TESTING AND INTEGRATION PLAN
The most important things to any organization is the data. This information need a very secure security way of keeping to be assessed by only authorized persons. To avoid data consequences occurring from breaching the client-to-server or the server –to- server transmission must be encrypted. Also, securing data transmission can be achieved by transmitting the data traffic through a Secure Sockets Layer (SSL) which has the high level of security protocols such as the Transport Layer Security (TSL). The Test and Integration Plan
Enable SQL data encryption
Manage with Secure Workstations
Enforce Multi-factor Authentication
Use Hardware Security Modules
Enforce file level data encryption
Encrypt Virtual Machines
Use Role Based Access Control (RBAC)
Protect data in transit
Using the name and password should be substituted with other means in verifying user’s identification. The method to be used in authentication should meet the demands for a simple signin process and helps to guard the access to applications and data. Restriction should be placed on access based on the least and need to know privilege security principles. This is vital to organizations that want to enforce and maintain security policies for the data being accessed. Industry encryption solutions are using secret keys to encrypt data. For this reason, it is vital that these keys are stored safely. Key management also is an integral part of the data protection process, as it will be leveraged to store the secret keys used in the process to encrypt data. The endpoint will then become one of the key attacking area due to the regular attacks pursuing end user. If the impostor has the endpoint, he/she can get access to administration’s files. The attack on the endpoint is more vulnerable because they are used on the end users workplace. The best for an organization is secure access from locations of the workstation by using Point-to-Site VPN. Bigger data move through a dedicated high-speed WAN link and encrypt data at an
application-level using SSL, TLS, or other protocols for additional protection protecting the confidentiality of Personal Data. Data on transfer and rest are encrypted by the Cloud Service Providers (CPSs). This encryption, tool CSPs to give Key Management Infrastructure (KMI) as part of the cloud services provided. It is important for every organization to have an option and right to choosing their own KMI. There is also, Hybrid Cryptosystems, which is also used in protecting encryption keys. And there is also Homomorphic Encryption, which allows for operations to be carried out on encrypted data, without the need to decrypt it. These systems are used to develop communication with each other and to send encryption data. For the Data Masking and Tokenization. Tokenization is using credit card number, which is more confidential. This card is substituted with alternative value, which is called a Token. The process of exchanging parts of critical data with characters that are irrelevant, so that others are authorized to see it interpretation the data as impractical in its contemporary procedure. Another option where one can regulates contact to the data in cloud is the Rights Management option. This is encryption key works better on the unstructured data, such as documents or files that stored in the cloud (Steiner, 2012).
Operation and Maintenance Plan Though it provide many information technology problems, cloud computing is not fully secured. In order to protect information and the whole system, it is vital for appropriate supervision to be carried out. The performance of any assurance is done management process is carried out by the risk management of an organization. In addition, the organization is required to follow the accepted implementation strategies and measures. Risk assessment and management is involved with controls, authority, forming strategies for cloud appraising. Controls will be developed to ensure that the essential deeds is taken to address risks and protects best interest of cloud, based on the analysis of the risk involved. The security challenges faced by the cloud computing also is as a result of the applications that allow the data to be hosted by the data providers, and will be more vulnerable if their management is under the organization. This Operations and Maintenance plan targets to protecting information and data within the cloud design.
The chore objective of this plan is to guard the cloud data access control, and authentication that will be implemented. Among other supports, is a single log-in that allows users to authenticate their identity. This cloud environment support is the Security Assertion Markup Language (SAML) standards. SAMLS assures the messages and other collaborating domains are mapped over the Simple Object Access Protocol (SOAP). This is written with Extensive Markup Language (XML). For messages in movement, the user establishes a public key to sign the SOAP. Every message in SOAP undergo a security authentication though it is vulnerable to the attacks. The manipulation of SOAP messages by the XML pose many threats since it can be altered though it stills have the verification signature. The Extensible Access Control Markup Language (XACML) will unify the identity management and the cloud management to reinforce the path of transmission of messages. The XAMCL also deals more with the transferring authorization and authentication verdicts between the domains. The XACML also is responsible for the protection of accessed to resources with a Policy Enforcement Point (PEP). It does so by sending a request for a description to access to a Policy Decision Point (PDP). The PDP investigates the request and returns with a legal decision for the PEP to act on it. This is done in order sufficiently guard and protect the data. Additionally, there are other practices, which are implemented in order to moderate the risks that are pose the cloud risk management. There are shared information in the cloud that are shared within the cloud. These shared information will be identified and classified accordingly and the clients will be assured of security, data privacy, and operation control. The cloud management should be equipped with the knowledge on the whole process and how to deal with any attempt of intruders to attack the system. The management should also undergo stiff vetting to test their competency to the duties assigned. The cloud service too will be audited to make sure there is excellent services given and the condition set are followed. The recovery and data backup techniques should made available at all time. These backup should be more effectively enough to prevent overwrite, destruction, and loss of data. The data encrypted information is supposed to control cryptographic materials. The authentication of the cryptographic keys must be backed up regularly to avoid the loss of those information.