Dissertation Report

On
CLOUD COMPUTINGS EFFECT ON ENTERPRISES
in terms of Cost and Security

Faculty Guide: Ms. Kokil Jain

Submitted By: Akhilesh Agarwal A1802010373

Section C/MBA(IB)

AMITY INTERNATIONAL BUSINESS SCHOOL, AMITY UNIVERSITY Masters in Business Administration - International Business CLOUD COMPUTINGS EFFECT ON ENTERPRISES in terms of Cost and Security Dissertation Report submitted March, 2012 Size: 64 Pages Supervisor: Ms. Kokil Jain. Examiners: Mr. Ajeet Sharma, Ms. Madhu Khurana.

Abstract
Innovations are necessary to ride the inevitable tide of change. Most of enterprises are striving to reduce their computing cost through the means of virtualization. This demand of reducing the computing cost has led to the innovation of Cloud Computing. Cloud Computing offers better computing through improved utilization and reduced administration and infrastructure costs. Cloud Computing is the sum of Software as a Service (SaaS) and Utility Computing. Cloud Computing is still at its infant stage and a very new technology for the enterprises. Therefore, most of the enterprises are not very confident to adopt it. This research paper tackles this issue for enterprises in terms of cost and security. In this paper I discuss the benefits and drawbacks an enterprise can have while they adopt Cloud Computing in terms of Cost and Security. In the end, concluding that Cloud Computing is better for medium and small sized enterprises as compared to large enterprises in terms of both cost and data security.

Key words:
Cloud Computing, SaaS, IaaS, PaaS, Elasticity, Cost, Security.

TABLE OF CONTENTS
1. INTRODUCTION..5 . 2. RESEARCH METHODOLOGY...6

2.1. Objectives of the study 6 2.2. Sample design& Sample size.6 2.3. Limitations......................................................................................................6 2.4. Scope of the study...............................................................................................................7
3. CLOUD COMPUTING THE CONCEPT.......................................................... 8 3.1 Comparison...........................................................................................................................10 3.2 Implementation....................................................................................................................10 3.3 Characteristics......................................................................................................................10 4. HISTORY......................................................................................................................................13 5. POLITICAL ISSUES..................................................................................................................14 6. LEGAL ISSUES..14 7. ARCHITECTURE..15 8. COMPONENTS..16 9. STANDARDS...19 10. CLOUD COMPUTING SERVICE MODELS20 11. TYPES.22 12. ROLES IN CLOUD COMPUTING.24 13. COST FACTOR.25

13.1. Key characteristics26

14. SECURITY FACTOR...27

14.1. Key characteristics28

15. COMPANIES.29 16. CLOUD COMPUTING PROS/CONS W.R.T. TO COST & SECURITY30

17. LIMITATIONS OF CLOUD COMPUTING32 18. BENEFITS38 19. RISK MITIGATION40 20. DISCUSSIONS..41 21. CASE STUDY...43 22. QUESTIONNAIRE RESULT.46 23. CONCLUSION.62 24. REFERENCES.64

1. Introduction
Imagine yourself in the world where the users of the computer of todays internet world dont have to run, install or store their application or data on their own computers, imagine the world where every piece of your information or data would reside on the Cloud (Internet). As a metaphor for the Internet, "the cloud" is a familiar clich, but when combined with "computing", the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is "in the cloud", including conventional outsourcing. Cloud computing comes into focus only when you think about what we always need: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends ICT's existing capabilities. Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloud-based services individually, but cloud computing aggregators and integrators are already emerging.

2. RESEARCH METHODOLOGY
There are two main data sources for the research study- secondary and primary. To collect the data for this research study, both primary and secondary sources were used. One of the cardinal rules in data collection is to exhaust all secondary data sources before conducting a primary study. The operational features of secondary data are that it already exists and is easily available. Secondary data can be quite versatile and is used for many purposes. To collect secondary data, at first, the researcher reviewed articles related to research objectives that appeared in the literature. Key journals and proceedings were systematically scanned for any articles related to the research topic. In addition to that, search for the key words in peer reviewed journals were undertaken. This search led to articles in other related journals. To conduct an empirical investigation, a survey was conducted, using a questionnaire. At first, the items to be included in the questionnaire were decided. Next, the survey was conducted to collect the data and then analysed and interpreted to find the answers to the research objectives. The survey for data collection was carried out in the month of Dec - Mar of 2012. The questionnaire was developed based on literature, deriving issues pertinent to the research objectives. The questionnaire was pre-tested in a pilot study to fine the questionnaire. The pilot study was conducted among a convenience sample of four people consisting of colleagues and industry guide, to evaluate how well the questionnaire was framed and understood. Based on the pilot study and feedback from the participants, some items were reworded to improve clarity.

OBJECTIVES OF THE STUDY:

1. To study the effect of cloud computing technology on an Enterprise. 2. To study the factors which encourage or discourage an enterprise from opting cloud computing technology, i.e. Cost & Security.

SAMPLE DESIGN & SAMPLE SIZE:

As the survey is about the understanding the Effect of Cloud Computing on Enterprises, the research was specifically designed for technical people who work in IT departments. The sample size was small because of the sensitivity of the topic & security reasons. Therefore only few respondents share their views, suggestions, information and their experience.

LIMITATIONS:
Sample size was small because it was quiet difficult to reach highly professionals technocrats for the survey on this sensitive topic of Cloud Computing. Various statistical techniques as learned have been implemented and conclusions as best possible have been drawn making few assumptions as and when required.

SCOPE OF THE STUDY:

This study refined the factors that will influence an enterprise using cloud computing technology in India and revealed the impact of Cost & Security on an enterprise business. A few paramount implications of the study are outlined here. Findings of this study indicate that the study is quite informative and useful for both general public and companies indulge in cloud technology. They can understand the dimensions reflecting benefits and risk of cloud computing and impact of all these factors on an enterprise. Findings of this study also indicate that it is worthwhile for an enterprise to take note of the results of this study before going for actual implementation of cloud computing technology.

3. Cloud computing- The Concept

Cloud computing is Internet ("cloud") based development and use of computer technology ("computing"). It is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure "in the cloud" that supports them. Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. - U.S. National Institute of Standards and Technology (NIST) Cloud computing means using number of computer servers through a network, which appears as they are one single coherent computer. Cloud computing in recent times is one of the fastest emerging technology trend. The goal behind opting for Cloud computing is to save huge costs on building IT infrastructure. This papers elaborates the evolution of Cloud computing and how the cloud computing has been adopted by various enterprises. Cloud computing has been adopted in almost all the enterprise in todays world. This paper also explores on the technical description of the Cloud computing and its effect on Enterprise in terms of Cost & Security. Cloud computing can also be referred to as the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or personal computer. Cloud computing can benefit an organization by saving costs on IT infrastructure, Scalability, Automatic updates, Remote access, Reliability, Skilled vendors etc. Cloud Computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the datacenters that provide those services. The services are termed as Software as a Service (SaaS). The datacenter hardware and software is referred to as Cloud. As per a Forrester Report (Dec 2008) more than 70% of IT budget is spent on maintenance of current IT infrastructure instead of adding new one. In order to better utilize the IT budget companies are opting for cloud computing.

Cloud computing differs from the client-server model by providing services from a server that are executed and managed by a client's web browser, with no installed client version of an application required. Centralization gives cloud service providers full control on the versions of the browser-based applications provided to clients, which removes the continuous need for version upgrades or manages individual licenses of client computing devices. The concept incorporates infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS) as well as Web 2.0 and other recent technology trends which have the common theme of reliance on the Internet for satisfying the computing needs of the users. Examples of SaaS vendors include Salesforce.com and Google Apps which provide common business applications online that are accessed from a web browser, while the software and data are stored on the servers.

