Edition 1

Year of Publication: 2015

© Confidentiality & Proprietary Information

This is a confidential document prepared by iNurture. This document, or any portion thereof,
should not be made available to any persons other than the authorised and designated staff of the
company/institution/ Vendor to which it has been submitted.

No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the
prior written permission of iNurture.
 How to use the Self Learning Material
The pedagogy imbibed to design this course is to enable you to assimilate the concepts and
processes with ease.

The course is divided into FIVE MODULES. Each module is categorically divided into TWO
CHAPTERS. Each chapter consists of the following elements:

CHAPTER:

1. Table of Contents: Every chapter consists of a well-defined table of content.

For e.g.: “1.1.8.(i)” should be read as “Module 1. Chapter 1. Topic 8. (Sub-topic i)” and
1.2.8. (ii) should be read as “ Module 1.Chapter 2. Topic 8. (Sub-topic ii)

2. Aim: ‘Aim’ refers to the overall goal to be achieved through the chapter.

3. Learning Objectives: ‘Learning Objectives’ defines what the chapter intends to

deliver.

4. Learning Outcome: ‘Learning Outcome’ refers to what you will be able to

accomplish by going through the chapter.

5. Advantages: ‘Advantages’ denotes the positive aspects of that particular method,

theory or practice.

6. Disadvantages: ‘Disadvantages’ denotes the drawback of the particular method,

theory or practice.

7. Summary: ‘Summary’ is the nutshell of the entire chapter in the form of points.

8. Self-assessment: ‘Self-assessment’ contains a set of multiple-choice questions

enabling you to check your knowledge upon completion.

9. References: ‘References’ is a list of online resources which have been used while
designing the chapter.

10. External Resources: ‘External Resources’ is a list of scholarly books for additional
source of knowledge.

11. Video Links: The ‘Video Links’ table will help you to understand how these
concepts are discussed in detail by the industry today.

i
 Introduction to Cloud Technology

Course Description

Cloud Technologies are emerging since last decade and are considered to be one of the hot areas
of interest for organisations. Lot of research work has been going on every single day and many
new applications are designed, developed and launched at periodic intervals. Emergence of cloud
technologies is disruptive across multiple sectors like Information Technology, Manufacturing,
Healthcare, Engineering, Information Architecture, Education, Data Management, Sales and
Business Development.

This course is designed specifically to expose the students to various concepts of Cloud computing,
different methodologies, services architectures, governance, principles and applications. The
topics covered will provide a brief overview of technical aspects along with business and
commercial perspectives. Relevant examples and case studies of popular cloud based applications
existing in the market are provided as per requirements.

Overall, iNurture’s “Introduction to Cloud Technology” course is designed to serve as a stepping

stone for you to build a career in Cloud Computing.

The INTRODUCTION TO CLOUD TECHNOLOGY COURSE contains FIVE MODULES

with TWO CHAPTERS in each module:

 Module 1: Cloud Computing Fundamentals – introduces the students to the basic concepts
and delivery models.
Chapter 1: Cloud Computing Concepts
Chapter 2: Cloud Computing Delivery Models

 Module 2: Cloud Computing Risks – discusses about migration to the cloud and risk
management in cloud computing.
Chapter 1: Migrating to Cloud
Chapter 2: Risk Management in Cloud Computing

 Module 3: Cloud Management – exposes students to assess the cloud, various service
providers and selecting the right cloud service provider to suit the needs of the business.
Chapter 1: Assessing the Cloud
Chapter 2: Selecting Cloud Provider

ii
• Module 4: Cloud Computing Controls – to equip students about Cloud Governance and
Legal issues in cloud computing.
Chapter 1: Governance in Cloud
Chapter 2: Legal Issues in Cloud Computing

• Module 5: Cloud Computing Considerations – talks about best and worst practices while
migrating to the cloud along with career options in cloud technologies.
Chapter 1: Cloud Practices

iii
 Introduction to Cloud Technology

Page No.

Module 1 Cloud Computing Fundamentals

Chapter 1.1 Cloud Computing Concepts 1

Chapter 1.2 Cloud Computing Delivery Models 21

Module 2 Cloud Computing Risks

Chapter 2.1 Migrating to Cloud 44

Chapter 2.2 Risk Management in Cloud Computing 66

Module 3 Cloud Management

Chapter 3.1 Assessing the Cloud 81

Chapter 3.2 Selecting Cloud Provider 102

Module 4 Cloud Computing Controls

Chapter 4.1 Governance in Cloud 118

Chapter 4.2 Legal Issues in Cloud Computing 139

Module 5 Cloud Computing Considerations

Chapter 5.1 Cloud Practices 156

iv
 Module 1

Cloud Computing Fundamentals

Chapter 1.1 : Cloud Computing Concepts

Chapter 1.2 : Cloud Computing Delivery Models

 Table of Contents

Chapter 1.1

Cloud Computing Concepts

Page No.
Aim 1
Learning Objectives 1
Learning Outcome 1
1.1.1 Introduction 2
1.1.2 Introduction to Cloud Computing 2
1.1.3 History and Evolution of Cloud Computing 4
1.1.3.(i) History of Cloud Computing 4
1.1.3.(ii) Evolution of Cloud Computing 6
1.1.4 Types of Cloud Computing 6
1.1.4.(i) Private Cloud 6
1.1.4.(ii) Public Cloud 7
1.1.4.(iii) Community Cloud 7
1.1.4.(iv) Hybrid Cloud 8
1.1.5 Cloud Computing Architecture 8
1.1.5.(i) Front End 9
1.1.5.(ii) Middleware 10
1.1.5.(iii) Back End 10
1.1.6 Basics of Cloud Infrastructure 10
1.1.6.(i) Brief about Amazon Web Services 11
1.1.6.(ii) Brief about Microsoft Azure and BizSpark 12
1.1.6.(iii) Brief about Google Cloud Platform 12
1.1.6.(iv) Brief about IBM Cloud, SAP SANA and Oracle Cloud 13
 Page No.
1.1.7 Merits and Applications of Cloud Computing 14
1.1.8 Common Applications in the Cloud 14
Summary 16
SAQs 17
Bibliography 19
References 19
External Resources 20
Video Links 20

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Fundamentals Cloud Computing Concepts

Aim

To study the fundamental concepts of Cloud Computing

Learning Objectives

The objectives of this chapter are to:

• Explain cloud computing

• Explain the history and evolution of cloud computing
• Classify the types of cloud computing
• Describe the concept of cloud computing architecture and infrastructure
• List the major benefits of cloud computing

Learning Outcome

On completion of this chapter you should be able to:

• Describe the components of cloud computing model

• Summarise the growth of cloud computing
• Identify the types of cloud computing
• Demonstrate how cloud computing works
• Identify the benefits of Cloud Computing

Introduction to Cloud Technology 1

Cloud Computing Fundamentals Cloud Computing Concepts

1.1.1. Introduction

Cloud computing is the storing, processing and management of applications, data and programs
using the Internet - and not through the hard drive of a personal computer. With cloud computing
organisations can store large amount of data efficiently and access them with great ease. The pay-
as-you-go cloud model allows enterprises, both big and small to enjoy enhanced cost savings and
better agility. This chapter will introduce you to the fundamental concepts of cloud computing.

1.1.2. Introduction to Cloud Computing

The National Institute of Standards and Technology (NIST) defines cloud computing as
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to
a shared pool of configurable computing resources (e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned and released with minimal management effort or
service provider interaction.”

Fig. 1.1.1: Cloud Computing

Figure 1.1.1 shows the pictorial representation of Cloud Computing in detail. Critical data that
takes different forms such as emails, text document, videos, chats and presentations are stored,
accessed and processed as needed by the cloud user - which is a set of software and hardware
devices (servers and storage) commissioned in a data centre either in a single or multiple
location(s).

Introduction to Cloud Technology 2

Cloud Computing Fundamentals Cloud Computing Concepts

According to NIST, the cloud computing model is composed of five essential characteristics, three
service models, and four types of cloud (deployment models). They are as follows:

Five Essential Characteristics of Cloud computing:

1. On-demand self-service: Cloud computing empowers the consumer to unilaterally

provision computing capabilities like server time and network storage with no need for
human interaction with individual service providers.

2. Broad network access: In cloud computing, the Internet allows any thin or thick client
such as laptops or mobile phones to access capabilities through standard mechanisms.

3. Resource pooling: In the cloud environment the provider’s computing resources are
pooled to serve multiple consumers through the multi-tenant model, with different
resources being assigned and reassigned in a real-time basis according to consumer
demand. The user loses control over the location of the data but may be able to specify a
higher level of abstraction.

4. Rapid elasticity: Capabilities can be both elastically and automatically provisioned and
released, to scale rapidly with demand. To the consumer, the capabilities available for
provisioning often appear to be unlimited and can be appropriated in any quantity at any
time.

5. Measured service: Cloud systems automatically monitor, control, optimise and report
resource usage thus providing transparency for both the provider and consumer of the
utilised service

Three Service Models of Cloud computing:

• Software as a Service (SaaS): The ability to access the provider’s applications running in
the cloud environment is referred SaaS. Devices such as smart phones, laptops, desktops,
and tablets can be used to access the applications through a web browser or a program
interface. The cloud user however cannot access or manage the cloud infrastructure that
hosts the applications. This includes the servers, storage devices, network and individual
application components.

• Platform as a Service (PaaS): PaaS refers to provisioning a developer’s platform who

writes custom application using the hardware, operating system (OS), database and
middleware. The PaaS model, users do not have any control over the cloud infrastructure

Introduction to Cloud Technology 3

Cloud Computing Fundamentals Cloud Computing Concepts

just like the SaaS model. However they have the ability to monitor and manage the
applications that they have deployed and respective configuration settings for the
application-hosting environment.

• Infrastructure as a Service (IaaS): The user is allowed to provision processing, storage,

networks and other fundamental computing resources where the consumer is able to deploy
and run operating systems and other applications. Though the cloud user can establish
complete control over operating systems, storage and deployed applications, the underlying
cloud infrastructure remains unperturbed.

More details about the three service models of cloud computing is discussed in Chapter 1.2.

Four Types of Cloud (Deployment Models):

NIST classifies the cloud into four different types. They are:

i. Private Cloud
ii. Public Cloud
iii. Hybrid Cloud
iv. Community Cloud

These are discussed in detail later in this chapter.

Did you know?

National Institute of Standards and Technology (NIST) is the global authority to develop
standards and guidelines related to the Cloud. Explore more details about cloud computing
by NIST here ::

http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

1.1.3. History and Evolution of Cloud Computing

1.1.3.(i). History of Cloud Computing

One of the most intriguing questions asked about cloud computing is “When and where was the
first premise of cloud computing witnessed?”
The very first step towards cloud computing was witnessed as early as the 1950’s and with time
this technology has grown into one of the most powerful tools for conducting business efficiently.

Introduction to Cloud Technology 4

Cloud Computing Fundamentals Cloud Computing Concepts

The below section explains the growth of cloud computing over the last 50 years.

1950-1960:

The concept of time-sharing was introduced to allow multiple users to gain shared access to data
and CPU time. This was done to lower the cost of maintenance of large-sized computers.

1960-1970:

ARPANET (Advanced Research Projects Agency Network), the basis of Internet was introduced.
The basis of staying connected and accessing data from any location was established.

1970-1980:

IBM introduced the Virtual Machine OS and this enabled users to have multiple virtual machines
on a single physical node.

1980-1990:

The time period between 1980 and 1990 witnessed the emergence of Internet Service Providers
and Application Service Providers, which broke the realm of desktops and single user server to
deliver hosted applications services. Another important trend during this period was the realisation
of efficiency through multi-tenant environments.

1990-2000:

The Internet became more prevalent and virtualised connections for PC-based systems grew to
correct network traffic and bandwidth usage. Grid computing gained popularity along with object-
oriented programming and web services. Grids were formed by a network of loosely coupled
computers along with communication channels to perform complex tasks. Grid computing is said
to be one of the early avatars of cloud computing.

After 2000:

The 21st century witnessed tremendous growth of the cloud as more and more corporate solutions
and services from players like IBM and Oracle inundated the market.

Introduction to Cloud Technology 5

Cloud Computing Fundamentals Cloud Computing Concepts

1.1.3.(ii). Evolution of Cloud Computing

Cloud computing as compared to any technology is an ever-evolving model, with improved

capabilities being announced regularly. If you look closely, it is a logical evolution of computing
itself, where we started from mainframe computers in early 1960’s and progressed to
minicomputers, personal computers, mobile devices, and now cloud computing. A major trend that
caused a strong shift towards cloud computing was the emergence of grid computing. In grid
computing, the aim was to move a workload to the location of the needed computing resources. In
other words, a grid acts like a single virtual server. A decade after this, the concept of virtualisation
began to be considered beyond servers to storage, platforms as well as applications.

The concept of virtualisation emerged during 1990’s. Virtualisation is the concept of creating
logical computing resources (such as multiple servers) with limited physical resources (from a
single physical server hardware available). It was then slowly expanded to virtual platforms that
included storage and network resources. These virtual applications did not have any dedicated
hardware or infrastructure support. Then came utility computing that offered clustered virtual
platforms for handling complex tasks and business applications with a metered business model. In
the last decade, this evolved into Software-as-a-Service (SaaS) which tremendously improvised
the concept of virtualisation. In SaaS, the business model of charging is not by the resources that
are consumed but by the value of the application to subscribers. Cloud computing thus evolved as
a result of various trends (like grid, utility and SaaS) put together and it emerged as the ability to
access computing resources and applications from anywhere and at any time.

1.1.4. Types of Cloud Computing

1.1.4.(i). Private Cloud

Provisioning of infrastructure for controlled access by a single organisation (or) providing

controlled access to restricted data and information for few organisations in a closed network
format is referred to as private cloud. All business units within the organisation can access the
cloud without having to build their own infrastructure.

An organisation can choose to manage the cloud by itself or take the services of a third party. The
third party cloud service provider may host the private cloud within the premises of the
organisation or in its data centre. Private cloud deployment is best suited for enterprises looking at
a higher level of control and regulatory measures.

The most significant advantage of private cloud is that it offers better and direct control over
sensitive data as well as the hardware used. It also enables building the infrastructure with the most

Introduction to Cloud Technology 6

Cloud Computing Fundamentals Cloud Computing Concepts

reasonably new hardware components. Other significant advantages of a private cloud are easy
moving of data into cloud due to better proximity and enhanced security levels.

1.1.4.(ii). Public Cloud

This utility model of cloud computing provides easy access to a shared infrastructure, storage as
well as other computing resources. These shared resources are hosted in a remote data centre and
multiple clients can gain access to them using the Internet. Scalability and cost-effectiveness are
the major advantages of a public cloud.

Table no. 1.1.1: Comparison between Private and Public Cloud

Public Cloud Private Cloud

The private cloud infrastructure is controlled by a
Shared resources open for access to all
single entity
The hardware and virtualisation layers are
The hardware and virtualisation layers are
reserved by vendor and shared between
reserved by client only
clients.
May or may not be connected to the internet
Always connected to the public Internet

Upfront investment required as infrastructure

No upfront investment
Operational costs are a part of the usage-
based pricing
Not very secure as data exchange happens
outside the corporate firewall
No Control over location of data
Creates the illusion of infinite elastic
resources
must be provisioned
Enterprise managing the private cloud
environment maintains all on-going costs
Very safe and recommended for sensitive
applications.
Better control over the location of data
Offers elastic, finite resources

1.1.4.(iii). Community Cloud

A community cloud is a type of cloud primarily used by a closed group of people or organisations.
It is a collaborative effort and the hardware infrastructure is mutually shared by two or more
organisations from a specific community. It could either be managed or hosted internally within
an organisation in the community or by a third-party cloud service provider. The infrastructure
costs are shared among the community members based on mutual agreements. Popular example

Introduction to Cloud Technology 7

Cloud Computing Fundamentals Cloud Computing Concepts

would be the Virginia Community College System that has implemented a community cloud to
provide educational, informational and administrative services to 23 colleges from around 40
campuses.

1.1.4.(iv). Hybrid Cloud

Like the name implies, a cloud that is the combination of two or more clouds (public cloud, private
cloud or community cloud) is called as hybrid cloud. In a hybrid cloud environment, workloads
can be moved between private and the public clouds based on changing computing needs and
costs. This allows enhanced flexibility and more options when it comes to data deployment. For
instance, consider an organisation dealing with a large amount of personal data and wants to move
some of its workload to the cloud. In this case, the organisation can use its private cloud to host
workloads dealing with sensitive information and the public cloud service for all non-critical
applications.

Fig. 1.1.2: Types of Cloud

1.1.5. Cloud Computing Architecture

Cloud computing architecture refers to all components and sub-components that together form the
structure of the cloud computing system. This architecture as shown in Figure 1.1.3 can be divided
into three parts for better understanding – front end, back end and middleware. Each part of the
cloud architecture has its own set of functionalities and protocols that work together to deliver on-
demand services to user-facing hardware as well as software. In general, the architecture is evolved
out of large distributed network applications over the last two decades. Hence it supports any
system where resources can be pooled and partitioned as required.

The general cloud architecture is capable of running multiple software applications running on
multiple virtual hardware in multiple locations to efficiently render on-demand services to the
users. The users could be using these software applications from their desktop or laptop or mobile

Introduction to Cloud Technology 8

Cloud Computing Fundamentals Cloud Computing Concepts

or tablets. Usually, whatever the user is looking at – through the browser (or) mobile app – is the
front end. This is also called as Service Value net – as a single front end can be available across
devices having multiple screen resolutions (like desktop having large screen size, mobile having
small screen size and tablets having medium screen size). This front end is connected with the
middleware (or) the logical layer which runs all the business services and IT service code. This
middleware is responsible for all the encryptions and information processing using the backend.
The backend in short, is usually the infrastructure layer containing physical (or) virtual servers.
More details about these three layers is provided in further sections.

This architecture can be commissioned within an organisation by assembling required hardware

and software components (or) can be provided by a third party. The communication between
layers in the architecture happens through standard internet protocols.

1.1.5.(i). Front End

The front end of the cloud architecture refers to the client side of the system. It includes the
network, applications or programs that are used to access the cloud. For instance, while accessing
a web-based email application, the web browser acts as the front end.

Fig. 1.1.3: Cloud Architecture

Introduction to Cloud Technology 9

Cloud Computing Fundamentals Cloud Computing Concepts

1.1.5.(ii). Middleware

For the smooth communication between the front and the back end of the cloud computing
architecture, certain protocols must be followed. The part of the system that connects the
networked computers and facilitates the proper functioning between the front and the back end is
called the middleware. It is the special software used by the central server to administer the system.

1.1.5.(iii). Back End

The back end of the cloud architecture refers to the hardware section which includes the servers,
deployment models, security mechanisms, storage and the computing systems. Based on the
requirements, a specific hardware configuration is setup initially to get the organisation into the
cloud. As the requirements increase, additional servers and storage modules are deployed from
time to time.

Did you know?

Some of the common web applications you access on an everyday basis such as email,
Facebook, ebay or Dropbox are manifestations of cloud computing where the data is not
stored on one individual computer but can be accessed using the Internet from anywhere and
at any time

1.1.6. Basics of Cloud Infrastructure

As discussed earlier, the cloud architecture is made of three parts, the front end, the back end and
the middleware. The cloud infrastructure refers to the back end components of the cloud
architecture such as servers, storage devices, networking elements and virtualisation software.
Thus cloud infrastructure is a mix of both hardware and software components. It is an essential
part of all three cloud-computing models.

Business organisations use the cloud infrastructure to host their applications. To use the cloud
infrastructure of the service provider, clients make use of various models like pay-as-you-go
model in which they pay for only the services used by them. This is a very cost-efficient means of
using the required infrastructure and can be done in an hourly, weekly or monthly basis.

Most cloud service providers who are into Infrastructure services rely on virtual machine
technology (or Virtualisation) to deliver servers and run client applications. Virtual servers act
really well like physical servers delivering a certain number of microprocessor (CPU) cycles,

Introduction to Cloud Technology 10

Cloud Computing Fundamentals Cloud Computing Concepts

memory access and network bandwidth to customers. These virtual servers are containers having
specific physical resources (or) a specific capacity of a large physical hardware. The concept of
virtual servers enabled the application developers to have a new perspective towards application
programming. Consider an example of a programmer creating software that requires several
different tasks to be performed in parallel. He needs to write the complete code to execute all the
tasks and in addition, he would go ahead and create a separate module to handle different threads
of execution (or) connect and automate all the different tasks. The developer can create and attach
an application that uses a cloud service to the appropriate service and allow the application itself
to scale the program execution. Therefore, an application that might take long time for a single
server to accomplish can be scaled in the cloud to many servers at once for a short period of time
to accomplish the task at faster rate at similar or lower price.

Did You Know?

Virtual Machine makes one computer act like many computers

https://www.linkedin.com/pulse/what-virtual-machine-technology-jim-simpson

Post 2010, some readymade code pieces (or) libraries have been made available by Infrastructure
service providers that helps application programmers to connect them with their application and
execute required additional tasks without spending much time in re-coding every time.

Now that we have discussed in brief about cloud infrastructure, let us now look at few leading
players in the market.

1.1.6.(i). Brief about Amazon Web Services

Amazon Web Services (AWS) offers reliable and extensive cloud application and infrastructure
services for all types of organisations, with over 10 years of experience in supporting enterprises
with affordable cloud services, AWS cloud has grown into a leader in cloud storage and
management of various critical business processes.

Key things to know about AWS:

• AWS is the pioneer in the cloud computing race and managed to retain its top position
through the years.
• Recent price cuts have allured more start-ups as well as government agencies towards the
AWS cloud.

Introduction to Cloud Technology 11

Cloud Computing Fundamentals Cloud Computing Concepts

• Amazon offers three types of computing instances: on-demand, reserved and spot. All three
options come with different pricing structures.
• Amazon’s cloud offering for Big data analytics is called Amazon Elastic Map Reduce.

1.1.6.(ii). Brief about Microsoft Azure and BizSpark

Microsoft is yet another strong contender in the cloud technology space. It offers a unified set of
tools, automation capabilities and innovative approaches to networking and storage. Microsoft the
industry’s best hybrid cloud solutions while keeping the compliance and security costs to the
minimum.

Microsoft Azure

The enterprise-grade cloud computing platform from Microsoft is called Azure and it supports a
wide selection of tools, languages, frameworks, databases and devices. Statistics reveals that 57%
of the Fortune 500 companies from various industry sectors entrust their data and applications with
Azure. The easy-to-implement and low cost hybrid cloud solution offered by Microsoft Azure is a
good fit for organisations of all types and sizes.

Microsoft BizSpark

Start-ups that are looking to leverage the power of cloud must turn to Microsoft for its BizSpark
program. This three-year program includes tailor-made cloud solutions for the newbies in the
block.

Activity

More than 100,000 start-ups have benefitted by joining Microsoft BizSpark

Want to know their story? Visit
https://www.microsoft.com/bizspark/startupstories/default.aspxhttps://www.micros
oft.com/bizspark/startupstories/default.aspx

1.1.6.(iii). Brief about Google Cloud Platform

The Google Cloud Platform allows users to build applications and store data on Google’s highly
reliable and scalable infrastructure. The innovation power of Google is world renowned and by
leveraging its cloud platform, developers can gain quicker access to its technological innovations.

Introduction to Cloud Technology 12

Cloud Computing Fundamentals Cloud Computing Concepts

Key things to know about Google Cloud Platform:

• Google’s network can be defined by its thousands of miles of fibre optic cables connected
through cutting-edge Andromeda networking. The consistency and speed of such a
network is unparalleled.

• Data is 100% secure through backup storage across multiple locations.

• The per-minute billing system allows users to handle traffic spikes with the most cost-
effective solutions.

• The Big Query and Google Cloud Dataflow tools offer full support to big data solutions.

The fact that Google Cloud Platform works on the same infrastructure that supports the mammoth
tasks of Google itself is indeed the greatest advantage. Users can be assured of high availability,
lesser costs and low latency.

1.1.6.(iv). Brief about IBM Cloud, SAP SANA and Oracle Cloud

IBM Cloud

Cloud services from IBM are designed for medium and large sized enterprises that offer high-
traffic and high demand solutions. IBM is quickly catching up with its competitors through
offering a number of new products over the hybrid cloud at a reasonable pricing.

SAP HANA

SAP HANA is the in-memory RDBMS from SAP which is offered on a cloud platform that support
unique business applications. The product support enterprise mobility, analytics and collaboration
in a rich cloud environment. It can be used to build, extend and manage cloud applications for both
SAP and non-SAP solutions.

Oracle Cloud

Oracle is yet another cloud solutions provider joining the bandwagon with an exclusive portfolio
of services for the IT development and infrastructure needs. The two major areas of focus while
deploying cloud solutions from Oracle are- Innovation and Transformation. Oracle promises
seamless integration of the cloud into the exiting processes to transform them into sources of
business efficiency and to open up several opportunities to drive innovation.

Introduction to Cloud Technology 13

Cloud Computing Fundamentals Cloud Computing Concepts

1.1.7. Merits and Applications of Cloud Computing

Cloud computing is rapidly becoming a significant part of the overall IT strategy and more and
more organisations are dedicating a substantial part of their IT budget towards this trend. Cloud
computing is here to stay and deliver the following benefits.

• Mobilising the workforce: Cloud computing allows device-agnostic access to data and
from any location. It breaks all kinds of barriers and helps employees to stay connected on
the move.

• Increased cost control: Cloud computing saves a lot of money by eliminating the need for
upfront investment in infrastructure and software. The pay-as-you go model brings down
operational costs and allows higher efficiency.

• Enhanced productivity: Cloud allows flexible provisioning of resources with the least
impact on internal operations. Personnel tend to focus better and highly productive results
can be obtained.

• Reduced impact on the environment: With fewer data centers and shared resources,
enterprises moving to the cloud earn the eco-friendly credentials easily.

• Better agility: While embracing cloud technology, organisations can scale their resources
up and down, avail automatic software updates; expand exponentially with zero upfront
investment and without having to deal with miles of wires and heap loads of servers.

Activity:

Every technology has a downside to it. Is cloud computing an exception?

Yes/No? Give 3 Reasons to justify.

1.1.8. Common Applications in the Cloud

The last section provided a clear outline on the various business benefits of cloud computing.
However, there exists certain data security and privacy issues while hosting applications on the
cloud. Organisations are widely experimenting with different parts of the business that can yield
favourable results without falling victim to these concerns.

Introduction to Cloud Technology 14

Cloud Computing Fundamentals Cloud Computing Concepts

The most suitable and common applications that can be hosted in the cloud are:

• Development and Testing

• Big Data Analysis
• Websites and CRMs
• Storage and Backup
• Disaster Recovery

Introduction to Cloud Technology 15

Cloud Computing Fundamentals Cloud Computing Concepts

Summary:
• Cloud computing refers to the delivery of computing resources and storage through the
internet on a pay-as-you-go basis.

• The first premise of cloud computing was witnessed in the early 50’s when CPU time was
shared among multiple users to cut down costs.

• Through the years cloud computing technology has grown steadily and today more than
80% of the organisations are planning their move to the cloud.

• There are four types of cloud delivery models, private, public, hybridand community cloud.

• Provisioning of infrastructure for controlled access by a single organisation (or) providing

controlled access to restricted data and information for few organisations in a closed
network format is referred to as private cloud.

• When the cloud resources are owned and managed by a third party and can be accessed by
all authorised users via the internet, it is called a public cloud.

• The solution that combines the best of both private and public cloud is called hybrid cloud.

• A community cloud is a type of cloud primarily used by a closed group of people or

organisations. It is a collaborative effort and the hardware infrastructure is mutually shared
by two or more organisations from a specific community.

• The cloud architecture is made of three components, front end, middleware and back end.

• Some of the most significant cloud service providers in the market today are AWS, IBM,
Oracle, Microsoft and Google.

• Cloud computing has been widely adopt by organisations as it renders a number of benefits
such as cost efficiency, enhanced productivity and flexibility for the business.

• There arises a concern of data security and privacy while engaging with the cloud
extensively. However reliable cloud partners and robust SLAs can be take care of these
issues.

Introduction to Cloud Technology 16

Cloud Computing Fundamentals Cloud Computing Concepts

Self-Assessment Questions:

1) When the resources in the cloud are owned and managed by a third party it is called a
_____________delivery model
(a) Private (b) Public (c) Hybrid (d) Community

2) The special software that governs the communication between the front and back end of
the cloud architecture is called
(a) Protocol (b) Middleware (c) Client server (d) Server

3) Which one of the following is not an advantage offered by cloud computing?

(a) Cost efficiency (b) Mobile Workforce
(c) Increased revenue (d) Security of data

4) Microsoft offers a special program for start-ups looking to leverage the benefits of the
cloud. This program is called___________
(a) Microsoft Azure (b) Microsoft BizSpark
(c) AWS (d) Microsoft start-up program

5) Any web based email system is a form of_____________

(a) SAP HANA (b) Azure
(c) Cloud computing (d) Middleware

6) One common concern that arises while adopting the cloud is_____________
(a) Security of data (b) Lazy workforce
(c) Capital investment (d) Lack of expertise

Answers:

Q. No. 1 2 3 4 5 6

Ans (b) (b) (d) (b) (c) (a)

Introduction to Cloud Technology 17

Cloud Computing Fundamentals Cloud Computing Concepts

Activity
Activity Type: Online Time: 30 minutes

List few cloud providers. Select any one of the provider and prepare a presentation of 10
slides to give an overview of cloud computing with respect to that provider. For example,
Amazon Web Services (AWS).

