Uploaded by Nguyen Van Manh (BTEC HN)


BTEC Level 5 HND Diploma in Computing
Unit number and title Unit 16: Cloud Computing
Submission date
Date Received 1st submission
Re-submission Date
Date Received 2nd submission
Student Name
Trần Anh Văn
Student ID
BHAF 200054
PBIT 17101
Assessor name
Lê Văn Thuận
Student declaration
I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism
making a false declaration is a form of malpractice.
Student’s signature
In this report, I will implement the deployment of the application I developed for ATN to the cloud,
including: How to configure, deploy, perform the functions of the application... Then I will talk about
the difficulties that can be encountered during development and how to overcome it. Next, I will
discuss possible barriers to using the cloud and discuss security challenges in depth. Finally, I will
discuss how organizations should protect their data when moving to a cloud solution.
II: Presentation on how to deploy apps to the cloud (p5, p6-task1)
a) How to configure and deploy services
1.Setup git
2: Push the code to Githup
And this is the result after I push my code to Githup
3: Create a web server on Heroku
4: Create an istance on AWS EC2
5: SSH into the instance using Xshell
6: Create a database server on the instance
b)The function of the application
c)link Application
III: Analyze the most common problems which arise in a Cloud Computing platform (P7)
Cloud computing is what everyone is really talking about these days. It provides better data storage, data
security, flexibility, enhanced collaboration among employees, and changes the workflow of small businesses
and large enterprises to help them deliver Better decisions while reducing costs.
It is clear that the use of the cloud is a trend that continues to grow. We predicted in the business intelligence
trend the importance and deployment of cloud in companies like Alibaba, Amazon, Google and Microsoft
Considering all the potential and growth that cloud computing has experienced in recent years, there are also
many challenges that businesses are facing. In this article, we have gathered 10 of the most prominent
challenges of cloud computing that will bring new insights and perspectives in the cloud market. But first, let's
start with a simple explanation of the general characteristics and basic definitions.
Some problems and challenges when using the cloud such as:
Security issues
Performance issues
Cost Issues
Multi-cloud issues
1: Security issues
Security issues
The problem:
Security is always on the top list of challenges when using cloud computing services. With many
different industry segments adapting to the cloud culture, a data breach can create havoc for end
users. Whether public, private, hybrid, multi-cloud or single-cloud, data security breaches are
inevitable without security measures. This will hinder the operation and operation of the whole
organization and business.
To solve the problem of data security, we should use, a combination of methods such as:
Data encryption.
Use tight security protection protocols for cloud solutions (SSL).
Train IT staff on how to handle security issues with an appropriate solution.
Establish policies and corporate culture on the development and assurance of data security.
2: Performance issues
Performance issues
Performance plays an important role in the business of the business and it directly and affects the benefits that
the business achieves.
For example, if there are 2 applications running together, but the processing speed of one application is a few
seconds faster than another application, then users will definitely consider lightning and will choose the
application with faster speed.
When using cloud services, any downtime in the cloud directly impedes application performance. Cloud
downtime can happen in any technology. Therefore, businesses need to take measures to overcome
performance issues when using cloud services.
There are many solutions to solve performance problems such as:
Regularly monitor and test cloud applications to ensure optimal performance.
Provide failover mechanism by third-party vendors in case of downtime.
High network bandwidth usage when there is a lot of data.
Create comprehensive application recovery solutions for cloud-based data.
Have a proper disaster recovery mechanism in place.
Create your own scenarios and come up with solutions for performance issues.
3:Cost issues
Cost issues
The next part of our cloud computing risks list involves costs. For the most part cloud computing can save
businesses money. In the cloud, an organization can easily ramp up its processing capabilities without making
large investments in new hardware. Businesses can instead access extra processing through pay-as-you-go
models from public cloud providers. However, the on-demand and scalable nature of cloud computing services
make it sometimes difficult to define and predict quantities and costs.
Luckily there are several ways to keep cloud costs in check, for example, optimizing costs by conducting better
financial analytics and reporting, automating policies for governance, or keeping the management reporting
practice on course, so that these issues in cloud computing could be decreased
4: Multi-cloud issues
Multi-cloud issues
Multi-cloud issues
The problem
Challenges facing cloud computing haven’t just been concentrated in one, single cloud.
The state of multi-cloud has grown exponentially in recent years. Companies are shifting or combining public
and private clouds and, as mentioned earlier, tech giants like Alibaba and Amazon are leading the way
However, it has posed a challenge to manage the synchronicity, security and robustness of the cloud. activities
in the organization.
The solutions to deal with this problem are as follows:
Manage and maintain the appropriate infrastructure to cover the entire operation.
Redesign processes to involve all stakeholders and cloud templates.
Integrate cloud solutions of different service providers into one.
Dynamic management of supplier relationships.
Adapt best practices such as conducting research and training
IV: Assess the most common security issues in cloud environments(P8)
Among the challenges and barriers when using the cloud platform, the issue of security is one of the most
important and also the most concerned.
Problems with security risks can come from:
Cloud Service Provider
Cloud Service Customer
There are five main types of risks associated with cloud computing both from a cloud provider and customer
Organizational Security Risks
Physical Security Risks
Technological Security Risks
Compliance and Audit Risks
Data Security Risks
1: Organizational Security Risks
Organizational security risks are those that originate from one or more entities within an organization
and that can affect the structure of that organization.
These risks include damage to the business reputation as well as physical loss of the organization.
Some causes of organizational risk:
Change in organizational management structure: It can be that the supplier is sold to another
organization, malicious members, important management staff have quit, ... The change of politics,
structure, work of people in the organization is a huge risk.
