Unit – 2

WEB-BASED BUSINESS SERVICES

Web-based business services refer to any services that are provided online through a website or
web application. These services cater to various needs of businesses, ranging from marketing and
communication to project management and accounting. These services are hosted on remote
servers and delivered over the internet, providing businesses with convenient and scalable
solutions for various tasks and functions. Here are some examples of web-based business services:

1. Cloud Storage and File Sharing: Services like Google Drive, Dropbox, and Microsoft
OneDrive allow businesses to store, share, and collaborate on documents and files online.
2. Project Management Tools: Platforms like Trello, Asana, and Basecamp enable teams to
organize tasks, assign responsibilities, and track project progress online.
3. Customer Relationship Management (CRM): CRM software like Salesforce, HubSpot,
and Zoho CRM helps businesses manage interactions with current and potential customers,
track leads, and automate sales processes.
4. Email Marketing Services: Platforms such as Mailchimp, Constant Contact, and
Sendinblue provide tools for creating, sending, and analyzing email marketing campaigns.
5. Web Hosting Services: Companies like Bluehost, SiteGround, and HostGator offer web
hosting services, providing businesses with the infrastructure and support needed to host
their websites and web applications.
6. Online Payment Processing: Services like PayPal, Stripe, and Square enable businesses
to accept payments online securely and efficiently.
7. Virtual Meetings and Webinars: Platforms such as Zoom, Microsoft Teams, and
GoToMeeting facilitate virtual meetings, webinars, and online collaboration among team
members and clients.
8. Human Resource Management (HRM): HRM software like BambooHR, Gusto, and
ADP streamline various HR processes such as payroll management, employee onboarding,
and performance tracking.
9. Accounting Software: Tools like QuickBooks Online, Xero, and FreshBooks provide
online accounting solutions, including invoicing, expense tracking, and financial reporting.
10. Social Media Management: Platforms such as Hootsuite, Buffer, and Sprout Social help
businesses manage their social media accounts, schedule posts, analyze performance, and
engage with their audience.
11. Website Hosting and Development Platforms: Platforms like Wix, Squarespace, and
WordPress offer web-based tools and templates for building and hosting professional
websites without the need for coding knowledge. Businesses can create customized
websites with features such as e-commerce functionality, blogging, and mobile
optimization.
12. Online Marketing and Advertising Platforms: Web-based marketing platforms such as
Google Ads, Facebook Ads, and LinkedIn Marketing Solutions enable businesses to create,
manage, and optimize online advertising campaigns. These platforms provide tools for
audience targeting, ad creation, budget management, and performance tracking, helping
businesses reach their target audience and drive traffic, leads, and sales.
 13. E-commerce and Online Retail Platforms: Web-based e-commerce platforms like
Amazon, Flipkart, Shopify, WooCommerce, and Magento allow businesses to create and
manage online stores, sell products or services, process payments, and fulfill orders. These
platforms offer features for product catalog management, inventory tracking, order
management, and customer support, enabling businesses to sell online and reach a global
audience.

DELIVERING BUSINESS PROCESSES FROM THE CLOUD

Delivering business processes from the cloud refers to running key organizational functions and
workflows on cloud-based software rather than on-premises solutions.
examples:

1. CRM platforms such as Salesforce for sales, marketing and customer service processes
2. HR management software solutions on the cloud for handling recruiting, employee
data/records, payroll etc.
3. Project management via tools like Asana that run on cloud infrastructure

Broad Approaches to Migration into the Cloud

broad approaches organizations can take to migrate their systems and infrastructure into the cloud:

Lift and Shift Migration:

This involves "lifting" existing applications and "shifting" them to an Infrastructure-as-a-Service
(IaaS) public cloud provider without changes.
Example: Moving enterprise Java applications from on-premise servers to virtual machines on
Amazon AWS EC2 without modifying application code.
 Known as "rehosting"
 Existing applications moved to IaaS without changes
 Fastest migration approach
 Leverages automatic replication available in cloud
 Low code changes needed