Introduction to Cloud Technology 18

Cloud Computing Fundamentals Cloud Computing Concepts

Bibliography

References

• 24/7 Wall Street. The $270 Billon Cloud Computing Market. Retrieved on October 21,
2015, from http://247wallst.com/technology-3/2015/03/07/the-270-billon-cloud-
computing-market/
• Amazon Web Services. Overview of Amazon Web Services. Retrieved on October 21,
2015, from https://d36cz9buwru1tt.cloudfront.net/AWS_Overview.pdf
• Appcore. Types of Cloud Computing: Private, Public and Hybrid Clouds. Retrieved on
November 17, 2015, from http://www.appcore.com/types-cloud-computing-private-
public-hybrid-clouds/
• Cloud Academy Blog. Cloud Computing Architecture: an Overview. Retrieved on
October 21, 2015, from http://cloudacademy.com/blog/cloud-computing-architecture-an-
overview/
• Cloud Tweaks. Enterprise Cloud Adoption. Retrieved on October 21, 2015, from
http://cloudtweaks.com/2012/09/cloud-infographic-enterprise-cloud-adoption/
• CloudFlare. CloudFlare and Google Cloud Platform. The best of both worlds. Retrieved
on October 21, 2015, from https://www.cloudflare.com/google
• Forbes. IBM Cloud Services Part I. Retrieved on October 21, 2015, from
http://www.forbes.com/sites/greatspeculations/2015/03/06/ibm-cloud-services-part-i/
• Gigaom. 5 things you should know about Google’s cloud platform. Retrieved on October
21, 2015, from https://gigaom.com/2013/08/24/5-things-google-wants-you-to-know-
about-its-cloud-platform/
• IBM Cloud. Why IBM Cloud? Retrieved October 21, 2015, from
http://www.ibm.com/cloud-computing/#infrastructure
• Learn Telecom. Cloud Computing. Retrieved on October 21, 2015, from
http://learntelecom.com/cloud-computing/
• Onyx. The History of the Cloud. Retrieved on October 21, 2015, from
https://onyx.net/history-of-the-cloud
• Rightscale. Cloud Computing Trends: 2015 State of the Cloud Survey. Retrieved on
October 21, 2015, from http://www.rightscale.com/blog/cloud-industry-insights/cloud-
computing-trends-2015-state-cloud-survey
• SAP Store. SAP HANA Cloud Platform. Retrieved on October 21, 2015 from
https://www.sapstore.com/solutions/99000/SAP-HANA-Cloud-Platform,-starter-edition
• Sky High Networks. 11 Advantages of Cloud Computing and How Your Business Can
Benefit From Them. Retrieved on October 21, 2015, from
https://www.skyhighnetworks.com/cloud-security-blog/11-advantages-of-cloud-
computing-and-how-your-business-can-benefit-from-them/

Introduction to Cloud Technology 19

Cloud Computing Fundamentals Cloud Computing Concepts

• Sky High Networks. The 20 Totally Most Popular Cloud Services in Today’s Enterprise.
Retrieved on October 21, 2015, from https://www.skyhighnetworks.com/cloud-security-
blog/the-20-totally-most-popular-cloud-services-in-todays-enterprise/

External Resources

• Bond, J (2015). The Enterprise Cloud: Best Practices for Transforming Legacy IT.
Canada: O’Reilly
• Buyya. R&Broberg,J. ( 2010). Cloud Computing: Principles and Paradigms. USA: John
Wiley & Sons
• Sosinsky, B. (2010). Cloud Computing Bible. USA: John Wiley & Sons

Video Links

Topic Link

Introduction https://www.youtube.com/watch?v=tAUuY0Yld0E

History and Evolution of Cloud

https://www.youtube.com/watch?v=e3UMvBP2RRo
Computing

How does cloud computing work? https://www.youtube.com/watch?v=TTNgV0O_oTg

Types of cloud computing https://www.youtube.com/watch?v=Qk5y--YQnOw

Cloud Computing Architecture https://www.youtube.com/watch?v=ecrZL3yBMsE

Microsoft BizSpark https://www.youtube.com/watch?v=zI5ZbGAJLNk

Case Study: SAP HANA and Siemens https://www.youtube.com/watch?v=vi4_jZjNdlY

Introduction to Cloud Technology 20

 Table of Contents

Chapter 1.2

Cloud Computing Delivery Models

Page No.

Aim 21

Learning Objectives 21

Learning Outcome 21

1.2.1 Introduction 22

1.2.2 Cloud Computing Delivery Models 23

1.2.3 Attributes of Cloud Computing 23

1.2.3.(i) Virtualisation 23

1.2.3.(ii) Multi-tenancy 23

1.2.3.(iii) Network Access 24

1.2.3.(iv) Scalability 24

1.2.3.(v) Metering / Chargeback 24

1.2.4 Software as a Service (SaaS) 24

1.2.5 Platform as a Service (PaaS) 27

1.2.6 Infrastructure as a Service (IaaS) 30

1.2.7 Comparison of Different Services 30

1.2.8 Combining Different Services 33

1.2.9 Obstacles for Cloud Technology 33

1.2.10 Cloud Vulnerabilities 34

 Page No.

1.2.11 Cloud Challenges 35

1.2.12 Practical Applications of Cloud Computing 36

1.2.13 Case Studies 36

1.2.13.(i) WhatsApp (hosted on IBM Softlayer) 36

1.2.13.(ii) ICICI Lombard (hosted on Microsoft Azure) 37

1.2.13.(iii) Expedia (hosted on Amazon) 38

Summary 39

SAQs 40

Bibliography 42

References 42

External Resources 43

Video Links 43
Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Fundamentals Cloud Computing Delivery Models

Aim

To equip the students with the basic understanding of various cloud delivery models

Learning Objectives

The objectives of this chapter are to:

• Explain the types of cloud computing delivery models

• Describe the importance of cloud computing services
• Outline the challenges in cloud computing
• List the practical applications of cloud computing

Learning Outcome

On completion of this chapter you should be able to:

• Define various cloud computing delivery models

• Identify common cloud computing services
• Illustrate how to overcome challenges in cloud computing
• Enlist favorable situations where cloud computing can be practically implemented

Introduction to Cloud Technology 21

Cloud Computing Fundamentals Cloud Computing Delivery Models

1.2.1. Introduction

Cloud computing services adoption by the firms are growing rapidly. One of the reasons for its
growth is that its architecture stresses the benefits of shared services over isolated products. When
organisations use shared services, they can only focus on the primary business drivers and
Information Technology department will reduce the gap between the available computing capacity
and required systems demand.

Cloud Computing is a broad term that describes a broad range of services. Perhaps, that’s the
reason there is no singular, one-size-fits all definition for this term. Instead, depending on what
services one is describing or who you are talking to, the moniker term ‘cloud’ is often described
as a stack, as a response to the broad range of services built on top of one another.

Now, since there is no simple definition for the term as a whole, the various cloud service providers
have been left to come up with an accurate and descriptive method of describing their service
offerings. In this chapter you will learn about the broad range of delivery models that can be
broadly classified into three services:

i. Software as a Service (SaaS)

ii. Platform as a Service (PaaS)
iii. Infrastructure as a Service (IaaS)

Fig. 1.2.1: Cloud Computing Stack

Introduction to Cloud Technology 22

Cloud Computing Fundamentals Cloud Computing Delivery Models

1.2.2. Cloud Computing Delivery Models

Cloud computing services for application and infrastructure needs are widely being adopted by big
and small organisations. In contrast to the traditional IT setupwhere a huge capital investment was
required for the purchase of software and hardware, cloud computing services enables
organisations to align costs to actual usage. They make businesses highly agile, operationally
efficient and remarkably flexible.

Cloud computing services range from satisfying a single functional need of an organisation to
delivering the entire data center through networks. With cloud computing, innovation is
accelerated and the opportunity to focus entirely on the core business operations are enhanced.

1.2.3. Attributes of Cloud Computing

When a company decides to move its one or more IT services to the cloud, it incurs many benefits,
including lower capital costs, potentially lower operating costs, better support for mobile and
remote personnel, and IT flexibility. However, not all cloud service providers operate equallyand
we need to look for certain attributes when evaluating before migrating IT services to the cloud.

1.2.3.(i). Virtualisation

Virtualisation forms the core of cloud technology. It refers to the creation of virtual servers,
memory, operating system or a storage device as opposed to the actual existence of the resource.
In simpler terms, virtualisation allows one physical computer to run several virtual machines at
the same time. Cloud computing can be implemented without virtualisation too but with the
inclusion of the latter, implementation becomes easier and much more cost effective.

1.2.3.(ii). Multi-tenancy

Applications found either inside or outside the enterprise and in need of their own secure virtual
computing environment can be referred to as tenants. This computing environment encompasses
all or some layers from storage to user interface of enterprise architecture. All the interactive
applications (or tenants) have to be multi-user in nature. Multi-tenancy, a key common attribute of
both private and public clouds, applies to all the three services of the cloud (SaaS, PaaS and Iaas).
Consider an example of a cloud service provider offering storage and backup solutions in the cloud.
Organisations that access these cloud resources are called tenants and the fact that many such
tenants access these common resources gives rise to the concept of multi-tenancy.

E-Commerce, Banking and Financial, Retail, Business-to-Business, Social Networking

applications that are deployed in cloud computing environments are multi-tenanted applications.
The main advantage of multi-tenancy is cost reduction brought about by economies of scale.

Introduction to Cloud Technology 23

Cloud Computing Fundamentals Cloud Computing Delivery Models

1.2.3.(iii). Network Access

No cloud can exist without a network. Networks facilitate the sharing of resources, movement of
data and integrated functioning of the infrastructure components. The services to be offered over
the Internet or private networks is allowed by network access. Technically, the network determines
the difference between the three cloud deployment models. In a private cloud, the cloud provider
and the end user are enclosed within the same network. Public clouds operate usually through
common internet provided by leading Internet Service Providers(ISPs) like Airtel (or) Reliance
Networks (or) Tata Docomo etc. Hybrid clouds have secure connection between the user and
private cloud service provider. The information which are available in the public cloud utilise the
common internet lines and those information that are confidential and is retrieved from the private
cloud requires user authentication.

1.2.3.(iv). Scalability

One of the strongest effects of cloud computing on a business is the scalability of IT resources.
The business environment today suffers from increasing levels of unpredictability and shrinking
IT budgets. With cloud computing, organisations can turn highly flexible and accommodate the
varying needs of client with no upfront investment on hardware or software resources.

1.2.3.(v). Metering / Chargeback

Metering or Chargeback in the cloud ecosystem is the type of payment structure through which
users can gain unlimited access to all computing resources and yet pay for only their actual usage.
This allows the cutting down of excess costs that are usually termed as IT overhead costs.

A problem with IT chargeback arises when organisations are working under tight budgets and
there is lack of cohesiveness between the various departments. In such cases, the best solution is
to deploy third party tools to track usage of cloud services. These tools can be loosely coupled
with cloud services and may exist in the public cloud or within the organizational premises.

1.2.4. Software as a Service (SaaS)

With the growth of technology, the cost of conducting a business has also increased. A research
by Gartner has revealed that organisations spend almost 75% of IT costs on procuring and
managing their software applications and infrastructure.

Software as a Service (SaaS) allows an organisation to access the desired software applications
through the cloud on a subscription basis. The SaaS vendor offers access to the software
applications with no upfront investment and takes care of all upgrades.

Introduction to Cloud Technology 24

Cloud Computing Fundamentals Cloud Computing Delivery Models

SaaS is popularly referred in the industry as “on-demand” software. Users access SaaS based
applications using their smart phones, tablets, laptops (or) desktops through a web browser. SaaS
model neither requires any physical distribution of software or its upgrades nor it requires painful
download of applications from the website. The user merely has to subscribe to the application
and automatically gets a login id and password information to his email. Using this login id and
password, the application and its features can be accessed through the browser.

Activity

Find out the top cloud players offering SaaS solutions for large and medium-sized
organizations.

The SaaS model is widely used these days as a service delivery model for applications such as
ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), Accounting
and HRM (Human Resources Management).

According to industry experts, SaaS has been identified to have the potential to disrupt the way IT
departments works inside any organisation. Due to emergence of SaaS model, IT departments are
now able to shift their focus from deploying and maintaining the applications to managing the
services.

One classic example for SaaS would be Google Docs. Users can access Google docs through a
web browser. All they need is internet connection and a user name and password which they can
obtain by registering with Google Aps. There are a lot of small and medium enterprises that
primarily rely on Google Docs for doing their documentation work, reporting, presentations and
accounting. A decade ago, enterprises were investing in Microsoft Office. They have to physically
purchase the DVD containing the MS-Office enterprise edition installation files. Then they need
to install it either in individual computers based on the requirements (or) they install it in a
centralised server, so that all the networked computers can access it. IT departments had to undergo
lot of pain to install MS-Office to thousands of computers across the organisation, maintain them
well, troubleshoot when it crashes and upgrade whenever there is a new version of Office available
in the market. A huge chunk of their time, efforts and resources went into deploying, managing
and maintaining the Office packages.

Introduction to Cloud Technology 25

Cloud Computing Fundamentals Cloud Computing Delivery Models

Fig. 1.2.2: Microsoft Office 2010 Installation

But these days, it has become much easier to work on documents, presentations and worksheets
without the need to undergo such pain. Thanks to Google Docs, the user just needs to register and
have login id and password to access a sleuth of services like Google Docs, Slides, Sheets, Forms
etc.

Introduction to Cloud Technology 26

Cloud Computing Fundamentals Cloud Computing Delivery Models

Fig. 1.2.3: Google Docs accessed through web browser

These days, SaaS helps IT departments to save their time and energy and use them to manage
mission critical applications that are confidential and internal. A SaaS application is offered by a
third-party vendor (like Google) or by an intermediary aggregator who bundles it along with their
services. Unlike Microsoft Office that requires physical purchase of DVD, users (or) organisations
can use Google Docs by paying a subscription fee. This subscription model can vary from
application to application depending on its complexity, features etc. Some vendors charge a flat
rate or unlimited access to specific features while others charge variable rates based on usage.

1.2.5. Platform as a Service (PaaS)

While the SaaS model of cloud computing offers access to the software hosted on remote servers,
PaaS provides the platform that is required to build and deploy a software application. Platform as
a Service can be defined as the cloud delivery model that offers the tools needed to rapidly develop
and manage software applications.

PaaS is the best fit for organizations that are committed to the delivery of web and mobile
applications within a stipulated time and budget. PaaS provider offers the toolkit to build an
application and the virtual machine to run it. Application developers can design the functionalities
as well as the interface based on their particular needs.

Introduction to Cloud Technology 27

Cloud Computing Fundamentals Cloud Computing Delivery Models

The PaaS delivery model allows organisations to leverage the investment made by the vendor to
build complex business applications efficiently.

Activity

Both Google and Amazon offer comprehensive PaaS solutions. Compare their offerings and
justify why you would choose one over the other.

A decade back, developers relied on various programming languages like Java, DotNet, PHP,
Python etc. For them to code in these languages, they need to download (or) purchase the
development platform (or) environment, install them in their computers on-premise, configure
them, connect them with front end software (like Dreamweaver) and back end database (like SQL
or Oracle) in order to start coding. It is a much more complex process than Microsoft Office
installation and management which we discussed in SaaS model. A screenshot of dotnet
development environment is provided below. The complex development environment demands
complex background tasks, configuration, integration with front end and back end as discussed
along with version control (to make it easier for multiple developers to work on a single application
version). The process becomes more complex if this has to be installed and managed for an IT
organisation which is not primarily into software development.

Fig. 1.2.4: DotNet Development Platform

Introduction to Cloud Technology 28

Cloud Computing Fundamentals Cloud Computing Delivery Models

On the other hand PaaS allows organisations (or) users to develop their own software applications
using tools supplied by the provider. PaaS services come with pre-configured set of features that
customers can subscribe to, and, include them in the application that they develop.

For example, let us briefly discuss about IBM BlueMix. It is a cloud platform as a service (PaaS)
developed and managed by IBM. BlueMix was launched in 2014. It supports a huge range of
programming languages like Python, Java, Go, Node.js, Ruby on Rails, PHP etc. Tons of features
are built-in so that the developer can drag and drop chunks of code and deploy the application in
few clicks. Bluemix allows developers to build, manage and run all types of applications to be
deployed for mobile, smart devices, web and big data.

Fig. 1.2.5: IBM BlueMix Platform-as-Service accessed through Browser

Applications using PaaS possess the ability to inherit all characteristics of the cloud like multi-
tenancy, scalability, SaaS enablement etc.

PaaS has reduced the amount of coding which allows the present day organisations and small and
medium enterprises to benefit majorly by focus towards value addition to their customers and are
able to deploy applications seamlessly across various platforms.

Similar to other cloud offerings, PaaS service providers charge their customers a subscription fee
for whatever they use. Additional services like network infrastructure, storage, software support
and management of services are charged based on the specific requirements and usage.

Introduction to Cloud Technology 29

Cloud Computing Fundamentals Cloud Computing Delivery Models

1.2.6. Infrastructure as a Service (IaaS)

Infrastructure as a Service forms the base of the cloud computing stacks. The service offers the
ability to provision server, storage, networking and other basic computing infrastructure resources
through the internet and as required. Since the IaaS cloud delivery model eliminates the need to
invest in hardware, it is a perfect solution for startups and for organizations that deal with extreme
spikes and troughs in usage.

With scalability as an unbeatable advantage, the key lies in choosing an IaaS vendor that promises
the highest availability of resources and complete adherence to all regulatory measures while
handling sensitive data.

In recent times, there seems to be a diminishing line of distinction between the IaaS and PaaS
services as more and more cloud service providers move towards rendering deployment tools as a
part of their IaaS offering. Examples include Amazon (AWS), Microsoft Azure and IBM. Amazon
bundles its PaaS (ES2) and IaaS (S3) services and IBM bundles BlueMix(PaaS) and SoftLayer
(IaaS) services on a packaged model.

Let’s consider the example of Microsoft Azure. It is a cloud computing platform and infrastructure
designed, developed and launched by Microsoft. Organisations and developers can utilise
Microsoft Azure to build, deploy and manage their infrastructure services through a global network
of datacenters. Microsoft Azure provides both PaaS and IaaS support to all its customers in an
efficient manner. Azure also supports lot of programming languages, Microsoft supported as well
as third-party tools and frameworks.

1.2.7. Comparison of Different Services

The “cloud” has become a universal buzzword and all types of organizations are looking at
deriving the benefits of the cloud. The first step towards migrating to the cloud is to understand
the three service delivery models, their capabilities and limitations. Figure 1.2.2 explains the
distinction in services offered by each cloud delivery model.

Introduction to Cloud Technology 30

Cloud Computing Fundamentals Cloud Computing Delivery Models

Fig. 1.2.6: Cloud Computing – Difference between SaaS, PaaS and IaaS

The blue boxes in 1.2.6 are the ones that are managed by the organisation and the grey ones are
those managed by cloud service provider.

Introduction to Cloud Technology 31

Cloud Computing Fundamentals Cloud Computing Delivery Models

The table below throws light on the key features of SaaS, PaaS and IaaS models and brings out the
differences between them.

Table no. 1.2.1: Comparison between SaaS, PaaS and IaaS

Description SaaS PaaS IaaS

System managers / IT
Target audience Business user Software developers
admin

Email archiving The complete

system, HR, ERP, operating
Access the cloud Servers and storage
Payroll, CRM and environment
for… devices
other software including Windows,
applications Linux etc.

Enables organizations
to create virtual
Reduces capital Organisations can server network (or)
expenditure and build and deploy cluster without
operational applications without investing in
Cost reduction expenditure by investing much hardware, capacity
eliminating software capital in required planning and
license costs and tools and maintenance. This
software upgrades. technologies. impacts both capital
and operational
expenditures.

Google Docs,
Example Google App Engine Amazon AWS, IBM
Dropbox

Activity

Make a list of the top cloud success stories in 2015 and find out what service delivery model
contributed to their success.

Introduction to Cloud Technology 32

Cloud Computing Fundamentals Cloud Computing Delivery Models

1.2.8. Combining Different Services

The convergence of the three service delivery models - PaaS, IaaS and SaaS seems to be future of
cloud computing. By combining SaaS and PaaS delivery models, organisations can build
applications efficiently and deploy them quickly to end users. When application developers
become increasingly dependent on PaaS tools for building the software, they will ultimately want
better control over the underlying infrastructure. Thus, upcoming cloud solutions will focus
towards satisfying the entire stack of organizational needs.

1.2.9. Obstacles for Cloud Technology

Like with any other technology, cloud computing also faces some significant obstacles to be
overcome before turning into a part of the mainstream operations in an organization. Common
concerns that arise while choosing to adopt the cloud are:

• Data security and privacy issues: Moving to the cloud means loss of control over
applications and data to a third party provider and therefore issues related to security and
privacy are inevitable.

• Failed adherence to regulatory and compliance measures: Data in the cloud may be
stored in a different location for better performance and to avoid localized outages. In such
cases, apart from the industry-specific regulations, location-specific compliance measures
must also be met.

• Vendor lock-in: A robust SLA must be established to avoid too much dependence on the
cloud service provider.

• Lack of performance and uptime: Will your applications perform better in the cloud? Is
your cloud service provider promising the maximum uptime? These issues must be
addressed before moving to the cloud.

• Network connectivity and bandwidth: Cloud computing exerts additional pressure on

the internet used by the organization and bandwidth requirements must be evaluated based
on the services used.

• Dependency on outside agency: The involvement of a third party into the internal
operations of an enterprise may sometime causes psychological obstacles for CIOs and IT
managers.

Introduction to Cloud Technology 33

Cloud Computing Fundamentals Cloud Computing Delivery Models

• Knowledge and integration: Cloud migration process must be done through a well-
structured procedure which will be explained in detail in the upcoming chapters. With
cloud computing, the IT department must be prepared to embrace the changes in their roles
and responsibilities.

• Long-term stability of the service provider: The financial stability of the cloud service
provider is an important factor to be considered while choosing one.

Activity

How can these cloud risks be overcome?

Come up with 2-3 strategies that can mitigate these risks.

1.2.10. Cloud Vulnerabilities

Cloud vulnerability can be defined as a weakness in any part of the cloud environment and can be
used by a potential attacker for personal gain. Some common vulnerabilities are,

• Session riding: When attackers use the information from cookies to perform data theft or
any similar cyber crime it is referred to as session riding. Tricking users into sending
authenticated requests to fake websites is another form of this vulnerability.

• Virtual Machine Escape: Any vulnerability in the hypervisor paves away for potential
attacks for the hypervisors as well as for all virtual machines running on top of it. This
vulnerability though rare, still exists and can cause serious damage in the worst cases.

• Reliability and Availability: Availability of the cloud service directly translates to

business value for the client. However, power outages, technical glitches and natural
disasters are some common sources that lead to cloud downtime. While a very minimal
downtime for maintenance purposes cannot be avoided, it is important for the cloud service
provider to create a sense of reliability through unprecedented service levels.

• Insecure Cryptography: Cryptographic algorithms used to generate random numbers

must provide a large entropy pool for maximum data protection. In the case of random
number generators that offer only a small entropy pool, easily guessable numbers could
pave way for security issues.

• Data Portability: There maybe several reasons for an organisation to move its data from
one cloud service provider to another. Unsatisfying performance, finding a cheaper option

Introduction to Cloud Technology 34

Cloud Computing Fundamentals Cloud Computing Delivery Models

or the cloud service provider running out of business could be some the possible reasons.
In any case, data backup must in place and the old cloud service provider must delete 100%
of the data owned by the client organization.

• Vendor Lock-in: Do you want to be stuck with one single cloud service provider forever?
The answer is definitely no, given that the IT needs keeping changing for every
organization and another provider in the industry may just come up with the most perfect
solution for your current needs.

• Internet Dependency: The Internet is the unsung hero of the entire cloud setup. An
unfailing internet service provider is what an organisation needs to achieve 100% success
in the cloud. This is especially critical for key applications like the ones running in hospitals
that could cost human lives in the worst case.

1.2.11. Cloud Challenges

Once the decision to embrace the cloud has been taken, organizations must chart out a detailed
plan that marks their journey to the cloud. Listed below are the top challenges battled in a cloud
environment by the cloud vendor, client as well as the end user.

• Keeping up with security requirements: Security tops the list of challenges when it
comes to cloud computing as organisations lose their direct control over data. A cloud
vendor must be aware of all security measures to be implemented while dealing with
critical data and have them in place.

• Obtaining the right knowledge and expertise: With the advent of cloud computing, the
role of the IT department has significantly changed and so has their need for knowledge
and skills. Organisations must equip themselves with the required resources as well as the
tools to implement robust cloud applications.

• Choosing the right vendor: Partnering with the right vendor is the key to success in the
cloud. Organisations must follow a fail-safe mechanism in evaluating potential cloud
vendors and ensure that they meet all security and privacy standards.

• Data interoperability and portability: Organisations expand with time and their needs
change rapidly. Therefore, additional caution must be practiced to avoid choosing a
platform/technology/provider that makes the organization too dependent on them.

• Budgeting difficulties while moving to the cloud: The very nature of cloud is that it is
scalable and is delivered on demand. This in turn may cause difficulties while drawing IT

Introduction to Cloud Technology 35

Cloud Computing Fundamentals Cloud Computing Delivery Models

budgets for the entire organization. The fluctuating cost of cloud services is a very common
challenge for small as well as medium-sized organisations.

Complexities while migrating to the cloud vary from one organization to the other. However,
partnering with a reliable cloud service provider and planning ahead will deliver higher chances
for optimised performance through the cloud.

1.2.12. Practical Applications of Cloud Computing

Cloud Computing can be practically used to host any kind of web application. Some of the
common applications hosted on the cloud are CRM, email archiving system, payroll processing
and so on. The conditions below outline the most preferred cases where cloud computing can yield
the maximum benefits.

• Resource hungry applications: Applications that demand many resources like the CPU,
memory, storage or time can be hosted on the cloud efficiently.

• Applications with extreme spikes and troughs: Consider the example of an HR system
that is accessed by employees only a few times in a year. However, on the review day,
every employee in the organization logs onto the system thus slowing down the system.
Such applications with varying utilisation rates are most suitable to be hosted on the cloud.

• Special Server Configuration: When applications demand non-standard settings, the

cloud server is a much easier option to be configured to perfectly fit the requirements.

• Backup and Recovery: This is the most common application of cloud as it is clearly more
expensive to manage the entire duplicate infrastructure. Cloud backup solutions are safe,
reliable and cost-efficient.

1.2.13. Case Studies

1.2.13.(i). WhatsApp (hosted on IBM Softlayer)

WhatsApp, what started as an idea to link people, and was an inexpensive messaging service that
allows users to send and receive images and texts, turned into a messaging app behemoth.

Case Scenario:

WhatsApp has a pioneering lead in volume of users over other messaging apps and services. Itgrew
from about 50 million users at the beginning of operations for two years to more than 200 million

Introduction to Cloud Technology 36

Cloud Computing Fundamentals Cloud Computing Delivery Models

the next year, when once again it doubled its user base beyond 400 million before celebrating its
four-year anniversary. The messaging app made top news recently when Facebook announced it
would acquire WhatsApp for $19 billion. WhatsApp’s challenge came from the growing numbers
and the need to send its 1 billion new users to the social network, even as WhatsApp services
remain apart from Facebook’s.

Solution: The Company turned to IBM Softlayer to find unique platform-as-a-service capabilities
which could connect its app and data to the cloud.

Benefits:

• Exchange of data can be on the cloud.

• Developers do not need to spend time on database management.
• With this platform, they can extend the apps capabilities and include a wide variety of both
structured and unstructured data.
• The application can be accessed 24*7 and can be scaled to massive volumes of networks,
users and devices.

1.2.13.(ii). ICICI Lombard (hosted on Microsoft Azure)

ICICI Lombard lays its expansion plans by leveraging the power of public cloud with no
compromise on security.

Case Scenario:

As ICICI Lombard was moving towards a more customer centric approach with cutting edge
technology, there was one unsolved mystery to be tackled, “How to handle applications with peak
times that are exponentially higher than the average?” Provisioning and de-provisioning of servers
based on these varying peak loads caused time, cost and resource pressures on the organization.

Solution:

ICICI Lombard turned to Microsoft Azure to manage the IT infrastructure for applications like
email systems and storage. The constant technical support and the matured security measures
offered by Azure enabled the client to move more complex applications to the cloud.

Benefits:

• ICICI Lombard now enjoys automated management of the platform and applications thus
reducing the cost and time considerably.

Introduction to Cloud Technology 37

Cloud Computing Fundamentals Cloud Computing Delivery Models

• More than 30 UAT servers have been decommissioned after a batch of 17 applications
were moved to the cloud.

• With more non-production applications being hosted on the Azure cloud, the time-to-
market has been enhanced, and more maturity is observed in SDLC.

1.2.13.(iii). Expedia (hosted on Amazon)

Expedia partners with Amazon Web Services (AWS) to enhance online customer experience.

Case Scenario:

Expedia is thelargest online travel brand that includes several travel and hospitality platforms such
as Expedia.com, Hotwire.com, and Hotels.com and so on. It acts as the ultimate bridge between
consumers and the travel industry in several countries. In 2010, Expedia launched the Expedia
Suggest Service (ESS) that assists travellers to enter their travel information accurately. Delivering
the maximum level of responsiveness with minimal network latency was the biggest challenges of
ESS.

Solution:

The cloud expertise offered by AWS enabled Expedia to build ESS in only 3 months. The service
was launched initially in Singapore and after tasting success it was quickly replicated across
regions in the US and Europe. The average network latency was reduced from almost 700
milliseconds to just 50 milliseconds by hosting the high-volume, critical ESS on AWS cloud.

Benefits:

• Enhanced online customer experience through reduced errors and increased speed.

• Reduced costs by eliminating the need to run the service full-fledged across locations closer
to the customers.

• Increased availability of the service with easier troubleshooting of issues.

Introduction to Cloud Technology 38

Cloud Computing Fundamentals Cloud Computing Delivery Models

Summary:

• The three categories of cloud services, Software as a Service (SaaS), Platform as a Service
(PaaS) and Infrastructure as a Service (IaaS) together form the cloud computing stack.

• Software as a Service (SaaS) allows organisation to access the desired software

applications through the cloud on a subscription basis.

• The PaaS model of cloud computing enables organizations to access the toolkit to build the
software application and the virtual machine to run it.

• IaaS is the ability to provision server, storage, networking and other basic computing
resources through the internet as and when required.

• The key attributes of a cloud computing environment are virtualisation, multi-tenancy,

network access, scalability and metering/chargeback.

• Implementing the cloud paves way for some challenges like privacy and security concerns,
low quality of service, and loss of control and so on. The key lies in choosing a reliable
cloud service vendor and establishing strong SLAs.

• Though all kinds of web applications can be hosted on the cloud, applications with special
server configuration, varying levels of utilization and resource hungry application are the
most suitable candidates for the cloud.

• ICICI Lombard, WhatsApp and Expedia are great stories that exemplify the power of cloud
in today’s business world.

Introduction to Cloud Technology 39

Cloud Computing Fundamentals Cloud Computing Delivery Models

Self-Assessment Questions:

1) The cloud service that offers the tools required to build, deploy and manage software
applications is called…………..
(a) SaaS (b) PaaS (c) IaaS (d) None of the above

2) Which one of the following attributes defines cloud computing services?

(a) Software applications (b) Cloud security
(c) Software development (d) Virtualization

3) One common challenge faced during the implementation of cloud computing is……….
(a) Increased costs (b) Lack of personnel
(c) Lack of control (d) Lack of expertise

4) What type of applications is most preferred to be hosted on the cloud?

(a) Core business applications (b) Cost prone application
(c) Resource hungry applications (d) Customer centric applications

5) Dropbox is an example of ………….

