Section A Application Question(s) 80 Marks Question 1 1.1 As an IT professional, you will have a vested interest in ensuring that the workplace environment is conducive to the well-being of individuals and equipment, and that it does not pose any negative impacts on the environment. The organization you are working for has migrated to a Hybrid cloud model State the advantages and disadvantages of a hybrid cloud model ( 6 Marks ) Advantages : Cost-Cost is an important consideration when switching to a cloud solution. Hybrid cloud is one such method for scaling operations on a budget. Reliability- Because there are fewer potential outages, hybrid cloud services are more dependable. Deployment-The hybrid cloud is designed to meet the needs of organizations (the optimization process). Scalability-Hybrid clouds are well-known for their ability to adapt to the needs of organizations. Flexibility- Businesses can take advantage of both public and private cloud services by utilizing hybrid cloud. Agility-The ability to customize a hybrid cloud ensures that the company is adaptable enough to meet customer needs. Disadvantages : Security-Security concerns are common among users who want to upload sensitive data to a hybrid cloud. Hybrid clouds have many security flaws because of how they are designed. Visibility- Maintaining visibility over a hybrid cloud service can be difficult. Cost issues could arise as a result of the rise in idle instances. Investment- Building an enterprise cloud necessitates a sizable investment even though a hybrid cloud is less expensive to run. Compatibility- Cloud compatibility has been found to be another issue in a hybrid cloud environment. in relation to the infrastructure, in particular. An on-site installed infrastructure is more powerful than a public infrastructure. Networking- Network bottlenecks may occur during data transmission between the Public and Private cloud models. When utilizing a public cloud, data is always sent over the open internet. The notoriously slow public internet has a significant impact on performance. especially for applications and tasks that necessitate rapid processing. Control- Users of hybrid clouds are constantly plagued by a lack of control. To enhance operations, interactions between the public and private cloud models are required. In other words, a private infrastructure needs to be modified in order to be compatible with a public cloud. The problem is that users are powerless to alter this. 1.2 In the Hybrid cloud model, why is high availability and scaling important (4 Marks Low Latency and High Availability The hybrid model can help the enterprise overcome availability issues. High availability makes it possible for crucial services to be quickly restored and made accessible to users following a disaster, which aids in disaster recovery. It makes it possible for services to quickly switch over between sites, reducing the impact of disruptions on business operations. Although public cloud services are rarely ineffective, when they are, client organizations may suffer catastrophic results. Private clouds and local data centers can act as backups for public cloud outages, but organizations should split their workload between public and private clouds (hybrid clouds) to truly ensure airtight availability. To ensure service continuity even if the public cloud infrastructure fails, it is ideal to keep your critical data in the private cloud and/or your local data center. The factors listed above also apply to latency; utilizing the hybrid cloud model can help shorten the distance that data must travel. Scalability In the highly competitive business environment of today, scaling up is essential to satisfy growing market demand. The best option is a hybrid cloud. Public cloud infrastructure is highly scalable, whereas private cloud infrastructure scales more slowly. Because it combines the two models, hybrid cloud enables businesses to cost-effectively scale up the public portion of their cloud infrastructure as needed. In a hybrid cloud model, scalability is crucial because it enables the organization to adjust its resource levels to suit shifting business demands. In order to meet the increased demand for services during peak times, the organization must scale up its resources; however, during lean times, it can scale down its resources in order to reduce costs. 1.3 Explain what is meant by the following types of clouds private cloud, public cloud, community cloud, cloud with a cloud, multi-cloud, and multitenancy cloud ( 10 Marks ) Public Cloud- Anyone can use the public cloud to access systems and services. It's possible that the public cloud is less secure because it's open to all users. In a public cloud, cloud infrastructure services are made online accessible to large industry groups or the general public. Private Cloud- In stark contrast to the private cloud deployment model is the public cloud deployment model. It is a personal space for a single user (customer). It is not necessary to let others use your hardware. Private clouds and public clouds are different in how you manage all of the hardware. It also goes by the name "internal cloud," and it refers to the ability to access systems and services that are located within a particular organization or geographic boundary. Hybrid Cloud-By putting a layer of proprietary software between the public and private realms, hybrid cloud computing combines the best aspects of both. You can host the app in a secure location and take advantage of the cost savings provided by the public cloud by utilizing a hybrid solution. Organizations can move data and applications between different clouds using a combination of two or more cloud deployment techniques, depending on their requirements. Community Cloud- It makes systems and services accessible to a variety of organizations. It is a distributed system created by combining the features of various clouds to satisfy the particular needs of a community, industry, or business. The infrastructure of the community may be shared by the organization that has shared objectives or duties. It is typically run by a third party or a union of a few different local organizations. Multi-cloud- The hybrid cloud deployment strategy, which combines resources from both public and private clouds, is comparable. Instead of fusing private and public clouds, multi-cloud makes use of numerous public clouds. Public cloud providers still experience errors despite providing a variety of tools to improve the dependability of their services. The occurrence of an incident in two distinct clouds at the same time is extremely rare. Therefore, multi-cloud deployment further improves the high availability of your services. ( Total = 20 Marks ) Question 2 2.1 What types of access controls should the healthcare organization consider implementing to protect patient data ( 10 Marks ) Role-based access control (RBAC): Popular access control technology called RBAC restricts system access based on the roles and responsibilities of users. Healthcare organizations can use RBAC to make sure that only users who are authorized based on their job roles have access to patient data. Mandatory access control (MAC): Based on a classification of system-wide security, MAC restricts what users can do. It assigns sensitive labels to data and limits access based on those labels. Healthcare organizations can benefit from the help of MAC in limiting access to sensitive patient data and ensuring legal compliance. Discretionary access control (DAC): Owners can manage who has access to their data using DAC, a type of access control. In healthcare settings, DAC can be used to give doctors access to medical records for the patients they are treating but not for other patients. Two-factor authentication (2FA): With two-factor authentication (2FA), users must present two different forms of identification in order to access a system, adding an extra layer of security to the authentication process. 2FA can be used by healthcare organizations to make it harder for unauthorized users to access patient data. Audit trails: Audit trails keep track of every action involving an electronic health record, including user logins, accesses, and modifications. Healthcare organizations can monitor system activity and spot potential security breaches using audit trails. 2.2 How can RBAC be used to control access to patient data in the healthcare organization? ( 10 Marks ) Role-based access control (RBAC) can be used in healthcare organizations to control access to patient data by assigning specific roles to users and granting them only the access required to perform their job functions. Here's how RBAC can be used in a healthcare organization: Identify roles: Physicians, nurses, office staff, and IT personnel are just a few examples of the occupations that the healthcare organization has identified as needing access to patient data. Assign permissions: For each role, the organization determines the level of access necessary and grants that access.