3.1 Comparison:
Cloud computing is often confused with grid computing ("a form of distributed computing whereby a 'super and virtual computer' is composed of a cluster of networked, looselycoupled computers, acting in concert to perform very large tasks"), utility computing (the "packaging of computing resources, such as computation and storage, as a metered service similar to a traditional public utility such as electricity") and autonomic computing ("computer systems capable of self-management"). Indeed many cloud computing deployments as of 2009 depend on grids, have autonomic characteristics and bill like utilities but cloud computing can be seen as a natural next step from the grid-utility model. Some successful cloud architectures have little or no centralized infrastructure or billing systems whatsoever, including peer-to-peer networks like Bit Torrent and Skype and volunteer computing like

3.2 Implementation:
The majority of cloud computing infrastructure as of 2009 consists of reliable services delivered through data centers and built on servers with different levels of virtualization technologies. The services are accessible anywhere that has access to networking infrastructure. The Cloud appears as a single point of access for all the computing needs of consumers. Commercial offerings need to meet the quality of service requirements of customers and typically offer service level agreements. Open standards are critical to the growth of cloud computing and open source software has provided the foundation for many cloud computing implementations.

3.3 Characteristics:

On-Demand:

A basic condition that a cloud computing provider must fulfill is the ability to deliver computing resources whenever the customer needs them. From the customers point of view the available computing resources are nearly infinite (i.e., the customer is not limited the set of servers located at one site and it is the responsibility of the cloud computing provider to have sufficient resources to satisfy the requirements of all their customers).

10

Utilizing computing resources on-demand is one of the most desired capabilities for a large number of enterprises because it eliminates the need for planning ahead, purchasing, and installing the resources they will require at some point in the future. This enables the customer to avoid making an unnecessary upfront investment in servers. Furthermore, when comparing cloud computing with the traditional model of owning the servers, cloud computing will helps avoid the costs of having underused resources. Effectively the cloud computing vendor is doing what firms such as EDS did when it started to run service bureaus - by combining the needs of multiple firms the service bureau is able to take advantages of the effects of resource pooling. Consequences of this feature of on-demand computing resources are a lowering of the entry barriers to some business models, as software vendors can develop applications without worrying beforehand of provisioning for a specific number of customers and then bearing with the risk of greater success than planned, leading to the service not being available or, worse, having very few users and a large capital expense caused by purchasing resources that are very underutilized.

Pay-per-use:

Another new aspect of cloud computing is application of an usage based billing model. The customer pays only for short term use of processors or storage, for example this usage could be metered in increments of hours or days; converting what would have been capital expenses (CAPEX) into operational expenses (OPEX). We can see that the concept of cloud computing is strongly related to the idea of utility computing. In both cases the computing resources are being provided on-demand, much as electricity, water, or gas are supplied by a utility company; but in the case of computing resources the waste product is largely heat and after some time scrap computing equipment - hence the customer is essentially renting these computing resources. However, unlike a traditional rental agreement where the resources would be physically located at the customers premises, in the case of cloud computing the resources are simply somewhere in the cloud - rather than in a single physical location. Further note that unlike the case for water and gas, which when they are not used are available for later use - not using processor cycles of a computer does in fact waste these cycles - since they will not be available for usage later. Therefore it is advantageous for a cloud computing provider to accept business to utilize all (or nearly all) of these cycles.

11

 Rapid Elasticity:
Based upon the specific of a service level agreement, the cloud provider scales up or down the resources that are provided to meet the customers changing needs. This service level agreement must define the response time for the cloud provider to adapt to the customers needs. Such an agreement is needed by the cloud provider, because the cloud provider does not in fact have infinite resources, so depending upon the service level agreement the cloud provider has to find a set of allocations of resources that satisfy the current demands of the aggregate of their users while meeting the various service level agreements of these costumers - otherwise the service level agreement may specify a penalty that the cloud provider has to pay to each customer for not meeting the relevant service level agreement.

Maintenance and Upgrading:

Because the cloud provider rather than the customer maintains the computing resource, there is an effective outsourcing of maintenance tasks. Thus the cloud provider maintains and updates the resources, whether the resource is hardware or software. Therefore all repairs and replacement of the underlying hardware resources are transparent to the customer, as they do not affect the customers experience. While this might be true in the ideal case, there may be short intervals when a customers image is migrated from one hardware platform to another in order to perform maintenance or repair of a given physical platform, during this period of time the customer might not have any of the resources associated with this image available.

12

4. History
The Cloud is a term with a long history in telephony, which has in the past decade, been adopted as a metaphor for internet based services, with a common depiction in network diagrams as a cloud outline. The underlying concept dates back to 1960 when John McCarthy opined that "computation may someday be organized as a public utility"; indeed it shares characteristics with service bureaus which date back to the 1960s. The term cloud had already come into commercial use in the early 1990s to refer to large ATM networks. By the turn of the 21st century, the term "cloud computing" had started to appear, although most of the focus at this time was on Software as a service (SaaS). In 1999, Salesforce.com was established by Marc Benioff, Parker Harris, and his fellows. They applied many technologies of consumer web sites like Google and Yahoo! to business applications. They also provided the concept of "On demand" and "SaaS" with their real business and successful customers. The key for SaaS is being customizable by customer alone or with a small amount of help. Flexibility and speed for application development have been drastically welcomed and accepted by business users. IBM extended these concepts in 2001, as detailed in the Autonomic Computing Manifesto -which described advanced automation techniques such as self-monitoring, self-healing, selfconfiguring, and self-optimizing in the management of complex IT systems with heterogeneous storage, servers, applications, networks, security mechanisms, and other system elements that can be virtualized across an enterprise. Amazon.com played a key role in the development of cloud computing by modernizing their data centers after the dot-com bubble and, having found that the new cloud architecture resulted in significant internal efficiency improvements, providing access to their systems by way of Amazon Web Services in 2005 on a utility computing basis. 2007 saw increased activity, with Google, IBM, and a number of universities embarking on a large scale cloud computing research project, around the time the term started gaining popularity in the mainstream press. It was a hot topic by mid-2008 and numerous cloud computing events had been scheduled. In August 2008, Gartner Research observed that "organizations are switching from companyowned hardware and software assets to per-use service-based models" and that the "projected shift to cloud computing will result in dramatic growth in IT products in some areas and in significant reductions in other areas."

13

5. Political Issues
The Cloud spans many borders and "may be the ultimate form of globalization." As such it becomes subject to complex geopolitical issues: providers must satisfy myriad regulatory environments in order to deliver service to a global market. This dates back to the early days of the Internet, where libertarian thinkers felt that "cyberspace was a distinct place calling for laws and legal institutions of its own"; author Neal Stephenson envisaged this as a tiny island data haven called Kinakuta in his classic science-fiction novel Cryptonomicon. Despite efforts (such as US-EU Safe Harbor) to harmonize the legal environment, as of 2009 providers such as Amazon Web Services cater to the major markets (typically the United States and the European Union) by deploying local infrastructure and allowing customers to select "availability zones." Nonetheless, there are still concerns about security and privacy from individual through governmental level, e.g., the USA PATRIOT Act and use of national security letters and the Electronic Communication Privacy Act's Stored Communications Act.