(a) SaaS (b) PaaS (c) IaaS (d) None of the above

6) Platform as a Service is commonly used by

(a) CIOs and CTOs (b) System administrators
(c) Software Developers (d) Testing Professionals

7) What type of cloud delivery model is most suited for start-ups dealing with systems that have
an unpredictable utilization rate?
(a) Saas (b) PaaS
(c) IaaS (d) Start-ups are not eligible for the cloud

Answers:

Q. No. 1 2 3 4 5 6 7

Ans (b) (d) (c) (c) (a) (c) (c)

Introduction to Cloud Technology 40

Cloud Computing Fundamentals Cloud Computing Delivery Models

Activity

Activity Type: Online Time: 20 minutes

Prepare a table to compare the typical activities carried out by cloud consumers and
cloud providers in relation to the cloud delivery models

Introduction to Cloud Technology 41

Cloud Computing Fundamentals Cloud Computing Delivery Models

Bibliography

References

• Amazon Web Services. AWS Case Study: Expedia.Retrieved October 27, 2015, from
https://aws.amazon.com/solutions/case-studies/expedia/
• CISCO. Networking and Cloud: An Era of Change. Retrieved October 27, 2015, from
http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/cloud-
computing/white_paper_c11-677946.html
• Computer Weekly. The difference between SaaS, PaaS and IaaS. Retrieved October 27,
2015, from http://www.computerweekly.com/photostory/2240109268/The-Computer-
Weekly-guide-to-Cloud-Computing/2/The-difference-between-Saas-Paas-and-Iaas
• EMC2. Cloud Computing Services. Retrieved October 27, 2015, from
http://www.emc.com/corporate/glossary/cloud-computing-services.htm
• IBM Cloud. What is Infrastructure as a Service? Retrieved October 27, 2015, from
http://www.ibm.com/cloud-computing/uk/en/what-is-iaas.html
• Microsoft. ICICI Lombard: Financial Services Major Prepares for the Future with
Microsoft Azure, Bets on Hybrid Cloud.Retrieved October 27, 2015, from
https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=10442
• Rackspace. Understanding the Cloud Computing Stack SaaS, PaaS, IaaS. Retrieved
October 27, 2015, from
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
• Slideshare. Cloud Software-As-a-Service. Retrieved October 27, 2015, from
http://www.slideshare.net/cloudcomputingwire/8-cloud-software-as-a-service-examples-
14728310
• Software & Information Industry Association.Software-as-a-Service; A Comprehensive
Look at the Total Cost of Ownership of Software Applications. Retrieved October 27, 2015,
from http://www.winnou.com/saas.pdf
• Tech Target. Metered Services. Retrieved October 27, 2015, from
http://searchcio.techtarget.com/definition/metered-services
• Tech Target. Platform as a Service. Retrieved October 27, 2015 from
http://searchcloudcomputing.techtarget.com/definition/Platform-as-a-Service-PaaS
• Venture Beat.The 5 key challenges enterprises face when moving to the public cloud.
Retrieved October 28, 2015 from http://venturebeat.com/2012/12/12/the-5-key-
challenges-enterprise-face-when-moving-to-the-public-cloud/
• What is Cloud? Cloud Delivery Models. Retrieved October 27, 2015, from
http://whatiscloud.com/cloud_delivery_models/index

Introduction to Cloud Technology 42

Cloud Computing Fundamentals Cloud Computing Delivery Models

External Resources

• Bento, Al. (2012). Cloud Computing Service and Deployment Models: Layers and
Management. USA:IGI Global
• Buyya.R&Broberg, J. ( 2010). Cloud Computing: Principles and Paradigms.USA: John
Wiley & Sons
• Kale, V. (2014). Guide to Cloud Computing for Business and Technology Managers. USA:
Chapman &Hall
• Sosinsky, B. (2010). Cloud Computing Bible. USA: John Wiley & Sons.

Video Links

Topic Link

https://www.youtube.com/watch?v=kGUPSvs
Software as a Service
wmY0

https://www.youtube.com/watch?v=nBP4Aui4
Platform as a Service - Overview
gZ0

https://www.youtube.com/watch?v=dVY6zZT
Infrastructure as a Service - Overview
HsDk

https://www.youtube.com/watch?v=jBKXtSqx
M.G.Bryan cloud computing case study
Qas

Cloud Computing : Advantages and https://www.youtube.com/watch?v=ojDnOyI

Disadvantages QeJU

Introduction to Cloud Technology 43

 Module 2

Cloud Computing Risks

Chapter 2.1 : Migrating to Cloud

Chapter 2.2 : Risk Management in Cloud Computing

 Table of Contents

Chapter 2.1

Migrating to Cloud

Page No.

Aim 44

Learning Objectives 44

Learning Outcome 44

2.1.1 Introduction 45

2.1.2 Innovation and Transformation 45

2.1.3 Web-Based Business Services 46

2.1.3.(i) Applications for Individuals 46

2.1.3.(ii) Applications for Small and Medium Business 47

2.1.3.(i) Applications for Enterprises 49

2.1.4 Delivering Business Processes from the Cloud 50

2.1.5 Business Process Examples 51

2.1.6 Broad Approaches to Migrating to Cloud 53

2.1.7 The Seven-Step Model of Migration into the Cloud 54

2.1.8 Efficient Steps for Migrating into the Cloud 56

2.1.9 Case Studies 58

2.1.9.(i) SmugMug : Migration to Cloud using AWS 58

2.1.9.(ii) Ramco (On-premise) to Ramco (On-demand) 59

2.1.10 Migration Failure and Contingency Measures 60

 Page No.

Summary 61

SAQs 62

Bibliography 64

References 64

External Resources 64

Video Links 65

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Risks Migrating to Cloud

Aim

To study cloud migration and adaption strategies in detail

Learning Objectives

The objectives of this chapter are to:

• Define web-based business services

• Describe the process of cloud migration
• Outline the seven stages of migrating into a cloud
• Explain the strategy followed in adapting cloud technology

Learning Outcome

On completion of this chapter you should be able to:

• Discuss web-based business services

• Summarise cloud migration process
• Identify the seven stages of migrating into a cloud
• Explain the way towards a successful transition into cloud services that maximises
return on investment (ROI)

Introduction to Cloud Technology 44

Cloud Computing Risks Migrating to Cloud

2.1.1. Introduction

In order to build a sustainable and competitive advantage for the business, organisations are
continually striving to innovate and adapt themselves to the changing needs of the customers.
Cloud computing is widely regarded as a boon to both start-ups as well as enterprises as it opens
the gateways to transformation and agility. Present day cloud infrastructures offered by leading
cloud service providers does an amazing job in providing highly elastic and scalable solutions in
the most economical manner possible. Pay-as-you-go subscription model - which is the key selling
point of cloud based models attracts startups, small and medium businesses and even large
corporations to build their information technology services and applications on the cloud or
migrate the existing infrastructure and services to the cloud.

That being said, the application migration process from an on-premise model to cloud based model
comes with its own complications. Even after all the complications are dealt with, still the
application may or may not work correctly due to its interactions with various online and offline
services, database etc. Hence, migration to the cloud is a critical challenge for both - organisations
as well as to the cloud service providers who help these organisations.

In this chapter, you will learn about the various web applications that use cloud computing to
deliver outstanding results and understand in detail about how migration to the cloud can be best
achieved.

2.1.2. Innovation and Transformation

In today’s digital world, business innovation and transformation have paved way for the
emergence of new business models, delivery channels, ways of communication and has recognised
market needs that did not exist before.

Technology has been of tremendous support through this phase of transformation by opening the
gateway to many lucrative opportunities. Cloud computing is one such technology that has
transformed the traditional norms for businesses as well as for consumers and made the use of
web-based systems more practical and easy.

Imagine a world without Gmail, Facebook (or) WhatsApp? Imagine how difficult it would be for
you to be in touch with your friends? How painful it would be if you don't have YouTube? How
difficult it would be if you have to wait to watch the new movie trailer of your favourite star on
television (or) to hear a recent hit song only when it is played in the next radio show? Cloud as a
technology has brought so much innovation into our life and has brought in a lot of transformation
that helps us satisfy our needs almost instantaneously.

Introduction to Cloud Technology 45

Cloud Computing Risks Migrating to Cloud

Cloud Crumbs

“Do you know of any such organisations that transformed itself through the cloud?”

There is EasyJet, Unilever, BP3 and so on. See how many you can add to the list.

2.1.3. Web-Based Business Services

Web-based business services are online services that render various functions like data storage,
processing, sharing of information and so on using the World Wide Web. The service may be
hosted in a web-based server or various servers across the globe. A user can access these services
using a login and password. Web-based business services play a significant part in today’s digital
world. Let us discuss in detail about the few web applications that serve different types of customer
segments today.

2.1.3.(i). Applications for Individuals

Email systems, social media websites, data storage applications are some common web apps used
by individuals. Examples include Dropbox, Gmail, Facebook and so on.

Fig. 2.1.1: Cloud-based apps that we use in our day-to-day life

Activity

From Figure 2.1.1, Can you name at least six cloud-based social media apps that you use in
your day-to-day life?

Introduction to Cloud Technology 46

Cloud Computing Risks Migrating to Cloud

2.1.3.(ii). Applications for Small and Medium Business

Cloud applications have proven to be a boon to small and medium businesses that do not have the
sufficient resources or funds to expand their services. Custom applications for email, billing, HR
and inventory management are widely adopted by small- and medium-sized businesses (SMBs)
across the world.

Lets consider the example of Google Docs. Users can access Google docs through a web browser.
All they need is a user name and password which they can obtain by registering with Google Apps.
There are a lot of small and medium enterprises that primarily rely on Google Docs for doing their
documentation work, reporting, presentations and accounting.

A decade ago, enterprises were investing in Microsoft Office. They have to physically purchase
the DVD containing the MS-Office enterprise edition installation files. Then they need to install it
either in individual computers based on the requirements (or) they install it in a centralised server,
so that all the networked computers can access it. IT departments had to undergo lot of pain to
install MS-Office to thousands of computers across the organisation, maintain them well,
troubleshoot when it crashes and upgrade whenever there is a new version of Office available in
the market. A huge chunk of their time, efforts and resources went into deploying, managing and
maintaining the Office packages.

Introduction to Cloud Technology 47

Cloud Computing Risks Migrating to Cloud

Fig. 2.1.2: Microsoft Office 2010 Installation

Introduction to Cloud Technology 48

Cloud Computing Risks Migrating to Cloud

Fig. 2.1.3: Google Docs accessed through web browser

But these days, it has become much easier to work on documents, presentations and worksheets
without the need to undergo such pain. Thanks to Google Docs, the user just needs to register and
have login id and password to access a sleuth of services like Google Docs, Slides, Sheets, Forms
etc.

There is no need to install, manage or upgrade each time a new version is released. It is completely
managed by Google. As and when there is an upgrade, all the users will be able to access the
additional features at a stretch – when they login the next time. That is how easy it is.

2.1.3.(iii). Applications for Enterprises

As organisations grow, they tend to lose their agility and succumb to the ordeal of maintaining
legacy applications and huge data centers. With the advent of cloud computing, large enterprises
become flexible, save costs and put themselves in a better position for innovation. ERP systems,
CRMs and IT Service management applications are some manifestations of the cloud in large
organisations.

A classic example would be of Ramco On-demand ERP solutions. Earlier, Ramco was offering
on-premise ERP earlier for lot of sectors. The organisation has to purchase the whole version and

Introduction to Cloud Technology 49

Cloud Computing Risks Migrating to Cloud

install it in their centralised server - to make it available to the whole organisation. It involved lot
of resources including investments, manpower, huge storage and servers with good computing
capacity. Then, Ramco moved to the cloud and started offering Ramco On-demand ERP solutions.
This enabled organisations to just subscribe to Ramco and obtain a login id and password. All they
need to do is to open a web browser, enter the login credentials and they can access the complete
software over cloud. All updates to the ERP application, platform, infrastructure were all managed
by Ramco and its vendors.

2.1.4. Delivering Business Processes from the Cloud

Organisations across the globe are in the middle of a great transformation - from building their
own software products (or) using packaged software for their business processes to utilising cloud
based applications for their business processes. According to economists business processes that
are available on the cloud should have very large number of users and should be made autonomous
in order to manage it and remain profitable. Other than that, few more perspectives worth thinking
about are:

• Productivity: By delivering business processes through the cloud, does it really impact
the productivity of the client? Cloud service providers and organisations that offer business
services from the cloud need to think from such a productivity perspective. If delivering
the business services significantly reduces burden of the client (or) the users and if it allows
them to concentrate on more important functions, then cloud should definitely be
considered as an option.

• Seamless Integration: If the cloud application (or) platform has the ability to seamlessly
integrate into the existing tools and processes of the enterprise (or) the user? Does it require
very minor changes to be done on the client (or) user side - for them to adapt? If yes, then
it is good to deliver cloud based business services. Otherwise, if it is going to make the life
tougher for the client (or) make more redundant work load for them, then it is good not to
deliver it through the cloud.

• Technical capabilities of the end-user: Organic chemists across the globe use specific
programs and software to develop and simulate organic models and experiments. These
tools and software can be delivered through the cloud. But organic chemists are more
comfortable using the existing systems and on-premise tools to carry out their work Neither
they are tech savvy nor do they understand much about cloud based tools as they have very
less connectivity amidst forest areas (or) huge plantation setup. So, it is not feasible to
deliver such applications through the cloud. Hence, the technical capabilities of the end-
user also needs to be considered before delivering the business services through the cloud.

Introduction to Cloud Technology 50

Cloud Computing Risks Migrating to Cloud

• Other Considerations: If you consider an example of a client having a large website

with thousands of pages, it definitely requires a dedicated analytics tool installed on-
premise and on the cloud to track and monitor the traffic and other user activities in
individual pages. Otherwise, if the website has only few pages, then Google analytics
available on the cloud by default is more than sufficient. There is no need to use any cloud
based services or go for any subscription model for ads. So, based on the client
requirements (or) user requirements, its better to think through and decide whether to
deliver specific business processes from the cloud.

2.1.5. Business Process Examples

The table below illustrates the different types of business process delivered through cloud from
top cloud vendors in the market. A clear insight about these business processes is essential for
people who wish to pursue cloud-based careers.

Table no. 2.1.1: Top 25 Cloud Application Vendors in 2014

Name of Vendor Key Market Growth and Development

With more strategic acquisitions and market
Salesforce CRM expansion, Salesforce is the leader in offering
cloud CRM solutions

ACI presents an extensive portfolio of financial

Banking and
ACI offerings such as fraud prevention, compliance
Financial Service
solutions and risk management.

Adobe serves some of the biggest brands in the

CRM, Content
Adobe marketing cloud business and has over 100 new
Management
customers on board in the last year

ADP plans to go global with its best-in-class Cloud

ADP HCM
HCM, payroll service to multinational customers.

Acquired Razor Insights to offer cloud-based

Athenahealth Healthcare
electronic health record apps for hospitals.

Blackbaud plans its entry in the European market

Blackbaud NonProfit
with the acquisition of MyCharity in Ireland.

Introduction to Cloud Technology 51

Cloud Computing Risks Migrating to Cloud

Cisco updates its popular collaborative tool

Cisco Collaboration
WebEx.

Citrix continues to grow in the SaaS market with

Citrix Collaboration
the acquisition of RightSignature.

While the road travelled thus far has been fairly

Constant Contact CRM good, the future seems sceptical for Constant
Contact.

DATEV has evolved into more of a cloud service

DATEV ERP
provider rather than an outsourcer.

Banking & Financial Digital Insight leverages the strategic connections

Digital Insight
Services of NCR to catalyse its growth.

eClinical Works continue to dominate the US

eClinicalWorks Healthcare healthcare industry with secured data storage
systems.

IBM continues to grow its revenue at an

unmatched rate with top performing cloud
IBM HCM, CRM
applications such as Kenexa for HCM, Demantec
for demand management, and Tealeaf for CRM.

Intuit restructures its operations to double its

Intuit ERP
customer base for QuickBooks Online

LinkedIn acquired Lynda.com to enhance its online

LinkedIn HCM
learning resources.

Medidata enters China market with special focus

Medidata Solutions Healthcare
on life sciences.
Content
Microsoft Office 365 continues to serve millions of
Microsoft Management,
customers and build united workforces.
Collaboration
NetSuite has American Express on-board and
NetSuite ERP, CRM, HCM
partners with Microsoft in the ERP space.

Introduction to Cloud Technology 52

Cloud Computing Risks Migrating to Cloud

With its wide suite of cloud offerings, Oracle has

Oracle CRM, HCM, ERP reported 4000 new cloud applications during the
fiscal year 2015.

Real Page plans to offer more focused cloud-based

Real Page Real Estate solutions to apartment communities through its
acquisition of Indatus.

More than 50 million SAP users continue to run

HCM, Procurement,
SAP their applications with Concur, Ariba and Success
CRM, ERP
factors.

The Fuji Framework from ServiceNow delivers

IT Service
ServiceNow easy access to enterprise services such as legal and
Management
finance information.

Banking & Financial Acquired by FIS Global, Sungard shows expertise

Sungard
Services in all core banking operations.

When it comes to customer loyalty, Ultimate

Ultimate Software HCM Software is the clear winner with almost 95%
retention rate.

Workday is set to offer key applications such as

Workday HCM, ERP Enterprise Performance Management and
Professional Services Automation to its customers.

2.1.6. Broad Approaches to Migrating to Cloud

The first step towards building a strong cloud strategy is planning the migration of the existing
applications to cloud. This task requires much effort, the right skill set and planning. There are
three common approaches to migrate the on-premise applications to the cloud. They are:

1. Lift and Shift

As the name suggests, the Lift and Shift approach involves the exact replication of the in-house
applications in the cloud. There is no change made to the code or the design of applications. It
involves much lesser time, cost and complexity when compared to other methods. However,
applications migrated to the cloud using this technique do not take complete advantage of the

Introduction to Cloud Technology 53

Cloud Computing Risks Migrating to Cloud

native cloud capabilities. Storage infrastructure and disaster recovery are common applications
migrated using this approach.

2. Refactoring

Refactoring refers to changes made in the structure of the source code of the application in order
to make it more efficient. The code is modified such that it becomes more scalable and reusable
without changing the functions of the application. In other words, this approach to cloud migration
adheres to the concept of get-something-working-now-and-perfect-it-later.

3. Modernisation

The modernisation application approach to cloud computing redesigns the application from
ground-up, thus making it completely flexible for the cloud environment. While superficially this
procedure may seem expensive or complex, the new applications provide maximised benefits
through decreasing the costs substantially.

Note:

An application portfolio analysis is conducted by organisations to understand what

applications can be shifted to the cloud and what migration technique can work best

2.1.7. The Seven-Step Model of Migration into the Cloud

Irrespective of the migration approach adopted, the Seven-Step Model of Cloud Migration creates
a more rational point of view towards the migration process and offers the ability to imbibe several
best practices throughout the journey.

Introduction to Cloud Technology 54

Cloud Computing Risks Migrating to Cloud

Fig. 2.1.4: The Seven-Step Model of Migration into the Cloud

Step 1: Assess

Cloud migration assessments are conducted to understand the complexities in the migration
process at the code, design and architectural levels. The investment and the recurring costs are also
evaluated along with gauging the tools, test cases, functionalities and other features related to the
configuration.

Step 2: Isolate

The applications to be migrated to the cloud from the internal data center are freed of dependencies
pertaining to the environment and the existing system. This step cuts a clearer picture about the
complexity of the migration process.

Introduction to Cloud Technology 55

Cloud Computing Risks Migrating to Cloud

Step 3: Map

Most organisations hold a detailed mapping of their environment with all the systems and
applications. Make use of this information to distinguish between the components that have to be
moved to the cloud from the ones that should continue to reside in the data center.

Step 4: Re-Architect

Migration to the cloud demands re-architecting of applications in most cases. This may result in
the loss of certain functionalities and this can be approximated by using relevant APIs.

Step 5: Augment

The applications are augmented to make them cloud-ready. Augmenting the applications is crucial
to derive the best benefits of the cloud.

Step 6: Test

Right after the applications are augmented, they need to be tested for the new environment. The
augmentation and migration strategies are validated at this step.

Step 7: Optimise

Based on the test results, the migration strategy is optimised for delivering the best ROI. A
roadmap for leveraging the new cloud features is laid.

2.1.8. Efficient Steps for Migrating to the Cloud

As cloud computing gains momentum, organisations are looking for a more robust way to
approach the cloud. In order to leverage the benefits of the cloud, a strong cloud strategy must be
in place. Based on the approach framed by the popular research firm, The Burton Group, the
following five steps define the framework for a strong cloud adoption strategy.

1. Pre-Work

To start with, organisations must build an internal cloud team, which together will set the scope of
the cloud project. Expectations, standards to be achieved and cloud objectives must be well defined
during the initial stages of the cloud journey.

Introduction to Cloud Technology 56

Cloud Computing Risks Migrating to Cloud

2. Business and Application Analysis

The cloud cannot be considered as plainly a technical enhancement since it has a strong impact on
the various business functions. During this stage, business applications moving into the cloud are
evaluated based on the costs and architectural requirements. The operational changes to be made
within an organisation are also determined. The four significant components of this stage are
business impact evaluation, assessment of organisational impact, cost analysis and application
analysis.

3. Selecting the Cloud Service Provider

Solutions from different cloud service providers are reviewed and the most suitable one is chosen.
The migration plan is initiated and the roadmap to cloud is thus made clear.

4. Building the Risk Mitigation Plan

No cloud adoption framework can be complete without the risks and challenges being included. A
risk mitigation plan is drawn and the exit strategy is devised.

5. Planning for the Steady State

Once applications are moved to cloud, there needs to be a plan in place for the cloud governance
and vendor management. Regular reviews of the strategy must be conducted and the cloud team
must ensure that both internal processes and personnel issues are addressed during the move.

Why?

If you were a member of the IT team in a large organization and were asked to make a
list of potential cloud vendors. Whom would you choose and why?

Introduction to Cloud Technology 57

Cloud Computing Risks Migrating to Cloud

2.1.9. Case Studies

2.1.9.(i). SmugMug : Migration to Cloud using AWS

SmugMug moves to the cloud with zero downtime

The case scenario

SmugMug is a popular photo and video-sharing service that stores billions of customer photos and
videos. As the company began to grow in volume, the team at SmugMug could not afford to invest
in data centers to support their growth. They wanted a solution that could ensure easy storage with
maximum security for their customers.

Fig. 2.1.5: SmugMug on cloud

The Solution

The journey to cloud for SmugMug began with AWS solutions. Initially, they adopted the Amazon
S3 solution for backup of data from their local data centers. Overwhelmed by the performance of
the system, they soon made the Amazon S3 their source of primary storage.

Introduction to Cloud Technology 58

Cloud Computing Risks Migrating to Cloud

The next step was to transfer their computer services into the cloud by using the Amazon EC2
solution. With Amazon EC2, SmugMug moved many of its specialised services to the cloud.
Through this very carefully crafted phased migration to the cloud, SmugMug derived the following
benefits.

• Increased cost savings

• Economies of scale
• Increased employee productivity
• Faster operations
• Ensured security of photos and videos

2.1.9.(ii). Ramco(On-premise) to Ramco on Demand

The case scenario

Ramco Systems is a leader in providing ERP solutions to thousands of companies across the world.
With more than 150,000 users Ramco Systems had to draw the balance between offering
competent capabilities and meeting the service level agreements. They needed to provision servers
instantly to the varying demands of their customers and also contend with the increasing costs of
capital investment, security measures and power supply.

Fig. 2.1.6: Ramco on Demand ERP

Introduction to Cloud Technology 59

Cloud Computing Risks Migrating to Cloud

The Solution

Ramco Systems found its ideal solution from the extensive portfolio of services offered by AWS.
Its journey to the cloud started by adopting the Amazon Elastic Compute Cloud which later went
on to include other services such as storage, email, resource monitoring and so on. Today Ramco
Systems experiences the following benefits through successful migration to the cloud.

• Provisioning of servers has been enhanced by 80%.

• Cost-effective disaster recovery.
• ERP solutions that are more comprehensive, scalable and flexible.

2.1.10. Migration Failure and Contingency Measures

Not every cloud migration project has a happy ending. Without the required resources, knowledge
and skillset, cloud migration can turn out to be a nightmare. Outlined below are some contingency
measures that mitigate risks considerably during the cloud migration process.

• Poor planning is the most common reason for the failure in any IT project. The entire
lifecycle of the migration project must be planned ahead. Every specific task and the
allocated responsibility of the task must be documented.

• The changes pertaining to people, processes and culture of the organisation must be
addressed. The required training and technical support must be implemented.

• Security of data during migration process is highly crucial. The cloud service provider must
hold all the accreditations that can insulate the client from any chances of a data breach or
failure to adhere to industry compliance requirements.

• The cloud service provider must be ISO 27001 certified to assure its ability to offer the
maximum security for all systems and data.

A robust SLA must be drawn with the service provider. They must commit to a specific level of
service, failing which they must be prepared to fulfil the compensation policy mentioned in the
SLA.

Introduction to Cloud Technology 60

Cloud Computing Risks Migrating to Cloud

Summary:

• To survive in today’s business world, organisations must continually innovate and

transform themselves to adapt to the changing landscape.

• With time, web applications have taken the prime position in enabling various business
operations in all types of organisations.

• Migration to the cloud can be done using any one of these three approaches, Lift and Shift,
Refactoring and Modernisation.

• The lift and shift approach involves the exact replication of the in-house applications in the
cloud.

• Refactoring involves changes to the source code of the application to enhance its
performance in the cloud.

• Modernisation is the complete revamping of the application in order to take complete

advantage of the cloud offerings.

• The Seven-Step Model of Cloud Migration enables organisations to adopt a more

structured approach towards the process.

• The seven stages included in the model are Assess, Isolate, Map, Re-architect, Augment,
Test and Optimise.

• Based on a study by Burton Group, the cloud adoption within an organisation can be
simplified through the five phases, Pre-workBusiness and Application
AnalysisSelecting the cloud vendorBuilding the Risk Mitigation Plan.

• Like any IT project, cloud migration is prone to a number of vulnerabilities. A risk

mitigation plan helps organisations to increase their chances for a successful migration
project.

Introduction to Cloud Technology 61

Cloud Computing Risks Migrating to Cloud

Self-Assessment Questions:

1) The cloud migration approach that demands the least cost and complexity is ________
(a) Lift and Shift (b) Refactoring
(c) Cloud Modernization (d) Lift and Refit

2) Which phase of the Seven Step Cloud Migration model approximates the lost
functionalities of the application?
(a) Map (b) Augment (c) Re-architect (d) Isolate

3) The main aim behind adopting the seven step cloud migration model in an organization
is____________.
(a) To enhance the success rate of the migration process
(b) To obtain a more rational view point
(c) Both
(d) None

4) A strong cloud adoption strategy can never be complete without

(a) Post deployment plans (b) Risks and challenges
(c) Timeline (d) Vendor List

5) The most important accreditation to be checked while choosing a cloud service provider is
(a) ISO 27001 (b) ISO 27002
(c) ISO 27003 (d) ISO 27004

6) Larger enterprises move to the cloud for many reasons, one of the most important being,
(a) Enhanced agility (b) Customer satisfaction
(c) Personnel management (d) None of the above

7) Which one of the following cloud services is data storage application used by individuals
as well as SMBs
(a) Gmail (b) Netflix (c) Dropbox (d) Google drive

8) The concept of get-something-working-now-and-perfect-it-later refers to___________

(a) Refactoring (b) Modernisation (c) Isolation (d) Lift and Shift

9) To analyse what applications are best suited for the cloud, organisation conduct a______
(a) Cloud migration (b) Cloud analysis
(c) Application portfolio analysis (d) Modernisation

Introduction to Cloud Technology 62

Cloud Computing Risks Migrating to Cloud

10) The company that has acquired MyCharity in Ireland to stabilize its presence in the
European market is
(a) Microsoft (b) Adobe (c) Blackbaud (d) ADP

Answers:

Q. No. 1 2 3 4 5 6 7 8 9 10

Ans (a) (c) (c) (b) (a) (a) (c) (a) (c) (c)

Activity
Activity Type: Online Time: 30 minutes

Visit: http://www.ibm.com/cloud-computing/#infrastructure
Chat with IM cloud experts and list out the benefits provided by IBM in terms of security
and efficiency.

Introduction to Cloud Technology 63

Cloud Computing Risks Migrating to Cloud

Bibliography

References

• Cloud Direct. Why So Many Cloud Migrations end in failure.Retrieved October 30, 2015
from https://www.clouddirect.net/insights/business/%E2%80%9Cit%E2%80%99s-
complicated.%E2%80%9D-why-so-many-cloud-migrations-end-in-failure/
• Eazework. Business Applications for Small and Medium Enterprises. Retrieved October
31, 2015 from
https://www.eazework.com/downloads/business_applications_for_smes.pdf
• EBiz. Burton Group Outlines a 5 Step Process to the Cloud.Retrieved October 30, 2015
from http://www.ebizq.net/blogs/cloudsoa/2010/08/burton-group-outlines-a-5-step-
process-to-the-cloud.php
• Gartner.Building a Solid Cloud Adoption Strategy: Success by Design.Retrieved October
30, 2015 from https://www.gartner.com/doc/1405800/building-solid-cloud-adoption-
strategy
• GCFLearn. Understanding the Cloud. Retrieved October 29, 2015 from
http://www.gcflearnfree.org/computerbasics/4
• PC Mag.20 Top Cloud Services for Small Businesses. Retrieved October 31, 2015 from
http://in.pcmag.com/software/78749/feature/20-top-cloud-services-for-small-businesses
• Polar Sever. Cloud Migration and Creation.Retrieved October 30, 2015 from
http://polarseven.com/what-we-do/cloud-migration-creation/
• Tech Target. Web Application. Retrieved October 29, 2015 from
http://searchsoftwarequality.techtarget.com/definition/Web-application-Web-app
• Tech Target. Cloud Migration Strategies for a Hybrid Cloud World. Retrieved October 30,
2015 from http://searchcloudcomputing.techtarget.com/feature/Cloud-migration-
strategies-for-a-hybrid-cloud-world
• Tech Target. When to Adopt the Lift-and-Shift Cloud Migration Model. Retrieved October
30, 2015 from http://searchcloudcomputing.techtarget.com/feature/When-to-adopt-the-
lift-and-shift-cloud-migration-model
• Tech Target.Refactoring.Retrieved October 30, 2015 from
http://searchsoa.techtarget.com/definition/refactoring

External Resources

• Daconta, M. (2013). The Great Cloud Migration. US: Outskirts Press

• Hollwarth, T. (2012). Cloud Migration (2nd edition). Germany: MITP
• Velte, T. (2009). Cloud Computing, A Practical Approach.US:McGrawHill

Introduction to Cloud Technology 64

Cloud Computing Risks Migrating to Cloud

Video Links

Topic Link
Cloud Computing and Innovation –
https://www.youtube.com/watch?v=K_g7ncE_vzk
Expert Views on Cloud Computing

What is a web app? https://www.youtube.com/watch?v=jB5KFJULahs

https://www.youtube.com/watch?v=sEywo-
Tips for Successful Cloud Migration
eMTEU

Introduction to Cloud Technology 65

 Table of Contents

Chapter 2.2

Risk Management in Cloud Computing

Page No.
Aim 66

Learning Objectives 66

Learning Outcome 66

2.2.1 Introduction 67

2.2.2 Risks in Cloud Computing 67

2.2.2.(i) Data Security 68

2.2.2.(ii) Data Storage Location 68

2.2.2.(iii) Cloud Service Outage 68

2.2.2.(iv) Shared Access 69

2.2.2.(v) Service Level Agreements (SLA) 69

2.2.2.(vi) Regulations Across Geographies 69

2.2.3 Measurement of Risk 70

2.2.4 Risk Assessment 71

2.2.5 Cloud Risk Mitigation Strategies 73

2.2.5.(i) Due-Diligence on Various Cloud Solutions 73

2.2.5.(ii) Adapting Encryption Standards 73

2.2.5.(iii) Secure Third Party Validation 74

2.2.5.(iv) User Access Controls 74

2.2.5.(v) Service Level Agreements and SSO Solution 74

2.2.5.(vi) Hybrid Approach 74

2.2.6 Sony PlayStation network outage 2011 :: Case Study 75

 Page No.
Summary 76

SAQs 77

Bibliography 79

References 79
External Resources 80
Video Links 80

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Risks Risk Management in Cloud Computing

Aim

To study the various risk factors and their mitigation strategies involved in cloud
computing

Learning Objectives

The objectives of this chapter are to:

• Describe the process of measuring and assessing the risks in cloud computing
• Explain the major concerns involved in cloud computing
• Illustrate risk mitigation methodology

Learning Outcome

On completion of this chapter you should be able to:

• Discuss the importance of risk assessment in choosing the form of cloud computing to
use
• List the major concerns that firms need to consider when moving to the cloud.
• Identify the best practice for risk management in cloud

Introduction to Cloud Technology 66

Cloud Computing Risks Risk Management in Cloud Computing

2.2.1. Introduction

As the demands of the business environment increase and IT budgets dwindle, cloud computing
seems to be an effective alternative to achieve organisational goals easily and in a cost-efficient
manner. To enjoy the tremendous benefits of cloud computing, risks must be evaluated and
managed appropriately.

