Introduction To Cloud Technology
Introduction To Cloud Technology
This is a confidential document prepared by iNurture. This document, or any portion thereof,
should not be made available to any persons other than the authorised and designated staff of the
company/institution/ Vendor to which it has been submitted.
No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the
prior written permission of iNurture.
How to use the Self Learning Material
The pedagogy imbibed to design this course is to enable you to assimilate the concepts and
processes with ease.
The course is divided into FIVE MODULES. Each module is categorically divided into TWO
CHAPTERS. Each chapter consists of the following elements:
CHAPTER:
2. Aim: ‘Aim’ refers to the overall goal to be achieved through the chapter.
7. Summary: ‘Summary’ is the nutshell of the entire chapter in the form of points.
9. References: ‘References’ is a list of online resources which have been used while
designing the chapter.
10. External Resources: ‘External Resources’ is a list of scholarly books for additional
source of knowledge.
11. Video Links: The ‘Video Links’ table will help you to understand how these
concepts are discussed in detail by the industry today.
i
Introduction to Cloud Technology
Course Description
Cloud Technologies are emerging since last decade and are considered to be one of the hot areas
of interest for organisations. Lot of research work has been going on every single day and many
new applications are designed, developed and launched at periodic intervals. Emergence of cloud
technologies is disruptive across multiple sectors like Information Technology, Manufacturing,
Healthcare, Engineering, Information Architecture, Education, Data Management, Sales and
Business Development.
This course is designed specifically to expose the students to various concepts of Cloud computing,
different methodologies, services architectures, governance, principles and applications. The
topics covered will provide a brief overview of technical aspects along with business and
commercial perspectives. Relevant examples and case studies of popular cloud based applications
existing in the market are provided as per requirements.
Module 1: Cloud Computing Fundamentals – introduces the students to the basic concepts
and delivery models.
Chapter 1: Cloud Computing Concepts
Chapter 2: Cloud Computing Delivery Models
Module 2: Cloud Computing Risks – discusses about migration to the cloud and risk
management in cloud computing.
Chapter 1: Migrating to Cloud
Chapter 2: Risk Management in Cloud Computing
Module 3: Cloud Management – exposes students to assess the cloud, various service
providers and selecting the right cloud service provider to suit the needs of the business.
Chapter 1: Assessing the Cloud
Chapter 2: Selecting Cloud Provider
ii
• Module 4: Cloud Computing Controls – to equip students about Cloud Governance and
Legal issues in cloud computing.
Chapter 1: Governance in Cloud
Chapter 2: Legal Issues in Cloud Computing
• Module 5: Cloud Computing Considerations – talks about best and worst practices while
migrating to the cloud along with career options in cloud technologies.
Chapter 1: Cloud Practices
iii
Introduction to Cloud Technology
Page No.
iv
Module 1
Chapter 1.1
Page No.
Aim 1
Learning Objectives 1
Learning Outcome 1
1.1.1 Introduction 2
1.1.2 Introduction to Cloud Computing 2
1.1.3 History and Evolution of Cloud Computing 4
1.1.3.(i) History of Cloud Computing 4
1.1.3.(ii) Evolution of Cloud Computing 6
1.1.4 Types of Cloud Computing 6
1.1.4.(i) Private Cloud 6
1.1.4.(ii) Public Cloud 7
1.1.4.(iii) Community Cloud 7
1.1.4.(iv) Hybrid Cloud 8
1.1.5 Cloud Computing Architecture 8
1.1.5.(i) Front End 9
1.1.5.(ii) Middleware 10
1.1.5.(iii) Back End 10
1.1.6 Basics of Cloud Infrastructure 10
1.1.6.(i) Brief about Amazon Web Services 11
1.1.6.(ii) Brief about Microsoft Azure and BizSpark 12
1.1.6.(iii) Brief about Google Cloud Platform 12
1.1.6.(iv) Brief about IBM Cloud, SAP SANA and Oracle Cloud 13
Page No.
1.1.7 Merits and Applications of Cloud Computing 14
1.1.8 Common Applications in the Cloud 14
Summary 16
SAQs 17
Bibliography 19
References 19
External Resources 20
Video Links 20
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Fundamentals Cloud Computing Concepts
Aim
Learning Objectives
Learning Outcome
1.1.1. Introduction
Cloud computing is the storing, processing and management of applications, data and programs
using the Internet - and not through the hard drive of a personal computer. With cloud computing
organisations can store large amount of data efficiently and access them with great ease. The pay-
as-you-go cloud model allows enterprises, both big and small to enjoy enhanced cost savings and
better agility. This chapter will introduce you to the fundamental concepts of cloud computing.