Replatform (Refractor):
The applications are reconfigured or refactored to use Platform-as-a-Service (PaaS) cloud services
and architectures. This requires code changes. Example: Modifying a company website's codebase
to utilize managed services like AWS Elastic Beanstalk rather than IaaS servers for more auto-
scaling and high availability.
 Applications redesigned for PaaS cloud services
 Involves code changes for cloud compatibility
 Provides more cloud benefits like scalability and efficiency
 Allows modernization of apps during migration
Rearchitect (Rebuild):
Applications are completely rebuilt from scratch to utilize cloud-native services and newer
architectures aligned with cloud principles. Example: Redeveloping a legacy enterprise system
into a set of cloud-native micro-services hosted on managed containers on the cloud.
 Fully reimagining application design and data architecture for cloud
 Complete rebuild of apps and data pipelines using cloud-native features
 Maximizes business agility, scalability and TCO savings
 Future-proofs through next-gen architecture

Data Migration:
The migration of an organization's data to cloud data platforms or databases. Can leverage lift and
shift initially while optimizing later.
Example: Moving a retail chain's on-premise data warehouse to Google BigQuery using native
replication tools first, before later restructuring datasets.
 Migrating data to cloud data platforms
 Can use lift and shift tools initially while optimizing over time
 Server less data lake migration recommended for flexibility
 Follow security and compliance protocols

The Seven-Step Model of Migration into a Cloud Computing

Migrating a model to a cloud can help in several ways, such as improving scalability, flexibility,
and accessibility. There are seven steps to follow when migrating a model to the cloud:

Step 1: Assessment and Planning Step (Choose the right cloud provider)
The first step in migrating your model to the cloud is to choose a cloud provider that aligns with
your needs, budget, and model requirement. consider the factors such as compliance, privacy, and
security.

Step 2: Isolation step (Prepare your data)

Before migrating to your cloud, you need to prepare your data. for that ensure your data is clean
and well organized, and in a format that is compatible with your chosen cloud provider.

Step 3: Mapping step (Choose your cloud storage)

Once your data is prepared, you need to choose your cloud storage. This is where your data is
stored in the cloud. there are many cloud storage services such as GCP Cloud Storage, AWS S3,
or Azure Blob Storage.

Step 4: Design and Architecture (Set up your cloud computing resources and deploy your
model)
If you want to run a model in the cloud, you will need to set up your cloud computing resources.
This includes selecting the appropriate instance type and setting up a virtual machine(VM) or
container for your model. After setting up your computing resource, it is time to deploy your model
to the cloud. This includes packaging your model into a container or virtual machine image and
deploying it to your cloud computing resource. and while deploying it may be possible that some
functionality gets lost so due to this some parts of the application need to be re-architect.

Step-5: Augmentation step

It is the most important step for our business for which we migrate to the cloud in this step by
taking leverage of the internal features of cloud computing service we augment our enterprise.

Step 6: Validation and Testing

Once your model is deployed, we need to test it to ensure that it is working or not. That involves
running test data through your model and comparing the results with your expected output.

Step 7: Monitoring and Maintain

After the model is deployed and tested, it is important to monitor and maintain it. That includes
monitoring the performance, updating the model as needed, and need to ensure your data stays up-
to-date. Migrating your machine learning model to the cloud can be a complex process, but above
7 steps, you can help ensure a smooth and successful migration, ensuring that your model is
scalable and accessible.
 Efficient Steps for migrating to cloud

1. Assessment and Planning:

 Evaluate your current IT infrastructure, applications, and workloads to identify
what can be migrated to the cloud.

 Define clear objectives and goals for the migration, considering factors such as cost
savings, scalability, and performance improvements.

 Conduct a comprehensive assessment of your organization's readiness for cloud

migration, including evaluating security, compliance, and governance
requirements.
2. Choose the Right Cloud Provider:

 Research and evaluate different cloud service providers based on your specific
needs and requirements.

 Consider factors such as pricing, performance, reliability, security, compliance, and

support services offered by each provider.

 Choose a provider that aligns with your business goals and offers the services and
features that best suit your needs.
3. Select Migration Strategy:

 Determine the most appropriate migration strategy based on your applications,

workloads, and business requirements.

 Common migration strategies include re-hosting (lift and shift), re-platforming,

refactoring (re-architecting), repurchasing, and retiring.