From due diligence of the cloud service provider to adopting various security techniques like
encryption and single sign-on, risk mitigation strategies are plenty in number. A thorough
understanding of cloud risks, their mitigation plans and several case studies from the past can be a
great start towards reaping the best benefits of the cloud. In this chapter you will learn about
various risks and the mitigation plans associated in cloud computing.

2.2.2. Risks in Cloud Computing

In general, Risk can be explained as the probability at which something unwanted might happen.
The higher the risk, the higher things can go wrong and vice versa. In Cloud environment, Risk
can be defined as the probability that a malicious (hack attack or security breach) or non-malicious
event (hardware or software malfunction) might occur that could potentially degrade the user
experience (or) expose confidential information (or) threaten to corrupt the software or hardware
components. Any organisation that provides cloud based services (or) utilises cloud based services
is prone to high risks of occurrence of malicious or non-malicious event.

With the rise of cloud computing, several technical and commercial changes have crept into the
world of business. From infrastructure to data, cloud delivers different virtual services on an on-
demand basis, thus enabling organisations to enhance their capabilities, meet the varying needs of
computing resources and transform themselves.

Did you know?

A recent survey on cloud risk by Cloud Security Alliance** revealed that 85% of the
companies have experienced insider threat in the cloud.

** Cloud Security Alliance is a world leader in creating awareness about the best
practices of secure cloud computing.

With any new opportunity, using the cloud involves some significant risks which includes but not
limited to data security, data storage location, cloud service outage, shared access, regulations etc.
The following sections briefly discuss all the risks.

Introduction to Cloud Technology 67

Cloud Computing Risks Risk Management in Cloud Computing

2.2.2.(i). Data Security

Protecting sensitive and confidential data is termed as Data security. Data security tops the list of
the most prevalent concerns amongst cloud consumers. Lack of security of data in the cloud
implies to potential unauthorised access and privacy deficiency. By washing off the responsibility
of data storage and management into the hands of the cloud service provider, enterprises invite
outsiders to gain visibility and control over sensitive data. Common areas of the cloud that show
possibilities of compromised data are:

• Multiple tenants sharing the same infrastructure

• Industry-specific regulatory and compliance concerns
• Issues pertaining to mobility of data
• Storage recycling techniques adopted by the cloud service provider (CSP)
• Auditing and reporting of confidential business data

Fact

The healthcare industry is the most exposed to policy violations in the cloud.

2.2.2.(ii). Data Storage Location

Data storage location is the physical place where the servers and storage devices are present. A
few years ago, data from an organisation resided only within its data center and was under the
logical and physical control of that particular organisation. This defines the data storage location.
With cloud, data has moved into the physical infrastructure of a third party and is maintained by
an entity outside the control of the enterprise. This shift in data storage location has caused
considerable concern over data governance.

Can you always be 100% certain that your assets will be safe in the hands of non-family member?
Probably no! A bank is always a more “lucrative” loot for burglars than an individual household.
Similarly, data centers of cloud service providers with multiple tenants are often the target for
hackers who steal valuable customer data.

2.2.2.(iii). Cloud Service Outage

Cloud service outage is the time when cloud services are suspended due to reasons like technical
glitches, failure of the cloud service provider or a security threat. Microsoft, Google, Amazon,
Yahoo and almost every trusted brand you can think of has been in the news for distressing outages.

Introduction to Cloud Technology 68

Cloud Computing Risks Risk Management in Cloud Computing

Every case of cloud outage, irrespective of its duration has a significant effect on the client
business. Enterprises lose their credibility; start-ups are dissuaded from greater cloud adoption and
organisations of all types and sizes miss revenue opportunities- such is the impact of a business
outage. The prevalence of cloud service outages has come down in recentyears, but with the
escalating number of business critical applications being moved to the cloud, the risk still lingers
on the top.

Did you know?

Every year, network outages are reported across the world. Find out about victim companies
that fought cloud outage issues in 2015.

2.2.2.(iv). Shared Access

One of the defining features of public cloud computing is multi-tenancy. The multi-tenant
environment of a public cloud allows the sharing of resources such as CPU, memory, storage space
and servers between multiple unrelated clients. Such shared access to computing resources may
pave the way for accidental sharing of data and higher chances of access to private data from the
smallest discrepancies in the system.

2.2.2.(v). Service Level Agreements (SLA)

In order to set the expectations right for both the cloud vendor and the customer, a service level
agreement is essential. A comprehensive agreement between the two parties must eliminate the
risks related to service uptime, performance, security, disaster recovery, access to data as well as
the location of data. Service level agreement also plays a key role in accommodating changes and
in dispute mediation.

2.2.2.(vi). Regulations Across Geographies

When critical information moves past the boundaries of the data centre of an organisation, it carries
the risk of noncompliance to industrial and geographical regulatory measures. For instance, a
healthcare organisation located in Germany stores data based on the European Data Protection
Directive regulations (EU DPD). When that same company partners with a US-based cloud service
provider for backup solutions, the Health Insurance Portability and Accountability Act regulations
(HIPAA) comes into picture. Failure to abide by these location- or industry-specific regulations
may result in substantial penalties and prove to be a heavy blow to small- and medium-sized
organisations

Introduction to Cloud Technology 69

Cloud Computing Risks Risk Management in Cloud Computing

Table no. 2.2.1: Risks Associated with Cloud Service Delivery Model

Service Delivery Model Common Risks Description

Anonymous hacker activity that allows
IaaS/PaaS Cloud Abuse
users to perform sensitive transaction
Compromised Functions built on these insecure APIs
IaaS/PaaS/SaaS
Interfaces and API enhance risk and complexity

Iaas/PaaS/SaaS Data Loss Triggered by the very nature of cloud

Failure to conduct due diligence and

PaaS/SaaS Vendor Lock-in
review of SLA a results in this risk

Iaas/PaaS/SaaS Business Outage Unavailability of the cloud service

Data in the cloud must be protected

Iaas/PaaS/SaaS Security of Data
using the right security measures
Added risks with shared resources in
IaaS Shared Technology
the data centre

2.2.3. Measurement of Risk

Risks associated with cloud service delivery model are mentioned in Table 2.2.1. The digital age
has enabled organisations to store and disseminate data at ease. The size and volume of data that
gets stored in the cloud are incomprehensibly humungous and growing in leaps and bounds. If ever
there is a security breach or data leakage, it would be disastrous for all stakeholders. The
organisations that encountered bitter experiences have measured potential risks and implemented
various cloud security measures foreseeing the risks associated with them. Lets discuss these
briefly:

• Measures related to data security such as data encryption standards, key management and
hierarchal access.

• Client side efforts - as nothing can prevent data espionage when the customers are not
vigilant enough to avert disasters.

• Geographical location and physical protection of datacenters.

Introduction to Cloud Technology 70

Cloud Computing Risks Risk Management in Cloud Computing

• Service level agreements to ensure proper service by the cloud service providers.

• Access Controls to ensure efficient, effective and secure sharing of resources between
clients utilising the same infrastructure.

• Financial Controls within and outside the organisation to ensure that both internal teams
and cloud service providers operate well within budgets allocated

2.2.4. Risk Assessment

The nebulous nature of the cloud has brought in the perception of high risk and low control over
infrastructure and data utilised by an enterprise. This is one of the primary reasons why people in
the executive team of organisations want to know what could potentially happen if they move into
the cloud. Whenever something new comes up, people take time to accept and adopt.

A classic example would be the reaction of people when Telephone was introduced. This quote by
Mr.Rutherford B. Hayes – the 19th President of the United States is very famous and clearly
indicates how people think when there is a technological breakthrough. Telephone was first
installed at the White House. Mr.Rutherford then quoted:

An amazing invention – but who would ever want to use one?

The reason why he said so was telephone was a new invention in 1800's and people were so used
to telegraphs. They were so comfortable with telegraph that most of them thought why people
would actually want to hear another person's voice especially while communicating to a place far
away. But later, when people realised about the immense benefits of telephone, they accepted it
slowly. That’s exactly the case of Cloud computing these days.

Even though the executive teams understand the potential, most of them are very comfortable with
on-premise software and solutions. This is also due to risk aversion towards cloud – as with all
other technologies. Therefore, a thorough assessment of risks must be conducted before the
commencement of the project. The risk assessment strategy used by an organisation must contain
the following elements:

• Effective Control Mechanism: All the current controls over data are to be analysed. If
it doesn't provide adequate protections for the data or service, then necessary data control
mechanisms are to be implemented.

Introduction to Cloud Technology 71

Cloud Computing Risks Risk Management in Cloud Computing

• Necessary Periodical Audits: The cloud service provider and the services rendered are
to be analysed and audited on a monthly, quarterly or annual basis. Any kind of
discrepancies in service should be noted, informed and necessary corrective measures are
to be implemented.

• Technical Security Architecture: A thorough analysis of the present technical

architecture of the cloud service provider should be done. Firewalls, Virtual Private
Network provisions, patching, intrusion prevention mechanism and network segregation
are few things to be analysed well. These are potential high risk areas especially when
confidential customer data is at stake.

• Data Integrity: The cloud service provider would be rendering the services to multiple
clients at a time. How well the data is stored, what kind of hardware is being used, if the
confidential data is being stored in a shared storage etc. - are to be analysed and understood
beforehand. It is much better to have discussions with the cloud service provider before
even moving all the data to the cloud.

• Data Encryption: The name says it all. The data encryption standards that the cloud
service providers utilise is to be audited beforehand. Strict investigation has to be carried
out in this aspect, as its one of the high risk areas. Sony suffered a major outage in its
PlayStation Network in 2011 due to their poor data encryption standards and hackers
exploiting it.

• Disaster Recovery Plan: What happens when there is anearthquake? Or flooding (or)
some other natural calamity that hits the data center in which all the confidential data is
being stored? Before getting into contracts, the disaster recovery and contingency plan
provided by the cloud service provider should be reviewed thoroughly. Internally, the
organisation should have a clear business continuity plan to ensure that the business doesn't
get affected if in case there is a disaster.

• Standard Procedures: Its good to evaluate the standard procedures followed by the
cloud service provider internally in their operations. A typical example would be the offsite
tape backup procedure for all the data stored in their data centre. Another example would
be a background pre-employment screening procedure to see if any of the employees
working at the data center (or) those to be involved in managing the data centre has any
malicious intent.

• Business Operations of the Cloud Service Provider: The current operational and
financial conditions of the cloud service provider should be diligently verified along with

Introduction to Cloud Technology 72

Cloud Computing Risks Risk Management in Cloud Computing

the history of operations. For publicly traded companies, its easy to find this information.
For private companies, either an internal team can do the due-diligence (or) a third-party
can do the background check.

The above few elements to be considered and included in the risk assessment strategy of any
organisation.

2.2.5. Cloud Risk Mitigation Strategies

Now that we have explored the potential risks associated with cloud computing, the next step
would be to draw the relevant mitigation measures to ensure long-term cloud success. Some of the
most effective cloud risk mitigation strategies are listed below:

2.2.5.(i). Due-Diligence on Various Cloud Solutions

Cloud computing leads to a higher dependence on cloud-based vendors and thus demands clients
of an evaluation of their capabilities beforehand. Optimised security measures, industry-
recognised compliance standards and the ability to support the unique requirements of an
expanding organisation must be analysed to mitigate the risk potential in a cloud project.

2.2.5.(ii). Adapting Encryption Standards

Encryption of data is the act of converting sensitive data into undecipherable text by using the
relevant algorithms. The encrypted data is calledciphertext, and the level of encryption depends
on the sensitivity of the data. Encryption solutions are of two types:

• Provider-side cloud encryption: The cloud service provider encrypts the data received
from clients and adds an extra layer of protection from potential threats. Many leading
cloud vendors in the market, such as Amazon, Microsoft and EMC, offer these solutions
to their clients.

• Client –side cloud encryption: Companies dealing with multiple cloud vendors make
use of cloud encryption gateways to turn their plain text data into ciphertext. Encryption
makes the text unreadable without a special key.

Activity
Draw a table to highlight the difference between the two encryption solutions. Discuss the pros
and cons of each.

Introduction to Cloud Technology 73

Cloud Computing Risks Risk Management in Cloud Computing

2.2.5.(iii). Secure Third Party Validation

Cloud security is better said than done. Not every cloud service provider is successful in keeping
up with the security demands of the customer. This makes third party validation a must for cloud
solutions. Independent technology auditors assess the solutions to ensure that they are capable of
delivering the desired results.

2.2.5.(iv). User Access Controls

The risk of unauthorised access to critical information exists in both private and public cloud
environments. As opposed to the application-based access control in the traditional system of
computing, cloud environments work better with Role-Based Access Control (RBAC). In this
method, users of the system are assigned a specific role and can perform a precise set of functions
based on this role. By restricting access to cloud resources, unauthorised access, accidental
manipulation of data and sharing of credentials can be prevented.

2.2.5.(v). Service Level Agreements and SSO Solution

A robust service level agreement holds the key to the performance levels of every element of the
service provided by the cloud vendor. It affirms the ownership of data and lays the foundation for
the security measures to be adopted during implementation.

The Single Sign-On (SSO) is one way of mitigating risk when it comes to protecting user data.
The user logs in using his/her email id (or) any id that has been created along with the password
to a particular application through the web browser. Once he/she logs in, the sessions starts and all
user information is encrypted and stored using specific protocols. After the user logs in, he/she
may use any of the connected systems (or) applications without having to login multiple times.
For example Gmail and all other applications of Google. In a browser, if the user has signed into
Gmail (or) Youtube once, then there is no need to sign-in again and again for other Google
applications. He/she can access Google Docs, Drive, PlayStore etc. without having to login to each
of these applications. The SSO technique eliminates the need for multiple re-authentications while
using the system (or) set of applications and thus prevents authentication requests to be made to
the server back and forth every time the user wants to use a particular application.

2.2.5.(vi). Hybrid Approach

A recent study conducted by Avanade, a business technology and managed services provider
revealedthat more than 60% of the participants believed that the hybrid approach (the blending of
private and public cloud) was a safer way to conduct business in the cloud. This model of cloud

Introduction to Cloud Technology 74

Cloud Computing Risks Risk Management in Cloud Computing

computing allows organisations to host their most sensitive data internally while allowing the other
secondary functions to reside on the public infrastructure. It offers the highest level of flexibility
with no additional capital expense. With more business critical applications moving to the cloud,
hybrid offers the best of both worlds.

2.2.6. Sony PlayStation Network Outage 2011: Case Study

Case Scenario

Sony Corporation first introduced the PlayStation Console in December 1994 in Japan. Since then
the product has undergone a series of upgrades and enhancement. The latest version of the
PlayStation called PS3 was a complete entertainment package and included internet browsing
capabilities, chat functions, media downloads and gaming options. Registered users of the system
were more than 75 million, and a huge chunk had also recorded sensitive information like credit
card details for the purpose of online purchases.

The Outage

On April 19, 2011, Sony’s PlayStation Network experienced one of the worst cases of data security
breach in the history of IT. The servers were hacked by an unauthorised group leading to the theft
of usernames, passwords, credit card details and other personal information of millions of PSN
users. The system was shut down for almost 7 days following the attack. The cause of the incident
was mainly due to the poor security mechanisms of Sony and its failure to encrypt critical data.

Impact

This unfortunate event for Sony brought down its reputation, credibility and stock value. Sony
rebuilt its security system, faced a lawsuit that was settled after almost 4 years and paid huge
compensation to its customers who were exposed to the incident. The service was made to shut
down for almost 3 weeks, and the cost of the outage was over 170 million dollars.

Activity

Just after the outage about Sony hit the headlines in 2011, the world leader in cloud services,
Amazon also experienced a similar situation. Find out the cause and impact of this incident
and write down a case story on the same.

Introduction to Cloud Technology 75

Cloud Computing Risks Risk Management in Cloud Computing

Summary:

• Protecting data in the cloud from unauthorised access is the major concern for cloud
customers.

• With critical business data hosted in the cloud, organisations must ensure that they have
laid the right security measures for protection and privacy of data.

• Business outages cost huge revenue loss to businesses and organisation musttherefore
ensure that the cloud service provider can promise and deliver 99.99% uptime.

• The common risks associated with cloud computing are shared access to computing
resources, compliance issues and regulations across geographies.

• The risks associated with cloud implementation must be assessed during the initial stages
of the project, and the right mitigation strategies must be determined.

• To protect the sensitive data in the cloud, data encryption, well-defined access controls,
third party validation and robust SLAs must be implemented.

• The hybrid approach to cloud computing allows organisations to host their most sensitive
data internally while allowing the other secondary functions to reside on the public
infrastructure

Introduction to Cloud Technology 76

Cloud Computing Risks Risk Management in Cloud Computing

Self-Assessment Questions:

1) ___________ tops/ top the list of most common concerns among cloud consumers.
(a) Cost (b) Network issues (c) Data Security (d) Data Mobility

2) Which one of the following industries is expected to have a very high concern over
regulatory and compliance measures?
(a) Petroleum (b) Healthcare (c) Gas & Oil (d) Education

3) Google encrypts all critical data that is stored on its cloud. The cloud encryption solution
offered by Google can be called:
(a) Provider-side cloud encryption (b) Client - side cloud encryption
(c) Cipher texts (d) None of the above

4) What type of cloud is associated with the risk of shared access?

(a) Public Cloud (b) Private Cloud (c) Hybrid Cloud (d) All the above

5) One main reason behind Sony’s data breach incident in 2011 was
(a) Lack of cloud expertise (b) Failure to encrypt data
(c) Shared Access (d) Malicious Insiders

6) SSO stands for ________

(a) Simple security objectives (b) Single Sign on
(c) Security Service Operator (d) None of the above

Answers:

Q. No. 1 2 3 4 5 6

Ans (c) (b) (a) (a) (b) (b)

Introduction to Cloud Technology 77

Cloud Computing Risks Risk Management in Cloud Computing

Activity
Activity Type: Online Time: 30 minutes

Vulnerability identification in cloud: Draw an abstract view of cloud infrastructure. Based

on that view, define what constitutes a cloud--specific vulnerability.

Introduction to Cloud Technology 78

Cloud Computing Risks Risk Management in Cloud Computing

Bibliography

References

• CIO. The Death of the SLA. Retrieved November 01, 2015, from
http://www.cio.com/article/2883770/cloud-computing/the-death-of-the-sla.html
• Coalfire. Spotlight on Cloud Computing: An Overview. Retrieved November 01, 2015,
from http://www.coalfire.com/Resources/Spotlight-Compliance
• CRN. The 10 Biggest Cloud Outages of 2015. Retrieved November 01, 2015, from
http://www.crn.com/slide-shows/cloud/300077635/the-10-biggest-cloud-outages-of-
2015-so-far.htm
• Fidelity Investments. Vendor Due Diligence: Evaluating the Security of Hosted Solutions.
Retrieved November 01, 2015, from
https://fiws.fidelity.com/app/literature/log?literatureURL=952749.pdf?misc=ch3
• Forbes. Storing Data In The Cloud Raises Compliance Challenges. Retrieved November
01, 2015, from http://www.forbes.com/sites/ciocentral/2012/01/19/storing-data-in-the-
cloud-raises-compliance-challenges/
• InfoWorld. The 5 cloud risks you have to stop ignoring. Retrieved November 01, 2015,
from http://www.infoworld.com/article/2614369/security/the-5-cloud-risks-you-have-to-
stop-ignoring.html
• Journal of Security Engineering. Cloud Computing Security Issues and Access Control
Solutions. Retrieved November 01, 2015, from
http://www.sersc.org/journals/JSE/vol9_no2_2012/1.pdf
• KPMG. Clarity in the Cloud. Retrieved November 01, 2015, from
http://www.kpmg.com/SG/en/IssuesAndInsights/Documents/ICE-ClarityInTheCloud.pdf
• PerspecSys. Gartner Highlights the Importance of 3rd Party Validation. Retrieved
November 01, 2015, from http://perspecsys.com/gartner-highlights-the-importance-of-
3rd-party-validation/
• TechNet. Cloud Computing: Legal and Regulatory Issues. Retrieved November 01, 2015,
from https://technet.microsoft.com/en-us/magazine/hh994647.aspx
• Tech Target. Cloud Encryption. Retrieved November 01, 2015, from
http://searchcloudstorage.techtarget.com/definition/cloud-storage-encryption
• SlideShare. Cloud Computing. Retrieved November 01, 2015, from
http://www.slideshare.net/EdurekaIN/cloud-computing-pdf-1

Introduction to Cloud Technology 79

Cloud Computing Risks Risk Management in Cloud Computing

External Resources

• Buyya, R., Broberg, J., & Goscinski, A, (2010). Cloud Computing: Principles and
Paradigms. US: John Wiley & Sons
• ISACA .(2011). IT Control Objectives for Cloud Computing. US:ISACA
• Pearson, S., & Yee, G. (2012). Privacy and Security for Cloud Computing. UK: Springer
• Yeluri, R.,& Castro-Leon, E. (2014). Building the Infrastructure for Cloud Security. US:
Apress

Video Links

Topic Link
https://www.youtube.com/watch?v=Cy5OV_F
The Risks in Cloud Computing
M3S8
Overcoming Data Security Challenges in the https://www.youtube.com/watch?v=55jdSe7Ro
Cloud World 68
http://searchcompliance.techtarget.com/video/
Keys to reducing cloud computing risks and
Webcast-Keys-to-reducing-cloud-computing-
security concerns
risks-and-security-concerns
https://www.youtube.com/watch?v=HdX2VetF
The Dangers of Cloud Storage
c6M
https://www.youtube.com/watch?v=P3CnckbeF
How to protect data in the cloud? - Encryption
mY

Introduction to Cloud Technology 80

 Module 3

Cloud Management

Chapter 3.1 : Assessing the Cloud

Chapter 3.2 : Selecting Cloud Provider

 Table of Contents

Chapter 3.1

Assessing the Cloud

Page No.
Aim 81
Learning Objectives 81
Learning Outcome 81
3.1.1 Introduction 82
3.1.2 Evaluating the Business Need 82
3.1.2.(i) Cloud Vs. Hosted Applications 83
3.1.2.(ii) Cloud Vs. Licensed Software Vendors 84
3.1.3 Evaluating Cloud Computing Solution 85
3.1.3.(i) Location and Data Privacy 85
3.1.3.(ii) Network and Security 85
3.1.3.(iii) Service Level Agreements (SLA) 86
3.1.3.(iv) Software Stack and Storage 86
3.1.3.(v) Vendor Lock-in and Legal Compliances 87
3.1.3.(vi) System Testing 87
3.1.3.(vii) Seasonal or Peak Loading 88
3.1.4 Upscaling and Downsizing 89
3.1.5 Virtualisation 90
3.1.6 Cost Benefit Analysis 90
3.1.6.(i) Measuring Actual Costs 92
3.1.6.(ii) Forecasting, Load balancing and Associated costs 92
3.1.6.(iii) Right Sizing 93
3.1.6.(iv) Computing Total Cost of Ownership (TCO) 93
3.1.6.(v) Subscriptions, Licensing Models and Cost Cutting 93
 Page No.
3.1.7 Cloud Vendor Interdependence and Governance 94
3.1.8 Selecting the Right Scalable Application 96
Summary 97
SAQs 98
Bibliography 100
References 101
External Resources 101
Video Links 101

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Management Assessing the Cloud

Aim

To analyse the various steps required to assess the need, costs and implications of moving
to the cloud

Learning Objectives

The objectives of this chapter are to:

• Describe the process of software evaluation

• Discuss the various ways of upscaling and downsizing
• Explain the system testing process
• Illustrate cost cutting and cost benefit analysis
• Interpret the significance of selecting the right scalable application in cloud

Learning Outcome

On completion of this chapter you should be able to:

• Identify the different ways to evaluate software

• Describe the effective approach in upscaling or downsizing the cloud
• Discuss system testing process
• Explain the suitable measures to control cost cutting
• Analyse the right scalable option for cost management in cloud

Introduction to Cloud Technology 81

Cloud Management Assessing the Cloud

3.1.1. Introduction

Close to a decade ago, it required a consultant with expert level knowledge and excellent exposure
to cloud computing to educate the clients and help them realise the benefits of moving to the cloud.
But times have changed. At present, the penetration of cloud computing technologies is really deep
that businesses understand the importance of being in the cloud and associated pros and cons.

When an organisation is overwhelmed by the magnificent benefits of the cloud and decides to take
the plunge, it must first assess its own readiness for the big move. From considering the alternative
solutions to assessing the risks and costs, this initial preparation lays the foundation for grand
success in the cloud. In this chapter we will discuss about all factors that must be considered during
the cloud assessment phase.

3.1.2. Evaluating the Business Need

With the insight gained thus far, you should know that cloud computing isn’t a one-size-fits-all
kind of deal. In fact, in many scenarios, your business may not even need to rely on cloud
computing for its information, networking and data storage requirements.

How companies today are using the cloud is quite unique at a granular level. However, when
looking at the bigger picture, you will find that they usually fall under one of the three solutions
– Compute Cloud, Cloud Storage and Cloud Applications. That said, there are also a number of
cases where cloud computing may not be the most appropriate solution for your business. These
cases could range anywhere between the unaffordable cost of hardware to something as simple as
just not needing it. In such cases, there are alternatives such as relying on hosted applications and
licensed software vendors.

Want to know if a business should use cloud computing? Here is a checklist to be acknowledged.

• The cost to benefit ratio.

• The speed of delivery
• How much capacity you will really use?
• The extent to which your data is regulated
• The IT and corporate structure of your organisation

Introduction to Cloud Technology 82

Cloud Management Assessing the Cloud

3.1.2.(i). Cloud Vs. Hosted Applications

Did you know?

Hosted applications are not web-enabled like cloud applications. They are purchased and
installed by the organisation and accessed through a virtual private network (VPN).

While in many scenarios, cloud and hosted applications deliver similar results, they aren’t the same
thing. Both these solutions offer the implication of procession through physical servers that are
operated off-premise at a location that is remote to the customers. That said, remote hosting is a
concept that goes back to the days of mainframe time-share. It refers to a variety of computing
models including common or shared hosting centre resources.

Over the years, the evolution of cloud computing has introduced a range of options such as public
and community cloud models to hybrid solutions as well as entirely private single-entity cloud
operations.

Cloud computing is essentially a service oriented architecture (SOA) and collaborative in nature.
Cloud enables businesses to consume and to share by leveraging key web services. This implies
that if the application design cannot be optimised for web based services and merged into the
cloud ecosystem, it cannot be labelled as a cloud application.

Did you know?

Characteristics Unique to Cloud

• Web based access versus Direct Data Link

• Network of hardware and software solutions for dynamic management to increase

capacity based on requirement

• Service Level Agreement for scalability, back-up management and disaster recovery

• Ability to keep local resource footprint minimal

Introduction to Cloud Technology 83

Cloud Management Assessing the Cloud

3.1.2.(ii). Cloud Vs. Licensed Software Vendors

Did you know?

A Licensed Software Vendor is the one who holds the right to redistribute or resell the
software to their clients by purchasing the license from the software supplier.

One of the major advantages that cloud offers over licensed software vendors to businesses today
is the cost benefit. That said, the idea of cost effectiveness associated with the running of an on
premise software still exists. Most often, this is attributed to the fact that on premise solutions
come with a host of hidden costs that are overlooked to too complicated to calculate.

Some of the key advantages that Cloud Computing offers over Licensed Software Vendors include

• Economies of Scale
• Ability to optimise network resources, data centre space, connectivity and cooling
• Impressive levels of automation
• Enhanced consolidation and usage ratios across resources

Other differences are summarised in the table below.

Table no. 3.1.1: Operational Comparison of On-Premise with Cloud

On-Premise Solution Cloud Based Solution

Longer implementations Rapid implementation

Large upfront investment Subscription billing

Expensive customisation Non-technical configuration

IT resource dependent Little or no IT involvement

Expensive upgrades Regular upgrades

Added Hardware Costs No Hardware Costs

Introduction to Cloud Technology 84

Cloud Management Assessing the Cloud

Many cloud experts believe that drawing a comparison between the traditional on premise software
licensing and cloud models is as good as comparing apples to oranges. Many argue that
subscription for cloud applications may be cheaper upfront but since they tend to come up every
year, prove to be more expensive in the long run. To be able to get the best value for the business
over all, it is important to understand the inherent needs of the organisation and pick a solution
that best suits its needs.

3.1.3. Evaluating Cloud Computing Solution

Selecting the ideal cloud computing solution is anything but easy. The process demands the
involvement of IT personnel at different levels of management. Each solution provider will offer
a different stack of offerings that together represent a unique value proposition. Some depend on
the power of technology, while others offer location that is safe and secure. Some providers offer
data privacy as the unique selling point.As an organisation that is making the big move, you need
to consider five significant criteria to be able to select the right cloud computing solution for your
business needs.

3.1.3.(i). Location and Data Privacy

Where is my data stored in the cloud?