The National Institute of Standards and Technology (NIST) defines cloud computing as
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to
a shared pool of configurable computing resources (e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned and released with minimal management effort or
service provider interaction.”
Figure 1.1.1 shows the pictorial representation of Cloud Computing in detail. Critical data that
takes different forms such as emails, text document, videos, chats and presentations are stored,
accessed and processed as needed by the cloud user - which is a set of software and hardware
devices (servers and storage) commissioned in a data centre either in a single or multiple
location(s).
According to NIST, the cloud computing model is composed of five essential characteristics, three
service models, and four types of cloud (deployment models). They are as follows:
2. Broad network access: In cloud computing, the Internet allows any thin or thick client
such as laptops or mobile phones to access capabilities through standard mechanisms.
3. Resource pooling: In the cloud environment the provider’s computing resources are
pooled to serve multiple consumers through the multi-tenant model, with different
resources being assigned and reassigned in a real-time basis according to consumer
demand. The user loses control over the location of the data but may be able to specify a
higher level of abstraction.
4. Rapid elasticity: Capabilities can be both elastically and automatically provisioned and
released, to scale rapidly with demand. To the consumer, the capabilities available for
provisioning often appear to be unlimited and can be appropriated in any quantity at any
time.
5. Measured service: Cloud systems automatically monitor, control, optimise and report
resource usage thus providing transparency for both the provider and consumer of the
utilised service
• Software as a Service (SaaS): The ability to access the provider’s applications running in
the cloud environment is referred SaaS. Devices such as smart phones, laptops, desktops,
and tablets can be used to access the applications through a web browser or a program
interface. The cloud user however cannot access or manage the cloud infrastructure that
hosts the applications. This includes the servers, storage devices, network and individual
application components.
just like the SaaS model. However they have the ability to monitor and manage the
applications that they have deployed and respective configuration settings for the
application-hosting environment.
More details about the three service models of cloud computing is discussed in Chapter 1.2.
NIST classifies the cloud into four different types. They are:
i. Private Cloud
ii. Public Cloud
iii. Hybrid Cloud
iv. Community Cloud
National Institute of Standards and Technology (NIST) is the global authority to develop
standards and guidelines related to the Cloud. Explore more details about cloud computing
by NIST here ::
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
One of the most intriguing questions asked about cloud computing is “When and where was the
first premise of cloud computing witnessed?”
The very first step towards cloud computing was witnessed as early as the 1950’s and with time
this technology has grown into one of the most powerful tools for conducting business efficiently.
The below section explains the growth of cloud computing over the last 50 years.
1950-1960:
The concept of time-sharing was introduced to allow multiple users to gain shared access to data
and CPU time. This was done to lower the cost of maintenance of large-sized computers.
1960-1970:
ARPANET (Advanced Research Projects Agency Network), the basis of Internet was introduced.
The basis of staying connected and accessing data from any location was established.
1970-1980:
IBM introduced the Virtual Machine OS and this enabled users to have multiple virtual machines
on a single physical node.
1980-1990:
The time period between 1980 and 1990 witnessed the emergence of Internet Service Providers
and Application Service Providers, which broke the realm of desktops and single user server to
deliver hosted applications services. Another important trend during this period was the realisation
of efficiency through multi-tenant environments.
1990-2000:
The Internet became more prevalent and virtualised connections for PC-based systems grew to
correct network traffic and bandwidth usage. Grid computing gained popularity along with object-
oriented programming and web services. Grids were formed by a network of loosely coupled
computers along with communication channels to perform complex tasks. Grid computing is said
to be one of the early avatars of cloud computing.
After 2000:
The 21st century witnessed tremendous growth of the cloud as more and more corporate solutions
and services from players like IBM and Oracle inundated the market.
The concept of virtualisation emerged during 1990’s. Virtualisation is the concept of creating
logical computing resources (such as multiple servers) with limited physical resources (from a
single physical server hardware available). It was then slowly expanded to virtual platforms that
included storage and network resources. These virtual applications did not have any dedicated
hardware or infrastructure support. Then came utility computing that offered clustered virtual
platforms for handling complex tasks and business applications with a metered business model. In
the last decade, this evolved into Software-as-a-Service (SaaS) which tremendously improvised
the concept of virtualisation. In SaaS, the business model of charging is not by the resources that
are consumed but by the value of the application to subscribers. Cloud computing thus evolved as
a result of various trends (like grid, utility and SaaS) put together and it emerged as the ability to
access computing resources and applications from anywhere and at any time.
