Resumen de Smile2cloud - security migration of legacy systems to cloud computing

Luis Márquez Alcañiz

• Cloud computing has become a fundamental part of the technological strategy of companies and is one of the hottest core technical topics in the modern era. Cloud computing offers organisations many potential benefits by making information technology services available as a commodity. Cloud Computing allows companies to offer better services by reducing costs through improved utilisation, reduced administration and infrastructure costs, faster deployment cycles and the ability to respond more quickly and reliably to their customers’ needs. The cloud computing market is expected to reach 270 billion dollars by 2020.

  The adoption of cloud computing in order to provide the platform, infrastructure and services for the multitenant has grown exponentially during recent years. However, despite its various advantages, cloud computing also fosters security concerns that hamper its rapid adoption. Security is one of the major issues that are reducing the growth of cloud computing, and complications with data privacy and data protection continue to plague the market. The transformation of local computing into remote computing has brought with it many security issues and challenges for both the consumer and the provider, because many cloud services are provided by the trusted third party which provides its services through the Internet and uses many web technologies that lead to new security issues.

  The move to cloud computing is a business decision that takes into account the readiness of existing applications for cloud deployment, the transition and life-cycle costs, the maturity of service orientation in the existing infrastructure, and the organisation’s security and privacy requirements. Cloud computing systems are complex networked systems that are affected by traditional computer and network security issues, such as the need to provide data confidentiality, data integrity, and system availability.

  The objective of legacy system migration is to move operational systems towards new platforms and retain their original functionality whilst simultaneously minimising disruption to the operational and business aspects. A considerable number of companies are interested in migrating their legacy systems to the cloud, but there is a need to do so in an appropriate manner, i.e. ensuring that the security of the systems to be migrated is maintained and improved. Security, or rather the lack thereof, is the main concern for 69% of companies when migrating.

  There are various studies, existing international standards and “best practice” documents covering the area of security. However, much still remains to be done before these studies and standards cover the full complexity of the cloud computing model. Various studies propose different methodologies for the migration of legacy systems and there are even several methodologies with which to migrate legacy systems to cloud computing. There are also several proposals regarding security in cloud computing, however, an initiative for the migration process of the security aspects from legacy systems to cloud computing is not currently available.

  In this PhD Thesis, we propose a framework, the SMiLe2Cloud framework, with which to support the secure migration of legacy systems to cloud computing. That is, the SMiLe2Cloud framework will support the migration process of legacy systems in order to verify that the resulting system in cloud computing is secure.

  The objective of the SMiLe2Cloud framework is not only to fulfil the security requirements of the legacy system in the cloud but also, and this is its real objective, to improve the security of legacy software in this new environment.

  The SMiLe2Cloud framework defines the activities, tasks and steps to be performed, the elements used in each task, the artefacts used in each activity and the people responsible involved.

  The SMiLe2Cloud framework covers the entire life cycle of the migration process. It begins with the extraction of legacy system requirements, continues with the analysis, design and implementation of the security requirements, and finally evaluates the entire process to ensure that all the objectives have been achieved. The framework is based on a Deming cycle of continuous improvement, and a continuous re-evaluation of possible improvements to the system will, therefore, be carried out.

  SMiLe2Cloud is led by standards, signifying that its proposed activities are aligned with the current best practices. The perspective followed in our approach has been modelled following the SPEM 2.0 (Software & Systems Process Engineering Meta-Model) specification, thus facilitating its inclusion in any organisation.

  Besides the definition of SMiLe2Cloud framework, an ecosystem of tools is suggested, in order to facilitate the migration process. The ecosystem provides a set of tools in an integrated and coordinated manner so as to provide support for the proposed methodology, from the extraction activity to the evaluation activity. Furthermore, and with the purpose of validating the practical applicability of this framework and improve its development, the results of two full practical empirical evaluation in a real organisation are provided.