Cloud Computing Overview

Introduction:
Technology is playing a pivotal role in today’s fast-paced digital era, and Cloud Computing is
becoming a cornerstone in IT strategies for all businesses all over the world. It allows them
to quickly adapt to changing market conditions and technology advances through providing
unparalleled flexibility, cost-effectiveness, and scalability. Yet, because of the dynamic
nature of cloud computing, effective change management practices should be put in place to
ensure operational excellence. Through this chapter, we will explore the fundamentals of
Cloud Computing, Change Management, and their importance in achieving operational
excellence.

1. Definition:
The Cloud is an Internet-Based Platform that provides on-demand access to various
computer services such as Servers, Databases, Networks, Software, Storage, Artificial
Intelligence and Analytical tools. This technology allowed businesses to dematerialize and
virtualize their data by having it stored and hosted by an external service provider through
Internet. They can now access remote computer resources without installing or configuring
them locally.
According to the NIST3 reference, the main characteristics of cloud computing are:
- On-demand Self Service: This gives the consumer the ability to provision IT resources
such as server time and network storage automatically and on demand without
requiring any human intervention with each service provider.
- Board network access: Functionalities and resources are available and can be
accessed via standard mechanisms, facilitating use across various heterogeneous
client platforms.
- Resource Pooling: The IT resources of the provider will be consolidated for several
customers using a shared model. Both physical and virtual resources will be
dynamically assigned and reassigned according to customers’ demand and
requirements.
- Rapid Elasticity: The release and provision of capabilities can be elastically and
automatically done to rapidly scale inward and outward in line with the fluctuating
 demand. From consumers’ point of view, these resources are unlimited and can be
accessed at any time and as much or as little needed. In fact, this elasticity has a cost-
reducing effect as it scales down during low demand times and guarantees that the
resources are available whenever required.
- Measured Service: The utilization of resources is automatically monitored, tracked, and
reported within the Cloud system and using various metering capabilities suitable for
each type of service (Exp: Processing, Bandwidth, Storage, and Active user accounts...).
These measures enhance transparency and visibility for both the customer and the
service provider about the actual usage of resources.

2. Types and Deployment Models of Cloud Computing

2.1. Types of Cloud Computing
Cloud Computing can be classified into three main types, each one offering a level of
management: Infrastructure as A Service (IaaS), Software as A Service (SaaS), and Platform as
A Service (PaaS).

a) IaaS: Infrastructure as a Service gives users the access to an IT infrastructure that

eliminates any costs or efforts related to updates and maintenance. In fact,
businesses do externalize physical servers, network components, data centers,
firewalls, and internet storage with functionalities that are similar to those of the
local infrastructure.
b) SaaS: Software as a Service is an application dedicated to end users and accessed
through an internet browser. When using SaaS, companies are no longer forced to
configure and manage the software by their selves. It is a ready to use solution and
users simply need to pay the subscription fees to access it. It is considered as the
most used cloud model as its users only need one license which will minimize
administrative costs and brings significant economic advantages.
c) PaaS: Platform as a Service is a cloud model that offers its customers a complete
cloud platform (Software, Hardware, and Infrastructure) with an access to various
pre-programmed components that will facilitate the creation and execution of tests.
It creates an environment that allows its users to develop, test, deploy, execute, and
update applications faster and at a lower cost.
The PaaS model offers multiple benefits to its users:

2
 o The launch of an application under the PaaS model is more time efficient. In
fact, there is no need to purchase and install the hardware to run the
platform. Using the PaaS of the service provider is enough to immediately
start developing.
o PaaS platforms offers a variety of resources such as databases, operating
systems, development tools and available from any location.
o PaaS help in reducing the overall costs of managing an application.

2.2. Deployment Models

In the context of cloud computing, deployment models describe the environment, and the
way cloud services are used and provided. They also determine how resources are managed
and who can access them. The three main deployment models are Public, Private, and
Hybrid. Each one has its unique advantages and is dedicated to meet specific organizational
goals and requirements. Here’s a closer look at each deployment model:

a) Public: Under this model, IT services are delivered through Internet on a pay-as-
you-go basis and by a third-party provider. Public cloud services are a cost-
effective solution that is accessible to anyone. In fact, the infrastructure and all
the resources are maintained and managed in large data centers that are owned
by the cloud service provider.
b) Private: Organizations can choose to own and host in a private cloud
environment. It has an access limited to internal teams and offers a more
managed, centralized, and secure environment. This solution is more expensive
compared to the public cloud and is more suitable for large companies that
demand a higher level of security and privacy. Based on the specific IT needs of
your organization, you can customize the necessary services. This includes
storage services, computing, and networking. The private cloud offers various
advantageous, such as increased security, better personalization possibilities, and
more control over the servers.
c) Hybrid: The hybrid cloud model is simply a combination of both the private and
the public cloud environment models, allowing the applications and data to be
shared between them. Under this deployment strategy, organization can benefit

3
 of the advantages of both models through getting more flexibility, cost-
effectiveness, and scalability.