6. Legal Issues
In March 2007, Dell applied to trademark the term "cloud computing" (U.S. Trademark 77,139,082) in the United States. The "Notice of Allowance" it received in July 2008 was canceled on August 6, resulting in a formal rejection of the trademark application less than a week later. On 30 September 2008, USPTO issued a "Notice of Allowance" to CGactive LLC (U.S. Trademark 77,355,287) for "CloudOS". A cloud operating system is a generic operating system that "manage[s] the relationship between software inside the computer and on the Web", such as Microsoft Azure. Good OS LLC also announced their "Cloud" operating system on 1 December 2008. Richard Stallman, founder of the Free Software Foundation, believes that cloud computing endangers liberties because users sacrifice their privacy and personal data to a third party. In November 2007, the Free Software Foundation released the Affero General Public License, a version of GPLv3 designed to close a perceived legal loophole associated with free software designed to be run over a network, particularly software as a service. An application service provider is required to release any changes they make to Affero GPL open source code

14

7. Architecture
Cloud architecture, the systems architecture of the software systems involved in the delivery of cloud computing, comprises hardware and software designed by a cloud architect who typically works for a cloud integrator. It typically involves multiple cloud components communicating with each other over application programming interfaces, usually web services. This closely resembles the UNIX philosophy of having multiple programs doing one thing well and working together over universal interfaces. Complexity is controlled and the resulting systems are more manageable than their monolithic counterparts. Cloud architecture extends to the client, where web browsers and/or software applications access cloud applications. Cloud storage architecture is loosely coupled, where metadata operations are centralized enabling the data nodes to scale into the hundreds, each independently delivering data to applications or user.

15

8. Components

Cloud Computing Components

Applications Client
Facebook Google Apps SalesForce Microsoft Online Browser(Chrome) Firefox Cloud Mobile (Android iPhone) Netbook (EeePC MSI Wind) Nettop (CherryPal Zonbu)

Infrastructure BitTorrent EC2 GoGrid Sun Grid 3tera Platforms Services Storage Standards
App Engine Azure Mosso SalesForce Alexa FPS MTurk SQS S3 SimpleDB SQL Services Ajax Atom HTML 5 REST

16

8.1 Client
A cloud client consists of computer hardware and/or computer software that relies on cloud computing for application delivery, or that is specifically designed for delivery of cloud services and that, in either case, is essentially useless without it. Examples include some computers, phones and other devices, operating systems and browsers

8.2 Application
Cloud application services or "Software as a Service (SaaS)" deliver software as a service over the Internet, eliminating the need to install and run the application on the customer's own computers and simplifying maintenance and support. People tend to use the terms SaaS and cloud interchangeably, when in fact they are two different things.

8.3 Platform
Cloud platform services or "Platform as a Service (PaaS)" deliver a computing platform and/or solution stack as a service, often consuming cloud infrastructure and sustaining cloud applications. It facilitates deployment of applications without the cost and complexity of buying and managing the underlying hardware and software layers.

8.4 Infrastructure
Cloud infrastructure services, also known as "Infrastructure as a Service (IaaS)", delivers computer infrastructure - typically a platform virtualization environment - as a service. Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service. Suppliers typically bill such services on a utility computing basis and amount of resources consumed (and therefore the cost) will typically reflect the level of activity. IaaS evolved from virtual private server offerings.

8.5 Service
A cloud service includes "products, services and solutions that are delivered and consumed in real-time over the Internet". For example, Web Services ("software system[s] designed to support interoperable machine-to-machine interaction over a network") which may be accessed by other cloud computing components, software, e.g., Software plus service, or end users directly.

17

Specific examples include:

y y y y y y

Identity (OAuth, OpenID) Integration (Amazon Simple Queue Service) Payments (Amazon Flexible Payments Service, Google Checkout, PayPal) Mapping (Google Maps, Yahoo! Maps) Search (Alexa, Google Custom Search, Yahoo! BOSS) Others (Amazon Mechanical Turk)

8.6 Storage
Cloud storage involves the delivery of data storage as a service, including database-like services, often billed on a utility computing basis, e.g., per gigabyte per month. For example:
y y y y

Database (Amazon SimpleDB, Google App Engine's BigTable datastore) Network attached storage (MobileMe iDisk, Nirvanix CloudNAS) Synchronization (Live Mesh Live Desktop component, MobileMe push functions) Web service (Amazon Simple Storage Service, Nirvanix SDN)

18

9. Standards
Cloud standards, a number of existing, typically lightweight, open standards, have facilitated the growth of cloud computing, including: y Application: o Communications (HTTP, XMPP) o Security (OAuth, OpenID, SSL/TLS) o Syndication (Atom) Client: o Browsers (AJAX) o Offline (HTML 5) Implementations: o Virtualization (OVF) Platform: o Solution stacks (LAMP) Service: o Data (XML, JSON) o Web Services (REST) Storage:
o o o

y y y

Database(Amazon Simple DB, Google App Engine BigTable Datastore) Network attached storage (MobileMe iDisk, Nirvanix CloudNAS) Synchronization (Live Mesh Live Desktop component, MobileMe push functions) o Web service (Amazon Simple Storage Service, Nirvanix SDN)

19

10. Cloud Computing service models

Cloud computing can be classified by the model of service it offers into one of three different groups. These will be described using the XaaS taxonomy, first used by Scott Maxwell in 2006, where X is Software, Platform, or Infrastructure, and the final "S" is for Service. It is important to note, as shown in Figure 2.1, that SaaS is built on PaaS, and the latter on IaaS. Hence, this is not an excluding approach to classification, but rather it concerns the level of the service provided. Each of these service models is described in a following subsection.

Figure: Cloud computing service models

10.1

IaaS (Infrastructure as a Service):

The capability provided to the customer of IaaS is raw storage space, computing, or network resources with which the customer can run and execute an operating system, applications, or any software that they choose. The cloud customer is not able to control the distribution of the software to a specific hardware platform or change parameters of the underlying infrastructure, but the customer can manage the software deployed (generally from the boot level upward). E.g. Amazon Web Services.

20

10.2

PaaS (Platform as a Service):

In the case of PaaS, the cloud provider not only provides the hardware, but they also provide a toolkit and a number of supported programming languages to build higher level services (i.e. software applications that are made available as part of a specific platform). The users of PaaS are typically software developers who host their applications on the platform and provide these applications to the end-users. E.g. Facebook platform, Google App-engine.

10.3

SaaS (Software as a Service):

The SaaS customer is an end-user of complete applications running on a cloud infrastructure and offered on a platform on-demand. The applications are typically accessible through a thin client interface, such as a web browser. The customer does not control either the underlying infrastructure or platform, other than application parameters for specific user settings. E.g. Google Apps, Web-based email, Facebook applications.

21

11. Types

11.1 Community Cloud:

A community cloud may be established where several organizations have similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud computing. The cost can be shared by the organisations taking part. This option may offer a higher level of privacy, security, and/or policy compliance. In addition, it can be economic and attractive as the resources (storage, workstations) used and shared in the community have reached their return of investment. Examples of community clouds include Google's Gov Cloud.

11.2 Private cloud:

Douglas Parkhill first described the concept of a "private computer utility" in his 1966 book The Challenge of the Computer Utility. Private cloud sometimes also termed as internal cloud are implementations that some vendors use these days to describe Cloud computing on private networks. A private cloud is a system or collection of many systems that provide hosted access to all the systems and applications that are internal to an organization.

22

11.3 Public cloud:

Public cloud or external cloud describes cloud computing in the traditional way, where resources are dynamically provided on a fine-grained, self-service basis over the Internet. It is as termed as pay as you go manner and service is sold as Utility computing.

11.4 Combined Cloud:

Two clouds joined together are more correctly called a "combined cloud". A combined Cloud Computing Environment consists of multiple internal and/or external providers, that are generally used by Enterprises.

11.5 Hybrid cloud:

The main responsibility of the IT department in a non-IT company is to deliver services to the business. With the growing use of cloud computing (both private and public) and the fact that IT departments must also provide services by traditional, in-house methods, this gave rise to the term called hybrid cloud computing. Hybrid cloud is also called hybrid delivery by the major vendors including HP, IBM, Oracle, VMware and Fujitsu who offer technology to manage the complexity in managing the performance, security and privacy concerns that are results of mixed delivery methods. Hybrid delivery is expected to become the norm in data centers.