An organisation can choose to manage the cloud by itself or take the services of a third party. The
third party cloud service provider may host the private cloud within the premises of the
organisation or in its data centre. Private cloud deployment is best suited for enterprises looking at
a higher level of control and regulatory measures.
The most significant advantage of private cloud is that it offers better and direct control over
sensitive data as well as the hardware used. It also enables building the infrastructure with the most
reasonably new hardware components. Other significant advantages of a private cloud are easy
moving of data into cloud due to better proximity and enhanced security levels.
This utility model of cloud computing provides easy access to a shared infrastructure, storage as
well as other computing resources. These shared resources are hosted in a remote data centre and
multiple clients can gain access to them using the Internet. Scalability and cost-effectiveness are
the major advantages of a public cloud.
A community cloud is a type of cloud primarily used by a closed group of people or organisations.
It is a collaborative effort and the hardware infrastructure is mutually shared by two or more
organisations from a specific community. It could either be managed or hosted internally within
an organisation in the community or by a third-party cloud service provider. The infrastructure
costs are shared among the community members based on mutual agreements. Popular example
would be the Virginia Community College System that has implemented a community cloud to
provide educational, informational and administrative services to 23 colleges from around 40
campuses.
Like the name implies, a cloud that is the combination of two or more clouds (public cloud, private
cloud or community cloud) is called as hybrid cloud. In a hybrid cloud environment, workloads
can be moved between private and the public clouds based on changing computing needs and
costs. This allows enhanced flexibility and more options when it comes to data deployment. For
instance, consider an organisation dealing with a large amount of personal data and wants to move
some of its workload to the cloud. In this case, the organisation can use its private cloud to host
workloads dealing with sensitive information and the public cloud service for all non-critical
applications.
Cloud computing architecture refers to all components and sub-components that together form the
structure of the cloud computing system. This architecture as shown in Figure 1.1.3 can be divided
into three parts for better understanding – front end, back end and middleware. Each part of the
cloud architecture has its own set of functionalities and protocols that work together to deliver on-
demand services to user-facing hardware as well as software. In general, the architecture is evolved
out of large distributed network applications over the last two decades. Hence it supports any
system where resources can be pooled and partitioned as required.
The general cloud architecture is capable of running multiple software applications running on
multiple virtual hardware in multiple locations to efficiently render on-demand services to the
users. The users could be using these software applications from their desktop or laptop or mobile
or tablets. Usually, whatever the user is looking at – through the browser (or) mobile app – is the
front end. This is also called as Service Value net – as a single front end can be available across
devices having multiple screen resolutions (like desktop having large screen size, mobile having
small screen size and tablets having medium screen size). This front end is connected with the
middleware (or) the logical layer which runs all the business services and IT service code. This
middleware is responsible for all the encryptions and information processing using the backend.
The backend in short, is usually the infrastructure layer containing physical (or) virtual servers.
More details about these three layers is provided in further sections.
The front end of the cloud architecture refers to the client side of the system. It includes the
network, applications or programs that are used to access the cloud. For instance, while accessing
a web-based email application, the web browser acts as the front end.
1.1.5.(ii). Middleware
For the smooth communication between the front and the back end of the cloud computing
architecture, certain protocols must be followed. The part of the system that connects the
networked computers and facilitates the proper functioning between the front and the back end is
called the middleware. It is the special software used by the central server to administer the system.
The back end of the cloud architecture refers to the hardware section which includes the servers,
deployment models, security mechanisms, storage and the computing systems. Based on the
requirements, a specific hardware configuration is setup initially to get the organisation into the
cloud. As the requirements increase, additional servers and storage modules are deployed from
time to time.
Some of the common web applications you access on an everyday basis such as email,
Facebook, ebay or Dropbox are manifestations of cloud computing where the data is not
stored on one individual computer but can be accessed using the Internet from anywhere and
at any time
As discussed earlier, the cloud architecture is made of three parts, the front end, the back end and
the middleware. The cloud infrastructure refers to the back end components of the cloud
architecture such as servers, storage devices, networking elements and virtualisation software.
Thus cloud infrastructure is a mix of both hardware and software components. It is an essential
part of all three cloud-computing models.