3. Advantages and Disadvantages

It is important to recognize the impact of cloud computing on today’s corporate operations:
On the positive side, it offers numerous benefits including increased cost-effectiveness,
efficiency, and scalability. On the negative side, it comes with some drawbacks that
businesses should be aware of. In this part, we will examine the main advantages and
disadvantages of implementing cloud computing.

3.1. Advantages
 Cost Efficiency: Using a cloud means that you don’t have to purchase a hardware. This
can be a perfect solution for entrepreneurs who want to launch their business with
limited funds. As well, businesses that already have an infrastructure can also rely on
cloud services to manage their growing requirements at a controlled cost.
 Improved availability: Thanks to the cloud, it is possible to access data and applications
from anywhere and instantly. This high availability promotes continuous operations and
reduce downtimes allowing businesses to always stay accessible and operational.
 Enhanced security: Cloud service providers own the required competencies to ensure
that the IT systems are secured and protected against attacks and/or hackers. They have
efficient business continuity plans that allows them to quickly respond to disruptions and
restore data from backups.

3.2. Disadvantages
 Security concerns: Cloud computing can raise security concerns for a company as it
safeguards its precious data to a third-party server. The cloud service providers must
ensure that data remain intact and safe and maintain their security and integrity. In fact,
a password leak can directly lead to the compromise of data.
 Vendor lock-in: Choosing a cloud computing provider is a critical decision for companies
because they should stick with this provider and maintain a long-term contract with it.
This is essential to ensure a certain consistency and stability in data management.
Indeed, the migration of data from a cloud provider to another one is a costly process
and can probably expose the gathered data to serious vulnerabilities.

4
 Security vulnerabilities: A company can be exposed to potential vulnerabilities when it
uses a cloud solution that is accessible over the public internet. For example, if a VPN
isn’t fully secure, hackers can exploit any flaws in the authentication or encryption
processes and have access to sensitive data. Prominent cloud service providers have
frequently faced cyber-attacks even with the implementation of robust and solid security
procedures. And because all the systems in the cloud are strongly interrelated,
compromising one server can potentially put the other connecter servers at risk. This
issue can result in legal issues and financial losses.

Section 2: Change Management Overview

1. Change Management :
1.1. Definition
Change management is the process of managing and controlling a change over its entire life
cycle. It aims to reduce the level of disruption to IT services and makes sure that changes are
occurring successfully in an efficient and controlled way and that they are delivering the
intended advantages.

IT change management must be aligned with customers’ needs and expectations through
maximizing the added business value and minimizing service disruptions. Whether it’s a
hardware upgrade, a software update, or a revision of IT policies, the change must be
smoothly executed with minimal impact on business operations.

By adopting a methodical change management process, organizations can achieve a high

success rate and incident-free change. It helps to optimize the stability and consistency of IT.
services through assessing the potential outcomes and threats of any change, setting a
priority level to each one, and making sure that stakeholders are engaged and informed.

The change management process covers preliminary activities such as the change
management planning, the deployment phase, and finally the backward planning. In fact, the
ITIL process provide a high-quality control to confirm that change activities are executed as
planned. This control includes validating that the change process is respecting guidelines and
standards throughout all its steps to minimize errors and to lowers the risk of IT service
interruptions.

5
 1.2. Aims of Change Management:
The change management is essential to make business growth and to minimize risks
associated with the implemented changes. It helps to oversee changes before, during,
and after their deployment while securing the production environment. The main
objectives of the change management process are the following:

 Promoting business growth via continuous improvement:

Change management extends beyond overcoming challenging situations, it is a proactive

tool that promotes business growth and keeps the organization updated with the latest
emerging opportunities and trends without interfering with the existing operations.
Properly reviewing the impact of changes helps to reduce risks and optimize
opportunities; the constructive feedbacks that we note from each change enable the
company to foster an environment of continuous improvement and will lead to business
growth.