23

12. Roles
12.1 Provider
A cloud computing provider or cloud computing service provider owns and operates live cloud computing systems to deliver service to third parties. The barrier to entry is also significantly higher with capital expenditure required and billing and management creates some overhead. Nonetheless, significant operational efficiency and agility advantages can be realized, even by small organizations, and server consolidation and virtualization rollouts are already well underway. Amazon.com was the first such provider, modernizing its data centers which, like most computer networks, were using as little as 10% of its capacity at any one time just to leave room for occasional spikes. This allowed small, fast-moving groups to add new features faster and easier, and they went on to open it up to outsiders as Amazon Web Services in 2002 on a utility computing basis.

12.2 User
A user is a consumer of cloud computing. The privacy of users in cloud computing has become of increasing concern. The rights of users are also an issue, which is being addressed via a community effort to create a bill of rights.

12.3 Vendor
A vendor sells products and services that facilitate the delivery, adoption and use of cloud computing. For example: y Computer hardware (Dell, HP, IBM, Sun Microsystems) o Storage (Sun Microsystems, EMC, IBM) o Infrastructure (Cisco Systems) Computer software (3tera, Hadoop, IBM, RightScale) o Operating systems (Solaris, AIX, Linux including Red Hat) o Platform virtualization (Citrix, Microsoft, VMware, Sun xVM, IBM)

24

13. Cost/Economics
Cloud computing users can avoid capital expenditure (CapEx) on hardware, software and services, rather paying a provider only for what they use. Consumption is billed on a utility (e.g. resources consumed, like electricity) or subscription (e.g. time based, like a newspaper) basis with little or no upfront cost. Other benefits of this time sharing style approach are low barriers to entry, shared infrastructure and costs, low management overhead and immediate access to a broad range of applications. Users can generally terminate the contract at any time (thereby avoiding return on investment risk and uncertainty) and the services are often covered by service level agreements with financial penalties. According to Nicholas Carr the strategic importance of information technology is diminishing as it becomes standardized and cheaper. He argues that the cloud computing paradigm shift is similar to the displacement of electricity generators by electricity grids early in the 20th century.

25

13.1. Key Characteristics:

y

Cost is greatly reduced and capital expenditure is converted to operational expenditure. This lowers barriers to entry, as infrastructure is typically provided by a third-party and does not need to be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and minimal or no IT skills are required for implementation. Device and location independence enable users to access systems using a web browser regardless of their location or what device they are using, e.g., PC, mobile. As infrastructure is off-site (typically provided by a third-party) and accessed via the Internet the users can connect from anywhere. Multi-tenancy enables sharing of resources and costs among a large pool of users, allowing for:
o

Centralization of infrastructure in areas with lower costs (such as real estate, electricity, etc.) Peak-load capacity increases (users need not engineer for highest possible load-levels) Utilization and efficiency improvements for systems that are often only 1020% utilized.

Scalability via dynamic ("on-demand") provisioning of resources on a finegrained, self-service basis near real-time, without users having to engineer for peak loads. Performance is monitored and consistent and loosely-coupled architectures are constructed using web services as the system interface.

26

14. Security
The relative security of cloud computing services is a contentious issue which may be delaying its adoption. Issues barring the adoption of cloud computing are due in large part to the private and public sectors unease surrounding the external management of security based services. It is the very nature of cloud computing based services, private or public, that promote external management of provided services. This delivers great incentive amongst cloud computing service providers in producing a priority in building and maintaining strong management of secure services. Organizations have been formed in order to provide standards for a better future in cloud computing services. One organization in particular, the Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within cloud computing. GOOGLE  The leader in cloud computing.  Google offers several services including e-mail and document creating applications.  Google claims its services are 99.99% reliable.  Though users have experienced downtime.  Bugs and glitches always occur with new technology. AMAZON o Amazon offers companies data storage services. o Companies only have to pay for the storage they use. o More and more companies are starting to trust cloud computing services and turn begin to store their data in the clouds. o It appeals to companies because it eliminates time employees spend on maintaining this data and eliminates maintenance. MICROSOFT The cloud computing industry is predicted to hurt the software business. Therefore Microsoft is taking a stand and developing cloud computing services of their own, Azure.

27

They are offering Microsoft based document applications for the web for a small monthly fee. Even the government is wanting to get in on this new technology. The US Defense Department is offering a new cloud computing service to its military users called RACE. They claim there services are more reliable and secure because security is their # 1 policy IBM  IBM are developing cloud computing applications for the everyday user called CloudBurst.  There has also been some talk of IBM coming together with Sun Microsystems to enhance their ability to build data centers for this new technology.  IBM also offers private cloud computing services using IBM blue services software. Instead of putting information out on the internet it makes the companies data center into its own cloud. This cloud is blocked off from the internet using firewalls.

14.1 Key Characteristics:

y Reliability improves through the use of multiple redundant sites, which makes it suitable for business continuity and disaster recovery. Nonetheless, most major cloud computing services have suffered outages and IT and business managers are able to do little when they are affected. Security typically improves due to centralization of data, increased securityfocused resources, etc., but raises concerns about loss of control over certain sensitive data. Security is often as good as or better than traditional systems, in part because providers are able to devote resources to solving security issues that many customers

28

cannot afford. Providers typically log accesses, but accessing the audit logs themselves can be difficult or impossible. y Sustainability comes about through improved resource utilization, more efficient systems, and carbon neutrality. Nonetheless, computers and associated infrastructure are major consumers of energy.

14.2 Companies:
Providers including Amazon, Microsoft, Google, Sun and Yahoo exemplify the use of cloud computing. It is being adopted by individual users through large enterprises including General Electric, L'Oral, and Procter & Gamble.

29

15. Cloud Computing Pros and Cons w.r.t. Cost & Security

15.1 Pros:
Lower computer costs. Improved performance. Reduced software costs. Instant software updates. Unlimited storage capacity. Increased data reliability. Universal document access. Latest version availability. Improved document format compatibility.

30

15.2 Cons:
Can be slow Features might be limited Stored data might not be secure Stored data can be lost Requires a constant Internet connection Does not work well with low-speed connections HPC Systems General Concerns

31

16. Limitations of Cloud Computing

Cloud computing is widely recognized as a revolutionary IT concept and with different offerings can fit the needs of very diverse customers, ranging from large enterprises, small start-ups, to end-users. Some cloud based applications, such as Gmail, have had great success; but as the diversity of the offerings grows so does the reluctance to trust some services or to trust more sensitive data to off-site computers. This is easily observed at the enterprise level when decision makers in the information technology departments of companies and organizations keep rejecting a move to the cloud. At present most organizations are only willing to outsource applications that involve less sensitive information. According to a survey of more than 500 chief executives and IT managers of 17 countries they still trust existing internal systems over cloud-based systems due to the fear about security threats and loss of control of data and systems. The ones that do agree to move to the cloud still demand third party risk assessments or at least ask the cloud providers questions such as: Who will have access to the data and applications and how will that be monitored? What security measures are used for data transmission and storage? How are applications and data from different customers are kept separate? Where, in terms of geographical location, will be the data stored? Could the choice of the location affect me? Can these measures and details be stipulated in a service level agreement? All these customer worries can be translated into what can be identified as the main obstacles to the adoption and growth of cloud computing. Each of these obstacles are examined in the following subsections.

16.1 Availability of service:

Outages of a service become a major worry when customers have deposited all their information in the cloud and might need it at anytime. Given that the customer management interfaces of public clouds are accessible via Internet, there is an increased risk of failure when compared to traditional services since there are more weak points in the chain of elements needed to access the information or application.

32

For instance, web browser vulnerabilities could lead to service delivery failures. A feasible means to obtain a high degree of availability would be using multiple cloud computing providers. Cloud providers are well aware of these risks and today provide more information about the current state of the system, as this is something that customers are demanding. Salesforce for instance shows the real-time average response time for a server transaction at Trust.salesforce.com. Amazon has implemented a service dashboard that displays basic availability and status history.