Business organisations use the cloud infrastructure to host their applications. To use the cloud
infrastructure of the service provider, clients make use of various models like pay-as-you-go
model in which they pay for only the services used by them. This is a very cost-efficient means of
using the required infrastructure and can be done in an hourly, weekly or monthly basis.
Most cloud service providers who are into Infrastructure services rely on virtual machine
technology (or Virtualisation) to deliver servers and run client applications. Virtual servers act
really well like physical servers delivering a certain number of microprocessor (CPU) cycles,
memory access and network bandwidth to customers. These virtual servers are containers having
specific physical resources (or) a specific capacity of a large physical hardware. The concept of
virtual servers enabled the application developers to have a new perspective towards application
programming. Consider an example of a programmer creating software that requires several
different tasks to be performed in parallel. He needs to write the complete code to execute all the
tasks and in addition, he would go ahead and create a separate module to handle different threads
of execution (or) connect and automate all the different tasks. The developer can create and attach
an application that uses a cloud service to the appropriate service and allow the application itself
to scale the program execution. Therefore, an application that might take long time for a single
server to accomplish can be scaled in the cloud to many servers at once for a short period of time
to accomplish the task at faster rate at similar or lower price.
https://www.linkedin.com/pulse/what-virtual-machine-technology-jim-simpson
Post 2010, some readymade code pieces (or) libraries have been made available by Infrastructure
service providers that helps application programmers to connect them with their application and
execute required additional tasks without spending much time in re-coding every time.
Now that we have discussed in brief about cloud infrastructure, let us now look at few leading
players in the market.
Amazon Web Services (AWS) offers reliable and extensive cloud application and infrastructure
services for all types of organisations, with over 10 years of experience in supporting enterprises
with affordable cloud services, AWS cloud has grown into a leader in cloud storage and
management of various critical business processes.
• AWS is the pioneer in the cloud computing race and managed to retain its top position
through the years.
• Recent price cuts have allured more start-ups as well as government agencies towards the
AWS cloud.
• Amazon offers three types of computing instances: on-demand, reserved and spot. All three
options come with different pricing structures.
• Amazon’s cloud offering for Big data analytics is called Amazon Elastic Map Reduce.
Microsoft is yet another strong contender in the cloud technology space. It offers a unified set of
tools, automation capabilities and innovative approaches to networking and storage. Microsoft the
industry’s best hybrid cloud solutions while keeping the compliance and security costs to the
minimum.
Microsoft Azure
The enterprise-grade cloud computing platform from Microsoft is called Azure and it supports a
wide selection of tools, languages, frameworks, databases and devices. Statistics reveals that 57%
of the Fortune 500 companies from various industry sectors entrust their data and applications with
Azure. The easy-to-implement and low cost hybrid cloud solution offered by Microsoft Azure is a
good fit for organisations of all types and sizes.
Microsoft BizSpark
Start-ups that are looking to leverage the power of cloud must turn to Microsoft for its BizSpark
program. This three-year program includes tailor-made cloud solutions for the newbies in the
block.
Activity
The Google Cloud Platform allows users to build applications and store data on Google’s highly
reliable and scalable infrastructure. The innovation power of Google is world renowned and by
leveraging its cloud platform, developers can gain quicker access to its technological innovations.
• Google’s network can be defined by its thousands of miles of fibre optic cables connected
through cutting-edge Andromeda networking. The consistency and speed of such a
network is unparalleled.
• The per-minute billing system allows users to handle traffic spikes with the most cost-
effective solutions.
• The Big Query and Google Cloud Dataflow tools offer full support to big data solutions.
The fact that Google Cloud Platform works on the same infrastructure that supports the mammoth
tasks of Google itself is indeed the greatest advantage. Users can be assured of high availability,
lesser costs and low latency.
1.1.6.(iv). Brief about IBM Cloud, SAP SANA and Oracle Cloud
IBM Cloud
Cloud services from IBM are designed for medium and large sized enterprises that offer high-
traffic and high demand solutions. IBM is quickly catching up with its competitors through
offering a number of new products over the hybrid cloud at a reasonable pricing.
SAP HANA
SAP HANA is the in-memory RDBMS from SAP which is offered on a cloud platform that support
unique business applications. The product support enterprise mobility, analytics and collaboration
in a rich cloud environment. It can be used to build, extend and manage cloud applications for both
SAP and non-SAP solutions.
