What is Cloud Computing?

Cloud computing is a general term for anything that involves delivering hosted services over the internet. These services are broadly divided into three categories:

Infrastructure-as-a-Service (IaaS)

Platform-as-a-Service (PaaS) and

Software-as-a-Service (SaaS)

Five attributes of Cloud Computing

Gartner defines five attributes of Cloud Computing:

It is service-based.

It is scalable and elastic.

It uses shared infrastructure to build economies of scale.

It is metered and users pay according to usage.

Most importantly, it uses Internet technologies.

Infrastructure as a Service (IaaS)

Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components.

The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.

Infrastructure as a Service is sometimes referred to as Hardware as a Service (HaaS).

Characteristics and components of IaaS

Characteristics and components of IaaS include:

Utility computing service and billing model

Automation of administrative tasks

Dynamic scaling

Desktop virtualization

Policy-based services

Internet connectivity

Platform as a Service (PaaS)

Platform-as-a-service in the cloud is defined as a set of software and product development tools hosted on the provider's infrastructure.

Developers create applications on the provider's platform over the Internet.

PaaS providers may use APIs, website portals or gateway software installed on the customer's computer.

Example : Google Apps

Software as a Service (SaaS)

Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.

SaaS is closely related to the ASP (application service provider) and On Demand Computing software delivery models.

Service Model Architectures

Cloud Deployment Models

Private cloud - enterprise owned or leased

Community cloud - shared infrastructure for specific community

Public cloud - Sold to the public, mega-scale infrastructure

Hybrid cloud - composition of two or more clouds

Possible Effects of Cloud Computing

Small enterprises use public SaaS and public clouds and minimize growth of data centers

Large enterprise data centers may evolve to act as private clouds

Large enterprises may use hybrid cloud infrastructure software to leverage both internal and public clouds

Public clouds may adopt standards in order to run workloads from competing hybrid cloud infrastructures

Foundational Elements of Cloud Computing

Primary Technologies Other Technologies Virtualization Autonomic Systems Grid technology Web 2.0

Service Oriented Architectures Web application frameworks

Distributed Computing Service Level Agreements

Broadband Networks Browser as a platform Free and Open Source Software

Cloud Security Vs. Security in Cloud

“Cloud Security”: this refers to the security of “the Cloud”, or more usefully, of a given cloud. Stepping back, we can use the term to refer to the general security aspects of Cloud Computing.

“Security in the Cloud”: this is about delivering security services via “the cloud”.

Security is the Major Issue

Cloud Computing Security Issues

According to analyst firm Gartner, customer should consider following seven cloud computing security risks before selecting a cloud computing vendor



Privileged User Access: Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical and personnel controls".

Regulatory Compliance: Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider. Traditional service providers are subjected to external audits and security certifications. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions," according to Gartner.

Data Location: When you use the cloud, you robably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, Gartner advises.

Data segregation: Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure-all. "Find out what is done to segregate data at rest," Gartner advises. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. "Encryption accidents can make data totally unusable, and

even normal encryption can complicate availability," Gartner says.

Recovery: Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. "Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure," Gartner says. Ask

your provider if it has "the ability to do a complete restoration, and how long it will take."

Investigative support: Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing

set of hosts and data centers

Long-term viability: Ideally, cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event. "Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application," Gartner says.

Best Practice for Companies in the cloud

Inquire about exception monitoring systems

Be vigilant around updates and making sure that staff don't suddenly gain access privileges they're not supposed to.

Ask where the data is kept and inquire as to the details of data protection laws in the relevant jurisdictions.

Seek an independent security audit of the host

Find out which third parties the company deals with and whether they are able to access your data

Be careful to develop good policies around passwords; how they are created, protected and changed.

Look into availability guarantees and penalties.

Find out whether the cloud provider will accommodate your own security policies

Is Cloud Computing behind Twitter hack?

What is being dubbed as the “Twitter Hack” has some questioning whether security is an issue for the phenomenon that is cloud computing.

The incident that sparked the debate was actually the hacking of a Google Apps account belonging to a Twitter employee. It has been reported that the exploit occurred because one of Twitter’s co-founders create a password for Google Apps that was easily guessed by a hacker.

This in turn, enabled the hacker to access and distribute important documents.

The distribution of internal Twitter documents by a hacker has revived doubts about the security of cloud computing.

Cloud Security Alliance

The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.

The Cloud Security Alliance is comprised of many subject matter experts from a wide variety disciplines, united in following objectives:

Promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary security requirements and attestation of assurance.

Promote independent research into best practices for cloud computing security.

Launch awareness campaigns and educational programs on the appropriate uses of cloud computing and cloud security solutions.

Create consensus lists of issues and guidance for cloud security assurance.

References