 Ensuring a better execution and control of changes:

Without setting the right processes, changes can escalate and become unmanageable.
An optimal management process aids in identifying unauthorized changes and
maintaining a strong organizational stability. It ensures that each change request is
carefully managed, assessed, and documented in accordance with the established
standards and guidelines. Consequently, it becomes easier to identify unauthorized
changes and to maintain a strong organizational stability. Actually, when users submit
change requests, the organization obtain all the necessary data about this change and
then decide whether it should be implemented or not.

 Fostering organizational adaptation:

In today’s dynamic world, speed is an important paramount. One of the important
objectives of change management is being able to adapt quickly to changes and to
rapidly benefit from any opportunity without fear. Following effective change
management practices allows any business to remarkably shorten the adaption period
and to create a culture that fosters change as a catalyst for continuous growth and
improvement and not as a disruption.

6
 1.3. Scope and Types of Change Management:
There are a variety of changes that can occur within an organization and that affects
various levels of an organization. Setting an optimal change management approach
requires understanding all its types and its extent. In this part we will explore to what
extent changes can affect an organization and their different types.
a) Scope of Change Management

Change management addresses various types of changes, varying from small-scale

projects to wide transformations. Thoroughly understanding the extent of change
management empowers the effective execution of changes. Among the scope are:

 Hardware: This domain includes routers, servers, tablets, laptops, workstations,

and smartphones. There are other vital components of the infrastructure like the
cooling systems, mobile devices, power supply units, and uninterruptible power
supplies are included in this part.
 Software: This involves making comprehensive changes to the database, updating
files, and implementing data integration processes in order to safeguard data
integrity and security.
 Data and information: This is the case when we undertake extensive changes on
the database (such as turning back the old versions) or when we manage the
updates of individual files or when we incorporate data from a different system.
 Security controls: This entails managing adjustments to security measures and
protocols. For example, antivirus software updates, firewall setups, and
installations of intrusion prevention / detection systems.
 Roles and responsibilities: To preserve organizational accountability and security,
we should ensure that permission levels, access controls, and action powers are
continually controlled.
 Procedures, Policies, and Procedures: This involves adjustments on organizational
policies, operational workflows, and procedural changes.

b) Types of Change Management

7
To help businesses in managing changes successfully, ITIL outlines different types of
changes: Standard changes, Normal changes, and Emergency changes.

 Standard change: It is a pre-approved change that is made in accordance with

specific procedures within the organization’s framework. Because of its expected
outcomes, repetitive nature, and low risk nature, it doesn’t require approvals; just
a simple risk assessment is ensured during the initial implementation, however;
the subsequent ones can proceed automatically as long as the change remains
constant. Standard changes guarantee compliance and operational stability, this
will allow the IT specialist to concentrate on managing more high risk and
sophisticated changes. This involves regular software updates, swapping out
hardware components with identical ones, and enrolling new users to the system.
 Normal change: It is a change that doesn’t occur regularly; it is not pre-approved
and have to go through a meticulous process of assessment, approval, and
planning to make sure that they are in line with organizational goals and that they
do not interfere with its operations. It should also comply with the Chief Advisory
Board (CAB) approvals and timeline. The impact and scope of normal changes can
vary from minimal changes with low urgency and impact as well as major changes
with high urgency and impact. An illustration of normal changes is moving local
services directly to the cloud.
 Emergency change: It is a normal change that should be implemented
immediately in response to unforeseen problems or urgent business needs. In
case the CAD cannot convene promptly, the necessary decisions will be made by
the ECAB; they will start running the tests as soon as possible then finish the
documentation afterwards. Unlike other changes, emergency changes do not
follow planned process or require any approvals or scheduling, they are made in
response to urgent problems that may seriously affect organizational operations.
This will preserve organizational stability during times of crisis and ensure that
urgent problems are assessed and resolved without delay. Examples of
emergency changes include urgent adjustments to restore service functionality,
reacting to serious system failures, and safety incidents.

8
2. Change Management Process :
2.1. Change management priority :
There is a matrix to determine the priority of each change through evaluating its urgency
and impact: - The impact indicates the scope and / or the number of individuals impacted by
this change, it should state how changes affect the user experience, the business processes,
and the system performance. In fact, the impact should be provided in the Request for
Change (RFC) which is a form that is initially filled out by the change requester and then
updated by the change manager.
-The urgency determines how urgent and critical it is to implement operational changes. It
measures how quick changes should be implemented to avoid unfavorable consequences

such as security flaws, downtime, and compliance issues.