Who can have access to my data?

Most service providers would not be able to share the exact location of the data in the cloud. The
distributed technology, and multilayer cloud architecture makes it slightly difficult for the
providers to answer this question with accuracy. Before hiring the cloud solution provider,
organisations must look for the network and data diagrams to help understand the exact location
for the data. The provider should be able to give details on the data stored in the cloud, and the
privacy levels offered by the cloud solution. The provider needs to maintain transparency on who
will access the data, and whether or not they will share the data with others. Regular audits of the
data location and accessibility should be conducted.

3.1.3.(ii). Network and Security

Cloud solutions are based on different layers like application layer, host layer, and network layer
which make it complex and interconnected in many ways. The solution has to be secure at all
levels in order to ensure that the enterprise data stored in the cloud remains protected. Efforts need
to be made to maintain the adequate level of application maturity, and build on its security levels.

Introduction to Cloud Technology 85

Cloud Management Assessing the Cloud

For this, the provider’s application and network level security need to be scrutinised. Know if the
cloud solution offers application-layer firewalls. Secure a sanity checklist for pre and post
deployment and keep reviewing the security development programs at regular intervals to keep the
code secure. The application security should be integrated into the system at regular intervals. The
architecture and functional design of the cloud should be reviewed from a security perspective.

3.1.3.(iii). Service Level Agreements (SLA)

Some cloud solutions providers offer higher service level guarantees in order to differentiate
themselves from the competition. SLA has been defined majorly to understand the consequences
of the failure of a service, and has nothing to do with the actual reliability of the service.

The cloud provider needs to guarantee the service that they will offer in case they are hired. The
guarantee of uptime and services that are hired are being noted in the SLA. In case, the provider
fails to meet the level of availability signed in the SLA, they will need to compensate the customer
as signed in the document.

There will be a certain percentage of the fee that the providers will offer during downtime. This
SLA will offer an insight into the provider’s level of commitment. The reason SLA is a criterion
that one should take into consideration, as the real uptime will not be known. Testimonials and
reviews will give the provider’s real uptime, but till then SLA is a better proposition.

3.1.3.(iv). Software Stack and Storage

The cloud providers offer a certain technology and storage solution which becomes their unique
selling point. The focus for some providers is majorly based on the software stack they offer. Most
providers move from offering plain infrastructure as a service to offering platform as a service.

The stack specific clouds are known to align with the popular cloud solutions available. The
application which is built using the software stack defined by the cloud will save a lot of time and
cost. With this solution, enterprises need not use the lower level infrastructure setup and
configuration. This software stack that is provided need the enterprises to follow certain best
practices while designing and writing the apps, which in turn requires high levels of vendor lock-
in.

Along with software stack, storage is an important consideration. How will the data be stored in
the cloud, and made accessible to the enterprises? Will the storage solution make way for remote
access and virtualisation is another concern that should be addressed before hiring the cloud
solution.

Introduction to Cloud Technology 86

Cloud Management Assessing the Cloud

3.1.3.(v). Vendor Lock-in and Legal Compliances

The application programming interface (API) offered by the cloud solution is an important criteria
that one should evaluate. This helps access the infrastructure, and performs operations like
provisioning and de-provisioning servers.

The API is supported by multiple providers and vendors will reduce the lock-in, and help towards
migration whenever needed. Again, the application need not be changed majorly in this case. The
developer-vendor ecosystem will help enhance the services and capabilities of the cloud solution
provider.

Consider the cloud solution provider that offers a developer-vendor ecosystem, and has considered
all the legal compliances that will make migration easy and convenient. The API should be
supported by majorly all vendors, and should comply with all the legal and security requirements
as defined by the enterprises. API monitoring and management should be easy with the tools
offered by the cloud solution provider.

3.1.3.(vi). System Testing

Testing all the 3 layers of the system offered by the cloud service provider is extremely
important. How well the complete system functions can be understood by utilising the trial
period / trial account for a specific unit. e.g.: SalesForce offers a free trial to access all their
features for a limited period of 30 days.

Introduction to Cloud Technology 87

Cloud Management Assessing the Cloud

Fig. 3.1.1: Free trial offered by SalesForce.com

Using the free trial, the organisation can easily understand how well the system performs under
different loads. Depending on the type of services that an organisation wants to avail from a
vendor, the resources would be allocated by the vendor depending on their service agreements for
the specific time period (or) for a specific limit. Once the trial period gets over and all the
components and features are tested positive, the organisation can opt for a subscription package
for a specific time period as per the business requirements.

Activity

Give a free try of Office 365 – which is an online version of Microsoft Office. Compare it with
your desktop version of Microsoft office and list down your test results.

3.1.3.(vii). Seasonal or Peak Loading

Whenever a cloud based application is accessed by millions of users at the same time, the load for
the cloud servers increases. The server should be capable enough to handle all the requests at the
same time. To handle all the requests, different cloud vendors have different solutions.

Introduction to Cloud Technology 88

Cloud Management Assessing the Cloud

One of the most popular solution available in the market is Amazon's Elastic Load Balancing. Its
part of Awazon Web Services (AWS).

Elastic Load Balancing handles all the users effectively by distributing the requests made by all
the users across different virtual servers (technically called as Virtualisation). The organisation
which expects high traffic to its cloud based application has to create a load balancer (through
easily customising the AWS settings) in one of more of its availability zones. All the traffic to the
application first hits the load balancer – which routes the traffic evenly to different virtual servers
to process the requests.

Lets take an example of Expedia which is hosted on - and utilises Amazon web services. There are
millions of customers booking flight tickets and hotels through Expedia every single second. All
these booking requests come to the load balancers created by Expedia. Then based on the
availability of virtual servers, they are routed accordingly to be processed and tickets to be booked
for the customer. Number of ticket bookings would be high especially during holiday and festival
seasons like Diwali, Christmas, New Year etc., as lot of people travel to their natives. AWS offers
plenty of services that helps Expedia and many such organisations handle seasonal loads.

3.1.4. Upscaling and Downsizing

Delivery of scalable IT resources is almost synonymous with cloud computing. The cloud service
provider must allow business organisations to easily upscale and downscale their IT resources
without making much expensive changes to the existing setup. For instance, consider an
application that is used to book hotels across the country. Traffic to the application will reach its
peak during holiday seasons, come down during the other months of the year and reduce drastically
during heavy rains or any form of national unrest. Investing much into the infrastructure to satisfy
the peak loads during the holiday season will result in ideal servers for most parts of the year
Moving to the cloud helps the organisation to scale resources up and down without the need
forcapital investment. The ability of the cloud to allow small- and medium-sized businesses
(SMBs) to rapidly scale their resources turns out to be the one of the significant factors in
outperforming competition.

Did you know?

A recent research has revealed that 85% of Small- and medium-sized businesses (SMBs) point
their fingers to the cloud for being able to scale resources efficiently.

Introduction to Cloud Technology 89

Cloud Management Assessing the Cloud

3.1.5. Virtualisation

Virtualisation can be considered as the backbone of cloud computing. It can be defined as the
manipulation of hardware resources for a more economical model of computing. Cloud computing
derives its value from virtualisation which lowers the number of physical systems required by an
organisation. Say for example, a cloud service provider has a data center having about 1 Tera Byte
(1 Tera Byte = 1024 Giga Bytes) of storage space. This 1 TB of storage space can be virtually
shared between 10 websites. These 10 Websites may be promised 100 GB space each – but not all
the 10 would be effectively utilising all the 100 GB allocated. So, the cloud service provider shares
the same infrastructure (of 1 TB storage) with 20 websites over a specific period (promising all
the 20 websites 100 GB of storage space). All these 20 websites might be paying for 100GB of
space – but may (or) may not be using it all. One of them might be using only 10 GB of space,
another may be using maximum 50GB and some other website may just be using 2GB of space.
Thus, the cloud service provider virtually shares the 1 TB storage with multiple clients and still be
earning the same amount from all the websites (for 100 GB storage space). Whenever all the
websites start utilising the complete space, then the storage capacity may be increased to another
1 TB and so on. Because of this virtual sharing of resources (or) Virtualisation, the cloud service
provider is able to pass on the cost benefit to the clients. The major beneficiaries of virtualisation
are startups and small and medium enterprises.

3.1.6. Cost Benefit Analysis

One of the most significant benefits of cloud computing is cost savings. It eliminates the need for
upfront capital investment and also cuts down on costs such as space, power and personnel. Five
significant way in which cloud enables cost cutting are,

• The pay-as-go-model eliminates the need to spend on the purchase and maintenance of
ideal servers.

• The cost of maintenance (personnel, power and space) is taken care.

• Allows businesses to focus on their core business function thus paving for better innovation
and greater revenue.

• Eliminates the need to spend on additional resources as the business expands. Cloud model
is highly scalable at fraction of cost.

Introduction to Cloud Technology 90

Cloud Management Assessing the Cloud

• Cost for Back-up, restoration, depreciation and replacement of faulty hardware are taken
care of by the service provider. This is a huge cost cutting measure from the traditional on-
premise infrastructure.

To ensure that the move to the cloud is truly a cost efficient choice, all hidden costs must be
unravelled. A comprehensive cost benefit analysis must be performed to achieve a holistic
assessment of the cloud solution.

The key factors to consider while doing cost benefit analysis are as follows:

Table no. 3.1.2: Key factors to consider while doing Cost Benefit Analysis

Cost Drivers Traditional On-Premises Software Cloud Application

• None
• Purchase of software and hardware while
• Pay-as-you-go subscription
commissioning the infrastructure
pricing
• May require network
• All inclusive: maintenance,
Capital Expenses infrastructureenhancements, facilities
support, training, and
• Additional monitoring software, testing
upgrades all hardware,
tools and security software may be
networking, storage, database,
required
administration
• May take months to deploy
• Professional services can cost up to 3X
the initial software purchase
• Deploy in weeks
Design and • Difficult for vendor to build best
• Lower cost using consistent
Deployment practices
set of best practices
• Requires staff or contract labour to
research, design, integrate, test, tune,
launch, and train
• Ongoing software maintenance, upgrades
• Ongoing hardware replacement once
every three years
Ongoing • Requires network monitoring and • Vendor provides as part of
Infrastructure management tools subscription
• May require additional networking
equipment and bandwidth to
accommodate incremental traffic

Introduction to Cloud Technology 91

Cloud Management Assessing the Cloud

• Vendor provides as part of

subscription
• Requires resources to operate, monitor,
• There may be some training
Ongoing Ops, support, and upgrade the application
fees
Training, Support • Need to hire, train and certify support
• Customer must ensure
personnel
adequate Internet access and
bandwidth

3.1.6.(i). Measuring Actual Costs

Cloud computing is an investment made to reap some solid benefits for the long term. To assess
the value of this investment, the actual costs must be weighed against the benefits of the cloud
outcomes. A comparison must be drawn between hosting the infrastructure and applications on the
cloud to doing so in the in-house data center.

The formula to calculate the cost of cloud deployment can be expressed as,

Cost of Cloud = ∑ (Unit Cost of Cloud x (Revenue – Cost of Cloud))

(Unit cost of cloud refers to the cost of a machine instance per hour)

3.1.6.(ii). Forecasting, Load Balancing and Associated Costs

Applications that experience drastic demand fluctuations are best suited for the cloud. The seasonal
peak loads experienced by these applications often tend to be the most profitable and important
time period for the business. Therefore ensuring availability of the application through the peak
load of additional requests becomes significant.

The use of load balancers in the cloud computing environment enables the optimum use of
resources in the cost efficient manner. Some cloud service providers offer enterprise class load
balancing options while some limit their services to more simplistic ways of cloning new
application instances. Organisations must opt for the former service as these load balancers use a
wide range of TCP optimisations to improve the capabilities of the server instead of launching
more instances frequently. This prevents the need to pay for the additional instances and save more
for almost 25% of the additional requests.

Introduction to Cloud Technology 92

Cloud Management Assessing the Cloud

3.1.6.(iii). Right Sizing

Restructuring the infrastructure of an organisation to derive maximum efficiency is called right

sizing. Right-sizing is appropriate for cases where workloads are predictable and follow a set cyclic
pattern. For instance, consider the banking sector, where transactions seem to hit the higher marks
at the beginning and end of the month than midway. In such cases, the infrastructure must be
“right-sized” to accommodate the increased traffic without wasting too much idle capacity. Using
the right tools and management processes helps optimising the cloud capacity and infrastructure
costs.

Group Activity

Discuss within your peer group and come up with a list of functions/industries where workload
can be predicted in advance.

3.1.6.(iv). Computing Total Cost of Ownership (TCO)

The total cost of ownership can be defined as a financial estimate that covers the complete costs
associated with a service throughout its lifetime. TCO of the cloud computing solution must
include all overheads such as energy costs, cooling costs and cost of space and so on along with
the major cloud deployment expenses. It is a good practice to investigate the hidden costs involved
in the process and account every miscellaneous expense that may occur during the various stages
of cloud deployment.

Activity
Want to learn how cloud giants help calculate the TCO of their solutions?

Visit https://azure.microsoft.com/en-us/ and look for their TCO and ROI tools to learn more
about the various types of costs associated with cloud deployment.

3.1.6.(v). Subscription, Licensing Models and Cost Cutting

The subscription pricing model allows organisations to access the cloud service after an upfront
payment is made. This payment is based on the time period of the subscription, with longer the
length, lower the price. However, this model is not suitable when the need for cloud resources is
limited and organisations may tend to overpay.

Introduction to Cloud Technology 93

Cloud Management Assessing the Cloud

Licensing in the cloud is also a tricky business where organisations must draw the cost difference
between obtaining the license per user, per device or the enterprise license based on their usage
needs. The more characteristic pricing model for a cloud is the pay-per-use method where
organisations pay only for whatever resources they use. This helps cut costs to the maximum
possible extent to all types of organisations as they only pay for those resources that they use.

Rackspace (a popular cloud infrastructure provider) in association with Machester Business School
and Vanson Bourne (a technology market research company) conducted a survey in 2013 - with a
sample size of about 1300 organisations in US and UK using cloud computing technologies.
According to the study, about 88 percent of the organisations have mentioned that they have
significant cost savings by moving their applications to the cloud. More than half of the
organisations have also reported to have higher profits as a result of moving to the cloud. 60 percent
of respondents have reduced their IT team and it helped them focus more on strategy and
innovation than on technology infrastructure. More than 62 percent of companies have also
mentioned that they have reinvested the cost savings into their core business to boost wages and
drive product innovation.

This study clearly indicated the cost savings associated with cloud migration.

Activity

Draw the difference these cloud pricing models and choose the one suitable for small, medium
and large sized organizations. State the reasons for your answers.

3.1.7. Cloud Vendor Interdependence and Governance

Cloud service providers may have partnered with more than one cloud vendor to avail different
services. As a result of this multi-vendor environment there is a lack of clarity and control over
the enterprise data and applications.

The common issues that may arise while integrating the various components of such an
interdependent environment are

Introduction to Cloud Technology 94

Cloud Management Assessing the Cloud

Table no. 3.1.3: List of common issues that arise from cloud vendor interdependence

Problems/Issues Solution

Having a single contract that clearly outlines the

Complexity due to multiple
accountability of cloud operations must be established
contracts
with the cloud provider

The desired service levels and resolution of issues for all

Lack of consistency in quality cloud functions must be promised through a
documented mechanism

A clear understanding interrelationships between

Failure to get the “big picture”
various processes and vendor roles must be achieved

Cloud provider monitoring must be given better

Lack of a holistic security plan for significance and frequency. A set of well-defined
the cloud security metric must be established and induced into the
information security system.

To build a strong enterprise risk management system for your cloud operations, you must perform
a risk assessment before adopting the cloud solution and build a robust cloud governance plan.
This plan must include various aspects of the cloud program such as cloud objectives, risk
assessment and response.

Did you know?

The Commission of Sponsoring Organizations of the Treadway Commission (COSO) has put
forward an ERM framework for building a cloud governance plan. Explore more about this
framework to understand what benefits it offers.

Introduction to Cloud Technology 95

Cloud Management Assessing the Cloud

3.1.8. Selecting the Right Scalable Application

Scalability is one of the most significant advantages of cloud computing. However the scalability
of applications must not compromise with the quality of service offered by the cloud service
provider. An adverse impact on the performance of the cloud due to increased scalability may
lower cost benefits. The software features of the application and its design must be able to support
the scalable architecture of the cloud. When an application is not designed to use system resources
efficiently it tends to underperform and demands much attention that required to achieve the
expected level of performance.

Introduction to Cloud Technology 96

Cloud Management Assessing the Cloud

Summary:

• Cloud computing offers unprecedented advantages to small, medium and large sized
organisations.

• If cloud computing does not seem to apply to your business, there are other options such
as hosted applications and licensed software vendors.

• A number of criteria must be evaluated to make the move to the cloud most profitable.

• Security in the cloud is the largest concern for most organisations. The security and privacy
policies adopted by the cloud service provider must be examined in detail.

• Service level agreements that clearly outline the performance, availability and security of
the solution must be laid.

• Adherence to legal compliances and attention to vendor lock-in situations must be duly
acknowledged.

• Virtualisation forms the foundation of cloud computing and is responsible for delivering
true economic value through the cloud.

• A cost benefit analysis must be performed to justify the move to the cloud before the
decision is made.

• Different factors such as load balancing, right-sizing and pricing models must be
considered during the cost benefit analysis.

• The TCO of the cloud project must be used to project the real benefit of the cloud for any
organisation.

• A multi-vendor cloud environment can cause various complexities such as inconsistency

and lack and quality. Therefore the right measures must be employed in such cases.

Introduction to Cloud Technology 97

Cloud Management Assessing the Cloud

Self-Assessment Questions:

1) Which one of the following is NOT a criteria for evaluating the need for cloud solution?
(a) The extent to which your data is regulated
(b) The IT and corporate structure of your organization
(c) Cost Benefit Ratio
(d) Scalability of existing applications

2) The geographic location of data residing in the cloud is significant to verify

(a) Costs (b) Infrastructure type
(c) Privacy of data (d) Type of technology

3) The base of the cloud stack is made of

(a) IaaS (b) PaaS (c) SaaS (d) Storage

4) The manipulation of hardware to accommodate an economic model of computing is called

(a) Scalability (b) Flexibility
(c) Virtualization (d) Upscaling

5) Which one of the following factors is NOT included in the cost benefit analysis of the cloud
model?
(a) Personnel costs (b) Pricing models
(c) Right Sizing (d) Load Balancing

6) One common precaution to be practiced in a multi-vendor environment

(a) Have a single contract to outline the accountability
(b) Have compensation costs determined
(c) Revise security metric frequently
(d) None of the above

Answers:

Q. No. 1 2 3 4 5 6

Ans (a) (c) (a) (c) (a) (a)

Introduction to Cloud Technology 98

Cloud Management Assessing the Cloud

Activity
Activity Type: Online Time: 30 minutes

Do an online study and find out the hidden costs related to cloud and based on that build a
cloud roadmap for the companies who are adopting cloud to cut the costs and boost profits.

Introduction to Cloud Technology 99

Cloud Management Assessing the Cloud

Bibliography

References

• Agilysys. Cloud vs. Hosted: What’s the Difference? Retrieved November 12, 2015, from
http://news.agilysys.com/hospitality/cloud-vs-hosted-whats-the-difference/
• Amazon. Cloud Licensing Models That Exist Today. Retrieved November 12, 2015, from
https://aws.amazon.com/blogs/aws/cloud-licensing-models-that-exist-today/
• Betanews. Comparing cloud vs on-premise? Six hidden costs people always forget about.
Retrieved November 12, 2015, from
http://betanews.com/2013/11/04/comparing-cloud-vs-on-premise-six-hidden-costs-
people-always-forget-about/
• Big Step. The Proper Way to Compare the Cloud Versus On-Premise. Retrieved November
12, 2015, from http://bigstep.com/resources/cloud-vs-on-premise-tco
• DevCentral. How load balancing impacts the cost of cloud. Retrieved November 12, 2015,
from
https://devcentral.f5.com/articles/how-load-balancing-impacts-the-cost-of-cloud
• ERP Software Blog. No Server! Cloud ERP – It’s Growing Up So Fast. Retrieved
November 12, 2015, from http://www.erpsoftwareblog.com/2013/11/look-ma-no-server-
cloud-erp-its-growing-up-so-fast/
• Foration. The benefits of cloud computing. Retrieved November 12, 2015, from
http://foration.com/benefits-cloud-technologies/
• Google for Work. Small business, big technology: How the cloud enables rapid growth in
SMBs. Retrieved November 12, 2015, from
http://googleforwork.blogspot.co.uk/2014/09/small-business-big-technology-how-
cloud.html?utm_source=linkedin&utm_medium=social&utm_content=nwtgrow_deloitte
• IT News Africa. Cloud vs. Hosted Services, what’s the difference? Retrieved November
12, 2015, from http://www.itnewsafrica.com/2011/04/cloud-vs-hosted-services/
• Long View. Comparing Apples and Oranges (On-Premise vs Cloud Licensing). Retrieved
November 12, 2015, from http://www.longviewsystems.com/comparing-apples-oranges-
premise-vs-cloud-licensing/
• Network Computing. Three Ways to avoid Cloud Cost Overruns. Retrieved November 12,
2015 from http://www.networkcomputing.com/storage/3-ways-to-avoid-cloud-cost-
overruns-/a/d-id/1320845
• Rackspace. Cloudnomics – The Economics of Cloud Computing. Retrieved November 12,
2015 from
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Cloudonomics-
The_Economics_of_Cloud_Computing.pdf

Introduction to Cloud Technology 100

Cloud Management Assessing the Cloud

• Reuters.88 Per Cent of Cloud Users Point to Cost Savings According to Rackspace Survey.
Retrieved November 12, 2013 from http://www.reuters.com/article/2013/02/20/rackspace-
idUSnBw96MVXqa+11c+BSW20130220
• Shared Assessments. Evaluating Cloud Risk for the Enterprise: A Shared Assessments
Guide. Retrieved November 12, 2015, from
http://sharedassessments.org/wp-content/uploads/2012/01/pdf-EnterpriseCloud-SA.pdf
• Tech Target. Cloud computing licensing: Buyer beware. Retrieved November 12, 2015,
from
http://searchcloudcomputing.techtarget.com/feature/Cloud-computing-licensing-Buyer-
beware
• Tech Target. Right-sizing and capacity planning strategies for private clouds. Retrieved
November 12, 2015, from
• http://searchservervirtualization.techtarget.com/tip/Right-sizing-and-capacity-planning-
strategies-for-private-clouds

External Resources

• COSO. (2012). Enterprise Risk Management for Cloud Computing. US: COSO
• Sosinsky, B. (2011). Cloud Computing Bible. US: Wiley Publishing
• Velte, T. (2009). Cloud Computing, A Practical Approach. US: McGrawHill
• Williams, B. (2012). The Economics of Cloud Computing. US: Cisco Press
• Zhao, H. (2013). Resource Management in Utility and Cloud Computing. UK: Springer

Video Links

Topic Link

Cloud Assessment Overview https://www.youtube.com/watch?v=yZ9k-9ARmbA

Cloud Computing Costs and ROI-

https://www.youtube.com/watch?v=bn40KiBk88U
Measuring actual costs

Cloud Vendor Lock-In https://www.youtube.com/watch?v=nW89PL0uCxw

VirtualiSation https://www.youtube.com/watch?v=MnNX13yBzAU

Cloud Cost Cutting https://www.youtube.com/watch?v=5BTqV5WGlBw

Introduction to Cloud Technology 101

 Table of Contents

Chapter 3.2

Selecting Cloud Provider

Page No.

Aim 102

Learning Objectives 102

Learning Outcome 102

3.2.1 Introduction 103

3.2.2 A Brief about Leading Cloud Service Providers 103

3.2.3 Considerations for Selecting the Cloud Solution 104

3.2.4 Business Considerations 105

3.2.5 Data Safety and Security 105

3.2.6 Interoperability, Portability and Integration 106

3.2.7 Service Level Considerations 107

3.2.8 Pricing Structure and Commercial Considerations 107

3.2.9 Hosting Considerations 107

3.2.10 Geographical Considerations 108

3.2.11 Contingency and Recovery Management 108

3.2.12 Ethical and Legal Considerations 108

3.2.13 Scalability and Flexibility 109

3.2.14 Standards and Best Practices 109

3.2.14.(i) Cloud Computing Standards Organisations 109

3.2.15 Understanding the Best Practices 110

3.2.16 Practical Issues to be Considered 111

 Page No.

Summary 112

SAQs 114

Bibliography 116

References 116

External Resources 117

Video Links 117

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Management Selecting Cloud Provider

Aim

To study the criteria involved in selecting the right cloud service provider

Learning Objectives

The objectives of this chapter are to:

• List the selection criteria of cloud providers

• Interpret the best practices used to select cloud service
• Describe various standards for selecting cloud providers
• Explain the practical issues in cloud computing
• Outline the business and commercial considerations while selecting cloud providers

Learning Outcome

On completion of this chapter you should be able to:

• Discuss various selection criteria of cloud providers

• Build awareness about best practices in selecting cloud providers
• Summarize various standards for selecting cloud providers
• Analyse the importance of practical issues in selecting cloud providers
• Explain the significance of business and commercial considerations in selecting cloud
providers

Introduction to Cloud Technology 102

Cloud Management Selecting Cloud Provider

3.2.1. Introduction

Cloud adoption offers major IT and business benefits to any organisation. On the other hand, Cloud
adoption offers some unique and serious security threats and complications. Moving the secure
data of an organisation into the hands of cloud service providers increases the risk of data security,
information theft and hence the organisation may loose its market position to its competitors.

To manage the risk involved, it is better to assess the cloud service provider thoroughly before
utilising their services and allowing them to manage the IT infrastructure. In this chapter you will
study briefly about selecting the right cloud service provider based on the unique requirements of
the business.

3.2.2. A Brief about Leading Cloud Service Providers

The most fascinating fact about cloud computing for CIOs (Chief Information Officers) is the
unprecedented freedom that it brings in. Once the decision to embrace the technology has been
made, organisations begin to enjoy the “no-commitment” working model of the cloud.

While measures pertaining to security, compliance and the likes can be handled through the
journey, the first step towards adopting the cloud starts with evaluating the market options for the
right cloud provider.

The cloud industry today has a tantalising array of cloud vendors offering IaaS, PaaS and SaaS
solutions. Before we begin exploring the various criteria to be satisfied by cloud service providers,
let us have a look at the top most players in the industry:

Introduction to Cloud Technology 103

Cloud Management Selecting Cloud Provider

Table no. 3.2.1: Top Cloud Service Providers

Name of the Provider Explanation

Amazon Web Services The market leader is offering IaaS services

Microsoft Azure provides both PaaS and IaaS. It closely

Microsoft
follows Amazon and has more than 40% growth rate
The cloud storage solution for both structured and
Google
unstructured data

Salesforce.com SaaS CRM solution

Red Hat OpenShift Open Source PaaS provider

From Java to Python, this PaaS provider supports all

Heroku
programming languages.
IBM is a late entrant to the cloud space in 2014 with
IBM
Bluemix & Softlayer combo.

3.2.3. Considerations for Selecting the Cloud Solution

Migrating to the cloud is a major move for any organisation. It impacts all stakeholders including
the employees, the clients, the executive team and the cloud service provider. So, its extremely
important to consider all the relevant factors before moving to the cloud. The most important ones
are:

• Business considerations
• Data safety and security
• Interoperability, portability and integration
• Service level considerations
• Pricing and commercials
• Hosting and geographical considerations
• Contingency and recovery management
• Ethical and legal considerations
• Scalability and flexibility considerations

Throughout this chapter, we will discuss in detail about all these considerations.

Introduction to Cloud Technology 104

Cloud Management Selecting Cloud Provider

3.2.4. Business Considerations

Organisations move to the cloud to overcome certain inefficiencies and achieve higher operational
parameters. If the cloud vendor is too focused only on delivering technical outcomes, chances are
that they may not really understand the business needs of an organisation. Such a partnership that
fails to deliver services streamlined to business objectives becomes meaningless.

If you are an organisation in a specific market vertical such as healthcare, banking or retail, it is
recommended to choose a cloud service provider with vast experience and expertise in the same
industry. Such niche providers deliver optimum results even while playing along with other cloud
partners of the organisation.

3.2.5. Data Safety and Security

One of the biggest concerns while moving to the cloud is the security of data that resides in the
infrastructure of the cloud service provider. Working with a trusted cloud service provider is the
key to managing the various security issues that arise within the cloud. While choosing a cloud
service vendor, organisations must consider the following parameters:

• Regulatory Compliance
• Segregation of data in multitenant environments
• Data Recovery
• Access Privileges (Logical and Physical)
• Portability of data for business continuity
• Data Provenance
• Monitoring and Reporting
• Network security
• Data Encryption

The cloud service provider must address each of these criteria with solutions that are in adherence
with the requirements of the business as well as the industry. Additional evaluation measures that
reflect the unique demands of an organisation must also be considered while selecting the right
cloud service provider.

Introduction to Cloud Technology 105

Cloud Management Selecting Cloud Provider

3.2.6. Interoperability, Portability and Integration

Interoperability is the term used to explain the degree to which different systems or components
work together without any glitches. According to IEEE and ISO, interoperability can be defined
as the ability of two or more systems or applications to exchange information and mutually use the
information that has been exchanged. In cloud computing, interoperability can be understood as
the capability of diverse systems to understand the application and interface, authentications,
configurations, data formats etc., between public, private and hybrid clouds. This capability helps
all the systems to cooperate and interoperate to work seamlessly.

Google authentication can be stated here as an excellent example for interoperability. Regardless
of the device that the user has, all the Google applications share and access authentication data
within themselves in a seamless manner. A user can login to Gmail from a particular device and
can use all the Google services like YouTube, PlayStore, Google Docs, Google Drive etc. without
having to login again and again. Its enough for the user to login to any one of the applications. The
data will be shared by all the other apps. This helps the apps to interoperate seamlessly without
any glitches.

The ability to move an entity between different systems seamless to be used on the target system
is termed as Portability. The entity could be data or application. Data stored in a particular database
should be usable by many systems without the need to re-enter data. This can be achieved by using
a common data format for sharing between different services. The syntax and semantics of the data
are to be the same for ease of portability. XML is a common format used for data portability
universally and it works really well with multiple systems. Application portability can be defined
as the ability to transfer a particular application and/or its components between different cloud
services. The application should have the ability to be recompiled and relinked to ensure ease of
portability. Application Program Interfaces (APIs) are universally used routines, protocols and
tools to make application portability easier. A good API contains all building blocks of that
application to be recompiled and relinked by different systems.

YouTube API is a classic example. It lets developers and users integrate YouTube videos and
relative functionalities into websites or applications seamlessly. Usually YouTube APIs include
the building blocks for Analytics, Live Streaming, Data Capture, YouTube Player and ClickStream
data. Anybody with an embed link (provided by YouTube) can easily integrate the YouTube video
in their website (or) blog. It seamlessly ports all the necessary data and the application as a whole
- across different hosting platforms.