 Choose a strategy that minimizes downtime, reduces risk, and maximizes the
benefits of cloud adoption for your organization.
4. Prepare and Plan for Migration:

 Develop a detailed migration plan that outlines timelines, milestones, and tasks for
each stage of the migration process.

 Identify dependencies between applications and workloads to ensure a smooth

migration process.

 Establish communication channels and protocols to keep stakeholders informed

and involved throughout the migration project.
5. Data Migration:

 Start with migrating non-critical or less complex data sets to gain experience and
build confidence in the migration process.

 Use data migration tools and services provided by the cloud provider to transfer
data securely and efficiently.
  Validate data integrity and consistency before and after migration to ensure that
data is transferred accurately.
6. Application Migration:

 Begin migrating applications and workloads according to the chosen migration

strategy, starting with low-risk or non-critical applications.

 Follow best practices and guidelines provided by the cloud provider for deploying
and configuring applications in the cloud environment.

 Test migrated applications thoroughly to identify and address any compatibility

issues, performance bottlenecks, or functional defects.
7. Optimize and Refine:

 Continuously monitor and optimize cloud resources, configurations, and

performance to ensure cost efficiency and scalability.
 Implement automation tools and workflows to streamline cloud management tasks
and reduce manual intervention.

 Seek feedback from users and stakeholders to identify areas for improvement and
refinement in the cloud environment.
8. Security and Compliance:

 Implement security measures and controls to protect data and applications in the
cloud environment, including encryption, access controls, and identity
management.

 Ensure compliance with industry regulations and standards relevant to your

organization, such as GDPR, HIPAA, or PCI DSS.

 Regularly audit and assess the security posture of your cloud infrastructure to
identify and mitigate potential risks and vulnerabilities.
9. Training and Adoption:

 Provide training and support to IT staff and end-users to ensure they are familiar
with the cloud environment and its capabilities.
 Encourage adoption of cloud services and best practices within the organization
through education, communication, and incentives.

 Foster a culture of continuous learning and improvement to maximize the value of

cloud adoption for the organization.
10. Continuous Monitoring and Management:

 Implement monitoring tools and processes to monitor the performance, availability, and
security of your cloud infrastructure and applications.

 Establish governance and management processes to manage cloud resources, control costs,
and enforce compliance with organizational policies.
  Regularly review and optimize cloud usage and spending to ensure that resources are used
efficiently and cost-effectively.

By following these efficient steps for migrating to the cloud, organizations can successfully
transition to a cloud environment while minimizing risks, disruptions, and costs, and maximizing
the benefits of cloud adoption.

Measuring and Assessment of Risks

Measuring and assessing risks in cloud computing involves evaluating potential threats and
vulnerabilities to the confidentiality, integrity, and availability of data and services hosted in the
cloud. Here's a framework for measuring and assessing risks in cloud computing:
1. Identify Risks:

 Identify potential risks associated with cloud computing, including data breaches,
service outages, compliance violations, unauthorized access, and loss of data
control.
2. Evaluate Assets:

 Identify and classify assets stored or processed in the cloud, including sensitive
data, applications, and infrastructure components.

 Assess the value and importance of each asset to the organization, considering
factors such as confidentiality, integrity, and criticality.
3. Threat Analysis:

 Identify potential threats and attack vectors that could exploit vulnerabilities in
cloud environments, such as malware, phishing attacks, insider threats, and denial-
of-service (DoS) attacks.

 Assess the likelihood and potential impact of each threat scenario based on
historical data, industry trends, and specific circumstances of the organization.
4. Vulnerability Assessment:

 Identify and assess vulnerabilities in cloud infrastructure, applications, and

configurations that could be exploited by attackers.

 Conduct vulnerability scans, penetration tests, and security assessments to identify

weaknesses and gaps in security controls.
5. Risk Measurement:

 Quantify risks based on the likelihood and impact of potential security incidents or
breaches.

 Use risk assessment methodologies such as risk matrices, risk scoring models, or
probabilistic risk analysis to measure and prioritize risks.
6. Compliance and Regulatory Analysis:
  Evaluate compliance requirements and regulatory obligations relevant to the
organization's industry and geographical location (e.g., GDPR, HIPAA, PCI DSS).