Organizations can organize changes into different priority levels through combining both the
impact and urgency in a priority matrix as follows:

2.2. Steps of the change management process:

To ensure that changes within an organization’s infrastructure are made successfully and
with minimal disruption, it is required to implement an effective change management
process. This process is composed of structured steps intended to manage the change
from start to completion and to ensure that it aligns with corporate goals. Below are the
main steps in the change Figure 1: Priority matrix (Impact/ Urgency)
management process:

Step 1: Creation of the Request For Change (RFC)

9
The change request formally starts during this phase. A requester should submit all
the details regarding the intended change, such as its scope, its purpose, its impact, its
type, its timeframe, its back out plan and any related technical or business
justifications. The submission of the RFC during this step is crucial as it will guarantee
that necessary data are provided for subsequent evaluation stages.

Step 2: Reviewing the Request for Change

During this step, the submitted change request is thoroughly evaluated. It is ensuring
that all the necessary information and details are included in the RFC and that it’s
correctly complete. The goal is to check whether the change needs to proceed to
other phases of approval and evaluation. If the request lacks details, it will be returned
as a notification to the submitter to provide additional required information. If the
change is not approved, it should be closed and monitored as soon as possible.

Step 3: Evaluating the change

During this step, we mainly assess these factors: the feasibility, risks, benefits, and the
impact of a change on the IT infrastructure and business operations to prevent
unnecessary disruptions. This assessment takes into consideration the impact on the
business, customer service, infrastructure, and the available resources. For certain
sorts of changes, such as the major ones; a formal change evaluation should be
conducted and recorded in a change evaluation report. To ensure that the change is in
line with organizational needs, a Change Advisory Board (CAB) should also assess
review it. It is composed of many stakeholders including technical experts, service
owners, and financial personnel.

Step 4: Approving the change

Throughout this step, we should get the required approvals from the relevant
authority level based on the type of the change (Operational, tactical, and strategic) to
make sure that it is officially justified. Getting the approval of the stakeholders helps in
confirming that potential impacts have been evaluated and that the change can be

10
 implemented at any time.

Step 5: Implementing the change

This step is about ensuring that the authorized changes are being implemented
smoothly without any delays. After the approval, the change is directly handed to the
deployment team; they collaborate with application and technical teams to create,
test, and implement the change. They also put in place remedial plans for each change
in case of any implementation failure. When the testing and building stages are
complete, the results are sent to the change manager who will then schedule the
change and manage any risk. He will also rely on Forward Schedule of Changes (FSC) to
inform all the stakeholders about any possible service disruptions. In summary, this
step guarantees that the change is successfully implemented, with minimal risk, and
that everyone is well prepared.

Step 6: Evaluating and reviewing the change request

The detailed results of the implementation should be put in a Post Implementation

Review (PIR) to confirm that the objectives of the change have been effectively
completed. If everything goes well and as planned, the change is closed. If not, it is
necessary to implement the remediation plan. Additionally, this step is supported by a
Change Management Policy that defines the emergency changes, highlights the
advantages of the change process, manages risks, evaluates the changes effectiveness,
limits access to the authorized employees only, and ensure that the changes are
implemented correctly.

Table 1: Steps of the change management process

2.3. Roles and committees in the process:

To ensure that the change management process is effectively done, we should clearly define
roles and committees. Every role has its own duties to guarantee positive results and smooth
transitions. Committees offer supervision and direction to foster teamwork and
accountability all along the way. In this part, we will explore the principal roles and
committees involved in the change management process:

11
  The Change Owner:

The change owner oversees the full process of change management from start to finish. He
is also responsible of the process’s efficiency and potential improvements. They initiate
initiatives to improve change management techniques. He usually holds a senior or
executive role and works closely with the change manager and with other stakeholders to
assist strategic decisions and achieve business goals.

 The Change Manager:

The change manager is responsible for the execution of changes; he provides the change
management plans, the implementation plans, and any additional detail that is required.
Along with that, they supervise the Change Advisory Board (CAB) and collaborate with
various stakeholders and teams involved.

 Change Initiator:

The change initiator is the person who initiates changes. He identifies the required changes
and then develop detailed plans that include all the necessary paperwork and the
implementation techniques. To ensure that all the required information is supplied, and the
change is precisely defined, the change initiator coordinate with many teams; he may be a
technician or an end user depending on the type of change.

 Change Advisory Board (CAB):

The Change Advisory Board is composed of various representatives from different

department of the company, it includes IT specialists, external partners, business units, and
members from the other departments. Their main responsibility is to assist the evaluation,
approval, scheduling, and prioritization of the changes. The members of the Change Advisory
Board rely on their expertise to review each change request and offer insights and
recommendations; this will encourage collaboration and communication among all the
organization’s departments.