Introduction to Cloud Technology 106

Cloud Management Selecting Cloud Provider

3.2.7. Service Level Considerations

When determining the service level of a cloud vendor, there are essentially three factors to be
considered, availability, performance and reliability. Availability of the service is determined by
the number of “nines” mentioned in the SLA. Cloud service providers generally promise their
availability by a guaranteed uptime of 99.9 or 99.999% uptime for an entire year.

While availability of the service is crucial, the speed at which it handles the business-critical
operations has a direct impact on the business outcome. The reliability of a cloud vendor is
determined through its transparency in operations. The cloud contract must include information
pertaining to frequency of backups, fault tolerance rate, provider response in case of outages and
prior information about scheduled downtimes for maintenance tasks. While the exact location of
the data center may not be revealed, the country or region where the data resides must be known
for regulatory and legal purposes.

3.2.8. Pricing Structure and Commercial Consideration

The pricing structure is one of the major deciding factors for start-ups as well as enterprises looking
to move to the cloud. A transparent cost structure that includes both one-time costs as well as
ongoing costs must be presented by the cloud service provider. The pricing offered by a vendor
may depend upon a number of factors like security level, storage space and so on. In any case the
pricing must be flexible and must not carry any hidden costs. A historical review of the prices
offered by cloud service providers may offer some standard insights about their cost structure and
organisations must always ensure that the comparison made between different vendors is strictly
apples-to-apples.

3.2.9. Hosting Considerations

Do you have the budget for a private cloud? Is your data suitable for the public infrastructure? Is
hybrid cloud the right solution for your storage needs? There are several questions that arise while
choosing the right cloud solution for your business needs. Organisations must pick the cloud
vendor based on their hosting expertise and ensure that it matched with their cloud requirements.

For instance, a large or medium sized enterprise looking to move its infrastructure to the cloud,
can consider AWS, which is hands-down the best provider in this market space. The same
organisation must realise that for the expertise of PaaS platform is must look elsewhere.

Introduction to Cloud Technology 107

Cloud Management Selecting Cloud Provider

3.2.10. Geographical Considerations

Your cloud service provider may carry your data across multiple locations in various geographic
regions to mitigate risks such as localised outages, service latency and increased costs. Enterprises
must learn about the different locations of their data as the laws governing the storage and use of
data vary with different jurisdictions.

Additionally, certain locations may also violate certain regulatory requirements and cause serious
threats to data security. Organisations that wish to limit the geographic location on any of the above
basis must practice care while choosing their cloud service provider.

While contractual agreement and pre-engagement scrutinising are the common measures to limit
the geographic boundaries of data, enterprises must obtain a clearer insight into the technical
controls such as cryptography to ensure maximum protection against such considerations.

3.2.11. Contingency and Recovery Management

The cloud is very vulnerable and disaster recovery for applications hosted in the cloud must not
be assumed as an inherent feature in the architecture of the cloud host. Due diligence for disaster
recovery (DR) must be implemented by the client organisation just like it would be performed for
their own in-house infrastructure.

The cloud vendor must be prepared to share its literature that explains the various data protection
solutions in detail. The client must look for the DR features enclosed within the base price and
have a thorough understanding of the vendor’s backup capabilities. Other significant elements to
be considered while picking a cloud service provider are DR contingencies, location of the data
center, links with the recovery destinations and data center hardening features. In short, the cloud
service provider must work hand-in-hand with the IT managers to assess risks, determine
requirements and architect the desired DR solution at the least possible cost.

3.2.12. Ethical and Legal Considerations

Did you know that the data hosted in the cloud can be scrutinised directly by the government for
regulatory and compliance issues? Did you know that your clients can get the lawsuits flying for
the failure of security and privacy promises made by your cloud service provider? Cloud
computing comes with significant ethical and legal considerations and organisations must
acknowledge them to have a smooth relationship with the service provider and to ensure there is
no financial loss in the form of legal penalties.

Introduction to Cloud Technology 108

Cloud Management Selecting Cloud Provider

3.2.13. Scalability and Flexibility

With time organisations grow and so do their storage needs and number of IT staff. The cloud
service provider must be able to scale up to accommodate the additional storage requirements and
add the new users into the system with no difficulty. Alternatively, the services must also be able
to scale down resources when the organisation is passing through a lull. Such dynamic scaling of
resources makes businesses highly agile in the competitive environment.

Every workload within an organisation is unique and demands a different configuration and
delivery parameters. The right cloud service provider must be able to provide a large range of
options pertaining to security, resilience as well as performance such that the organisation can
customise its needs and pay the cost of usage at the workload level.

3.2.14. Standards and Best Practices

Cloud computing delivers a fine set of benefits but however has certain risks involved. With
standard practices that have proved to mitigate risks and enhance the chances of cloud success, the
move to the cloud can turn out to be a real game-changer for any organisation.

3.2.14.(i). Cloud Computing Standards Organisations

There are lot of cloud computing standards organisations and informal groups that are dedicated
to address various standards issues that arise in any cloud environment. These groups have defined
various guidelines and best practices to help interoperability and portability of data and
applications. Some of the well known organisations are as follows.

• National Institute of Standards and Technology (NIST), United States.

• Cloud Security Alliance
• Open Grid Forum (OGF)
• The Object Management Group (OMG)
• Cloud Computing Interoperability Forum (CCIF)
• Distributed Management Task Force (DMTF)
• Storage Networking Industry Association (SNIA)
• Open Cloud Consortium (OCC)

Introduction to Cloud Technology 109

Cloud Management Selecting Cloud Provider

3.2.15. Understanding the Best Practices

Some of the best practices of cloud implementation are as follows.

Best Practice #1
Choose the right cloud service provider

With the checklist outlined in the first section of this chapter, making the right vendor choice
becomes easy for any organisation. Assess their availability, performance and security measures
well before you start working with them and focus on crafting a foolproof SLA.

Best Practice #2
Adopt a phased-in approach

While moving to the cloud, organisations literally share their right of control over their data with
the cloud vendors. While this may be a difficult decision to make, using the phased-in approach
can reduce the mental stress caused due to physical relocation of data. In this approach, the
organisation moves data to the cloud only in parts rather than putting the whole thing into the
cloud.

Best Practice #3
Leverage the goodness of the cloud with creativity

Cloud offers an unprecedented level of flexibility and scalability to enterprises. IT managers and
administrators must leverage the power of cloud creatively to derive the best benefits from the
cloud investment.

Best Practice #4
Audit to ensure better security in the cloud

Regular assessment of problems, compliance of policies set earlier and identification of required
upgrades must be performed to ensure the highest level of security for the cloud system. Audit
tools are available to perform these functions and the right ones must be organisation.

Best Practice #5
Keep data closer to lower latency and costs

Placing data as close as possible to the compute and processing resource reduces latency.
Additionally, this practice also reduces the cost of shipping data as organisations pay for the
bandwidth used in the cloud.

Introduction to Cloud Technology 110

Cloud Management Selecting Cloud Provider

3.2.16. Practical Issues to be Considered

Once you have chosen the right cloud vendor and equipped yourself with the right expertise for
the cloud, here is a list of practical issues (as discussed in chapter 3.1) to be remembered to make
the cloud journey as smooth as possible.

• Proper negotiation of Service Level Agreement

• Vendor Lock - In
• Change in organisational culture
• Compliance and security of data
• Commercial implication of shipping large volumes of data
• Integration of the cloud into the existing system

Introduction to Cloud Technology 111

Cloud Management Selecting Cloud Provider

Summary:

• Partnering with the right cloud service provider offers a significant range of benefits.

• The cloud industry today has a tantalising array of cloud vendors offering IaaS, PaaS and
SaaS solutions.

• To choose the right cloud service provider, organisations must acknowledge the following
parameters

 Business Considerations: The cloud vendor must be technically advanced and also be
able to understand the specific business needs of the client.

 Data Security and Safety: Working with a trusted cloud service provider is the key to
managing the various security, compliance and regulatory issues that arises within the
cloud.

 Service Level Considerations:When determining the service level of a cloud vendor,

there are essentially three factors to be considered, availability, performance and
reliability

 Pricing Structure and Commercials: The pricing offered by a vendor may depend
upon a number of factors like security level, storage space and so on. In any case the
pricing must be flexible and must not carry any hidden costs

 Hosting Considerations:Organisations must pick the cloud vendor based on their

hosting expertise and ensure that it matched with their cloud requirements.

 Geographical Considerations: Compliance and regulatory demands for data changes

with different geographic locations. Your cloud service provider must adhere to these
changes and protect data in any given location.

 Contingency and Recovery Management:As important as it is to choose the cloud

service provider with the right DR solution, it is very critical to keep track if the DR
functions are functioning as promised. Organisations are recommended to conduct
annual audits to ensure that the DR process is in line with the evolving business.

 Ethical and legal considerations:Cloud computing comes with significant ethical and
legal considerations and organisations must acknowledge them to have a smooth

Introduction to Cloud Technology 112

Cloud Management Selecting Cloud Provider

relationship with the service provider and to ensure there is no financial loss in the form
of legal penalties.

 Scalability and Flexibility: The cloud service provider must be able scale up to
accommodate the additional storage requirements and add the new users into the
system with no difficulty.

• With standard practices that have proved to mitigate risks and enhance the chances of cloud
success, the move to the cloud can turn out to be a real game-changer for any organisations.

Introduction to Cloud Technology 113

Cloud Management Selecting Cloud Provider

Self-Assessment Questions:

1) The market leader in offering IaaS solutions is

(a) Google (b) Rackspace (c) Amazon (d) IBM

2) Cloud service providers may transfer data from geographic location to another because
(a) It is a part of the cloud computing model
(b) To avoid localized outages
(c) To explore the regulations in other regions
(d) Data is not transferred to other locations

3) Keeping data closer to the compute elements eliminates

(a) Security Issues (b) Privacy Risks
(c) Latency (d) Need for encryption

4) The three factors to be considered while evaluation the service of a cloud vendor are
(a) Cost, Privacy, Security
(b) Cost, Performance, Security
(c) Privacy, Availability, Reliability
(d) Performance, Availability and Reliability

5) Scalability of the cloud solution refers to

(a) Flexible costs
(b) Accommodate requirements depending upon demand
(c) Move data to any geographic location for safety
(d) Mitigate risks by scaling resources up and down

6) Which one of the cloud service offers data storage for students?
(a) Microsoft Office (b) Gmail (c) Google Drive (d) Amazon AWS

Answers:

Q. No. 1 2 3 4 5 6

Ans (c) (b) (c) (d) (b) (c)

Introduction to Cloud Technology 114

Cloud Management Selecting Cloud Provider

Activity

Activity Type: Online Time: 30 minutes

Make a list of 10 questions which you will ask to choose a cloud provider. Furnish the
evidence in respect to each question which would be convincing to you.

Introduction to Cloud Technology 115

Cloud Management Selecting Cloud Provider

Bibliography

References

• Amazon Web Services. Architecting for the Cloud: Best Practices. Retrieved November
8, 2015, from https://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf
• CIO. Cloudnomics: The Economics of Cloud Computing. Retrieved November 8, 2015,
from http://www.cio.com/article/2419604/virtualization/cloudnomics--the-economics-of-
cloud-computing.html
• Cloud Computing Admin. Selecting a Cloud Provider. Retrieved November 8, 2015,
from http://www.cloudcomputingadmin.com/articles-tutorials/architecture-
design/selecting-cloud-provider-part3.html
• Cloud Technology Partners. How do you select the best cloud provider? Retrieved
November 8, 2015, from http://www.cloudtp.com/insights/cloud-computing-
webinars/how-do-you-select-a-cloud-provider/
• Cognizant. Cloud Disaster Recovery: Five Key Steps to Avoid Risk and Protect Your
Data. Retrieved November 8, 2015, from
http://www.cognizant.com/InsightsWhitepapers/Cloud-Disaster-Recovery-Five-Key-
Steps-to-Avoid-Risk-and-Protect-Your-Data.pdf
• Freeform Dynamics. Applied Cloud Computing. Retrieved November 8, 2015, from
Frost & Sullivan. http://www.freeformdynamics.com/pdf/10-10-Applied-Cloud-
Computing.pdf
• Tips for choosing a cloud service provider. Retrieved November 8, 2015, from
http://www-
935.ibm.com/services/us/leveragingit/SmartCloud_Choosing_a_Provider_IBM.pdf
• Leigh University. Guide for Evaluating Service & Security of Cloud Service Providers.
Retrieved November 8, 2015, from http://lts.lehigh.edu/services/explanation/guide-
evaluating-service-security-cloud-service-providers
• Tech Target. Storing data in the cloud: Addressing data location security issues.
Retrieved November 8, 2015, from http://searchcloudsecurity.techtarget.com/tip/Storing-
data-in-the-cloud-Addressing-data-location-security-issues
• Tech Target. Understanding cloud computing pricing. Retrieved November 8, 2015, from
http://searchcloudcomputing.techtarget.com/tutorial/Understanding-cloud-computing-
pricing
• TechTarget. Top considerations for choosing a cloud provider. Retrieved November 06,
2015, from http://searchcloudcomputing.techtarget.com/feature/Top-considerations-for-
choosing-a-cloud-provider

Introduction to Cloud Technology 116

Cloud Management Selecting Cloud Provider

External Resources

• Aljawarneh, S. (2015). Advanced Research on Cloud Computing Design and Applications.

Jordan: IGI Global
• COSO. (2012). Enterprise Risk Management for Cloud Computing. Durham: COSO
• Haider, A (2014). Business Technologies in Contemporary Organizations: Adoption,
Assimilation and Institutionalization. Australia: IGI Global
• Velte&, Toby,. (2009). Cloud Computing, A Practical Approach. US:McGrawHill
• Waising, A. (2012). Distributed Computing Innovations for Business, Engineering and
Science. US: IGI Global

Video Links

Topic Link
The SumAll and Rackspace Story:
https://www.youtube.com/watch?v=7yZxXGKkduI
Case Study
Cloud Computing Companies and
https://www.youtube.com/watch?v=996Vn8GOvjs
Services - What to look for?

Data Privacy in the Cloud https://www.youtube.com/watch?v=NUT-fuRPm_M

Addressing the Top Five Cloud

https://www.youtube.com/watch?v=YqDU1Twzfi8
Security Challenges
Cloud Computing and the Service
https://www.youtube.com/watch?v=qX3jTM3dbN8
Provider

Introduction to Cloud Technology 117

 Module 4

Cloud Computing Controls

Chapter 4.1 : Governance in Cloud

Chapter 4.2 : Legal Issues in Cloud Computing

 Table of Contents

Chapter 4.1

Governance in Cloud

Page No.
Aim 118
Learning Objectives 118
Learning Outcome 118
4.1.1 Introduction 119
4.1.2 What is Cloud Governance? 119
Organisations and Groups that Focus on Addressing
4.1.2.(i) 119
Standard Issues
4.1.3 Need for Cloud Governance 120
4.1.4 Cloud Governance in Enterprise 121
4.1.4.(i) Access Controls 121
4.1.4.(ii) Financial Controls 122
4.1.4.(iii) API (Application Program Interface) Integration 122
4.1.4.(iv) Logging and Auditing 122
4.1.4.(v) Key Management and Encryption 122
4.1.5 Cloud Governance – High Level Requirements 123
4.1.6 Important Aspects in Cloud Governance 123
4.1.6.(i) Key Dimensions of Cloud Governance 123
4.1.6.(ii) Activities in Cloud Governance 124
4.1.7 SPOT Framework 125
4.1.8 Cloud Governance for Different Delivery Models 127
4.1.8.(i) Private Cloud Governance 128
4.1.8.(ii) Public Cloud Governance 128
4.1.8.(iii) Hybrid Cloud Governance 128
4.1.8.(iv) Community Cloud Governance 129
 Page No.
4.1.9 Cloud Governance Solutions 129
4.1.10 IT Disintermediation 130
4.1.10.(i) Avoiding Disintermediation : IT Org of the Future 131
4.1.10.(ii) New Role of IT Leadership 132
4.1.11 Cloud Centric IT Leadership Principles 132
Summary 134
SAQs 135
Bibliography 137
References 137
External Resources 138
Video Links 138

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Controls Governance in Cloud

Aim

To study the various dimensions and significance of cloud governance

Learning Objectives

The objectives of this chapter are to:

• List the various standard organisations and groups that focus on addressing standard
issues in regards to the cloud environment
• Describe the significance of IT governance in cloud computing
• Explain cloud governance solution

Learning Outcome

On completion of this chapter you should be able to:

• Discuss how cloud computing standard organisations and groups ensure that different
providers are able to work together
• Explain the impact of cloud computing on corporate IT governance
• Summarise the importance of cloud governance solution

Introduction to Cloud Technology 118

Cloud Computing Controls Governance in Cloud

4.1.1. Introduction

Cloud computing, one of the rapidly growing technologies, has gained its entrance in almost all
big companies. Day by day the cloud is becoming bigger and vast. The computing resources, as
well as the people working in the cloud, are increasing. This pays the way for governance in cloud
in the organisation. All the resources in the cloud are to be regulated so that the people involved
or affected by the cloud directly or indirectly are benefitted and the tasks that happen to the cloud
are monitored properly. Cloud governance is important because a well-governed organisation has
a high probability of sustaining business and retaining the position in the industry. In this chapter,
you will learn about the cloud governance.

4.1.2. What is Cloud Governance?

Cloud Governance can be defined as the set of policies or principles that act as the guidance for
the adoption, use and management of cloud technology services. Cloud governance is an ongoing
process that must sit on top of existing governance models. Cloud governance can be compared to
an insurance policy which does not prevent disaster but instead lays the path to easy recovery in
case of a catastrophe.

Did you know?

Microsoft defines cloud governance as “defining policies for the management of cloud
availability, security, location, privacy and compliance and tracking them at run time when
applications are running.”

4.1.2.(i). Organisations and Groups that Focus on Addressing Standard Issues

There are lot of cloud computing standard organisations and informal groups that are dedicated to
address various standards issues that arise in any cloud environment. These groups have defined
various guidelines and best practices to help interoperability and portability of data and
applications. Some of the well-known organisations are as follows:

• National Institute of Standards and Technology (NIST), United States.

• Cloud Security Alliance
• Open Grid Forum (OGF)
• The Object Management Group (OMG)
• Cloud Computing Interoperability Forum (CCIF)

Introduction to Cloud Technology 119

Cloud Computing Controls Governance in Cloud

• Distributed Management Task Force (DMTF)

• Storage Networking Industry Association (SNIA)
• Open Cloud Consortium (OCC)

4.1.3. Need for Cloud Governance

Ever since the cloud technology has turned into a mainstream IT resource, security and compliance
have been its major issues. Not every cloud deployment sees success and not every cloud project
yields the desired results for its organisation. However, most IT decision makers have come to
terms with the fact that when coupled with the right tools and strategies, cloud usage can surpass
the security offered by in-house legacy applications and emerge as a true game changer. Cloud
governance plays a vital role in this capability. By implementing cloud governance, organisations
can avoid the following issues:

• Security and privacy risks: Which may arise due to unauthorised downloads /
installation of software, storage of illegal data and access to restricted sites by users.

• Vendor lock-in: Many vendors opt for this, as this clause creates organisations to depend
on the cloud service provider (or vendor) for products and services. The clause is usually
made part of the agreement, and as a result, it prevents the organisations to bring in another
vendor to work on different modules, for a specific period of time. This can be avoided by
making changes to the SLA suitably and reduce dependencies on a single vendor, thus
ensuring freedom to the organisation.

• Cloud Sprawl: Happens when employees of different departments use different

programs and cloud infrastructure from third party providers without involving the IT
department and getting necessary approvals. Employees usually utilise free cloud services
like Google Drive, Dropbox etc. for many of their official work as it is free and there is not
much of approvals required. If not detected and restricted, crowd sprawl may lead to
fragmented, redundant, inefficient and unmanaged cloud programs sitting on the enterprise
cloud and unnecessarily creating troubles.

• Shadow IT and unwarranted usage of cloud resources: Happens when employees

in various departments don't follow the rules and regulations as imposed by the IT
department on cloud usage resulting in security breach and fragmented control throughout
the organisation. This leads to not getting sufficient results from the cloud in the long run.

• Lack of data portability and interoperability: Happens when the cloud service
provider or the inbuilt cloud infrastructure is incapable of connecting well with other

Introduction to Cloud Technology 120

Cloud Computing Controls Governance in Cloud

software and products outside the organisation. This may also lead to modules not
compatible with each other and hence chaos in the cloud due to inefficient system.

4.1.4. Cloud Governance in Enterprise

Figure 4.1.1 shows various aspects of cloud governance in any enterprise, which we will discuss
in the following sections.

Fig. 4.1.1: Cloud Governance in an Enterprise

4.1.4.(i). Access Controls

In order for a cloud application to work seamlessly, it is very essential to avoid multiple employees
making changes (or) modifications at the same instance. Instead of providing access to the whole
IT team, it is good to limit access to a specific people (or) specific team. All others can have their
modifications done to the application through raising requests to the specific set of individuals. In
some enterprises, they have implemented role based security model. Here, the roles would be
super-administrators, administrators, developers, managers and employees. Different roles would
have different access levels. For example, super-administrators (or) super-admins would have
complete access to everything – including the ability to assign administrator roles to people.
Managers might only have approval rights for specific team related requirements. They might have
limited access to specific modules related to their team (or) department - in the application. Thus,
by limited access, all the cloud based assets can be effectively controlled and managed.

Introduction to Cloud Technology 121

Cloud Computing Controls Governance in Cloud

4.1.4.(ii). Financial Controls

Implementing financial controls helps organisations having lot of teams and cloud based projects
running in parallel. The Finance team would allocate specific budgets to each cloud based project
based on the scope and requirements. Some of the cloud based applications might have high
Infrastructure and Software requirements and hence the finance team has to allocate bigger
budgets. This holds true for high impact projects, mission critical projects and projects carried out
for premium clients of the organisation. Multi-national corporations have implemented effective
governance measures to track the budgets for each and every project in the cloud and effectively
control the spending based on periodic reviews on a monthly, quarterly or yearly basis.

4.1.4.(iii). API (Application Program Interface) Integration

API integration becomes important when the cloud based application (or) infrastructure is to be
shared with other applications developed by third-party developers outside the organisation for
various business reasons. Necessary protocols and policies are to be communicated while the API
is shared with the public. Strict regulations have to be implemented to provide restricted access to
outsiders.

4.1.4.(iv). Logging and Auditing

Almost all corporations log every activity across the private, public and hybrid clouds. Activities
like changes to code, changes to database, addition (or) modification (or) edits done to a specific
application are all tracked and logged. These log files are audited regularly by system
administrators and quality assessment professionals to ensure everything is executed as per the
Cloud Governance policies. Any discrepancies are monitored and necessary corrective measures
are taken. The Sony PlayStation Network hack that happened in 2011 came to limelight when
system administrators did periodic audit of the log files. They figured out malicious activities that
were logged in the activity log and hence went on to track the whole hacking attack.

4.1.4.(v). Key Management and Encryption

Few corporations have achieved excellence in implementing Cloud Governance across their
geographies. One of the unique security architecture found to be implemented in such corporations
enforces separation of roles through sophisticated algorithms running independently. These
independent algorithms guards all the security keys and credentials across the cloud based
applications. They don't essentially run on the same servers where actual applications are hosted
and hence, they have no access to confidential data. That means, the servers and storage capacity
of such corporations contain all the confidential and non-confidential data in an encrypted format

Introduction to Cloud Technology 122

Cloud Computing Controls Governance in Cloud

– but encryption keys are operated and managed by independent algorithms available outside these
servers. This not only makes Cloud Governance efficient, but also provides high security levels
and avoids security breach and data theft during hacking attacks.

4.1.5. Cloud Governance – High Level Requirements

While most definitions of cloud governance focus only on its policy creation and management
functions, the scope of cloud governance covers much more than that. Cloud governance is a way
of managing relationships with cloud service providers and has a direct connection to high level
business strategy. A good cloud governance model must satisfy the high level requirements such
as:

• What business goals must be achieved through implementation of the cloud strategy?
• What key performance indicators can be used to measure these business goals?
• Has a solid business case been defined for moving to the cloud?
• How will ROI be calculated?

In short, cloud governance does not just end with establishing a few rules about cloud decision
making but lays the foundation to achieve the desired business goals through cloud
implementation.

4.1.6. Cloud Governance Activities

As cloud modelling and architecture gains momentum, organisations must be very explicit with
their model of cloud governance. The cloud governance lifecycle model must be representative of
the fact that cloud governance is a multi-dimensional discipline and must not be restricted to the
runtime operations alone. Cloud governance takes on a significant role in the cloud strategy of an
organisation. Cloud activities can be categorised along five dimensions as given below.

4.1.6.(i). Key Dimensions of Cloud Governance

As mentioned earlier, cloud governance has several dimensions to it and the lifecycle model is
representative of the key aspects. Each of the five dimensions of cloud governance is defined by a
set of activities which are aimed towards achieving the highest level of performance from the
cloud. These dimensions include:
• Cloud Strategy and Planning
• Architecture, Design and Deployment of Cloud
• Cloud Acquisition and Contracting

Introduction to Cloud Technology 123

Cloud Computing Controls Governance in Cloud

• Provisioning and Management of Resources

• Contingency Planning and Provider Management

4.1.6.(ii). Activities in Cloud Governance

Every dimension within the cloud governance lifecycle model is defined by a set of governance
activities. The table below illustrates the mapping of these activities to their respective dimension
in cloud governance lifecycle model.

Table no. 4.1.1: Activities in Cloud Governance

Dimension Activities
1) Planning the Cloud Strategy
2) Define the cloud business case
Cloud Strategy and Planning 3) Launch the cloud pilot program

4) Based on the results say “go or no-go” to the cloud

Architecture, Design and
Deployment of Cloud
Cloud Acquisition and
Contracting
program. If yes, move to next dimension.
1) Determine the cloud architecture and standards
2) Cloud Solution Design is drawn
3) The cloud security model is determined based on
organisational needs and the data used.
4) Cloud integration is planned
5) QA & Testing is performed.
1) The cloud solution is chosen and the cloud vendor
expertise in that particular area is picked
2) Cloud contracts are drawn
3) The terms and conditions of the SLA are scrutinised. QoS
is determined.
4) Cloud Deployment or Cloud Onboarding
5) Cloud access and usage terms are defined.

1) Once the cloud operations begin, capacity planning for the

Provisioning and resources must follow up quickly
Management of Resources
2) Provisioning of resources

Introduction to Cloud Technology 124

Cloud Computing Controls Governance in Cloud

3) Billing and Metering activities

4) Overall monitoring of the cloud performance
5) Cloud is supported through relevant changes and
operations
6) Maintenance and Sustainment activities are performed.
1) Cloud Contingency Planning
2) Cloud Bursting
Contingency Planning and
3) Switching Cloud Provider
Provider Management
4) Migrating high risk applications from public to private
5) Off-boarding the cloud.

Did you know?

Cloud bursting happens when applications cannot be satisfied by the resources in the internal
data centre and makes use of the public cloud resources to handle spikes in demand.

4.1.7. SPOT Framework

Cloud governance does not belong to the IT department or it is not just a document that outlines
the policies to be considered while on boarding the cloud. It demands a more holistic approach to
achieve the desired benefits and involves a number of professionals within the organisation. The
SPOT framework of cloud governance enables easy understanding of how cloud governance can
be established in an organisation.

Introduction to Cloud Technology 125

Cloud Computing Controls Governance in Cloud

Fig. 4.1.2: The SPOT Framework of Cloud Governance

SPOT stands for-

S- Stakeholders and Scope

Like the SOA governance, cloud governance also demands stakeholder and decision authority
enablement. For instance, who is held accountable for the deployment of cloud? Who makes
decisions on the procurement of cloud solutions? The cloud governance committee must be formed
with the participation of employees from different departments such as IT, compliance, legal,
audit, the particular line of business and risk management.

P-Policies and Processes

The “Policies and Process”’ part of the framework refers to defining and mapping of each
governance policy and process to their respective dimension in the cloud governance lifecycle
management. Legal contracts, SLA management, architectural processes and fault alerts are some
of the processes established through this component of the SPOT framework.

Introduction to Cloud Technology 126

Cloud Computing Controls Governance in Cloud

O – Organisations

Cloud governance is an expense and a massive task for any organisation. Determining the different
bodies that can undertake various responsibilities of cloud governance is an easier approach to
achieving better results. This includes,

The Executive Team that takes care of the end-to-end operations of the cloud.

The Operations Team takes responsibility of all routine cloud activities with a special attention to
resource management.

The Cloud Working Group is in charge of all activities such cloud pilot and R&D established
before the adoption of cloud.

The Consumer Stakeholder Board is responsible for all activities needed to steer the cloud adoption
process. Examples include pricing, accounting and so on.

T – Technologies and Tools

The field of cloud governance has a vast range of proven techniques and tools that must be
deployed during various stages of the governance lifecycle. Some of the common tools used by
enterprises are cloud contract tools, cloud management and monitoring tools and cloud services
portfolio.

4.1.8. Cloud Governance for Different Delivery Models

Cloud computing comes in three different forms, public, private and hybrid. Depending upon the
type of data used, different levels of security and regulatory measures must be practised.

Group Activity

Form groups of three and list the three different cloud delivery models. Take turns to
define each model and explain how they differ from one another.

Introduction to Cloud Technology 127

Cloud Computing Controls Governance in Cloud

4.1.8.(i). Private Cloud Governance

Lower security concerns are the main reasons why organisations favour the private cloud over the
public setup. However this does not guarantee a license to completely ignore governance. The
private cloud also faces some serious threats such as compliance and regulatory issues, viability
of existing security tools with expanding operations and outlining service levels. Private cloud
governance includes:

• Determining the service level agreements, QoS and incentive models of returning to the
cloud.

• Chargebacks, cost recovery models and charges for service models.

• Provisioning of resources to teams within the organisation.

• Moving certain legacy capabilities to the cloud environment.

4.1.8.(ii). Public Cloud Governance

The most important aspect of concern in a public cloud environment is security. Cloud governance
in the public cloud must greatly focus its attention towards on delivering cloud benefits through a
wide maze of security and privacy issues. Important parameters covered by public cloud
governance are,

• Business continuity in case of a disaster.

• Defining the cloud contract terms with the highest chances of recovery in case of failure.

• Integration of cloud resources with the internal capabilities of the organisation.

• Portability of data and interoperability.

• Establishing the QoS.