Oracle Cloud
Oracle is yet another cloud solutions provider joining the bandwagon with an exclusive portfolio
of services for the IT development and infrastructure needs. The two major areas of focus while
deploying cloud solutions from Oracle are- Innovation and Transformation. Oracle promises
seamless integration of the cloud into the exiting processes to transform them into sources of
business efficiency and to open up several opportunities to drive innovation.
Cloud computing is rapidly becoming a significant part of the overall IT strategy and more and
more organisations are dedicating a substantial part of their IT budget towards this trend. Cloud
computing is here to stay and deliver the following benefits.
• Mobilising the workforce: Cloud computing allows device-agnostic access to data and
from any location. It breaks all kinds of barriers and helps employees to stay connected on
the move.
• Increased cost control: Cloud computing saves a lot of money by eliminating the need for
upfront investment in infrastructure and software. The pay-as-you go model brings down
operational costs and allows higher efficiency.
• Enhanced productivity: Cloud allows flexible provisioning of resources with the least
impact on internal operations. Personnel tend to focus better and highly productive results
can be obtained.
• Reduced impact on the environment: With fewer data centers and shared resources,
enterprises moving to the cloud earn the eco-friendly credentials easily.
• Better agility: While embracing cloud technology, organisations can scale their resources
up and down, avail automatic software updates; expand exponentially with zero upfront
investment and without having to deal with miles of wires and heap loads of servers.
Activity:
The last section provided a clear outline on the various business benefits of cloud computing.
However, there exists certain data security and privacy issues while hosting applications on the
cloud. Organisations are widely experimenting with different parts of the business that can yield
favourable results without falling victim to these concerns.
The most suitable and common applications that can be hosted in the cloud are:
Summary:
• Cloud computing refers to the delivery of computing resources and storage through the
internet on a pay-as-you-go basis.
• The first premise of cloud computing was witnessed in the early 50’s when CPU time was
shared among multiple users to cut down costs.
• Through the years cloud computing technology has grown steadily and today more than
80% of the organisations are planning their move to the cloud.
• There are four types of cloud delivery models, private, public, hybridand community cloud.
• When the cloud resources are owned and managed by a third party and can be accessed by
all authorised users via the internet, it is called a public cloud.
• The solution that combines the best of both private and public cloud is called hybrid cloud.
• The cloud architecture is made of three components, front end, middleware and back end.
• Some of the most significant cloud service providers in the market today are AWS, IBM,
Oracle, Microsoft and Google.
• Cloud computing has been widely adopt by organisations as it renders a number of benefits
such as cost efficiency, enhanced productivity and flexibility for the business.
• There arises a concern of data security and privacy while engaging with the cloud
extensively. However reliable cloud partners and robust SLAs can be take care of these
issues.
Self-Assessment Questions:
1) When the resources in the cloud are owned and managed by a third party it is called a
_____________delivery model
(a) Private (b) Public (c) Hybrid (d) Community
2) The special software that governs the communication between the front and back end of
the cloud architecture is called
(a) Protocol (b) Middleware (c) Client server (d) Server
4) Microsoft offers a special program for start-ups looking to leverage the benefits of the
cloud. This program is called___________
(a) Microsoft Azure (b) Microsoft BizSpark
(c) AWS (d) Microsoft start-up program
6) One common concern that arises while adopting the cloud is_____________
(a) Security of data (b) Lazy workforce
(c) Capital investment (d) Lack of expertise
Answers:
Q. No. 1 2 3 4 5 6
Activity
Activity Type: Online Time: 30 minutes
List few cloud providers. Select any one of the provider and prepare a presentation of 10
slides to give an overview of cloud computing with respect to that provider. For example,
Amazon Web Services (AWS).