 Assess the organization's adherence to relevant standards and regulations, including

data protection, privacy, and security requirements.
7. Cloud Service Provider Evaluation:

 Evaluate the security controls, practices, and certifications of cloud service

providers (CSPs) to assess their suitability for hosting sensitive data and critical
workloads.

 Review CSP security documentation, audit reports, and compliance certifications

to ensure alignment with organizational requirements.
8. Third-Party Risk Assessment:

 Assess the security posture and reliability of third-party vendors, partners, or

contractors involved in cloud operations (e.g., cloud brokers, managed service
providers).

 Evaluate third-party contracts, service level agreements (SLAs), and security

controls to mitigate risks associated with third-party dependencies.
9. Risk Mitigation Strategies:

 Develop risk mitigation strategies and controls to address identified risks and
vulnerabilities.

 Implement security best practices, such as encryption, access controls, multi-factor

authentication (MFA), intrusion detection systems (IDS), and security monitoring.
10. Continuous Monitoring and Review:

 Establish processes for continuous monitoring of cloud environments, including

real-time threat detection, log analysis, and security incident response.

 Regularly review and update risk assessments to adapt to changes in cloud

environments, emerging threats, and evolving regulatory requirements.

By following this framework for measuring and assessing risks in cloud computing, organizations
can identify potential vulnerabilities and develop effective risk mitigation strategies to protect their
data, applications, and infrastructure in the cloud.

Company Concerns Risk Mitigation Methodology for Cloud Computing

Here are common company concerns related to cloud computing along with risk mitigation
methodologies:
1. Data Security and Privacy Concerns:
 Concern: Loss of control over sensitive data, unauthorized access, data breaches.
 Risk Mitigation Methodology:
  Implement strong encryption for data at rest and in transit.

 Utilize access controls and identity management solutions to enforce least

privilege access.
 Regularly monitor and audit access to sensitive data.

 Choose reputable cloud service providers with robust security measures and
compliance certifications.
2. Service Availability and Reliability Concerns:
 Concern: Downtime, service disruptions, performance issues.
 Risk Mitigation Methodology:

 Select cloud providers with high availability and uptime SLAs (Service
Level Agreements).

 Implement redundancy and failover mechanisms across multiple

geographic regions.
 Regularly test disaster recovery plans and backup procedures.

 Monitor service health and performance in real-time to detect and resolve

issues promptly.
3. Compliance and Regulatory Risks:

 Concern: Non-compliance with industry regulations (e.g., GDPR, HIPAA, PCI

DSS).
 Risk Mitigation Methodology:

 Ensure that cloud providers comply with relevant regulatory requirements

and industry standards.

 Implement data encryption, access controls, and audit trails to maintain

compliance.

 Conduct regular compliance audits and assessments to identify and address

any gaps.

 Establish clear data ownership and responsibility agreements in contracts

with cloud providers.
4. Vendor Lock-In Concerns:
 Concern: Dependency on a single cloud provider, limited interoperability.
 Risk Mitigation Methodology:
 Adopt multi-cloud or hybrid cloud strategies to avoid vendor lock-in.

 Use open standards and APIs to enable portability and interoperability

between cloud platforms.
  Architect applications for cloud-agnostic deployment, minimizing
dependencies on proprietary services.

 Evaluate cloud providers based on their support for industry standards and
compatibility with existing systems.
5. Data Governance and Ownership Concerns:
 Concern: Uncertainty about data ownership, control, and portability.
 Risk Mitigation Methodology:

 Define clear data governance policies and ownership rights in contracts with
cloud providers.

 Implement data classification and tagging to track data ownership and

usage.

 Ensure data portability and interoperability through standardized formats

and APIs.
 Regularly review and update data governance policies to adapt to changing
business requirements.
6. Security of Third-Party Integrations:
 Concern: Vulnerabilities in third-party applications or services integrated with
cloud environments.
 Risk Mitigation Methodology:

 Assess the security posture and reliability of third-party vendors before

integration.

 Conduct thorough security reviews and penetration tests of third-party

software.

