned at the cost of off-site storage of these tapes, but they are really concerned at the time it is taking to complete a full backup of their databases and other critical data.
Webb’s Board is contemplating this strategy as a way to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings on the cost of maintaining their ICT infrastructure by closing their Auckland data centre. This would entail retiring the infrastructure in that data centre rather than having to update it.
Webb’s has again approached you to advise them on this strategy. You have already advised Webb’s that this strategic approach will mean that they will need to design and operate a “Hybrid Cloud” methodology, where part of their data centre is “on premise” and another part in a Cloud.
Webb’s also plan to run a Risk and Security Workshop to assess the risks, security issues and possible methods of control that will be required with this “Hybrid Cloud” approach. You will be required to organise, run and facilitate this workshop.
The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.
Your task is to prepare a report for Webb’s Board that discusses the following:
1. Webb’s have decided to migrate their MS SQL Server 2012 R2 database to an IaaS instance in the cloud.
a. Describe the type of security that you would deploy to protect this mission critical database once it is moved to an IaaS instance in a public cloud.
b. Describe the benefits and issues that would be the result of your deployment of these security measures.
2. What are the risks associated with migrating this mission critical database to the cloud? You should name and describe each risk that you identify that applies to:
a. The database
b. The IaaS infrastructure
c. The communications between Webb’s and their IaaS database in the cloud
3. Webb’s is considering the use of the Cloud for backup and possibly also for archival of records.
a. What are the risks and issues associated with backing up data to the cloud? You should name and describe each risk that you identify that applies to:
i. Backing up data to the Cloud
ii. Storage of data in the Cloud
iii. Retrieval of data from the cloud.
b. How does Webb’s use of a Cloud backup affect their DR plans? Describe how you see that their backup and restore strategy will change as a result of this service.
4. How should Webb’s protect access to these services that they are now moving to the Cloud? Describe what you would recommend to Webb’s Board to protect access to:
a. Their IaaS infrastructure,
b. Their Ms SQL Server 2012 R2 cloud instance,
c. Their Cloud network infrastructure
d. Their Cloud backup and restore infrastructure
Information security Clear comprehensive assessment of InfoSec issues, critical points identified and discussed.
Migration Risk Management Clear, comprehensive description of Risk Management issues, critical points identified & discussed.
Backup Risk Management Clear, comprehensive description of backup and DR plan, all critical points identified & discussed.
Access Management Clear and comprehensive description of protecting IaaS infrastructure, server and backup and restore infrastructure, and all critical points identified & discussed.