4.1.8.(iii). Hybrid Cloud Governance

When opting for the hybrid model of cloud computing, your data governance strategy must be
reconsidered. Ideally your data resides in the private cloud from where the public cloud gains
access through fast links. In the absence of these links, the governance strategy must be secured to
mitigate the potential risks. The governance strategy of the public cloud service providers must be
evaluated and the one most suitable must be chosen. The private cloud which is secured by firewall

Introduction to Cloud Technology 128

Cloud Computing Controls Governance in Cloud

must be co-located with a public cloud and they must be connected through LAN. Engage
stakeholders effectively, keep all governance policies simple and understand your data before
moving into the hybrid environment.

4.1.8.(iv). Community Cloud Governance

Collaboration between teams or organisations are enabled better by community cloud as there is
an absolute possibility of high transparency in community cloud which may or may not be suitable
for an organisation or a team.A community cloud has higher impact when it comes to data security.
Hence, it is good to have better community guidelines to manage a community cloud.

If the community cloud is used in the organisation then, the cloud experts advise, there should be
a tight control over the access that is provided to different members in the community cloud. It is
always good to have restricted or controlled access provided to different members in the
community cloud, no matter if it is hosted on-premises or by a third party service provider.
Multiple authentication systems are to be given according to the privileges of the data a community
member can access. This method has to be followed across the community members of a particular
organisation or the set of organisations connected. To access the resources many organisations set
up a process of hierarchy which is to be followed by all the community members. Authentication
mechanism for getting access to the resources is also included in the process of hierarchy.

For potential security breach and addition or deletion of the existing members, the community
cloud has to be investigated after a particular decided period by the organisation. A well
investigated and moderated community cloud would be safe, secure and will allow better
collaboration between the members.

4.1.9. Cloud Governance Solutions

As the need to carefully handle the complex IT systems and services in enterprises increase, the
significance of cloud governance also increases. The enterprise governance solution will comprise
of the following measures:

• Access Controls: Deploy role-based access control (RBAC) to accommodate specific

levels of access across the design, development and QA teams. Apply access limitations to
cloud resources for both internal and external teams. The internal policies practiced thus
far can be extended to the cloud. The clients in a multi-tenant environment must be clearly
separated with no interdependencies.

Introduction to Cloud Technology 129

Cloud Computing Controls Governance in Cloud

• Financial Controls: Tracking cloud expenditure can be done by recording the cost
involved each time a new resource is provisioned across the cloud. The cost can be limited
when a hard cap is reached.

• Key Management and Encryption: While the encrypted data stays with the service
provider, access to the encryption key, credentials and other security keys must be
restricted.

• Logging and Auditing: All activities pertaining to the cloud must be logged. Auditing
of all entries based on the user must be monitored and managed by using a reporting
system.

• API integration: Application Programming Interface (API) is a tool used to connect two
programs with no previous knowledge or interference. API integration in cloud governance
refers to easy integration with monitoring, service ticketing and other significant operations
to enhance the level of governance across the enterprise.

4.1.10. IT Disintermediation

With the advent of cloud computing, there have been many changes in the world of IT and
disintermediation is one among them. IT disintermediation occurs when users cut off the
traditional middlemen and approach the cloud vendors directly for their services.

This paradigm shift may be due to the lack of technical or personnel support from the internal IT
team or to simply leverage the benefits of higher profits, increased flexibility or business agility
offered by the cloud.

For instance, consider a marketing cloud app that enters an organisation straight into the sales and
marketing department without the interference of IT. If there is a need for customisation of the
application or integration into the existing system, then IT is summoned. Clearly IT is not over.
There is however a shift in its responsibilities and a change in its way of adding value to the
business. The key to organisational success is in keeping disintermediation at bay by empowering
IT to suit changing environment.

Introduction to Cloud Technology 130

Cloud Computing Controls Governance in Cloud

Fig. 4.1.3: IT Disintermediation

Group Activity

Can you think of the possible reasons/instances of IT disintermediation in an enterprise?

List them and discuss with your peers.

4.1.10.(i). Avoiding Disintermediation: IT Org of the Future

With more and more business consumers bypassing the traditional IT and cloud governance
policies and acquisition processes, cloud issues begin to creep in and performance is compromised.
To be able to avoid this unwarranted situation and establish a better control over cloud usage, the
following measures must be adopted:

• IT must recognise itself as an integrator of IT resources and capabilities.

• The delivery of top class IT services must be independent of the provider and IT must
monitor and manage all IT services.

Introduction to Cloud Technology 131

Cloud Computing Controls Governance in Cloud

• IT must set the highest benchmark and stay unaffected by comparisons from other external
service providers.

• IT must play a key role in determining the IT needs of the organisation and acts as a major
source of trusted advice.

Did you know?

Disintermediation occurs in almost every industry – travel, logistics, healthcare and so on.
Can you think of any other options?

4.1.10.(ii). New Role of IT Leadership

With a growing focus towards ICT (Information and Communications Technology) services on
demand, IT evolves itself from the state of an organisational function to an enabler or guarantor of
IT services. It aims at creating a platform that facilitates the availing of the cloud services through
the most efficient and risk-free platform. In other words, IT takes the position of a resource broker
and a business relationship manager who is expected to perform the following functions.

• Management of administration of cloud services from third party vendors.

• Resource Acquisition and Contract Management.

• Formulation of the overall computing strategy.

• IT Resource Brokering and Resource Portfolio Management.

• Enabling the integration of resources and management.

4.1.11. Cloud Centric IT Leadership Principles

Does the role IT stop with brokering the IT resources and managing the enterprise services
computing strategy? The answer is a definite NO. IT must move further to re-invent itself as a true
enabler of business, an innovator and a differentiating element of the enterprise.

Cloud centric IT leaders will embrace the change by

• Embracing innovation and opening up newer pathways for better revenue.

Introduction to Cloud Technology 132

Cloud Computing Controls Governance in Cloud

• Achieve superior optimisation of IT budgets.

• Seek innovation is defining the IT service models.

• Integrate the internal users, third party providers and solutions partners into a single unit
and drive them towards increased efficiency.

• Integrated resource management and cloud governance lifecycle principles are both
characteristic of cloud centric IT.

Introduction to Cloud Technology 133

Cloud Computing Controls Governance in Cloud

Summary:

• Cloud Governance can be defined as the set of policies or principles that act as the guidance
for the adoption, use and management of cloud technology services.

• Cloud governance plays a vital role in keeping the cloud safe from a wide range of security,
compliance and other operational risks.

• Enterprises with their complex multi-cloud environment require a robust cloud governance
strategy to manage the cloud operations. The biggest challenge however is the inclusion
of cloud governance into the already existing enterprise governance model.

• Cloud governance is much more than policy management. It satisfies high level business
requirements and is directly connected to high level business strategy.

• Cloud governance takes on a significant role in the cloud strategy of an organisation and
the lifecycle model must represent the end-to-end perspective of the cloud journey.

• The key dimensions of the cloud governance lifecycle are,

 Cloud Strategy and Planning
 Architecture, Design and Deployment of Cloud
 Cloud Acquisition and Contracting
 Provisioning and Management of Resources
 Contingency Planning and Provider Management

• Cloud Governance must be implemented in the public, private as well as hybrid cloud
platforms.

• IT disintermediation occurs when users cut off the traditional middlemen and approach the
cloud vendors directly for their services.

• IT is experiencing a paradigm shift in its role of adding value to a business organisation.

• A cloud centric IT leader embraces innovation, discovers new pathways for revenue and
creates a trusted platform to avail third party cloud services.

Introduction to Cloud Technology 134

Cloud Computing Controls Governance in Cloud

Self-Assessment Questions:

1) Cloud Governance acts as the guidance for

(a) Cloud Adoption (b) Cloud Usage
(c) Cloud Decision Making (d) All the above

2) What is the link between cloud governance and SOA governance?

(a) They are one and the same
(b) Cloud governance and SOA governance are part of the overall corporate
governance
(c) They are different components and cannot co-exist
(d) None of the above

3) Cloud governance must be implemented in

(a) Private Cloud (b) Public Cloud (c) Hybrid Cloud (d) All the above

4) Cloud Governance handles which one of the following issues

(a) Vendor Lock-in (b) Privacy in the cloud
(c) Compliance issues (d) All the above

5) What is cloud bursting?

(a) Using public cloud resources to handle spikes in demand
(b) Using private cloud resources for better security
(c) Using hybrid cloud model for better efficiency
(d) None of the above

6) Cloud Governance Lifecycle has _____________ dimensions

(a) 3 (b) 4 (c) 5 (d) 6

7) The terms and conditions and SLAs related to the cloud service are determined under which
dimension of the lifecycle model?
(a) Cloud Strategy and Planning
(b) Architecture, Design and Deployment of Cloud
(c) Cloud Acquisition and Contracting
(d) Contingency Planning and Provider Management

Introduction to Cloud Technology 135

Cloud Computing Controls Governance in Cloud

8) The SPOT framework of cloud governance stands for

(a) Source, Policies, Organizations and Tools
(b) Source, Policies, Organizations and TCO
(c) Stakeholders, Policies, Organizations and Tools
(d) Stakeholders, Policies, Organizations and TCO

9) IT disintermediation occurs because,

(a) Lack of support from IT (b) Lack of internal resources
(c) Both (d) None

10) IT takes the new role of _______ in the cloud centric environment
(a) IT is dead
(b) Business Relationship Manager
(c) IT Resource Broker and Business Relationship Manager
(d) IT Resource Broker and Cloud strategist

Answers:

Q. No. 1 2 3 4 5 6 7 8 9 10

Ans (a) (b) (d) (d) (a) (c) (c) (c) (c) (c)

Activity
Activity Type: Online Time: 30 minutes

Compare and contrast IT governance with corporate governance and justify the differences
with a suitable example

Introduction to Cloud Technology 136

Cloud Computing Controls Governance in Cloud

Bibliography

References

• AgilePath Corporation. Cloud Leadership Forum. Retrieved November 12, 2015, from
https://www.eiseverywhere.com/file_uploads/8d78b669e86b0120d704469d84fbf680_CL
F_2011_Governance_Frameworks_Eric_Marks.pdf
• Cloud Computing Scap. Governance Considerations for the Cloud. Retrieved November
12, 2015, from
http://scap.nist.gov/events/2009/itsac/presentations/day3/Day3_Cloud_Ritchey.pdf
• CSO. Cloud governance – manage the cloud challenge. Retrieved November 12, 2015,
from
http://www.cso.com.au/article/423088/cloud_governance_manage_cloud_challenge_/
• Dell. The Enterprise Cloud Governance Solution. Retrieved November 12, 2015, from
http://www.enstratius.com/our-product/governance
• Ezine Articles. The Trouble With IT Disintermediation. Retrieved November 12, 2015,
from http://essay.utwente.nl/61131/1/MSc_Y_He.pdf
• IBM. Why Do You Need Governance in the Cloud? Project and Service Governance.
Retrieved November 12, 2015, from https://www-
304.ibm.com/connections/blogs/aim/entry/why_do_you_need_governance_in_the_cloud
_project_and_service_governance2?lang=en_us
• IT Business Edge. Seven Rules for Information Governance in the Cloud. Retrieved
November 12, 2015, from
http://www.itbusinessedge.com/slideshows/show.aspx?c=85562&slide=9
• Logica. The Lifecycle Model of Cloud Governance. Retrieved November 12, 2015 from
• Sky High. The Cloud Governance Challenge. Retrieved November 12, 2015, from
https://www.skyhighnetworks.com/cloud-governance/
• Tech Republic. Cloud bursting: Better tools are needed to live up to its promise. Retrieved
November 12, 2015, from http://www.techrepublic.com/article/cloud-bursting-better-
tools-are-needed-to-live-up-to-its-promise/
• Tech Target. Cloud Service Governance. Retrieved November 12, 2015, from
http://searchsoa.techtarget.com/definition/cloud-governance

Introduction to Cloud Technology 137

Cloud Computing Controls Governance in Cloud

External Resources

• Halpert, B. (2011). Auditing Cloud Computing: A Security and Privacy Guide. US: John
Wiley & Sons, Inc.
• Marks, E. (2010). Executive's Guide to Cloud Computing. US: John Wiley & Sons, Inc.
• Molen, F. (2012). Get Ready for Cloud Computing (Second ed.). UK: Van Haren
Publishers

Video Links

Topic Link

Governance in the Cloud https://www.youtube.com/watch?v=OEFMXlQ1rKA

The Eight Key Elements of Cloud

https://www.youtube.com/watch?v=XoBIlLOb9rM
Governance

What is Disintermediation? https://www.youtube.com/watch?v=V40ceiQXEHA

Disintermediation and the Future of On

https://www.youtube.com/watch?v=q_cDx7HYklE
Demand Services

Cloud Computing and the new role of IT https://www.youtube.com/watch?v=zMWJlp8phDU

Find out how Microsoft Azure achieves

https://www.youtube.com/watch?v=zqnWDc773j8
cloud governance – Case Study

Introduction to Cloud Technology 138

 Table of Contents

Chapter 4.2

Legal Issues in Cloud Computing

Page No.
Aim 139

Learning Objectives 139

Learning Outcome 139

4.2.1 Introduction to Cyber Crimes 140

4.2.2 Data Privacy and Security Issues 140

4.2.2.(i) Privacy and Data Protection 141

4.2.2.(ii) Data Controllers and Data Processors 141

4.2.2.(iii) Data Protection Issues in the Cloud 142

4.2.2.(iv) Data Protection Laws 143

4.2.3 Cloud Contracting Models 144

4.2.3.(i) Standard Contract 144

4.2.3.(ii) Negotiated Contract 144

4.2.3.(iii) Time-bound Contract 145

4.2.4 Contracting Issues 145

4.2.4.(i) Vendor Lock-in 146

4.2.4.(ii) Unilateral Termination 146

4.2.4.(iii) Auditing Requirements 146

4.2.5 Data Security 147

4.2.6 Jurisdictional Issues on Virtualisation and Data Location 148

4.2.7 Legal Issues in Commercial and Business Considerations 148

4.2.8 Compliance Issues 149

 Page No.
Summary 151

SAQs 152

Bibliography 154

References 154
External Resources 155
Video Links 155

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Controls Legal Issues in Cloud Computing

Aim

To study various legal issues that could possibly arise in a cloud computing environment

Learning Objectives

The objectives of this chapter are to:

• Define the measures involved in data privacy and data security

• Describe the key provisions for cloud computing contracts
• Explain the jurisdictional risks raised by virtualisation and data location
• List the legal considerations of cloud computing.

Learning Outcome

On completion of this chapter you should be able to:

• Discuss data privacy and data security as a critical concern of cloud computing
• Review the contract terms with a cloud services provider
• Outline some of the jurisdictional issues that accompany adoption of cloud services
by an organisation or entity
• Summarise the significance of legal risks and considerations in cloud

Introduction to Cloud Technology 139

Cloud Computing Controls Legal Issues in Cloud Computing

4.2.1. Introduction

As companies enjoy the freedom and flexibility of the cloud, they must also be aware that major
activities of cyber crime have moved from the personal computers of end users to servers in the
cloud. A multitenant environment with a single flawed application from one of the clients puts the
entire cloud infrastructure at risk.

Cyber crime is the theft or unauthorised use of information facilitated by the internet. Cyber crimes
involve the use of computers and networks and include both monetary and non-monetary offences.
Some common instances of cyber crime include theft of banking passwords, illegal downloading
of sensitive information, phishing, cyber stalking, spyware, identity theft and computer viruses.

History has witnessed a number of cases of data breach, financial frauds, identity thefts and cloud
abuse resulting in the loss of money, reputation and brand power for many organisations. With so
much riding on data security in the cloud, the legal aspects for safe cloud computing must be
significantly addressed through due diligence of the cloud service provider. This chapter you will
learn about the legal aspects of cloud computing.

Activity

WikiLeaks is the source of classified information from business organisation, governments and
noted individuals from across the world. WikiLeaks fights legal discrepancies without involving
its hosting company into the picture. How do you think this is possible? What kind of legal
protection does the hosting company hold on to stay away from the chaos?

4.2.2. Data Privacy and Security Issues

With a third party organisation managing the infrastructure in the cloud, the responsibility to
maintain privacy of all personal data is enhanced. It is common and acceptable to share personal
data with the cloud but the decision must be an informed one. Personal details of employees,
customer data and company secrets must be protected against the potential risks of theft and
leakage. One of the classic examples would be that of hacking attacks on Sony PlayStation
Network in 2011 – which we discussed in earlier chapters. If this can happen to Sony, which has
most of its infrastructure internally, imagine the level of caution that needs to be in place while
trusting third party cloud service providers. Let us briefly discuss different elements that needs to
be made available in contracts and agreements while moving to the cloud.

Introduction to Cloud Technology 140

Cloud Computing Controls Legal Issues in Cloud Computing

4.2.2.(i). Privacy and Data Protection

According to a research by IDC (International Data Corporation), 71% of enterprises say

preventing the exposure of confidential data and related information is one of their top challenges.
The research also pin points that the company’s financial and customer information, intellectual
properties and personal information of employees are the most vulnerable data.

Fig. 4.2.1: Most Vulnerable Data in an Organisation

Data that can be traced back to a single individual can be categorised as “personal”. Companies
must look for cloud service providers that offer sufficient protection to such sensitive information.
To start with, when third party data has to be moved to the cloud, the existence of any contracts or
obligations against such action must be checked for. Following this, depending upon the location
of the cloud service provider and industry specific laws of privacy such as Health Insurance
Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLBA) stringent
privacy measures must be applied.

4.2.2.(ii). Data Controllers and Data Processors

In order to regulate the use of personal data, the Data Protection Act was established. Under this
act, the data controller implies to an entity that determines the purpose of holding personal data

Introduction to Cloud Technology 141

Cloud Computing Controls Legal Issues in Cloud Computing

and the data processor “processes” the data on behalf of the controller. The data controller takes
the ultimate responsibility of complying with the Data Protection Act in case of any discrepancies.
Though the cloud service provider is often the data processor, there are some cases where it takes
the role of a data controller too. The precise role of the cloud service provider must be evaluated
in each case and the obligation for data protection must be assigned to the right entity.

Illustration

Consider an organisation which partners with a social media platform to enhance its
online presence. It develops a third party application to be integrated with the social
platform. In this case, the organisation acts as data controller of all personal data
collected through the application that is present within the social environment. The social
platform acts as the data controller for all data processed by the social network. Thus both
act as data controllers in this case.

4.2.2.(iii). Data Protection Issues in the Cloud

With the role of the data controller and data processor defined and the level of obligation stated,
cloud customers must now evaluate the technical aspects of the provider and learn how they
promise to deliver services within the established expectations of protection. Failing this, the
following data protection issues can be expected in the cloud environment:

• Lack of interoperability and data portability

• Lack of integrity that arises from sharing of resources
• Inability to ensure data compliance measures
• Lack of proper data isolation in the multitenant environment

Data protection risks are further amplified when the cloud service provider involves multiple tiers
of sub-processors/ sub-contractors and data transfer happens between different countries.

Did you know?

The data controller must be completely aware of the kind of services sub-contracted by the
data processor (cloud service provider) and their guarantees to minimise the risk around
data protection.

Introduction to Cloud Technology 142

Cloud Computing Controls Legal Issues in Cloud Computing

4.2.2.(iv). Data Protection Laws

Prior to 2011, the Indian judiciary system did not provide space for clear - cut laws pertaining to
data protection. However with the enhancement of the data protection laws in the European Union,
Information Technology Rules 2011 came into place. Under this act, corporate bodies, Indian
government and information providers were subjected to sensible security practices.

Activity

Find out what are the key features of Information Technology Rules 2011 that relate to
business organization dealing with sensitive/personal data

In addition to this, there are other laws within the Indian Penal Code (IPC) that can assist in
practising a reasonable level of security while handling data in the cloud

Table no. 4.2.1: Laws that Protect Data in India

Law/Act/Rights Explanation

When a corporate body causes a “wrongful loss or

wrongful gain” due to its negligence in
The Information Technology Act( Section
maintaining a fair level of security of data, then it
43A)
is liable to the compensation to the person
affected.

Privacy breach which may result in imprisonment

The Information Technology Act( Section
for up to 3 years and penalty that may extend up
72 A)
to five lakhs.

Right to privacy ( applicable to data privacy as

Right to Privacy ( Article 19 and 21)
well )

Introduction to Cloud Technology 143

Cloud Computing Controls Legal Issues in Cloud Computing

Activity

Lets us hypothetically believe that you are in China; now make a list of websites that you not
be able to access without a proxy.

Note: China has one of the most stringent set of laws when it comes to data protection and
privacy. Find out more!

4.2.3. Cloud Contracting Models

While engaging with cloud service providers, there are few models that are available in the industry
- that an organisation can assess and adopt. We will briefly discuss about these models.

4.2.3.(i). Standard Contract

Standard Contract model contains the most common terms and conditions listed in the agreement.
It talks about

• The security and data protection standards followed by the cloud service providers
• Capacity allocation and scalability terms
• Location of the datacenters
• Lock-in period (which talks about how long the client would sign up for)
• Pricing structure and payments terms
• Periodic audits and updates

These are the general terms that would be included in a standard contracting model. This model is
also referred to as Click-Through Agreement - as the client just needs to review the contract and
sign off with minimal or no changes. Both the client and the service provider know about all the
agreement terms prevalent in the industry. Usually, standard contracting model is utilised by the
organisation whose cloud requirements are not mission critical (or) when they don't intend to move
their confidential and core business applications to the cloud.

4.2.3.(ii). Negotiated Contract

As the name indicates, Negotiated Contract talks about specific terms and conditions in the
agreement as per the unique requirements of the organisation. Usually, organisations which serve

Introduction to Cloud Technology 144

Cloud Computing Controls Legal Issues in Cloud Computing

business customers negotiate strict terms and conditions and they would insist the cloud service
provider to abide to it. The additional terms that are negotiated includes

• Key Management and Encryption requests

• Specific policies and procedures
• Standard data transmission protocols as per the sector
• API Integration and related set of guidelines
• Contingency measures and action plan
• Administrative roles and responsibilities etc.

The more sensitive the data being handled, stricter the terms and conditions would be.

4.2.3.(iii). Time-bound Contract

This is either a standard contract (or) a negotiated contract whole validity is for a specific period.
Say for example, some organisations have internal policies to change vendors every year (or) once
in 3 years etc. This applies for all types of vendors they deal with. This ensures efficiency in
services provided and move to the better ones if in case there are issues with existing vendors. This
holds true for cloud service providers as well. If the organisation is happy with a specific cloud
service provider whom they have trusted their data with, then they would renew it after the time
frame in the contract gets over. If they are unhappy (or) if they found any discrepancies with the
existing cloud service provider, then they would change them after a certain period. Some of the
multinational corporations are known to levy heavy penalties for their vendors who don't comply
with the contracts. The industrial term for such activity is “Contract Deviation”. If the cloud service
provider is said to deviate from the contracts, then they might end up paying heavy penalties and
in some cases, also face law suits. In such cases, the contract is terminated immediately and the
data is moved to other third party service providers.

4.2.4. Contracting Issues

Negotiating contracts with the potential cloud vendors is complex but crucial for success in the
cloud. While click-through agreements seem to make the work easier for low risk applications
momentarily, organisations must consider opting for tailored contracts to ensure that all future
applications to be hosted in the cloud are completely safe and devoid of legal issues. Some of the
common issues that arise due to contracting pitfalls are:

Introduction to Cloud Technology 145

Cloud Computing Controls Legal Issues in Cloud Computing

4.2.4.(i). Vendor Lock-In

More than 75% of enterprises feel that moving to the cloud comes with some percentage of vendor
lock-in. While the convenience to shop at one stop, draw a single tailored contract and the
standardisation of technology seem alluring, things may not look the same in the long run. Vendor
lock-in hinders the path to rapid innovation and ultimately knocks down organisational health.
Examining the exit options in the contract or opting for an open source cloud stack such as
OpenStack may mitigate these problems.

4.2.4.(ii). Unilateral Termination

Standardised contracts from bigger cloud vendors may sometimes allow unilateral termination of
the contract with a very small notice period. In such cases, the contract must outline the potential
effects of the termination and ways to regulate them. The terms of post termination support must
also be outlined in the legal contract drawn between the two parties.

4.2.4.(iii). Auditing Requirements

Does your cloud provider reveal the exact location of your data? Does your contract outline the
procedures and technical solutions that are in place to protect data once it crosses the judicial
boundaries? Cloud vendors transfer data from one location to another to balance load and avoid
latency. As the data controller of the cloud, organisations must comply with the laws and
regulations of the country where the service provider is located as well as with the location of data
storage. Cloud auditing is the solution to ensure 100% compliance with all rules and legal
requirements of the new environment.

Apart from these major issues, there are few other legal clauses that need the attention of the data
controller while establishing a contract with a cloud provider.

Introduction to Cloud Technology 146

Cloud Computing Controls Legal Issues in Cloud Computing

Table no. 4.2.2: Issues arising from a Cloud Contract

Cloud Contracting Issue Explanation Protective Measure

Force Majeure clauses (also
called as Acts of God)
Filing bankruptcy or Failure
to continue business
Indemnification
Failure to deliver cloud
services due to unforeseen
events like natural calamities
or terrorist attacks
The cloud market is
inundated with several new
players and additional care
must be ensured while
working with the risky ones.
When one party suffers
business loss due to the
negligence of the other, the
former must be indemnified.
Experts recommend that the force
majeure clause be included only when
the provider satisfies the backup
obligations appropriately. A credit
must be issued to the organisation for
every day until the interruption lasts
and the client must be able to
terminate the contract if the
interruption seems to exist for more
than the predetermined time.
The contract must allow data to be
entrusted with a third party and
demand the vendor to return all data
with no additional copies left behind.
Contracts that indemnify and holds
the cloud customer harmless in the
case of being accountable due to
provider negligence must be
established.

4.2.5. Data Security

One of the most common factors taken for granted while working with the cloud is the ownership
of data. Quite obviously data collected, used and stored on behalf of an organisation belongs to
that particular organisation. But has this ownership of data been legally recorded in your contract?
Data ownership must never be left to assumptions. The legal contract drawn between the cloud
provider and the cloud customer must clearly state the ownership of data and must hold the cloud
service provider responsible for delivering a complete copy of the data and erasing all copies
permanently in the event of termination.

Data security breach or loss of critical data due to a technical glitch can happen due to the
negligence of the cloud provider. In such cases, the organisation may face a high-dollar lawsuit
and may suffer some serious business damages. The “limitation to liability” clause of the contract

Introduction to Cloud Technology 147

Cloud Computing Controls Legal Issues in Cloud Computing

often hardly covers only a portion of the financial loss in most cases. Another security threat to
data may happen during the event of a government order. While data residing within the
organisation is analysed before being subjected to legal scrutiny, the same cannot always be
expected from the cloud provider. The most practical and viable solution to these data security
threats would be the good old due diligence of potential cloud vendors.

4.2.6. Jurisdictional Issues on Virtualisation and Data Location

Virtualisation forms the backbone of cloud computing. Virtual Desktop Infrastructure (VDI)
allows an employee’s desktop to be moved into the virtual environment in a central server thus
enabling hardware cost reduction and better control over the use of software applications.
However, doing so with a software license that has geographical limitations on the type of
hardware deployed or does not allow the use of the software in a virtualised setup may result in
copyright infringement. In such cases, the license must be re-negotiated at an additional cost for
unlimited number of instances or for a specific number of instances in the virtual machine.
Additionally the confidentiality provisions of the software license regarding the disclosure of
proprietary software must be reviewed to avoid the breach situation.

4.2.7. Legal Issues in Commercial and Business Considerations

Any organisation dealing with sensitive/personal information must regulate this information
carefully to avoid legal disputes in case of any discrepancies. Legal contracts must be drawn to
ensure that the liability of data is shifted to the side of the user and the organisation is insulated
from any issues pertaining to content such as copyright infringement, illegal data, and classified
information.

Businesses need to have expectations right when it comes to Legal issues related to the cloud.
What kind of information does the user / employees of a company store in the cloud are to be
strictly monitored and regulated. If the company doesn't have such resources to mediate, then it
should have Terms and Agreements duly signed by the user - so that the liability of content / data
stored on the cloud is on the user. This way, the business can avoid legal issues. Content issues
that may arise includes Copyright infringement, illegal data, classified information etc.

Introduction to Cloud Technology 148

Cloud Computing Controls Legal Issues in Cloud Computing

Fig. 4.2.2: WikiLeaks

One classic example could be WikiLeaks. Its a website primarily dedicated to provide secret and
classified information from corporations & governments. It is currently hosted in servers located
in Sweden's former nuclear bunkers, the location for which is unknown. The data is also spread
across distributed servers in the world. This way, the cloud service provider has ensured that the
data is safe and secure and untraceable. The reason why its kept like it is because, the cloud service
provider that hosts WikiLeaks may get into too much legal trouble because of the content that is
being published on the site. Most content are classified by Government across the globe (or)
sensitive information related to major corporations (or) military secrets. What protects the hosting
service provider is the legal agreements and contracts. This way, the legal battle is only on Julian
Assange who is the founder of WikiLeaks and not on the cloud service provider.

4.2.8. Compliance Issues

Data compliance is critical in the cloud and is in fact a major area of concern for organisations
moving to the cloud. Compliance in the cloud can be categorised into two types

i. Geographic compliance
ii. Industry compliance

i. Geographic compliance: With the flow of personal data across borders, geographic
locations play a vital role in the storage and processing of data. For instance, what may

Introduction to Cloud Technology 149

Cloud Computing Controls Legal Issues in Cloud Computing

seem right in the US may be a breach in Canada or Europe. Also different regions within
the same country may follow a different set of compliance measures.

Did you know?

The Federal Rules of Civil Procedure that affect cloud data is effective only in 35 US states.
Similarly while working with a cloud service provider in Europe organisation must consider the
National, European as well as Federal law depending upon the exact location of the cloud
service provider.

ii. Industry compliance: Some industries like healthcare and finance pose very stringent
compliance measures while working in the cloud. These compliance measures are
practiced to makes the regulation of sensitive data more centralised.

To avoid any legal issues that might arise from compliance matters, organisations must,

• Analyse the data to be moved to the cloud. Data that is prone to maximum risk must be
kept internal or in the private cloud.

• Draw a compliance checklist and ensure the cloud provider has the capabilities to
protect data with the right compliance framework.

• Conduct an audit to ensure that compliance measures offered by the provider have been
implemented in real.

Activity

Find out what particular industry do these below compliance acts belong to.

1) American Recovery and Reinvestment Act (ARRA)

2) Federal Risk and Authorization Management Program (FedRAMP)
3) Graham Leach Bliley Act (GLBA)

Introduction to Cloud Technology 150

Cloud Computing Controls Legal Issues in Cloud Computing

Summary:

• The theft or unauthorised use of information facilitated by the internet is called cyber crime.

• Common examples of cyber crime are cyber stalking, identity theft, hacking bank accounts,
stealing personal information and so on.

• With cloud computing, sensitive data leaves the protective borders of the organisation and
is subjected to a number of legal issues.

• Privacy of personal data stored in the cloud must be acknowledged to avoid legal lawsuits.