 Emergency Change Advisory Board (ECAB):

The emergency change advisory board (ECAB) is a subcommittee of the change advisory
board (CAB) specialized in dealing with urgent changes that need immediate intervention. Its

12
main role is to evaluate and approve urgent changes that must be treated immediately and
couldn’t wait for the upcoming CAB meeting. The ECAB also makes sure that critical changes
are carried out quickly with minimum organizational risks; this will guarantee stability and
reliability of the IT services even during unexpected circumstances.

 Regardless of their seeming similarities, the roles of Change Owner and Change
Initiator serve distinct functions and have different duties in the change management
process: The change initiator propose and describe the changes and bears the
responsibility of focusing on the practical parts and initial planning. On the other
hand, the change owner controls the entire change management process, ensuring
that it aligns with the organization’s strategy.

3. Testing methodologies in change management :

3.1. Importance of testing methodologies :

In the context of change management, testing has a pivotal role in guaranteeing the
stability and proper implementation of changes. It helps in confirming that proposed
changes won’t negatively affect the current processes or systems. Throughout the
change process, businesses can reduce the risks associated to changes by testing them to
make sure that they fulfill the desired requirements and do not cause unexpected
disruptions. It involves creating comprehensive test strategies, planning test scenarios,
then executing them to verify that they are reliable and effective; it will also maintain
system quality, ensure high performance and security, and check that the tested changes
align with relevant regulations and standards to avoid any financial or legal penalties.
In addition, testing is important as it will offer extensive documentation and traceability.
Such records are essential for future reference, helping organizations to understand each
change, the reason behind it, and the tested procedures.
Overall, testing methodologies do not only protect a business against possible failures,
but also boosts confidence within stakeholders which will lead to easier transitions,
better operational resilience, and greater success.

13
 3.2. Types of testing methodologies :
As explained in the previous sub-part, various tests should be carried out in the
framework of change management to guarantee the efficiency and reliability of the
implemented changes. In fact, every type of test has a distinct purpose and is created to
serve a particular area of the system. Depending on the complexity and the size of the
altered system, tests can relate to various strategies, the primary types of tests are:
a) Unit tests: This type of tests is about testing a particular part of an IT change such
as a single module or program, it is checking if each unit of the system is
performing as it should. Early in the development cycle, these tests are essential
to detect errors and address them promptly through ensuring that every code
unit functions as intended and interact smoothly with the other units of the
system. They involve executing a list of test cases with an emphasis on the
procedural design control structure.
Consequently, unit test will guarantee that internal operations of a program are
complying with the stated standards and criteria.
b) Integration tests: Integration tests are intended to assess the connection and
integration of various system units and how they function together as a group.
The main aim behind executing integration tests is to detect any problem that
may occur during the interaction of different modules to ensure a proper
functioning of the integrated whole system. By identifying issues such as data
flow, compatibility problems or interface errors, these tests assist in validating
the overall functioning and coherence of the system, making sure that any update
or change to one module doesn’t negatively affect the other modules. In short,
integration tests are vital for guaranteeing the robustness and stability of a
change before its deployment.
c) System tests: System tests serves to evaluate that the various components of an
integrated system (such as the applications, interfaces, databases, etc..) are
properly working together and as an individual unit. Unlike unit or integration
tests which concentrate only on particular units and their interaction, system
tests analyze the entire system through trying real-world usage scenarios. They
are carried out by developers or testing teams and in a specialized test

14
environment that mimics how the system will work when it is in a real usage to
ensure that it is robust and ready for deployment.
In the case of system tests, there are further additional types of tests, each
serving a specific purpose in verifying the quality, security, and reliability of the
system before its deployment. These tests are:
 Load testing: It is considered as a performing testing that evaluates how a
system is operating during normal and peak load conditions. It also helps in
locating performance bottlenecks and assesses the highest possible capacity
and stability of a system through simulating real world user interactions,
transaction rates, and data volumes. To obtain insights about the system
behavior under stress, there are various specific technologies used to create a
simulated traffic and monitor KPIs.
In short, the main goal of load tests is to improve the reliability of the test,
optimize the allocation of resources, and further improve the user experience
through making sure that the system can withstand unexpected loads without
any drop in its performance.
 Volume testing: It is also considered as a performing testing that valuates
how effectively a system manages growing data volumes. Different from load
testing which assess tests concurrent user loads, volume testing looks a larger
amounts of data impact the system’s response time and resource usage. It is
about progressively expanding the volume of tested data to make sure that
the system can deal with data growth without experiencing any performance
deterioration.
 Alpha and Beta testing: Before the release of a software product for public
use, alpha and beta tests are considered as essential phases within the
software testing lifecycle, each one of them has its own function to improve
the quality and the functionality of a product. It starts with the Alpha testing
that takes place during development where engineers and testers test their
product. Its main goal is detecting any issues in performance or functionality
under controlled circumstances.
When alpha testing has resolved most of the key issues, beta testing begins
through releasing the software to a small number of external users who