Bibliography
References
• 24/7 Wall Street. The $270 Billon Cloud Computing Market. Retrieved on October 21,
2015, from http://247wallst.com/technology-3/2015/03/07/the-270-billon-cloud-
computing-market/
• Amazon Web Services. Overview of Amazon Web Services. Retrieved on October 21,
2015, from https://d36cz9buwru1tt.cloudfront.net/AWS_Overview.pdf
• Appcore. Types of Cloud Computing: Private, Public and Hybrid Clouds. Retrieved on
November 17, 2015, from http://www.appcore.com/types-cloud-computing-private-
public-hybrid-clouds/
• Cloud Academy Blog. Cloud Computing Architecture: an Overview. Retrieved on
October 21, 2015, from http://cloudacademy.com/blog/cloud-computing-architecture-an-
overview/
• Cloud Tweaks. Enterprise Cloud Adoption. Retrieved on October 21, 2015, from
http://cloudtweaks.com/2012/09/cloud-infographic-enterprise-cloud-adoption/
• CloudFlare. CloudFlare and Google Cloud Platform. The best of both worlds. Retrieved
on October 21, 2015, from https://www.cloudflare.com/google
• Forbes. IBM Cloud Services Part I. Retrieved on October 21, 2015, from
http://www.forbes.com/sites/greatspeculations/2015/03/06/ibm-cloud-services-part-i/
• Gigaom. 5 things you should know about Google’s cloud platform. Retrieved on October
21, 2015, from https://gigaom.com/2013/08/24/5-things-google-wants-you-to-know-
about-its-cloud-platform/
• IBM Cloud. Why IBM Cloud? Retrieved October 21, 2015, from
http://www.ibm.com/cloud-computing/#infrastructure
• Learn Telecom. Cloud Computing. Retrieved on October 21, 2015, from
http://learntelecom.com/cloud-computing/
• Onyx. The History of the Cloud. Retrieved on October 21, 2015, from
https://onyx.net/history-of-the-cloud
• Rightscale. Cloud Computing Trends: 2015 State of the Cloud Survey. Retrieved on
October 21, 2015, from http://www.rightscale.com/blog/cloud-industry-insights/cloud-
computing-trends-2015-state-cloud-survey
• SAP Store. SAP HANA Cloud Platform. Retrieved on October 21, 2015 from
https://www.sapstore.com/solutions/99000/SAP-HANA-Cloud-Platform,-starter-edition
• Sky High Networks. 11 Advantages of Cloud Computing and How Your Business Can
Benefit From Them. Retrieved on October 21, 2015, from
https://www.skyhighnetworks.com/cloud-security-blog/11-advantages-of-cloud-
computing-and-how-your-business-can-benefit-from-them/
• Sky High Networks. The 20 Totally Most Popular Cloud Services in Today’s Enterprise.
Retrieved on October 21, 2015, from https://www.skyhighnetworks.com/cloud-security-
blog/the-20-totally-most-popular-cloud-services-in-todays-enterprise/
External Resources
• Bond, J (2015). The Enterprise Cloud: Best Practices for Transforming Legacy IT.
Canada: O’Reilly
• Buyya. R&Broberg,J. ( 2010). Cloud Computing: Principles and Paradigms. USA: John
Wiley & Sons
• Sosinsky, B. (2010). Cloud Computing Bible. USA: John Wiley & Sons
Video Links
Topic Link
Introduction https://www.youtube.com/watch?v=tAUuY0Yld0E
Chapter 1.2
Page No.
Aim 21
Learning Objectives 21
Learning Outcome 21
1.2.1 Introduction 22
1.2.3.(i) Virtualisation 23
1.2.3.(ii) Multi-tenancy 23
1.2.3.(iv) Scalability 24
Summary 39
SAQs 40
Bibliography 42
References 42
External Resources 43
Video Links 43
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Fundamentals Cloud Computing Delivery Models
Aim
To equip the students with the basic understanding of various cloud delivery models
Learning Objectives
Learning Outcome
1.2.1. Introduction
Cloud computing services adoption by the firms are growing rapidly. One of the reasons for its
growth is that its architecture stresses the benefits of shared services over isolated products. When
organisations use shared services, they can only focus on the primary business drivers and
Information Technology department will reduce the gap between the available computing capacity
and required systems demand.
Cloud Computing is a broad term that describes a broad range of services. Perhaps, that’s the
reason there is no singular, one-size-fits all definition for this term. Instead, depending on what
services one is describing or who you are talking to, the moniker term ‘cloud’ is often described
as a stack, as a response to the broad range of services built on top of one another.
Now, since there is no simple definition for the term as a whole, the various cloud service providers
have been left to come up with an accurate and descriptive method of describing their service
offerings. In this chapter you will learn about the broad range of delivery models that can be
broadly classified into three services:
Cloud computing services for application and infrastructure needs are widely being adopted by big
and small organisations. In contrast to the traditional IT setupwhere a huge capital investment was
required for the purchase of software and hardware, cloud computing services enables
organisations to align costs to actual usage. They make businesses highly agile, operationally
efficient and remarkably flexible.
Cloud computing services range from satisfying a single functional need of an organisation to
delivering the entire data center through networks. With cloud computing, innovation is
accelerated and the opportunity to focus entirely on the core business operations are enhanced.