• According to the Data Protection Act, the data controller implies to an entity that
determines the purpose of holding personal data and the data processor “processes” the
data on behalf of the controller. The data controller takes the ultimate responsibility of
complying with the Data Protection Act in case of any discrepancies.

• Lack of sufficient data protection in the cloud leads to a number of risks such as lack of
integrity, data compliance and data portability.

• When it comes to establishing cloud contracts, negotiating them to suit the particular needs
of the organisation is recommended over click-through agreements.

• The common challenges in cloud contract are vendor lock-in, unilateral termination, cloud
auditing, limited liability and force majeure clauses and indemnification.

• Data ownership in the cloud must never be left to assumptions. The legal contract drawn
between the cloud provider and the cloud customer must clearly state the ownership of data
and must hold the cloud service provider responsible for delivering a complete copy of the
data and erasing all copies permanently in the event of termination.

• Virtualisation forms the backbone of cloud computing and to deliver the expected benefits,
negotiating of software licenses to suit the virtual environment must be accomplished.

• Cloud compliance can be categorised into two, Geographic compliance and Industry
Compliance.

Introduction to Cloud Technology 151

Cloud Computing Controls Legal Issues in Cloud Computing

Self-Assessment Questions:

1) How can you define personal data?

(a) Passwords and Logins
(b) Information that can help identify an individual
(c) Information that helps laundering money
(d) Any information pertaining to personal email and social network accounts

2) Choose an example of cyber crime

(a) Cyber stalking
(b) Identity Theft
(c) Downloading prohibited videos/music online
(d) All the above

3) Compliance in the cloud can be of two types. They are,

(a) Geographic and Data Type
(b) Geographic and Industry Specific
(c) Industry Specific and Data Types
(d) Compliance cannot be categorized

4) One common risk that arises from lack of data protection in the cloud is
(a) Lack of good data (b) Lack of data integrity
(c) Loss of money (d) None of the above

5) HIPAA is a compliance measure practiced in the _________ industry

(a) Finance (b) Banking (c) Healthcare (d) Food Administration

6) Unilateral Termination can be defined as ___________

(a) Stopping the move to the cloud
(b) Contract termination by a single party in the cloud relationship
(c) Resolving conflicts between data controller and data processor
(d) All of the above

7) According to the Data Protection Act, a data controller__________

(a) Takes complete responsibility of the data protection in cloud
(b) Shares its responsibility of data protection with other entities
(c) Processes data on behalf on the data processor
(d) is the same as a data processor

Introduction to Cloud Technology 152

Cloud Computing Controls Legal Issues in Cloud Computing

8) The common risk associated with virtualization is

(a) Data theft (b) Identity theft
(c) Copyright infringement (d) Money laundering

Answers:

Q. No. 1 2 3 4 5 6 7 8

Ans (b) (d) (b) (b) (c) (b) (a) (c)

Activity
Activity Type: Online Time: 30 minutes

Consider a situation where you want to develop an IT governance board. Figure out the
skills required to be a member of governance board and identify the scope of the board’s
responsibilities.

Introduction to Cloud Technology 153

Cloud Computing Controls Legal Issues in Cloud Computing

Bibliography

References

• Arthur Cox. Tackling Data Protection in the Cloud. Retrieved November 18, 2015,
from,http://www.arthurcox.com/wp-content/uploads/2014/01/Tackling-data-protection-
in-thecloud-by-Colin-Rooney-Arthur-Cox.pdf
• CNet. Cybercrime moves to the cloud. Retrieved November 18, 2015, from
http://www.cnet.com/news/cybercrime-moves-to-the-cloud/
• Computer Weekly. Cloud storage needs an audit process to stay compliant. Retrieved
November 18, 2015, from http://www.computerweekly.com/opinion/Cloud-storage-
needs-an-audit-process-to-stay-compliant
• Computing. Legal issues surrounding virtualization. Retrieved November 18, 2015, from
http://www.computing.co.uk/ctg/feature/1860596/legal-issues-surrounding-virtualisation
• ICO. Data controllers and data processors. Retrieved November 18, 2015, from
https://ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-
processors-dp-guidance.pdf
• ICO. Guidance on the use of cloud computing. Retrieved November 18, 2015, from
https://ico.org.uk/media/for-
organisations/documents/1540/cloud_computing_guidance_for_organisations.pdf
• Infoworld. 9 top threats to cloud computing security. Retrieved November 18, 2015, from
http://www.infoworld.com/article/2613560/cloud-security/cloud-security-9-top-threats-
to-cloud-computing-security.html
• ISACA. Cloud Computing Legal Issues. Retrieved November 18, 2015, from
http://www.isaca.org/Groups/Professional-English/cloud-
computing/GroupDocuments/DLA_Cloud%20computing%20legal%20issues.pdf
• NCPC. Cybercrimes. Retrieved November 18, 2015, from
http://www.ncpc.org/resources/files/pdf/internet-safety/13020-Cybercrimes-revSPR.pdf
• Socially Aware. Privacy in the Cloud: A Legal Framework for Moving Personal Data to
the Cloud. Retrieved November 18, 2015, from,
http://www.sociallyawareblog.com/2014/10/29/privacy-in-the-cloud-a-legal-framework-
for-moving-personal-data-to-the-cloud/
• Study.com. What is Cyber Crime? – Definition, Types and Examples. Retrieved November
18, 2015, from, http://study.com/academy/lesson/what-is-cyber-crime-definition-types-
examples.html
• Tech Net. Cloud Computing : Negotiating Cloud Contracts. Retrieved November 18, 2015,
from, https://technet.microsoft.com/en-us/magazine/jj149022.aspx

Introduction to Cloud Technology 154

Cloud Computing Controls Legal Issues in Cloud Computing

• Tech Republic. Legal issues to consider with cloud computing. Retrieved November 18,
2015, from,http://www.techrepublic.com/blog/tech-decision-maker/legal-issues-to-
consider-with-cloud-computing/
• Tech Target. Ten key provisions in cloud computing contracts. Retrieved November 18,
2015, from http://searchcloudsecurity.techtarget.com/tip/Ten-key-provisions-in-cloud-
computing-contracts
• TechNet. Compliance Issues in the Cloud. Retrieved November 18, 2015, from
http://social.technet.microsoft.com/wiki/contents/articles/3800.compliance-issues-in-the-
cloud.aspx
• ZDNet. Is vendor lock-in different with cloud? Retrieved November 18, 2015, from
http://www.zdnet.com/article/is-vendor-lock-in-different-with-cloud/

External Resources

• Cheung, A. (2015). Privacy and Legal Issues in Cloud Computing. US: Edward Elgar
Publishing
• Katarina, S. (2009). Grid and Cloud Computing. UK: Springer Heidelberg
• Ko, R. (2015). The Cloud Security Ecosystem. US: Elsevier

Video Links

Topic Link
Know the legal issues surrounding
https://www.youtube.com/watch?v=BBHZb0flXgw
Cloud Computing

Legal Issues with Cloud Computing https://www.youtube.com/watch?v=S867WiJm7FE

What is Cyber Crime and Types of

https://www.youtube.com/watch?v=4rxDCysu6Po
Cyber Crimes
Can you escape vendor lock-in with the
https://www.youtube.com/watch?v=LwkfduaqvNw
cloud?
Addressing the Top Five Cloud
https://www.youtube.com/watch?v=YqDU1Twzfi8
Security Challenges

Introduction to Cloud Technology 155

 Module 5

CLOUD COMPUTING CONSIDERATIONS

Chapter 5.1 : Cloud Practices

 Table of Contents

Chapter 5.1

Cloud Practices

Page No.

Aim 156

Learning Objectives 156

Learning Outcome 156

5.1.1 Introduction 157

5.1.2 Analysing your Existing Service 157

5.1.3 Best Practices to follow before Migrating to the Cloud 157

5.1.3.(i) Finding the Right Vendor 157

5.1.3.(ii) Phased-in Versus Flash-Cut Approaches 158

5.1.3.(iii) Evaluation of Cloud Service Agreement 159

5.1.3.(iv) Having a Contingency Plan 159

5.1.4 Practices to Avoid While Migrating to the Cloud 159

5.1.4.(i) Jumping in too Soon 159

5.1.4.(ii) Lack of Contingency Plan 160

5.1.4.(iii) Lack of Understanding of Business Needs 160

5.1.4.(iv) Wrong Choice of Cloud Service Provider 160

5.1.4.(v) Ignoring Legal and Compliance issues 160

5.1.4.(vi) No due-diligence on Privacy and Data Security 161

5.1.4.(vii) Ignoring the Service Level Agreements 161

5.1.4.(viii) Approving the Lowest Bidder 161

5.1.5 Future of Cloud Computing 161

 Page No.

5.1.6 Applications of Cloud computing in Various Sectors 163

5.1.7 Career Opportunities in Cloud 165

5.1.7.(i) Opportunities in Front-End 165

5.1.7.(ii) Opportunities in Middleware 166

5.1.7.(iii) Opportunities in Back-End 167

Summary 169

SAQs 170

Bibliography 172

References 172

External Resources 172

Video Links 173

Legends:

Aim

Learning Objectives

Learning Outcome

Summary

Self-assessment Questions

References

External Resources

Video Links
Cloud Computing Considerations Cloud Practices

Aim

To study the best practices to follow and worst practices to avoid while migrating to the
cloud

Learning Objectives

The objectives of this chapter are to:

• Discuss the top considerations in moving to cloud

• Identify the best practices to avoid migration in cloud computing

Learning Outcome

On completion of this chapter you should be able to:

• List top four practices to follow cloud migration

• List top six mistakes to avoid cloud migration

Introduction to Cloud Technology 156

Cloud Computing Considerations Cloud Practices

5.1.1. Introduction

In the previous chapters we have learnt about the various ways to assess cloud solutions and the
legal and compliance issues related to it. In this chapter we will look into the different ways that
can make cloud experience an absolute success and also draw a few inferences about the future of
cloud. With cloud computing quickly finding its foot in various sectors we will also explore the
various career opportunities that one can secure in this field of technology.

5.1.2. Analysing your Existing Service

Every organisation must have established sufficient research before choosing a cloud vendor. It is
now time to check if the promised services are continuing to benefit your business. The
performance of your cloud vendor must be consistent irrespective of the fluctuations in your
business needs. Some of the common factors that can be used to determine the consistency in
performance by the cloud vendor are:

• Data store – Delete Time

• Data store – Read Time
• Latency time between moving application and application being ready for use
• Lag time

Fact

Some of the popular tools used to monitor and manage the performance of cloud
solutions are Hyperic HQ, CloudStatus, CollabNet CUBiT 2.0 and Cassatt.

5.1.3. Best Practices to follow before Migrating to the Cloud

Best practices for cloud computing can be defined as the set of actions that render the optimal
cloud experience at the most reasonable costs. They begin with vendor selection and continue to
guide organisations through every action in the cloud. The following section will outline four of
the industry’s best practices that must be followed for optimised success in the cloud.

5.1.3.(i). Finding the Right Vendor

The cost-effectiveness of cloud has been flaunted widely and this is indeed one of the most
attractive benefits of moving to the cloud. To be able to reap the cloud cost benefits it is critical to
choose the right vendor.

Introduction to Cloud Technology 157

Cloud Computing Considerations Cloud Practices

The following checklist can help organisations to best choose their cloud vendor:

• Organisations that are looking to expand operations must pay attention to the user limit cap
to avoid penalty charges as the number of users grow.
• A service level agreement that outlines the availability, performance, security measures
and guaranteed uptime must be in place.
• Partnering with more than one cloud vendor to satisfy all business needs is recommended.
This makes the organisation less prone to downtime issues.
• The cloud vendor must allow customisable viewing and reporting of data rather than a
proprietary format.
• The cloud vendor must be able to provide customised workflows and user profiles with
well-defined role hierarchies. The cost and effort required to achieve these parameters must
be determined.

Activity

Do you think any further additions can be made to this checklist?

5.1.3.(ii). Phased-in Versus Flash-Cut Approaches

Letting go of the control over IT resources and critical data to a third party can be a difficult
decision for any organisation. Once it is decided, there are two approaches to moving to the cloud.
The first one is Flash-Cut approach wherein the cloud infrastructure and all the necessary tools
and systems are built internally or by a vendor. Once the complete infrastructure, platform and
necessary software are ready, the migration is carried out completely at a stretch. The second
approach is the Phased-in approach where the migration is carried out in a phased manner, as and
when necessary things are developed and commissioned.

A phased-in approach (where you do not have to move everything to the cloud at one single time)
allows smoother transition as well as broader acceptance than in the other methods.

Fig. 5.1.1: Phased-in Approach

Introduction to Cloud Technology 158

Cloud Computing Considerations Cloud Practices

5.1.3.(iii). Evaluation of Cloud Service Agreement

In many cases, cloud service agreements are only a way out of legal trouble for cloud providers,
while they should in reality be an assurance of high-level customer service. It is the responsibility
of the cloud consumer to read and understand the service agreements in detail.

Key considerations to be included in the evaluation of cloud service agreements are:

• Internal policies, processes and culture that may influence cloud usage
• Overall objectives and expectations from the cloud service
• Trust and assurance through good governance
• The metrics used to validate the service levels
• Compensations in case of trouble
• Limitations, disclaimers, and exclusions

5.1.4.(iv). Having a Contingency Plan

What if the cloud based application crashes? What will you do if there is a hack? What is the plan
B if your cloud service provider goes bankrupt and hence not able to support your application
anymore? What happens if there is a security breach?

Situations like these are meant to arise especially in a cloud environment. It is extremely important
to have a contingency plan in place to tackle such situations and a team always ready to implement
recovery management within short notice. This could help the organisation technically and
financially and hence, saves the online reputation.

5.1.4. Practices to Avoid While Moving to the Cloud

Just like how cloud computing has some best practices to be followed, there are also a few
“customs” that must be avoided. The section below outlines these practices in detail.

5.1.4.(i). Jumping in too Soon

The incredible benefits of cloud strongly attract organisations of all kinds and sizes. Adopting
cloud technology is a great decision but it must be backed with the required homework. Moving
to the cloud does not imply purchasing a random solution with one card swipe. It requires the due
diligence of a number of factors such as security, regulatory measures, business needs, cost
analysis and so on.

Introduction to Cloud Technology 159

Cloud Computing Considerations Cloud Practices

5.1.4.(ii). Lack of Contingency Plan

In the best practices section, we already discussed about having a contingency plan. Uncertainty
is an indispensable part conducting business. Your cloud solution may encounter unexpected
pitfalls such as natural calamities, vendor failure, business outage, unexpected costs and so on.
Moving to the cloud without a contingency plan is like setting oneself up for failure. Organisations
must evaluate the various risks associated with the cloud and have a recovery plan in place before
migrating to the cloud.

5.1.4.(iii). Lack of Understanding the Business Needs

Is moving to the cloud the most viable option for your business organisation? The best place to
start the cloud journey would be to evaluate the actual needs of the business and then map it onto
the solutions available in the market. Cloud customers must be able define the exact business case,
the issues that must be solved and the ways in which they believe that moving to the cloud can
help their organisation.

5.1.4.(iv). Wrong Choice of Cloud Service Provider

Choosing the wrong cloud service provider is often the reason that prevents organisations from
growing. A reliable cloud service provider with a proven track record and with solutions that best
suit the business needs has the highest chance of contributing towards organisational success.

The questions below can be used as a checklist while selecting the right cloud vendor:

• How will they support my business and its operations?

• Are they available readily and easy to work with?
• Will their pricing model suit the budget?
• Can they give references?
• Do they promise an uptime for their services?

5.1.4.(v). Wrong Choice of Cloud Service Provider

In the previous chapters, we saw the case of WikiLeaks where the cloud vendor was smartly
shielded against the violation of law through strong service contracts. Cloud services subject
organisations to legal and compliance issues and as the controller of data, organisations must
handle these issues appropriately to avoid expensive legal penalties.

Introduction to Cloud Technology 160

Cloud Computing Considerations Cloud Practices

Activity

Recall previous chapters and list five sources of legal concerns that may arise while using
cloud services.

5.1.4.(vi). No due-diligence on Privacy and Data Security

Security and privacy concerns in the cloud are like urban legends that will continue to exist forever.

To be able to look beyond these pitfalls and ensure safe cloud operations, due diligence of security
measures provided by the cloud vendor is mandatory. Following is a list of security questions that
you must ask your cloud vendor before giving the final nod:

• Where does my data physically reside?

• Do you hold any certification pertaining to data protection?
• Will my data be encrypted? How do you plan to manage the encryption keys?
• Who gets to access my data?
• How does transition of data during the exit process work?

5.1.4.(vii). Ignoring the Service Level Agreements

While the potential of cloud technology to save costs and enhance productivity is touted by
organisations, user experience often remains a forgotten metric in most cases. A service level
agreement is a significant legal tool that determines how well the cloud experience turns out to be
from the end user perspective. It helps evaluate parameters such as cloud availability, quality of
service, response time, capacity and so on. Ignoring these legal aids leads to misinterpreted
obligations and risks in the cloud.

5.1.4.(viii) Approving the Lowest Bidder

It is true that cloud is a strong enabler of cost savings. However cost must not be the only factor
that influences the choice of cloud vendor. The suitability of the cloud solution and the reliability
of the vendor must be counted in primarily to avoid expensive mistakes in the cloud

5.1.5 Future of Cloud Computing

Cloud computing has been the technology buzzword in the business environment for a few years
now and will continue to create a strong impact in the upcoming years. Several research firms and

Introduction to Cloud Technology 161

Cloud Computing Considerations Cloud Practices

consulting companies have come up with their own set of predictions and forecasts about the cloud.
However one common fact that can be drawn unanimously from these reports is that “the cloud is
here to stay”.

The points below illustrate the key predictions on various aspects of cloud from the world-
renowned technology research firm, Gartner Incorporation.

• Through 2020, there will be a shift in the reason behind cloud security failures from the
vendor to customer side. More than 50% of the enterprises will invest explicit effort in
achieving a high level of security in the cloud.

• Cloud Enterprise Resource Planning (ERP) providers and cloud-based IoT platforms will
evolve to enable the proliferation of smart technology.

• The compound annual growth rate of IaaS for the time period from 2014 to 2019 is
expected to hit 29%.

• Cloud along with mobile, big data and social media will continue to disrupt the traditional
ways of business.

The graph below indicates the projected growth of cloud computing market for a ten year period
starting from 2008. This indication comes from Bessemer Venture Partners, a global venture
capital company.

Fig. 5.1.2: Cloud Computing Market Revenue (2008-2018)

Introduction to Cloud Technology 162

Cloud Computing Considerations Cloud Practices

This architecture can be commissioned within an organisation by assembling required hardware

and software components (or) can be provided by a third party. The communication between
layers in the architecture happens through standard internet protocols.

Did you know?

“The State of the Cloud Computing 2015” is a report by Bessemer Venture Partners, a global
venture capital company located in the US. According to this report, the cloud computing
market is expected to reach $127.5 billion by 2018. The report also states that, more than 60%
of all CRM applications would be cloud-based and the overall growth rate of SaaS-based
applications would exceed 17%.

5.1.6. Applications of Cloud Computing in Various Sectors

Once you have addressed the concerns relating to security and privacy, cloud computing can be
applied to a number of sectors comfortably. The following section will illustrate the key
applications of cloud across some of the largest industry sectors:

Cloud Computing in Education:

Key applications

• Conducting remote classes

• Paves way for enhanced research and collaboration
• Provides a software desktop environment

Pros

• Cloud computing enables efficient and cost-effective management of large amount of data.
• Reputed cloud provider practice more sophisticated ways of data protection than most
educational institutions.

Cons

• Loss of control over data

• In case of any discrepancies, the reputation of the institution is at stake

Introduction to Cloud Technology 163

Cloud Computing Considerations Cloud Practices

Cloud Computing in Marketing:

Key applications

• Cloud creates a marketplace for sellers without the need for investment in hardware or
software elements.
• It creates a marketplace for buyers with more product options and services.
• Cloud-based forums and social network are the major source of word-of-the-mouth
marketing.

Pros

• Cloud has eliminated the cost and complexity of traditional marketing.

Cons

• A number of cloud-optimised marketing techniques like SEO, social media and PPC
deliver both short and long term benefits. Using them effectively and in the right mix still
remains a challenge.

Cloud Computing in Online Entertainment:

Key applications

• On-demand entertainment (ODE)

• Several cloud platforms like YouTube and Netflix offer videos and audio clips for
entertainment
• On-Demand gaming
• Cloud media store

Pros

• Cloud computing has redefined this industry by opening the gates for several new and
innovative modes of entertainment

Cons

• Using the cloud to store and process our personal media calls for a strong security check

Introduction to Cloud Technology 164

Cloud Computing Considerations Cloud Practices

Cloud Computing in Healthcare:

Key applications

• Hosting clinical applications in the cloud

• Healthcare cloud apps for patients
• Cloud based applications for managing hospital functions such as HR, finance and IT

Pros

• Cloud applications are an excellent way of storing, managing and using the enormous
amount of data generated by the healthcare industry
• Facilitates information sharing by connecting various elements of the healthcare system
such as labs, medical centres and hospitals

Cons

• Hospitals generate an enormous of data that must be secured and made compliant. With
cloud computing the data must be well-protected and must also adhere to all applicable
regulatory measures

5.1.7. Career Opportunities in Cloud

Cloud computing is quickly growing into an attractive sector for great careers. The following
sections provides further details on lucrative job opportunities in various areas of cloud computing.

Activity

Recall the three components that together make up the cloud architecture.

5.1.7.(i). Opportunities in Front-End

The front end of a cloud computing system refers to the client’s device that creates an interface
with the system. It may be a thin client, a mobile device or a network that is running a few
applications to facilitate access to the cloud.

Introduction to Cloud Technology 165

Cloud Computing Considerations Cloud Practices

Career opportunities pertaining to this part of cloud are,

Table 5.1.1: Cloud Career Opportunities in Front End

Designation Qualifications Responsibilities

User Interface Designer (UI
designer)
Proficient in web design and
technical skills like HTML,
Dreamweaver, Adobe
photoshop, CSS, Illustrator
etc.
• User analysis
• Prototyping
• Usability testing
• GUI
• Functionality requirement
analysis and development.

User Experience Designer (UX Ability to clearly understand • Responsible for

designer) business as well as appropriate work flow of
functionality requirements. the front end
Attention to detail and ample • Organising the
knowledge about A/B testing, Information architecture
visual design, wire framing and and interaction design.
storyboarding. • Project management

Apart from these two major roles, candidates can also look for positions like visual interaction
designer, UX practitioner and front-end engineer.

5.1.7.(ii). Opportunities in Middleware

The component of the cloud architecture that manages and monitors communication between the
front and back end is called middleware.

Introduction to Cloud Technology 166

Cloud Computing Considerations Cloud Practices

Table 5.1.2: Cloud Career Opportunities in Middleware

Designation Qualifications Responsibilities

Cloud Software Engineer
Cloud System Engineer
Cloud Service Developer
Expert in computing
languages such as JAVA, C#,
ROR (Ruby on Rails), Dot
Net, Visual Basic Script,
Python, Perl and so on.
Hands-on experience in
working with cloud
monitoring tools, clustering
and scripting. Ample
knowledge about security
management and
configuration details
Key skills required are PHP,
Python, C#, ROR etc.
Knowledge about platforms
like Amazon and Microsoft
Azure will be an added
advantage.
• Responsible for the design and
development of middleware.
• Other responsibilities include
deploying automation
technologies, compiling code
language, software configuration
and working with several OS.
• Responsible for building the
virtual system required to support
the cloud implementation.
• Responsible for designing as well
as building customer facing tools
such as portals, reporting systems,
dashboards and so on.

5.1.7.(iii). Opportunities in Back-End

The back-end of a cloud computing system refers to physical peripherals such as servers and
storage. Lucrative opportunities in this area are:

Table 5.1.3: Cloud Career Opportunities in Back End

Designation Qualifications Responsibilities

Data Centre Manager
Managerial role that demands
sufficient experience and
knowledge in handling
technical trends and hardware
technologies.
• Responsible for
maintaining the data centre
as per industry standards.

Introduction to Cloud Technology 167

Cloud Computing Considerations Cloud Practices

Operations Manager
Cloud System Administrator
Data Centre Technician
Sufficient knowledge and
experience in dealing with all
operational demands of a data
centre.
Clear understanding of the
demands in a data centre.
Ability to troubleshoot,
planning of capacity and
knowledge about all hardware
components is mandatory.
Proficiency in working with
Linux and Unix operating
systems. Thorough knowledge
about hypervisors, network
deployment, compression and
storage technologies.
• The main link between the
data centre and
stakeholders.
• Takes care of budgeting,
planning, technical
guidance, disaster recovery
and all operational
activities in the data
centre.
• Responsible for the
configuration and
maintenance of all
components within the
cloud infrastructure
• Debugging and
troubleshooting of
physical and virtual
servers.
• Load balancing and cloud-
based deployment.

Did you know?

Data centre management is one of the most potential technical fields for job opportunities.
Significant roles in this field are DC (Data centre) infrastructure consultant, Data analyst,
Network Manager and so on.

Introduction to Cloud Technology 168

Cloud Computing Considerations Cloud Practices

Summary:
• Following a smooth transition to the cloud, organisations must continue to manage a whole
plethora of parameters to ensure that the cloud investment is best optimised.

• The existing cloud service must be regularly evaluated to ensure that vendor promises are
rendered seamlessly and the business continues to benefit from them.

• Finding the right cloud vendor and using the phased-in approach are significant best
practices in the cloud.

• Some of the practices that must be avoided while moving to the cloud are:

 Jumping in too soon

 Lack of contingency plan
 Lack of understanding business needs
 Wrong choice of cloud service provider
 Ignoring legal and compliance issues
 No due diligence on privacy and data security
 Ignoring service level agreements
 Approving the lowest bidder

• Cloud will continue to disrupt the way businesses function and will stay strong for a long
time.

• Cloud opens up whole range of career opportunities in both technical and managerial
spheres.

• Key roles in cloud front-end are UI designer and UX designer.

• Key roles in cloud back-end are Data Centre Manager, Operations Manager, Cloud System
Administrator and Data Centre Technician.

Introduction to Cloud Technology 169

Cloud Computing Considerations Cloud Practices

Self-Assessment Questions:

1) One of the best practices to follow after transitioning to the cloud is:
(a) Calculating the ROI
(b) Eliminating the redundant personnel
(c) Analysing the existing service
(d) Looking to move more services to the cloud

2) The phased-in approach is recommended over the flash-cut approach because,

(a) It eliminates the psychological barrier of giving up control over organizational
resources and data.
(b) It aids in better cost savings and higher efficiency.
(c) Phased-in approach cleanses data and helps modernize applications.
(d) It is recommended by cloud experts across the world.

3) Which one of the following must be avoided while moving to the cloud?
(a) Security measures (b) Cloud Governance
(c) Due-diligence (d) Jumping in too soon

4) One of the common concerns about cloud computing is

(a) Ongoing costs (b) Adapting to the new environment
(c) Compliance issues (d) Lack of expertise

5) Ignoring service level agreements in the cloud environment may result in

(a) Loss of money (b) Bad user experience
(b) Failure to recover investment (d) Improper access to data

6) _______ is NOT the only factor must approve your choice of cloud vendor.
(a) Cost (b) Reliability
(c) Trust Issues (d) Location of cloud vendor

7) A/B testing is a significant qualification for the role of

(a) Data center manager (b) User experience designer
(c) User interface designer (d) Cloud software developer

8) Which one of the following roles belongs to the back-end of the cloud architecture?
(a) Data center manager (b) User experience designer
(c) User interface designer (d) Cloud software developer

9) Debugging and troubleshooting of physical and virtual servers in a data centre is taken
care by_________
(a) Data Centre Manager (b) Operations Manager
(c) Data Centre Technician (d) Cloud System Administrator

Introduction to Cloud Technology 170

Cloud Computing Considerations Cloud Practices

10) Which one of the following industry widely uses cloud based applications for various
business functions?
(a) Healthcare (b) Entertainment
(c) Education (d) Marketing

Answers:

Q. No. 1 2 3 4 5 6 7 8 9 10

Ans (c) (a) (d) (c) (b) (a) (b) (d) (c) (a)

Activity
Activity Type: Online Time: 30 minutes

Prepare a presentation (around 10 slides) for the learner focusing on the do’s and don’ts
while migrating Apps to the cloud.

Introduction to Cloud Technology 171

Cloud Computing Considerations Cloud Practices

Bibliography

References

• Cloud Standards Customer Council. Practical Guide to Cloud Computing Version 2.0.
Retrieved November 22, 2015, from http://www.cloud-
council.org/2011_Practical_Guide_to_Cloud%20Computing.pdf
• Dazeinfo. The future of cloud computing. Retrieved November 22, 2015, from
http://dazeinfo.com/2015/07/01/the-future-of-cloud-computing-127-billion-market-by-
2018-report/
• Forbes. 83% of Healthcare Organizations Are Using Cloud-Based Apps Today. Retrieved
November 22, 2015, from http://www.forbes.com/sites/louiscolumbus/2014/07/17/83-of-
healthcare-organizations-are-using-cloud-based-apps-today/
• Gartner. Gartner Says Worldwide Cloud Infrastructure-as-a-Service Spending to Grow
32.8 Percent in 2015. Retrieved November 22, 2015, from
http://www.gartner.com/newsroom/id/3055225
• Hostway. Five Worst Practices to Avoid in the Cloud. Retrieved November 22, 2015, from
http://www.hostway.com/blog/five-worst-practices-to-avoid-in-the-cloud/
• IJSETR. A Survey on Use of Cloud Computing in various Field. Retrieved November 22,
2015, from http://ijsetr.org/wp-content/uploads/2013/07/IJSETR-VOL-2-ISSUE-2-480-
488.pdf
• IT World Canada. Gartner’s top 10 predictions for 2016 and the ‘post-app’ era. Retrieved
November 22, 2015, from http://www.itworldcanada.com/article/gartner-top-ten-
predictions-for-2016-and-post-app-era/377594
• Lexology. Contracting for end user experience: 10 issues to consider in service level
agreements. Retrieved November 22, 2015, from
http://www.lexology.com/library/detail.aspx?g=b9a5aa5d-3cf0-43f4-82d8-724a8cd144a0

External Resources

• Velte, A., Velte, T., & Elsenpeter, R. (2010). Cloud Computing: A Practical Approach.
US: McGraw Hill

Introduction to Cloud Technology 172

Cloud Computing Considerations Cloud Practices

Video Links

Topic Link

https://www.youtube.com/watch?v=bu3kIAZA
Future of Cloud Computing
KTs

Choosing the right cloud vendor- https://www.youtube.com/watch?v=Livez6T1h

Questions to Ask dg

https://www.youtube.com/watch?v=D_5UHuB
Cloud Best Practices
_hMo

Introduction to Cloud Technology 173