Question

Case Study:

Regional Gardens Case study Regional Gardens Ltd is a company that runs a few related gardening enterprises. It has a large display garden that it opens for public inspection several times a year. These enterprises include the Regional Gardens Nursery which sells plants and garden supplies to the public, and Regional Garden Planners which provides garden advice, design and consultancy services. Regional Gardens Ltd has a small data centre at its main site in Bathurst where the company’s servers and data storage is located. The company has the following server infrastructure: • 2 x Active Directory domain controllers on Windows Server 2008 R2, (2 x Xeon 3.6GHZ, 8GB RAM, 140GB HDD); • 3 x SQL Server 2003 database servers on Windows Server 2003 (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-5 array); • 1 x Exchange 2007 email server on Windows Server 2008 R2 (2 x Xeon 3.6GHZ, 8GB RAM, 250GB RAID-1 array); • 4 x Windows Server 2003 File and Print servers (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-1 array); • 2 x Windows Server 2008 R2 running Microsoft SharePoint 2013 (2 x Xeon 2.8GHZ, 4GB RAM, 250GB RAID-5 array); • 2 x Red Hat Enterprise 5 Linux servers running Apache and TomCat (2 x Xeon 2.8GHZ, 16GB RAM, 140GB HDD). This infrastructure has not been updated for some time and the Regional Gardens Board is concerned that a full upgrade may now cost them more than it is worth. The Board is now considering moving some, or all, of their current infrastructure into the Cloud. The Board sees this as a strategic move to future-proof the company and is looking to a move to the cloud to ensure that its services are: • Readily available and always accessible, • Capable of handling heavy loads in times of peak demand, • Capable of serving downloads to users as required, • Secure from attacks, • Capable of providing detailed reports on usage. Regional Gardens is considering the following strategic proposal: • They plan to retain their data centre solely for archival and long-term data storage. This would entail updating their data storage infrastructure in the Bathurst Data Centre and moving all other infrastructure into the Cloud. • They plan to initially move all their Web Services into the Cloud in order to provide an increased level of HA (High Availability) as well as a better degree of flexibility in supplying data to their customers and employees. Their web services are running on the current Red Hat Enterprise Linux servers using Apache Tomcat • They plan to change their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring). All Microservices are to be designed so that they can be easily moved from one cloud to another to suit requirements or to take advantage of price differentials. • They also plan to migrate their Garden Design LoB (Line of Business) applications to the cloud in order to increase the application's flexibility and availability. The Garden Design LoB application suite will require: o several IaaS instances running Windows Server 2019 o several PaaS instances for Microsoft SharePoint 2019 Enterprise • Regional Gardens would like to keep their gardening data sets in Australia. The Regional Gardens Board is contemplating this strategy to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings by migrating to a Cloud based ICT infrastructure. They appreciate that this would entail retraining for: • Their existing ICT staff so that they can manage the new Cloud based infrastructure, • Their development staff so that they can start to develop using a Microservices model. Regional Gardens have some 70 garden design, horticultural and support staff that work on different projects for clients in New South Wales. The Board has been looking at the steady increase in workload in garden design and consulting and want to expand this business unit into an Australiawide enterprise. They have been advised that a move to using a Cloud based infrastructure would be an advantage to them. Currently the designers use a locally installed Dynascape software suite on each of their PCs (the Dynascape system requirements are an i7 processor, a minimum of 4GB RAM and a minimum 2GB HDDR6 video card) on each PC. But Dynascape now offers it’s software on an SaaS basis (see https://www.dynascape.com/ and https://www.capterra.com.au/software/5930/dynascape#about). The Board is particularly concerned about the security of their garden design process and their intellectual property for garden design. They are also concerned to keep their client data secure. Accordingly, they are looking for a solution that keeps their design and client data on the company’s own servers in its Bathurst data centre.

You must read the Regional Gardens Case Study in Interact before attempting this assignment

The Regional Gardens Board is considering the following strategic proposal:

• They plan to retain their data centre solely for archival and long-term data storage. This would entail updating their data storage infrastructure, and moving all other infrastructure into the Cloud.
• They plan to implement a multi-cloud strategy to prevent vendor lock-in and provide the ability to take advantage of price differentials.
• They have now moved all their existing Web Services to a IaaS instance in the Cloud that has been designed to provide HA (High Availability) and a better degree of flexibility in supplying data to their customers and employees. This IaaS instance uses a number of Red Hat Enterprise Linux servers using Apache Tomcat.
• They plan to change their current web software architecture to take advantage of the flexibility and scalability that can be gained by moving to a Microservices model (this would entail the use of such services as AWS Lambda or Azure Functions, Containers, Data Services, and Cloud Edge capability and monitoring). All Microservices are to be designed so that they can be easily moved from one cloud to another to suit their changing requirements.
• They also plan to migrate their Garden Design LoB (Line of Business) applications to the cloud in order to increase the application's flexibility and availability. The Garden Design LoB application suite will require:
  • A number of IaaS instances running Windows Server 2019
  • A number of PaaS instances for Microsoft SharePoint 2019 Enterprise
• Regional Gardens would like to keep their gardening data sets in Australia.

The Regional Gardens Board is contemplating this strategy as a way to increase the company’s flexibility and responsiveness. The Board also expects to achieve significant savings by migrating to a Cloud-based ICT infrastructure. They appreciate that this would entail retraining for:

• Their existing ICT staff so that they can manage the new Cloud-based infrastructure,
• Their development staff so that they can start to develop using a Microservices model.

Regional Gardens has again approached you to advise them on this strategy. The Board is also concerned about how this strategy will affect their BCP (Business Continuity Plan) and their backup and disaster recovery strategies.

2. Describe the major Information Security risks that you see associated with the move to this Microservices strategy for Web Services. You should name and describe each risk that you identify, estimate its likelihood and consequence and then describe a possible control for the risk. This should be presented in a tabular form.

Answer 1

Answer2)

Risks and control associated with the new Hybrid Cloud and Microservices strategy

Risk name	Risk description	Control
Lack of encryption	Data transmission over the network can be vulnerable to eavesdropping and MitM (Man in the middle) attacks if data is not encrypted before transmitting.	Cryptographic protocols are necessary, endpoint authentication and use of a reliable proxy server is useful to prevent this threat. VPN (virtual private network) must be implemented. Transmission encryption using SSL/ TLS and secure shell (SSH)
Unprotected APIs	Unprotected APIs can exposure confidential data to outsiders by authentication exploitation or personal data manipulation	API keys must be handled securely, verification of third parties before releasing API key is must
DoS (Denial of Service) attacks	The cloud network is rendered inaccessible by attacker through disruption of services in shared resources such as RAM, CPU, network bandwidth and disk space.	Flow analytics, firewall intrusion detection and prevention systems
Poorly defined SLA	Loss of control over data, unsure of cloud security measures taken by the cloud service provider	Cloud vendor should clearly define SLA with access protections and permissions, reasonable expectation of service, well-defined security controls
Data leakage	Cloud provider’s failure to provide adequate security controls can result in comprise of confidential information, data loss or corruption, unauthorized access	Data loss prevention mechanism must be implemented, software errors and infrastructure malfunctions must be eliminated

Note: Plzzz don' t give dislike.....Plzzz comment if u have any problem i will try to resolve it.......