 Implement strong authentication and authorization mechanisms for third-

party access.

 Regularly monitor and audit third-party activities and access to sensitive

data.

By implementing these risk mitigation methodologies, companies can address their concerns
related to cloud computing and ensure a secure, reliable, and compliant cloud environment for
their operations.

Case Studies
1. Netflix:
Concern: Service Availability and Reliability.

Risk Mitigation: Netflix employs a multi-cloud strategy, distributing its infrastructure across
multiple cloud providers (e.g., AWS, Google Cloud, Azure) to minimize the risk of downtime and
service disruptions. They use redundancy, failover mechanisms, and disaster recovery plans to
ensure high availability.

Outcome: Netflix experienced minimal disruptions even during large-scale events like AWS
outages, demonstrating the effectiveness of their multi-cloud approach in maintaining service
availability.

2. Capital One:
Concern: Data Security and Privacy.

Risk Mitigation: Capital One implements strong encryption for data at rest and in transit, along
with access controls and monitoring tools to protect sensitive data in the cloud. They conduct
regular security audits and compliance assessments to ensure data security and regulatory
compliance.

Outcome: Capital One has been able to maintain the security and integrity of customer data in the
cloud, avoiding data breaches and complying with industry regulations such as PCI DSS and
GDPR.

3. Zoom:
Concern: Service Availability and Reliability.

Mitigation: Zoom, a video conferencing platform, experienced a surge in demand during the
COVID-19 pandemic. They rapidly scaled their infrastructure using cloud services from AWS and
Oracle Cloud to meet the increased demand. By leveraging multiple cloud providers, Zoom
ensured high availability and reliability for its users.

Outcome: Despite unprecedented growth and usage, Zoom maintained service availability and
reliability, demonstrating the scalability and resilience of its cloud infrastructure.

4. Zomato:
Concern: Service Availability and Reliability.

Mitigation: Zomato, a leading food delivery platform in India, relies on cloud computing services
to handle peak demand and ensure high availability of its platform. They use cloud providers like
AWS and Google Cloud to scale their infrastructure dynamically based on user traffic.

Outcome: Zomato successfully manages spikes in user demand during peak hours and festivals,
ensuring seamless food ordering and delivery experiences for customers across India.

5. Airtel:
Concern: Data Security and Privacy.

Mitigation: Bharti Airtel, a telecommunications company in India, has adopted cloud computing
to enhance data security and privacy in its operations. They use cloud services to store and process
customer data securely, implementing encryption, access controls, and monitoring tools to protect
sensitive information.

Outcome: Airtel maintains compliance with regulatory requirements and industry standards for
data security and privacy, earning the trust of customers and stakeholders.
 6. Policybazaar:
Concern: Compliance and Regulatory Risks.

Mitigation: Policybazaar, an online insurance aggregator in India, leverages cloud computing to

comply with regulatory requirements and industry standards for data protection and privacy. They
use cloud services from AWS and Azure to store and process sensitive customer information
securely, implementing encryption and access controls to ensure compliance with regulations like
IRDAI (Insurance Regulatory and Development Authority of India).

Outcome: Policybazaar maintains regulatory compliance and data integrity, providing a secure
platform for customers to compare and purchase insurance policies online.

7. ICICI Bank:
Concern: Vendor Lock-In.

Mitigation: ICICI Bank, one of the largest private sector banks in India, adopts a multi-cloud
strategy to avoid vendor lock-in and ensure flexibility in its cloud deployments. They use cloud
services from multiple providers, including AWS, Microsoft Azure, and Google Cloud, to host
various applications and services.

Outcome: ICICI Bank maintains control over its cloud environment and avoids dependency on
any single cloud provider, enabling seamless migration of workloads and applications between
different cloud platforms as needed.

8. Ola Cabs:
Concern: Service Availability and Reliability.

Mitigation: Ola Cabs, a ride-hailing company in India, relies on cloud computing to ensure high
availability and reliability of its platform. They use cloud services from AWS and Azure to scale
their infrastructure dynamically and handle fluctuations in user demand during peak hours and
events.

Outcome: Ola Cabs maintains service availability and reliability, providing seamless
transportation services to millions of users across India.