When a company decides to move its one or more IT services to the cloud, it incurs many benefits,
including lower capital costs, potentially lower operating costs, better support for mobile and
remote personnel, and IT flexibility. However, not all cloud service providers operate equallyand
we need to look for certain attributes when evaluating before migrating IT services to the cloud.
1.2.3.(i). Virtualisation
Virtualisation forms the core of cloud technology. It refers to the creation of virtual servers,
memory, operating system or a storage device as opposed to the actual existence of the resource.
In simpler terms, virtualisation allows one physical computer to run several virtual machines at
the same time. Cloud computing can be implemented without virtualisation too but with the
inclusion of the latter, implementation becomes easier and much more cost effective.
1.2.3.(ii). Multi-tenancy
Applications found either inside or outside the enterprise and in need of their own secure virtual
computing environment can be referred to as tenants. This computing environment encompasses
all or some layers from storage to user interface of enterprise architecture. All the interactive
applications (or tenants) have to be multi-user in nature. Multi-tenancy, a key common attribute of
both private and public clouds, applies to all the three services of the cloud (SaaS, PaaS and Iaas).
Consider an example of a cloud service provider offering storage and backup solutions in the cloud.
Organisations that access these cloud resources are called tenants and the fact that many such
tenants access these common resources gives rise to the concept of multi-tenancy.
No cloud can exist without a network. Networks facilitate the sharing of resources, movement of
data and integrated functioning of the infrastructure components. The services to be offered over
the Internet or private networks is allowed by network access. Technically, the network determines
the difference between the three cloud deployment models. In a private cloud, the cloud provider
and the end user are enclosed within the same network. Public clouds operate usually through
common internet provided by leading Internet Service Providers(ISPs) like Airtel (or) Reliance
Networks (or) Tata Docomo etc. Hybrid clouds have secure connection between the user and
private cloud service provider. The information which are available in the public cloud utilise the
common internet lines and those information that are confidential and is retrieved from the private
cloud requires user authentication.
1.2.3.(iv). Scalability
One of the strongest effects of cloud computing on a business is the scalability of IT resources.
The business environment today suffers from increasing levels of unpredictability and shrinking
IT budgets. With cloud computing, organisations can turn highly flexible and accommodate the
varying needs of client with no upfront investment on hardware or software resources.
Metering or Chargeback in the cloud ecosystem is the type of payment structure through which
users can gain unlimited access to all computing resources and yet pay for only their actual usage.
This allows the cutting down of excess costs that are usually termed as IT overhead costs.
A problem with IT chargeback arises when organisations are working under tight budgets and
there is lack of cohesiveness between the various departments. In such cases, the best solution is
to deploy third party tools to track usage of cloud services. These tools can be loosely coupled
with cloud services and may exist in the public cloud or within the organizational premises.
With the growth of technology, the cost of conducting a business has also increased. A research
by Gartner has revealed that organisations spend almost 75% of IT costs on procuring and
managing their software applications and infrastructure.
Software as a Service (SaaS) allows an organisation to access the desired software applications
through the cloud on a subscription basis. The SaaS vendor offers access to the software
applications with no upfront investment and takes care of all upgrades.
SaaS is popularly referred in the industry as “on-demand” software. Users access SaaS based
applications using their smart phones, tablets, laptops (or) desktops through a web browser. SaaS
model neither requires any physical distribution of software or its upgrades nor it requires painful
download of applications from the website. The user merely has to subscribe to the application
and automatically gets a login id and password information to his email. Using this login id and
password, the application and its features can be accessed through the browser.
Activity
Find out the top cloud players offering SaaS solutions for large and medium-sized
organizations.
The SaaS model is widely used these days as a service delivery model for applications such as
ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), Accounting
and HRM (Human Resources Management).
According to industry experts, SaaS has been identified to have the potential to disrupt the way IT
departments works inside any organisation. Due to emergence of SaaS model, IT departments are
now able to shift their focus from deploying and maintaining the applications to managing the
services.
One classic example for SaaS would be Google Docs. Users can access Google docs through a
web browser. All they need is internet connection and a user name and password which they can
obtain by registering with Google Aps. There are a lot of small and medium enterprises that
primarily rely on Google Docs for doing their documentation work, reporting, presentations and
accounting. A decade ago, enterprises were investing in Microsoft Office. They have to physically
purchase the DVD containing the MS-Office enterprise edition installation files. Then they need
to install it either in individual computers based on the requirements (or) they install it in a
centralised server, so that all the networked computers can access it. IT departments had to undergo
lot of pain to install MS-Office to thousands of computers across the organisation, maintain them
well, troubleshoot when it crashes and upgrade whenever there is a new version of Office available
in the market. A huge chunk of their time, efforts and resources went into deploying, managing
and maintaining the Office packages.