16.2 Data lock-in:

As some people, such as GNU creator Richard Stallman have advised, the use of proprietary cloud-based applications could end up in situations where migration off the cloud to another cloud or to an in-house IT environment would be nearly impossible. The reason for the current poor portability and limited interoperability between clouds is the lack of standardized APIs. As a consequence migration of applications between clouds is a hard task. An evolution towards standardized APIs would not only overcome this risk by allowing SaaS to develop software services interoperable in all clouds, but would provide a firm basis to progress towards hybrid computing models. Google is the only cloud provider truly advancing to achieve a more standard environment and they even have an initiative, called Data Liberation Front [36], to support users moving data and applications in and out of their platform.

16.3 Data segregation:

A direct consequence of the multi-tenant usage mode, where different customers virtual machines are co-located in the same server or data is on the same hard disks, is the question of isolation. How should the cloud securely isolate users? This class of risks includes issues concerning the failure of mechanisms to separate storage or memory between different users (i.e., such a failure would enable information to leak from one customers VM to another customers VM). There are a number of documented vulnerabilities in different commercial hypervisors that have been exploited to gain access to one or more customers virtual machines. Another type of attack whose feasibility has been reported is a side-channel attack.

33

A case study carried out by MIT and University of California at San Diego on the Amazon EC2 service considered this style of attack an actual threat, and they demonstrated this attack by successfully overcoming the following: y y y y Determining where in the cloud infrastructure a specific virtual machine instance is located. Determining if two instances are co-resident in the same physical machine. Proving that it is possible for an adversary to launch on purpose instances that will be co-resident with another users instances. Proving that it is possible to take advantage of cross-virtual machine information leakage once co-resident.

They were able to successfully perform all the previous steps given that patterns can be found in the mapping of virtual machine instances into physical resources (for example, by examining internal and external IP addresses of a large number of different types of instances). In their tests they could launch co-resident instances with a 40% probability of success. They state that the only certain way to avoid this threat is to require exclusive physical resources, something that ultimately customers with high privacy requirements will begin to ask for.

16.4 Privilege abuse:

The threat of a malicious insider with a privileged role (e.g. a system administrator) is inherent to any outsourced computation model. Abuse by insiders could impact and damage the customers brand, reputation, or directly damage the customer. Note that these same type of attacks can be carried out by internal employees in a traditional (i.e., non-cloud) computing infrastructure. Cloud customers should conduct a comprehensive assessment of any potential cloud provider, specifying human resource requirements (i.e. stating who will have access to their data and what level of access they will have) and requiring transparency measures. Additional trust systems that would not require the customer to blindly trust the provider would be useful.

34

16.5 Scaling resources:

The ability of scaling up or down resources to meet workload is one of the most desired cloud computing advantages. However, this great advantage can lead to service failures if it is not well implemented or if a maximum response time is not agreed upon beforehand. A web application developer who hosts its service on a cloud may see how the response time steadily increases when the usage of the application also increases - because the cloud does not scale up resources quickly enough. On the other hand, scaling must be limited by some threshold. This threshold would stop the continuous increase in the allocation of resources to prevent the cloud provider from suffering a denial of service attack because the customers application was malfunctioning. In either case the customer could be billed for service that they did not want. Existing service level agreements determine quality of service requirements, but not in terms of response time in response to workload variations. There are proposed solutions in service level agreements (SLA) for scalability implemented through statistical machine learning.

16.6 Data security and confidentiality:

The distributed nature of the cloud model necessarily involves more transits of data over networks, thus creating new challenging security risks. The confidentiality of the data must be assured whether it is at rest (i.e. data stored in the cloud) or in transit (i.e. to and from the cloud). It would be desirable to provide a closed box execution environment where the integrity and confidentiality of the data could be verified by its owner. While encryption is an answer to securely storing data in the cloud, it does not fit that well with cloud-based processing. This later problem occurs because generally the cloud both stores data and applications running on the cloud operate on this data. In most cases the data has to be unencrypted at some time when it is inside the cloud. Some operations would be simply impossible to do with encrypted data and, furthermore, doing computations with the encrypted data would consume more computing resources (and more money, in consequence). There are recent steps towards dealing with this issue. One is the Trusted Cloud Computing Platform , which aims to apply the Trusted Computing model (developed in 2003 by Intel, AMD, HP, and IBM) to the cloud. However the scope of this initiative is to protect against malicious insiders, inside the cloud provider organization. Another project of the Microsoft Cryptography Group is a searchable encryption mechanism introduced by Kamara and Lauter in. The underlying process in this system is based on a local application, installed on the users machine, composed of three modules: a data processor, a data verifier, and a token generator. The user encrypts the data before uploading

35

it to the cloud. When some data is required, the user uses the token generator to generate a token and a decryption key. The token is sent to the cloud, the selected encrypted file(s) are downloaded, and then these files are verified locally and decrypted using the key. Sharing is enabled by sending the token and decryption key to another user that you want to collaborate with. The enterprise version of the solution consists of adding a credential generator to simplify the collaboration process. Other relevant projects are also being conducted. One example is a recently published PhD dissertation from Stanford University done by Craig Gentry in collaboration with IBM. This research proposes A fully homomorphic encryption scheme. Using their proposed encryption method data can be searched, sorted, and processed without decrypting it. The innovation here is the refreshing mechanism necessary to maintain low levels of noise. Although successful, both initiatives have turned out to be still too slow and result it very low efficiency. As a result, they are not commercially utilized yet.

16.7 Data location:

In addition to the topology of the cloud network, the geographic location of the data also matters in some cases. Knowing datas location is fundamental to securing it, as there might be important differences between regulatory policies in different countries. A customer could be involved in illegal practices without even noticing, as some governments prosecute companies that allow certain types of data to cross geographical boundaries. Cloud computing customers must tackle this issue by understanding the regulatory requirements for every country they will be operating in. Not only the datas location, but the path the data follows may also matter. According to Forresters Cloud Privacy Heat map a possible conclusion is that it can be hard for an application operator to deploy applications at a minimum distance from the users (i.e., there may be locations where the data must travel to that require following a non-optimal path because the ideal path crosses countries with restrictive laws). Currently there are cloud providers that leave the choice of the datacenter location to the user. For instance, Amazon offers two locations in the US and one in Europe. Very likely, other providers will add to Amazons region choice offer as the location of data is an increasing important requirement of potential customers.

16.8 Deletion of data:

Closely related with the isolation issues that the multi-tenant architecture can entail is the fact that the user can erase data upon request. A user of a public cloud may require his data to be deleted, i.e., completely removed from the cloud. As this can only be entirely done by erasing, repeatedly re-writing the disk sectors with random data, and possibly formatting the servers hard disk, this could turn out to be impossible to do at the service providers environment. As noted earlier in the discussion of a side-channel attack, a malicious user could later take advantage of remaining data. Even with multiple cycles of re-writing the sectors which previously held the file it may be possible to access the "erased" data, but the 36

probability can be reduced - however, this is at a quite high cost in time and disk I/O and may not be completely successful. In the latest report about cloud computing by the European Network and Information Security Agency (ENISA) it has been suggested that if encryption were applied to data at rest, the level of this risk would be considerably lower.

16.9 Recovery and back-up:

Cloud providers should have an established plan of data back-up in the event of disaster situations. This may be accomplished by data replication across different locations and the plan must be addressed in the service level agreement.

