Cloud Computing Based on what I read about the Cloud Transition Case Study involving the City of Los Angeles' attempt to reconfigure the architecture for some of its most integral information systems from an on-premise environment to a cloud one, there are a number considerations that one must make when integrating components with its legacy infrastructure. Many of these pertain to the features and capabilities -- and the differences between them -- in the two models. For instance, after agreeing to implement the cloud as a replacement for the city's on premise calendaring and electronic mailing system, the city ascertained that there were several features that played an integral role in the operations of their former systems that the cloud version simply did not support. Thus, it is necessary to list the most widely used and vital characteristics of one's current system to determine how they match up with that of the new system. It may be possible to change aspects of the latter to accommodate the capabilities that were used in the former. Regardless, it is necessary to compile a list of specific use cases and the features that are required of them, and to present these to the cloud service provider (ideally before agreeing to implementation) to ensure that it can accommodate all of these needs.

Another valuable consideration involves the actual transition from the legacy system to the cloud one. Many of these concerns pertain to the actual migration or replication of data from the on-premise environment to the 'virtualized' one that Cloud computing offers (Williams, 2012). In truth, more than a few of these measures involve a general organization and sanitation of data that was utilized in an organization's existing architecture. For instance, there were several administrative efforts the city of Los Angeles had to make to ensure that it email system would be properly migrated to the cloud which included deleting certain emails, stratifying mail according to year, and saving emails in a particular way so that they could be readily archived and accessed via the new system. These concerns are intricately related to the specific capabilities of the new email system, which simply reinforces the fact that it is necessary to determine what specific capabilities a new system has and how they can accommodate the particular needs of an organization and its use cases.

Perhaps the most salient of the concerns of integrating various aspects of one's legacy infrastructure with a cloud environment relates to security. Security has long been one of the most pervasive concerns regarding cloud computing and hosting sensitive, proprietary data outside of the firewalls of an organization (Harper, 2014). Not all of these considerations regarding security are direct, however. For instance, because of a lack of security measures that were enforced in the new cloud environment, the city of Los Angeles had to actually migrate some of its data which it had successfully relocated to the cloud back to its physical environment. This proved time consuming and costly to the city. Thus, it is essential to determine how well new systems can account for all of the needs of a legacy system -- even those note necessarily related to certain features or capabilities, but which pertain to vital measures of security. Ideally, ascertaining the degree of security and the specific measures that will be employed should be done prior to migrating data from legacy systems. It is important to avoid a prolonged migration process in which data is replicated to the cloud only to have to replicate it back to legacy systems for any reasons, particularly those involving security.

I learned a good deal regarding data migration and the transition from legacy systems to more modern ones from reading this particular case study. Still, I believe that I was able to increase my general edification regarding privacy, security, and data management about the numerous security measures that the City of Los Angeles attempted to implement. As previously mentioned, security concerns had long been the proverbial caveat for managing data in the cloud. Mechanisms such as encryption, masking, and tokenization (the utilization of security tokens) are fairly standard in contemporary times and evince the fact that in some ways (Harper, 2014), cloud service providers have come a long way in addressing this fundamental need. When utilizing these measures with hybrid options for cloud computing (including solutions that integrate both public and private clouds), many security concerns for organizations are readily...

However, due to the large amount of personal information about some of the most salient aspects of society including criminal records, social security numbers, and information that is valuable to police and fire department investigations and operations, it is not surprising that I would learn still more about cloud security from reading this particular case study.
While it was not surprising to learn that the City was able to implement stipulations in its contract with its cloud service provider for encryption and the separation of its data from other data -- which was possibly achieved through the usage of private clouds within its public one -- some of the security it attempted to employ was remarkable. For instance, the fact that the city put the employers of the cloud provider through its same hiring process of having employees that work on its data pass background checks was certainly not industry standard when dealing with SaaS providers. Additionally, the clarity that it was able to demand regarding ownership rights, which does not directly pertain to security but which is still related to it, is something that any organization attempting to utilize the cloud appreciates. Still other stipulations such as on-site auditing rights of the provider's security program seem reserved only for entities in the public sector or those with an extremely lucrative service contract with a provider. It is questionable as to whether or not such providers would grant this option to entities in the private sector. Finally, the fact that provider must get express written consent from the city in order to open certain files of the latter is a safety precaution that must have (case study citation), prior to implementation, helped persuade the city that it could maintain a level of privacy and security with its data outside of its own firewalls.

In hindsight, the crucial prerequisites for developing a migration plan for this particular case seem perfectly clear. Firstly, it is essential that when replicating data from its legacy system to the cloud, the city should maintain the functionality of its legacy system for a period of time (perhaps three months or more) to ensure that there will be no issues regarding the data in the cloud environment. In the case study, all of the security measures that were proposed were not able to be actuated in a timely fashion which required the city to burgeon its costs while attempting to operate two systems. Therefore, were I in charge the city would have put additional stipulations in its contract about a tiered system of payment in which the service provider would only get payments in small increments commensurate with its performance. Such literature in the contract would ensure that the provider was paid not based on promising to execute, but only when it did execute and demonstrated that it could sustain such execution over a period of time. In this respect, some of the funds that the city had to use to operate its own legacy system could have been provisioned for just this use, instead of paying the normal ongoing rate of the service provider which did not perform at agreed upon expectations.

Additionally, it would be prudent of the city to implement its migration of data to the cloud in similar increments. Ideally, the best way of doing so would have been to move its data to the cloud according to departments. For example, prior to moving all of its data to the cloud it should have started with that which pertained to certain administrative branches. In such a way it could have tested -- and only paid for -- the efficacy of the email and calendaring system, for instance, before moving on to some of the more sensitive information of the various police units. Moreover, it would be necessary to ensure that many of the security measures (as many as possible) that were implemented for sensitive police data, for example, were readily deployed for other data -- regardless of the fact that it were less sensitive. Doing so, of course, would provide more of an opportunity for the provider to demonstrate its effectiveness at these security measures, while allowing the city to increase or decrease its confidence (and remuneration), accordingly. Based on the somewhat skeptical analysis of the Office of the City Administrative Officer and its qualified recommendation to go to the Cloud (case study citation), the city should have taken an approach wherein it made the provider prove it was capable of regularly doing everything it claimed it could do in the contract. In the case study the provider mentioned that…