No resource planning: The risk to resource planning is losing control over resources, leading to unclear
roles and responsibilities, with no one in charge of a particular issue . This leads members of the
organization to blame each other. In addition to causing organizational security risks, it also destroys
the spirit of solidarity among members of the organization.
Outdated organizational security management: Organizational security management is obsolete as
current security management models have changed dramatically as businesses use the cloud
2: Physical Security Risks
A cloud service provider is responsible for managing the infrastructure including servers, networks, storage
devices,... The cloud service provider must ensure that the operation of the cloud data center is secure to provide
the safety and security of the customer's data.
If the provider is unable to control or has weak physical access control capabilities, an attacker can steal entire
servers, even if they are protected with firewalls and encryption.
Therefore, the physical location of the cloud data center must be secured by the provider to prevent
unauthorized access to on-premises customer data, the provider should implement and operate basic controls.
Appropriate infrastructure including staff training, physical location security, network firewalls.
The Cloud Service Provider is not only responsible for storing and processing data in specific jurisdictions,
but is also responsible for complying with the privacy regulations of those jurisdictions. that reason. For
example, when a supplier wants to set up a data center in Vietnam, they must comply with the regulations and
laws of Vietnam.
In addition, data is redundantly stored by the provider in multiple physical locations, and such location
information is not disclosed to customers, making it difficult for customers to determine whether appropriate
security measures are in place. out to secure customer data or not.
3: Technological Security Risks
Technical security risks are failures related to technologies and services provided by cloud service providers.
Technical security risks include resource sharing isolation issues, malicious attacks on vendor risks related to
portability and interoperability, poor hardware maintenance, no reply system, reduced availability and
hardware failure.
Causes of security risks are divided as follows:
Poor inter-cloud interoperability: due to incompatibility between the cloud service
provider's platforms.
Service interruption risk from the provider: The risk of service interruption from the
provider side leading to widespread outages and service unavailable or data loss.
Lack of interoperability standards: Cloud computing lacks interoperability standards. There is no
standard communication and data export format between and within the vendor, which makes it
difficult to establish appropriate security frameworks.
Infrastructure Capability Hard to Determine: It is a disagreement in determining whether cloud
performance meets the agreed SLA because performance is related to server workloads and
computing power. network modifiers. This leads to disputes and litigation between customers
and suppliers.
Application development on cloud services: Application development on cloud services is
application developers using cloud services to develop their own applications. However, when a
related problem occurs, it is difficult to determine who is responsible for this fault.
Poor inter-vendor portability: This creates a compatibility risk that arises if a customer wants to
switch from one provider to another because the hosting services provided by a CSP can
incompatible with other providers' services.
4: Compliance and Audit Risks
Compliance and audit risks are related to legal risks such as lack of information about jurisdictions, changing
jurisdictions, illegal contract terms and ongoing legal disputes.
It is the responsibility of both the supplier and the customer to comply with the rules and regulations defined in
the contract and to check the SLA regularly.
Cloud service providers must undergo external audits and security certifications. If a supplier fails to comply
with these security audits, it leads to a clear loss of customer trust.
Cloud customers should learn about what will happen to their data if disaster strikes so they can be prepared
for the risk.
Because customer data is stored in the computer memory of the cloud service, that memory may be located in another
country, or may be divided in many countries, creating legal problems when export customer data abroad
5: Data Security Risks
Data security risks are particularly important, especially when using cloud services, where the processing
and storage of such data is outsourced to infrastructure owned and maintained by third parties. Because data
is kept in third-party infrastructure, it is difficult for users to know who has access to their data and if their
data is secure.
Some properties need to ensure data when using the cloud:
Privacy: Privacy is an important issue to address in the cloud and in cybersecurity in general. Cloud
service providers need to ensure that their customer's personal information and identities are not
disclosed to unauthorized parties. This is very important and even more critical for customers that
deal with sensitive data. If the supplier violates this then they are liable for breach of contract, even
reputation damage and loss, all customers will turn away from them.
Confidentiality: Confidentiality is concerned with the privacy of data, it ensures that the data of cloud
service customers cannot be unauthorizedly disclosed. The cloud service provider is responsible for
ensuring a separate boundary for each user's data at both the physical and application levels. For the
public cloud, Security and privacy for multiple customers is one of the important challenges because
data from multiple customers can be stored in the same database, risk of leakage data between these
clients is high.
Integrity: Data integrity is the fact that data stored in the cloud has not been altered in any way by
unauthorized parties when it is retrieved. That is, only customers - those who put data in, authorized
people can change that data. Providers must ensure that no third parties have access to data in transit
or data in storage.
Possibility: Availability is the fact that customers can access their data without being denied (by
mistake, by malicious attacks,... ).
Stages of data flow through the cloud:
Data in transit: During this phase data will be transferred to the cloud infrastructure. Here, the data will
have a high chance of being intercepted due to a breach of security. To overcome this, people often use
data encryption
Data at rest: During this phase the data has been saved in the cloud infrastructure. At this stage, the service
provider must defend against attacks and ensure that data security attributes are maintained.
Data in use: In this stage data is being processed into information. At this stage, data security issues
include data corruption while it is in progress
V: Conclusion
In this report, I implemented the deployment of the application I developed for ATN to the cloud, including:
How to configure, deploy, perform the functions of the application... Then I presents difficulties that may be
encountered during development and how to overcome them. Next, I discussed possible barriers to using the
cloud and discussed security challenges in depth. Finally, I discussed how organizations should protect their
data when moving to a cloud solution.