16.10 The Offline cloud:

Being completely dependent upon an Internet connection might turn out to be impossible or highly risky for some users who need an application (or data) to be available at all times. This creates a bigger problem if the user is moving and the quality of the connection can change, hence in some situations relying on a Internet service provider is simply not an option. The so-called pure Cloud computing model causes this impediment. This model is based on the fact that the most used software application nowadays is the web browser and that today complete applications can be delivered as a service through the Internet and all of the end-users interaction can occur through a web browser. An obvious conclusion is to build a web based OS. In this approach the web browser acts as the interface to the rest of the system and hardware, such as hard disks or powerful processors, would not be needed locally anymore.

37

17. Benefits

Figure: Comparisons of various Infrastructure solutions Source: www.iitweb.bloomu.edu

17.1 High availability:

Any web application should be available to legitimate visitors from across the globe. An efficient Cloud creates and spans multiple access points at various geographic locations around the globe. The Cloud provider must effectively receive and route incoming requests to the appropriate virtualized application on the cloud on behalf of its customers. Google and Microsoft replicate each application instance to multiple physical locations. AT&T Synaptic Hosting spans multiple locations for its enterprise customers.

17.2 Service on demand:

Cloud enables service on demand. We have use resources for as small as couple of hours and pay for them accordingly. This the key advantage of the Cloud.

38

Example: Lets consider the case of a University website. The web site doesnot expect much traffic normally. But during the display of the exam results, the traffic may increase exponentially. But the increase of traffic happens only once or twice a year during the results so it is not wise for the management to buy huge infrastructure. In such a situation Cloud could really help where the university can hire infrastructure for a weeks time and just pay a small cost.

17.3 Security:
Security could improve due to centralization of data, increased security-focused resources, etc. As the Cloud is maintained by the Cloud provider enterprises need to be involved in security. The Cloud provider has the professionals who would further secure the Cloud. SME's may not be able to hire highly paid security profesionals, so its better for them to hire resources on Cloud.

17.4 Maintenance:
Maintenance cloud computing applications is not difficult, since they need not to be installed on user's computer. Due to this it is easy to support and to update because the changes can be done to clients instantly. Cloud infrastructure services or "Infrastructure as a Service (IaaS)" provides computer infrastructure as a virtual platform, as a service. Rather than purchasing servers, software, data center space or network equipment, clients instead buy those resources as a fully outsourced service.

17.5 Reduced Costs:

Users of cloud need not to pay any upfront amount. They have to pay incrementally for the services they use, saving huge costs.

17.6 Flexibility and Automation:

Cloud computing offers more flexibility that traditional methods. Cloud is able to to change rapidly in response to the different need to different users.

39

18. Risk Mitigation

Corporations or end-users wishing to avoid not being able to access their data or even losing it should research vendors' policies on data security before using vendor services. One technology analyst and consulting firm, Gartner, lists seven security issues which one should discuss with a cloud-computing vendor:

1. Privileged user accessinquire about who has specialized access to data and about the hiring and management of such administrators. 2. Regulatory compliancemakes sure a vendor is willing to undergo external audits and/or security certifications. 3. Data locationsask if a provider allows for any control over the location of data. 4. Data segregationmake sure that encryption is available at all stages and that these "encryption schemes were designed and tested by experienced professionals". 5. Recoveryfind out what will happen to data in the case of a disaster; do they offer complete restoration and, if so, how long that would take. 6. Investigative Supportinquire whether a vendor has the ability to investigate any inappropriate or illegal activity. 7. Long-term viabilityask what will happen to data if the company goes out of business; how will data be returned and in what format.

In practice, one can best determine data-recovery capabilities by experiment: asking to get back old data, seeing how long it takes, and verifying that the checksums match the original data. Determining data security is harder. A tactic not covered by Gartner is to encrypt the data yourself. If you encrypt the data using a trusted algorithm, then regardless of the service provider's security and encryption policies, the data will only be accessible with the decryption keys. This leads to a follow-on problem: managing private keys in a pay-ondemand computing infrastructure.

40

19. Discussions Thoughts against Cloud Computing:

Although Cloud computing is considered as a useful emerging utility, but it is not appreciated and encouraged by some of the scholars in the industry. Thoughts of some of those people are listed below. According to Larry Ellison, The interesting thing about Cloud Computing is that we have redefined Cloud Computing to include everything that we already do. . . . I dont understand what we would do differently in the light of Cloud Computing other than change the wording of some of our ads. As per Andy Isherwood, A lot of people are jumping on the [cloud] bandwagon, but I have not heard two people say the same thing about it. There are multiple definitions out there of the cloud. Richard Stallman, known for his advocacy of free software, thinks Cloud Computing is a trap for users. If applications and data are managed in the cloud, users might become dependent on proprietary systems whose costs and service terms may changed unilaterally and adversely. Richard Stallman used really harsh words for Cloud. He states that, Its stupidity. Its worse than stupidity: its a marketing hype campaign. Somebody is saying this is inevitable and whenever you hear somebody saying that, its very likely to be a set of businesses campaigning to make it true.

People favoring Cloud Computing:

Thought by some of the pioneers of the industry are against the concept of Cloud computing but there are large number of people who still thinks that Cloud computing is one one of the most useful emerging technology and provides a solution not only to SME's and new starters but also to big players. Brad Jefferson in the favor of Cloud Computing States that, Cloud computing is really a nobrainer for any start-up because it allows you to test your business plan very quickly for little money. Every start-up, or even a division within a company that has an idea for something new, should be figuring out how to use cloud computing in its plan.

41

Mark benoiff, CEO of www.salesforce.com one of the biggest supporters of Cloud computing said, The cloud services companies of all sizesThe cloud is for everyone. The cloud is a democracy. Vivek Kundra, Federal CIO of United states of America said, There was a time when every household, town, farm or village had its own water well. Today, shared public utilities give us access to clean water by simply turning on the tap; cloud computing works in a similar fashion. Just like water from the tap in your kitchen, cloud computing services can be turned on or off quickly as needed. Like at the water company, there is a team of dedicated professionals making sure the service provided is safe, secure and available on a 24/7 basis. When the tap isn't on, not only are you saving water, but you aren't paying for resources you don't currently need. Small businesses will now have the ability to use the same tools and techniques that larger companies enjoyed for years. They can leverage Web 2.0/ Social Media tools to connect with prospects / customers, build their brand, and use Enterprise 2.0 tools to automate systems within their workplace using free, inexpensive and simple tools. Sahil Parikh CEO - Synage

42

20. Case Study

This section presents the current cloud computing offers, distinguishing them basing on the level of abstraction (i.e. the level of service) presented to the programmer and the level of management of the resources.

20.1 Amazon Web Services (AWS):

AWS refers to the services offered by Amazon to cover the entire service spectrum. Amazon is the only provider to the date with products in all three classes. AWS includes a number of components: y Amazon Elastic Compute Cloud (EC2): The IaaS product of Amazon is the leader in its class. It supplies customers with a pay-as-you-go resource that can include storage or computation. EC2 has a web interface for requesting virtual machines as server instances. An EC2 instance seems like physical hardware and its relatively low level of abstraction (i.e. by definition, IaaS have low levels of abstraction when compared to PaaS or SaaS. Customers have the chance to increase or decrease the number of server instances, then AWS reacts by scaling the number of instances up or down. Server instances are available in three different sizes; each one having a different amount of memory, computing power, and bandwidth. Amazon Simple Storage Service (S3) implements a dynamically scalable storage service which can be used to host applications that are subsequently offered to end-users. Amazon SimpleDB realizes a database (DB) and provides it as a web service. Developers store and query data items via web services requests. Amazon liberates these developers from worrying about the databases internal complexity.

20.2 Rackspace:
Rackspace offers infrastructure as a service (IaaS), named Cloudservers, or a platform as a service, Cloudsites, to host web applications with scaling needs. Rackspace also provides Cloudfiles, a storage service, which can be combined with a content delivery network (CDN) service. This latter service competes directly with the CDN from Amazon, called Cloudfront, but Rackspace, unlike Amazon, does not charges for bandwidth consumption between the storage service and the CDN.