15
 represents the targeted audience. These users will identify any bugs or errors
and provide constructive feedbacks on the functionality of the software
product through carrying out a real-world testing.
In short, alpha and beta testing should work hand in hand to refine the
software, improve user experience, and reduce post release issues.
 Regression testing: It involves re-running previous tests to confirm that no
problems have been caused by recent product updates or modifications; it
verifies that the software keeps working properly even after last updates. The
data used in these tests must always match the data used in the original case.
Through regression tests, we can make sure that the software is stable and
reliable.
 Parallel testing: It entails executing identical tests on both the new (modified)
system and the old original one to compare the results. This aids in making
sure that the output of the old system is matched, and that the new system is
functioning as it should. Through entering the same data into both systems, it
becomes easier to identify and address any discrepancies or variations. In
short, parallel testing is crucial to confirm that the new system is satisfying
user needs and is operating as intended before if fully replaces the old one.
 Final acceptance testing: Final acceptance tests are considered as evaluation
processes carried out before the deployment of a software. They are intended
to check if the final program satisfies all the requirements and is prepared for
operational use.
Final acceptance tests include Quality Assurance Tests (QAT) and User
Acceptance Tests (UAT); they have different goals and shouldn’t be combined.

Final Acceptance Testing

Quality Assurance Testing (QAT) User Acceptance Testing (UAT)

-Focus mainly on technical -Focus mainly on the functional
components of the application and features of the application.
the user acceptance testing. -It makes sure that the system is
-It tests the technology and the prepared for production and

16
 logical design of the application. satisfies all the documented
-It checks if the application adheres requirements.
to defined technical standards and -These end-users test the system in
deliverables. conditions as close to the
-QAT testing is handled by the IT production as possible.
department. -UAT tests should be executed in a
-End users are not involved in QAT secure test or development
testing, they rarely assist and only environment where the source code
when needed. and executable code are well
protected to make sure that no
unauthorized changes are made to
the system.
-UAT are crucial to guarantee that
the system is functioning as required
and is meeting the users’
expectations.
Table 2: Difference between QAT and UAT

=> Collaboratively, these tests focus on both technical accuracy and user
functionality and offer a complete review of how well the application is
working.

3.3. Role of IT Auditors and testing methodologies

Tests are essential to confirm that user requirements are met, the system functions as
intended, and internal controls are effective. Therefore, it is crucial for an IT auditor to
be implemented. The role of IT auditors during the testing phase cannot be neglected;
their expertise and proficiency in this field ensure the reliability, accuracy, and
compliance of the systems and processes. By carefully reviewing test plans, comparing
data, checking error reports, and testing system security, auditors validate that the
system is working correctly before its implementation.

During the testing phase, an auditor performs the following tasks:

- Review the test plan: Auditors will ensure that the test plan is thorough through
verifying that it’s complete. They will also document users’ participation (such as their
17
 involvement in developing test scenarios or signing off on results) and consider retesting
critical tests for further accuracy.
- Verify control totals and data conversion: Make sure that totals and converted data
used for control are precise and reliable.
- Examine errors reports: Errors reports show in detail where data errors are identified
and how they are being resolved. This will confirm that the system is reliable and correct
errors accurately.
- Verify Cyclical processing accuracy: Make sure that the recurring processes are
completed with precision and without any error. This covers routinely scheduled system
maintenance, financial reporting, and data backups.
- Verify critical reports and results: Make sure that the important reports and results used
by the management and stakeholders are precise and reliable. This will guarantee that
the decisions made using these accurate reports are well informed.
- Interview end users: Speak with end users to ensure that they comprehend the new
practices and know how to use the system in an effective way. This guarantees the
smooth adoption of the new system or any change in it.
- Review system and user documentation: Confirm that the system and user manuals are
accurate, precise, and they offer clear instructions and guidance for the testing phase.
- Examine parallel testing: Evaluate the outcomes of parallel testing and check whether
the new system outperforms the old one in terms of accuracy and consistency.
- Access system security: It is making sure that the security measures of the system are
functioning correctly. Auditors will do this through designing and conducting tests to
verify how effectively the system manages access.
- Review unit and system test plans: It is verifying the plans for testing individual unit
components through the unit tests and the integrated system as a whole through the
system tests. This will allow to detect any weaknesses or gaps within the control system
before its real implementation, ensuring that everything is in line with the regulations
and is working smoothly.
- Review the User Acceptance Testing (UAT): Auditors will check if the software validated
by users is delivered in a secure manner to the implementation team. This will prevent
any unauthorized changes and confirm that the version implemented is the one that was
tested and approved.

