Dhesi Enterprise Project

Identify Management/IT resources
Navi Dhesi – Business Owner
Business management
IT administrators
Finance experts.
Cloud migrations are not an all-or-nothing proposition. Organizations do not have to go “all in” with cloud migrations. In most cases, it will make sense to move certain services to the cloud while continuing to operate others on-premises.

Questions to Ask:
Project Vision ? Paint the picture!!
Business opportunities in the project convince that have clear path
Building Deliverables

SCOPE OF PROJECT
Identify Issues and Complete a Risk Assessment
Taking a look at their existing investments in infrastructure.
Given application can perform adequately in the cloud; some questions will involve nontechnical, budgetary issues.
application’s performance must be considered
application has an Active Directory dependency and requires access to an on-premises SQL server database.
moving application servers to the cloud is hardware scalability. Cloud has unlimited scalability for most demanding workload

There are not only licensing costs involved, but also costs associated with hardware resource consumption and support infrastructure.
1.hardware lifecycle policy, retire servers after five years
2.provides access to enterprise-class hardware and fault-tolerant features that would otherwise be unaffordable
3.Disaster Recovery

Current Network Infrastructure Considerations:
VPN tunnel
On-Premises (temporarily) cloud network is extension of on-premises Active Directory
** RESOLVED Use Centrify leverage and extend the active-directory structure for application
File Server
Windows Domain 16 Workstations, move to thin client access salesforce portal
2 offices , 2 new offices
For older applications that run on legacy operating systems, a move to the cloud may not be an option. Lab testing is the only way to know how an application will behave in a cloud environment. Testing helps determine the steps that are involved in moving the app there.
public cloud’s biggest disadvantages:
1. Security implications, as well as potential downtime from cloud or WAN failure.
**RESOLVED AlienVault will be best tool for USM and PCI compliance
2. Billed based on the resources you consume. This includes storage resources, but also CPUs, memory and storage I/O. Resource
**RESOLVED portals that customers can use to monitor costs and establish safety stops if costs are approaching designated thresholds.
3. Backups become complicated, providers perform their own backups, they don’t necessarily offer restoration services for customers.
**AWS Disaster Recovery
**SalesForce and DB backup

Considerations:

Autoscaling
Network Connectivity
Storage Choices
SLAs measure the service provider’s performance and quality in a number of ways. Some metrics that SLAs may specify include: • Availability and uptime — the percentage of the time services will be available • The number of concurrent users that can be served
Current Network Infrastructure:
Current structure. 2 windows servers 2012 R2 licensed, 1 Domain controller, 1 file/print server,
Access to salesforce.
No PCI compliance

Do not need to touch database of there salesforce sql database
Problem: IT resources limited and Uptime and data security PCI compliance level framework, don’t want to much time on technical details
4 different office
2 in alberta
2 in lower mainland
Want a tunnel to access the data (Previous IT department wanted Tunnel and one data center)
Proposed a AWS project which would have there database and CRM services available as long as the Internet connection was good
Estimate the Costs/ Time of each:
Met with Owner 2 times a week for a brief 30 minutes
Plan the dependencies and longest route
Planning begins with clients describing how the end product will be used, its benefits, and so on, so the team gets a good understanding of the expectations. Once the project has begun, teams cycle through the process of planning, executing, and evaluating tasks
My Quick Risk Assessment: Potential Risk
Identify Potential Risk :
DB administrator responsibility
Financing
Time and downtime (cut – over)
Performance of EC2 server
Data Loss with data transfer
Determine Probability: What are the odds a certain risk will occur? Value is 1 to 5
Determine Impact/Action Plan: What would happen if each risk occurred?
Backup make sure a full backup is done prior to cut-over

Risk Assessment

 

Process of identitying, estimating, prioritizing

 

Evaluation and preparation requirements for business continuity

-Operational Status

-Consider ways to improve security and reduce risk

-Report Findings

-Prepare a plan

-Implement plan to control risk (countermeasure)

 

Important Steps

  1. Qualitive – based on experience
  2. Quantitative – Assign a monetary value (best method)
  3. Hybrid Commonly blended to provide best solutions

 

Assign risk to Insurance, SLA (Service level agreement)

-Best, or cost effective, controls

-management will accept costs

 

Quantitive

Management usually needs monetary values

 

Qualatative

Method for informed analysis then followed by a more formal quantitative

 

Asset Valuation (Critical)

1.Critical to organization

  1. Acquistion or development costs
  2. Replacement costs
  3. Maintenance and Protection costs
  4. Productivity and Operational losses or Impact
  5. Owners Value
  6. Outside/Other Valuation
  7. Liability : Asset is compromised

 

Risk Versus Mitigation Calculation

Asset Value (AV)

Exposure Factor (EF) %

 

Single Loss Expectancy (SLE)

(AV) x (EF)% = SLE

 

Annualized Loss Expectancy (ALE)

(SLE) x Annualized Rate of Occurance (ARO) = ALE

*1 divide by 10 = .10   1 fire per 10 years

*1 times 4 = 4   4 thefts per year

 

Control or Countermeasure Criteria

 

Choosing good security controls

Achieves its goal by mitigating risk

Transparent to users but difficult to bypass

Makes good business sense/cost effective

 

Cost Benefit Analysis Formula

ALE (before implementing control)

-ALE (after implementing control)

-Annual cost of control

= Value of the control to company

 

Qualitative Risk Analysis (judgement, experience, intuition)

 

  1. Develop risk scenarios for assets
  2. Gather experienced “subject matter experts”
  3. Walk through scenarios to determine results
  4. Prioritize risks and threats to assets
  5. Build consensus for best countermeasures

Leave a comment