43

20.3 GoGrid:
GoGrid provides infrastructure as a service (IaaS), standing as a direct competitor to Amazon or Rackspace. GoGrid offers a competitive service consisting on dedicated hosted servers in their cloud facilities. Thus they are a provider of virtual or physical infrastructure on-demand, unlike Amazon (who only supplies virtual infrastructure on-demand). Additionally, GoGrid complements the offer of dedicated infrastructure with an hybrid environment that enables users of their dedicated hosting service to request virtual resources to handle usage spikes.

20.4 Salesforce:
Salesforce (software as a service (SaaS)), is one of the pioneers in cloud computing. Salesforces first and still main product is a Customer Relationship Management (CRM) web service. Salesforce has focused on enterprise customers and has added new applications on top of its CRM. While earlier Salesforce only offered SaaS class products, in 2002 Salesforce shifted towards the PaaS market with the release of their Force.com platform that allows developers to develop applications that will execute natively on their Salesforce platform or be integrated with third party services. In the case of Force.com, Salesforce is responsible for scaling up or down the platform as needed, thus making the addition of new physical resources transparent to the user. The Force.com development environment is based on the Eclipse integrated development environment (IDE) and uses a new programming language called APEX. APEX is closely related to C# and Java. Force.com also provides non-programmers with tutorials and models to enable them to compose business web applications in a visual way.

20.4 Google App Engine:

Googles Platform as a service (PaaS) product is a platform to develop and host web applications on Googles servers. The user can leverage Googles distributed and scalable file systems (BigTable and File System), along with technologies used by Googles wide range of web applications (e.g, Gmail, Docs, Google Reader, Maps, Earth, or Youtube). Although in the beginning the only programming language supported was Python, presently there is also support for Java, and it is forecasted that other programming

44

languages will be allowed in the future. In a move towards connecting both clouds, Google and Salesforce have recently provided libraries that allow the developer to access the others web services application programming interface (API) from applications. Once installed, the application can seamlessly make web service API calls of the other service, hence integrating applications hosted on both clouds.

20.5 Microsoft Windows Azure:

Microsofts Platform as a service (PaaS) service is called Windows Azure. This is a very new (commercially it became available starting in February 2010) cloud platform offering that provides developers with on-demand computing and storage to host, scale, and manage web applications on the Internet using Microsofts datacenters. The Azure Services platform currently runs only .NET Framework applications, but Microsoft has indicated that a large range of languages will be supported. Indeed, two software development kits (SDKs) have already been made available for interoperability with the Azure Services platform that enable Java and Ruby developers to integrate their application with .NET services.

20.6 Sun Cloud:

Sun Microsystems (now Oracle) in March 2009 introduced a cloud service to compete against Amazon EC2 in the field of IaaS. It is uncertain what the future of this service is today. After the merger with Oracle, it was announced that the Sun Cloud service will no longer be available, but it is unclear if another Cloud product will be released instead.

45

21. QUESTIONNAIRE RESULT

Q1). How many employees does your company have? 1 49 50 249 250 or more 0 1 5 0% 17% 83%

Q2). Which industry sector does your company belong to? ICT Manufacturing Trade Financial Services Government Other 2 1 1 2 0 0 33% 17% 17% 33% 0% 0%

Q3). Company location? Local company Local company with the foreign affiliates Part of an international corporation Q4). Have you used, or are you planning to use Cloud Computing services? Yes No 6 0 100% 0% 2 2 33% 33%

33%

Q5). Is your organization using any of the following Cloud

46

Computing services? Cloud Computing used in the past, but projects have been discontinued None at present, and not planning within the next 12 months None at present, but planning within the next 12 months Running a pilot project at present Running a production system at present IaaS: Cloud Computing used in the past, but projects have been discontinued. None at present, and not planning within the next 12 months. None at present, but planning within the next 12 months. Running a pilot project at present. Running a production system at present. PaaS: 0 0% 0 0%

0%

17%

3 2

50% 33%

17%

17%

0 4

0% 67%

47

Cloud Computing used in the past, but projects have been discontinued. None at present, and not planning within the next 12 months. None at present, but planning within the next 12 months. Running a pilot project at present. Running a production system at present. Q6). What percentage of your IT operational expenditure is constituted by Cloud Computing services (i.e. SaaS, IaaS and PaaS together)? 1 25% 26 50% 51 75% 76 100% 6 0 0 0

0%

0%

67%

1 1

17% 17%

100% 0% 0% 0%

Q7). What percentage each Cloud Computing service type (i.e. SaaS, IaaS and PaaS) represents? [NOTE: Answers' total must be 100% ]

48

10% 20& 30% 40% 50% 60% 70% 90% 100%

0 0 1 3 2 0 0 0 0

0% 0% 17% 50% 33% 0% 0% 0% 0%

IaaS 10% 20& 30% 40% 50% 60% 70% 90% 100% 0 1 1 2 2 0 0 0 0 0% 17% 17% 33% 33% 0% 0% 0% 0%

PaaS

49

10% 20& 30% 40% 50% 60% 70% 90% 100%

1 2 1 2 0 0 0 0 0

17% 33% 17% 33% 0% 0% 0% 0% 0%

Q8). What types of processes do you support with Cloud Computing services? SaaS IaaS PaaS 5 5 4 83% 83% 67%

People may select more than one checkbox, so percentages may add up to more than 100%. Non- Mission Critical processes SaaS IaaS PaaS 5 5 4 83% 83% 67%

People may select more than one checkbox, so percentages may add up to more than 100%. Q9). How many Cloud Computing service providers do you have? - # local service providers 0 1 2 3 3+ 0 0 3 1 2 0% 0% 50% 17% 33%

50

Q9). How many Cloud Computing service providers do you have? - # global service providers 0 1 2 3 3+ 1 1 0 0 4 17% 17% 0% 0% 67%

IaaS - # local service providers 0 1 2 3 3+ 0 0 3 1 2 0% 0% 50% 17% 33%

IaaS - # global service providers 0 1 2 3 3+ 1 1 0 2 2 17% 17% 0% 33% 33%

PaaS - # local service providers 0 1 2 3 3+ 0 0 3 1 2 0% 0% 50% 17% 33%

51

PaaS - # global service providers 0 1 2 3 3+ 1 1 0 0 4 17% 17% 0% 0% 67%

Q10). What types of SaaS services have you used, or are planning to use in the near future? Analytics Collaboration (e.g. office applications) Communication (e.g. email) Content Management Finance & Administration Human Resources IT Management Marketing Productivity & Resources Supply & Logistics CRM/Sales Service & Support 6 5 100% 83%

5 4 3 2 5 2 2 2 2 2

83% 67% 50% 33% 83% 33% 33% 33% 33% 33%

People may select more than one checkbox, so percentages may add up to more than 100%. At present

52

Analytics Collaboration (e.g. office applications) Communication (e.g. email) Content Management Finance & Administration Human Resources IT Management Marketing Productivity & Resources Supply & Logistics CRM/Sales Service & Support

5 3 4 4 5 3 1 4 1 2 5 3

83% 50% 67% 67% 83% 50% 17% 67% 17% 33% 83% 50%

People may select more than one checkbox, so percentages may add up to more than 100%. Within the next 12 months Analytics Collaboration (e.g. office applications) Communication (e.g. email) Content Management Finance & Administration Human Resources IT Management Marketing Productivity & Resources Supply & Logistics CRM/Sales Service & Support 6 6 6 6 6 6 6 6 5 6 6 6 100% 100% 100% 100% 100% 100% 100% 100% 83% 100% 100% 100%

People may select more than one

53

checkbox, so percentages may add up to more than 100%. Q11). Have you used, or are planning to use in the near future IaaS services? Compute (server instances) (e.g. Amazon EC2) Storage (e.g. Amazon S3) Database (e.g. Amazon SimpleDB) 4 67%

5 3

83% 50%

People may select more than one checkbox, so percentages may add up to more than 100%. At present Compute (server instances) (e.g. Amazon EC2) Storage (e.g. Amazon S3) Database (e.g. Amazon SimpleDB) 2 33%

6 5

100% 83%

People may select more than one checkbox, so percentages may add up to more than 100%. Within the next 12 months Compute (server instances) (e.g. Amazon EC2) Storage (e.g. Amazon S3) Database (e.g. Amazon SimpleDB) 5 83%

6 5

100% 83%

People may select more than one checkbox, so percentages may add up to more than 100%. Q12). Which PaaS services do you use?