18
- Review Error Reporting procedures: Auditors will examine how errors within the system
are documented and tracked. They will make sure that all errors are correctly
documented, escalated as needed, and immediately solved.

Section 3: Change Management in IoT Projects:

The Internet of Things (IoT) is an excellent illustration of how the cloud computing
technology is rapidly evolving and of its dynamic nature, it undergoes frequent updates and
changes that’s why it is crucial to set effective change management procedures to ensure
seamless transitions, protect sensitive data, and maintain system stability.

In this section, we will explore IoT as a fundamental element of Cloud Computing, examine
the critical role of change management in its implementation, and discuss the vision and
future trends of IoT.

1. IoT as a core component of Cloud Computing

1.1. Definition and Scope of IoT in Cloud Computing
The Internet of Things (IoT) is a system of linked devices, or “things”, that are interrelated,
communicates, and shares information through internet with the cloud and with other IoT
1
devices. These devices are usually embedded with technology; contain sensors and
software that can range from digital and mechanical machines to everyday consumer items,
they include everything from household appliances to vehicles, industrial machinery, and
health equipment. Through IoT, data can be transferred across a large network without
needing any human-to-human or human to computer contact.

IoT has a wide scope and a broad reach, spanning several industries such as industrial
automation, healthcare, smart cities, transportation, environmental monitoring, and it’s
expanding more across diverse other sectors. Its main goal is to boost productivity and
decision making through facilitating data interchange and automating operations.

1
What is IoT (Internet of Things)? | Definition from TechTarget

19
 Figure 2: The Scope of IoT

1.2. Benefits of IoT in enhancing Cloud Capabilities

Combining the features and capabilities of Cloud computing and Internet of Things (IoT) is
transforming multiple businesses and sectors. In fact, IoT amplifies the inherent benefits of
cloud through offering significant data collection, real time processing, and better
connectivity, it also brings new levels of efficiency, innovation, and scalability.

Below are some examples of the benefits that IoT brings to cloud computing:

- Scalability: IoT make cloud computing more scalable by enabling smooth device
integration and increasing data processing power when needed. As more devices are
connected, the system can smoothly handle the extra data without facing any problem.

20
- Enhanced data collection: IoT devices facilitate the continuous data collection from
several sources such as sensors, smart devices, cameras, etc.…
With this constant stream of data, businesses can immediately make informed
decisions and gain insights which will produce better outcomes and enhances
productivity.
- Innovation: In the case of IoT, innovation is ensured through the creation of new
applications and services that offer better functionalities and more sophisticated
features. This interaction with the cloud’s capabilities fuels digital transformation and
creates a more intelligent and connected business environment.
- Customer experience: Along with the cloud’s capabilities, IoT significantly enhances
customer experience through leveraging connectivity and real time data. For example,
IoT devices continuously collect user preference data which cloud platforms analyze to
provide customers with tailored services.
- Operational Efficiency: The integration of IoT optimizes the operational efficiency in
cloud environments through automating procedures and optimizing resources.

2. Change Management Strategies for IoT adoption

2.1. Importance of change management in IoT projects:
The strategy and operations of an organizations can be significantly impacted by
implementing IoT projects. For this reason, setting effective change management practices is
crucial as it provides a planned and smooth transitions and helps to deal with complexities
and challenges, it will also minimize the risks of IoT technologies and maximize its benefits
through focusing on both procedural and human aspects. The following points mention the
importance of change management in IoT projects:

- Change management ensures smooth transition and adaption: It offers a structured

approach to introducing IoT technologies and projects, it helps in minimizing disruptions
and ensuring seamless transitions.
- Change management for enhancing employe engagement and training: It ensures
effective employee engagement and training through involving the staff early in the IoT
implementation process. It provides thorough training on new systems and tools which
will increase the competence and confidence of employes.

21
- Change management for risk mitigation: change management procedures help to
identify potential risks related to IoT implementation. It entails strategies to mitigate
these risks and to make sure that IoT projects are completed without any issue.
- Change management enhance efficiency and productivity: It helps to make sure that IoT
projects are in line with organizational objectives which will lead to a better performance
and results.
- Change management ensure continuous improvement: Setting an effective change
management process is considered as an ongoing effort that adapts to the evolving
technologies and the increasing business needs. It makes continuous updates and
enhancements possible which will guarantee the IoT’s continuous effectiveness.