54

Force.com Microsoft Azure Google App Engine ZOHO Creator WorkXpress Wolf Frameworks

4 3 6 0 1 0

67% 50% 100% 0% 17% 0%

People may select more than one checkbox, so percentages may add up to more than 100%.

Other please specify

Q13). What were your main motivations for adopting Cloud Computing? Cost reduction (TCO) Improved ROI Improved support for business processes Better responsiveness to changing requirements Rapid implementation Improved scalability (elasticity) 6 6 6 100% 100% 100%

83%

5 4

83% 67%

People may select more than one checkbox, so percentages may add up to more than 100%. IaaS

55

Cost reduction (TCO) Improved ROI Improved support for business processes Better responsiveness to changing requirements Rapid implementation Improved scalability (elasticity)

5 5 4

100% 100% 80%

100%

5 4

100% 80%

People may select more than one checkbox, so percentages may add up to more than 100%. PaaS Cost reduction (TCO) Improved ROI Improved support for business processes Better responsiveness to changing requirements Rapid implementation Improved scalability (elasticity) 5 5 5 83% 83% 83%

100%

5 4

83% 67%

People may select more than one checkbox, so percentages may add up to more than 100%. Q14). How did you evaluate the suitability of Cloud Computing for your organization? Using our own research Based on a recommendation of service provider/system 5 6 83% 100%

56

integrator People may select more than one checkbox, so percentages may add up to more than 100%. Q15). What were your main concerns before deciding to adopt Cloud Computing? High Cost Security concerns Governance concerns Lack of control over resources Lack of availability of suitable services Concerns about service availability Network speed issues Dependence on external service provider Legal constraints 5 5 5 5 4 83% 83% 83% 83% 67%

83%

4 4

67% 67%

67%

People may select more than one checkbox, so percentages may add up to more than 100%. IaaS

57

High Cost Security concerns Governance concerns Lack of control over resources Lack of availability of suitable services Concerns about service availability Network speed issues Dependence on external service provider Legal constraints

5 5 4 4 5

83% 83% 67% 67% 83%

83%

5 4

83% 67%

83%

People may select more than one checkbox, so percentages may add up to more than 100%. PaaS High Cost Security concerns Governance concerns Lack of control over resources Lack of availability of suitable services Concerns about service availability Network speed issues Dependence on external service provider Legal constraints 5 5 5 4 5 83% 83% 83% 67% 83%

67%

5 5

83% 83%

100%

People may select more than one checkbox, so percentages may

58

add up to more than 100%. Q16). What are your main concerns now, i.e. after adopting Cloud Computing? High Cost Security concerns Governance concerns Lack of control over resources Lack of availability of suitable services Concerns about service availability Network speed issues Dependence on external service provider Legal constraints 5 5 5 4 4 83% 83% 83% 67% 67%

67%

5 6

83% 100%

67%

People may select more than one checkbox, so percentages may add up to more than 100%. IaaS High Cost Security concerns Governance concerns Lack of control over resources Lack of availability of suitable services Concerns about service availability Network speed issues Dependence on 4 3 3 4 2 67% 50% 50% 67% 33%

50%

4 6

67% 100%

59

external service provider Legal constraints 4 67%

People may select more than one checkbox, so percentages may add up to more than 100%. PaaS High Cost Security concerns Governance concerns Lack of control over resources Lack of availability of suitable services Concerns about service availability Network speed issues Dependence on external service provider Legal constraints 5 3 3 4 5 83% 50% 50% 67% 83%

33%

6 4

100% 67%

67%

People may select more than one checkbox, so percentages may add up to more than 100%. Q17). How would you characterize the result of the implementation of Cloud Computing in your organization? Not Applicable Total Failure Partial Failure Success, but limited benefits Success, benefits as expected 0 0 0 2 0% 0% 0% 33%

33%

60

Success, exceeded expectations IaaS Not Applicable Total Failure Partial Failure Success, but limited benefits Success, benefits as expected Success, exceeded expectations PaaS Not Applicable Total Failure Partial Failure Success, but limited benefits Success, benefits as expected Success, exceeded expectations

33%

0 0 0 2 2 2

0% 0% 0% 33% 33% 33%

0 0 0 1 4 1

0% 0% 0% 17% 67% 17%

61

22. CONCLUSION
     Companies have to pick and choose and be careful with what data they allow to be out there in a cloud. Cloud computing can be a useful resource to help companies save money but can also have downfalls. The average citizen doesn't want their personal information unprotected and available. As companies perfect their cloud computing services, I think that more companies will be open to using these services. This service will provide new inventive ways to use computers and provide services.

By eliminating the problems of traditional application development, cloud computing technology frees you to focus on developing business applications that deliver true value to your business (or your customers). The platform lets IT innovate while avoiding the costs and headaches associated with servers, individual software solutions, middleware or point-topoint connections, upgradesand the staff needed to manage it all. Cloud Computing Brings Possibilities.. y y y y y y y y y y Increases business responsiveness Accelerates creation of new services via rapid prototyping capabilities Reduces acquisition complexity via service oriented approach Uses IT resources efficiently via sharing and higher system utilization Reduces energy consumption Handles new and emerging workloads Scales to extreme workloads quickly and easily Simplifies IT management Platform for collaboration and innovation Cultivates skills for next generation workforce

62

The results states that the utility of the Cloud matches the need of the todays Business. Because of the dynamic changing environments, the workload can shrink or grow very fast which causes a problem for the enterprise to scale up or down immediately. Moreover the features that were used by the Technical giants and not affordable by small enterprises due to heavy pricing can now be made available to them. Cloud does not suit well to the Financial enterprise that have sensitive data and are not willing to disclose it to the third part vendors. Cloud computing is picking up and there are few early winners who adopted the technology. Companies that used to take 20 years to build up an infrastructure can now be done in merely weeks or months. The most dependable solutions from number of vendors are still in the early stage but will definitely pick up in very short time. May be the coming years will let us know whether Cloud computing is the one of the best emerging technologies of all times or just an over hyped phenomenon.

63

23. References
[1]. NIST Definition of Cloud Computing v15 [2]. www.infoworld.com/article/08/04/07/15FE-cloud-computing-reality_1.html [3]. www.wiki.cloudcommunity.org/wiki/CloudComputing:Bill_of_Rights [4]. www.davidchappell.com/CloudPlatforms--Chappell. PDF [5]. www.amazon.com [6]. www.thinkgos.com/cloud/index.html [7]. www.salesforce.com [8]. www.google.com [9]. Chip Computer Magazine, December 2008 - Feb 2009 Edition [10]. Larry Ellison, Wall Street Journal, September 26, 2008 [11]. Andy Isherwood, ZDnet News, December 11, 2008 [12]. Richard Stallman, The Guardian, September 29, 2008 [13]. Brad Jefferson CEO - Animoto 2009 [14]. Mark Benoiff CEO - www.Salesforce.com [15]. Vivek Kundra Federal CIO, United States Government [16]. Sys-Con Cloud Computing Journal [17]. www.wikipedia.com [18]. www.iitweb.bloomu.com [19]. www.devcentral.f5.com

64