2.2. Challenges in IoT change management.

Organizations can highly benefit from the innovation and efficiency that come with
integrating IoT technologies. However, handling changes in these fast-paced environment
comes with its own challenges. In this part, we will explore the main challenges associated
with change management in IoT projects:

 Complex integration: As IoT systems entails many devices and technologies, this will
make the implementation of any change complex and difficult. Each device might
have it own requirements and protocols which will make updates and changes more
challenging.
 Scalability issues: The IoT network grows continually and with a fast pace that’s why
it is very important to continually manage changes to avoid affecting the
performance.
 Data security and privacy: IoT devices generate an overwhelming amount of data,
and it is then crucial to implement robust security and privacy measures. Change
management should address the potential risks introduced during updates or new
deployment to prevent data breaches and ensure security and privacy.
 User training and adoption: End users of IoT devices can be affected by any change
implemented in IoT systems. Without setting a proper training, they might face
difficulties which will reduce the productivity and resistance to adopt to the new
changes.

22
  Vendor management: IoT projects generally use multiple vendors for various parts
and services. It might be difficult to coordinate changes across all the vendors and to
make sure that all of them are on the same page.

2.3. Adherence to regulatory requirements:

3. Future trends in IoT:
IoT is growing quickly with new features and applications. IoT innovation is expected to grow
in the future changing how industries will interact with the new technologies, here are some
important future trends:

3.1. IoT emerging technologies:

IoT is rapidly changing owing to the emerging technologies. Edge computing is one of the
most impactful advancements that enhances performance by allowing quicker decision-
making, processing data locally, and lowering latency. In fact, it processes data closer to
where it was generated and does not rely on a unique centralized cloud server. We have also
the example of 5G Connectivity that offer faster speed, greater device capacity, and lower
latency. Together, these emerging technologies will make the IoT systems more responsive,
smarter, and will open the door for more creative applications across various industries.

3.2. Industry Integration:

As IoT technologies are expanding into new emerging areas, their integration into multiple
other industries is expected to grow rapidly. This will result in a more intelligent, connected,
and more advanced systems across various industries. It will for sure lead to the integration
of IoT across sectors which will lead to a cross-industry partnerships that will enhance
technological advancements and create new solutions that will benefit various industries at
the same time. The broad integration of IoT across industries will not only improve
operational processes but also foster innovation, leading to the development of new
solutions and business models tailored to specific industry needs.

3.3. Security and Privacy

Future IoT systems require cutting edge and more robust security measures since the
proliferation of connected devices expanded the possible attack surfaces. The emergence of
IoT devices showed a move towards advanced security protocols, a list of specialized security
and privacy measures have been developed to address these challenges.

23
Here are some examples of security and privacy measures designed to solve IoT challenges:

- End-to-end Encryption: With this, we make sure that the data transferred between the
different IoT devices, and the cloud is encrypted, preventing against hacking and
unwanted access.
- Security Boot: It is a process that makes sure that IoT devices only execute software that
have been validated and approved by the manufacturer to avoid malware loading during
the boot process.
- Device authentication: The IoT devices frequently employ cryptographic keys or distinct
digital certificates for the authentication and verification of the identity of the device’s
interaction with the network.
- Data Anonymization: It entails the methods used to protect personal and sensitive data
collected through the IoT devices such as data masking, tokenization (a technique used
to replace sensitive data with non-sensitive equivalent data called Token), and
anonymization. This will ensure that any data intercepted and accessed without
permission will not contain identifiable and sensitive information about their owner.

Conclusion:

Through this chapter, we have gained a thorough understanding of cloud computing and
change management. Now we understand how the cloud operates, its implications for
businesses, and the role it plays in modern organizational infrastructure. Additionally, we
have delved into the intricacies of change management, knowing its procedures, methods,
and essential role in assisting companies and smoothing its changes. We concluded that a
robust change management process can serve as a strategic solution to handle the ongoing
updates and changes inherent in cloud computing.

To illustrate the concepts that we have learned in action, we examined the Internet of
Things (IoT) as interesting case study. This example highlighted the necessity of strong
change management procedures to preserve security, maximize efficiency, and adjust to the
rapidly evolving technological landscapes.

We now will turn our attention to auditing procedures, specifically SOC 2. We will explore
how SOC 2 audits can support change management initiatives within cloud environments?

24
and how it can be tailored to address the dynamic nature of cloud computing environment
and their ongoing updates? This question will direct our investigation in the next chapter...

25