But these days, it has become much easier to work on documents, presentations and worksheets
without the need to undergo such pain. Thanks to Google Docs, the user just needs to register and
have login id and password to access a sleuth of services like Google Docs, Slides, Sheets, Forms
etc.
These days, SaaS helps IT departments to save their time and energy and use them to manage
mission critical applications that are confidential and internal. A SaaS application is offered by a
third-party vendor (like Google) or by an intermediary aggregator who bundles it along with their
services. Unlike Microsoft Office that requires physical purchase of DVD, users (or) organisations
can use Google Docs by paying a subscription fee. This subscription model can vary from
application to application depending on its complexity, features etc. Some vendors charge a flat
rate or unlimited access to specific features while others charge variable rates based on usage.
While the SaaS model of cloud computing offers access to the software hosted on remote servers,
PaaS provides the platform that is required to build and deploy a software application. Platform as
a Service can be defined as the cloud delivery model that offers the tools needed to rapidly develop
and manage software applications.
PaaS is the best fit for organizations that are committed to the delivery of web and mobile
applications within a stipulated time and budget. PaaS provider offers the toolkit to build an
application and the virtual machine to run it. Application developers can design the functionalities
as well as the interface based on their particular needs.
The PaaS delivery model allows organisations to leverage the investment made by the vendor to
build complex business applications efficiently.
Activity
Both Google and Amazon offer comprehensive PaaS solutions. Compare their offerings and
justify why you would choose one over the other.
A decade back, developers relied on various programming languages like Java, DotNet, PHP,
Python etc. For them to code in these languages, they need to download (or) purchase the
development platform (or) environment, install them in their computers on-premise, configure
them, connect them with front end software (like Dreamweaver) and back end database (like SQL
or Oracle) in order to start coding. It is a much more complex process than Microsoft Office
installation and management which we discussed in SaaS model. A screenshot of dotnet
development environment is provided below. The complex development environment demands
complex background tasks, configuration, integration with front end and back end as discussed
along with version control (to make it easier for multiple developers to work on a single application
version). The process becomes more complex if this has to be installed and managed for an IT
organisation which is not primarily into software development.
On the other hand PaaS allows organisations (or) users to develop their own software applications
using tools supplied by the provider. PaaS services come with pre-configured set of features that
customers can subscribe to, and, include them in the application that they develop.
For example, let us briefly discuss about IBM BlueMix. It is a cloud platform as a service (PaaS)
developed and managed by IBM. BlueMix was launched in 2014. It supports a huge range of
programming languages like Python, Java, Go, Node.js, Ruby on Rails, PHP etc. Tons of features
are built-in so that the developer can drag and drop chunks of code and deploy the application in
few clicks. Bluemix allows developers to build, manage and run all types of applications to be
deployed for mobile, smart devices, web and big data.
Applications using PaaS possess the ability to inherit all characteristics of the cloud like multi-
tenancy, scalability, SaaS enablement etc.
PaaS has reduced the amount of coding which allows the present day organisations and small and
medium enterprises to benefit majorly by focus towards value addition to their customers and are
able to deploy applications seamlessly across various platforms.
Similar to other cloud offerings, PaaS service providers charge their customers a subscription fee
for whatever they use. Additional services like network infrastructure, storage, software support
and management of services are charged based on the specific requirements and usage.
Infrastructure as a Service forms the base of the cloud computing stacks. The service offers the
ability to provision server, storage, networking and other basic computing infrastructure resources
through the internet and as required. Since the IaaS cloud delivery model eliminates the need to
invest in hardware, it is a perfect solution for startups and for organizations that deal with extreme
spikes and troughs in usage.
With scalability as an unbeatable advantage, the key lies in choosing an IaaS vendor that promises
the highest availability of resources and complete adherence to all regulatory measures while
handling sensitive data.
In recent times, there seems to be a diminishing line of distinction between the IaaS and PaaS
services as more and more cloud service providers move towards rendering deployment tools as a
part of their IaaS offering. Examples include Amazon (AWS), Microsoft Azure and IBM. Amazon
bundles its PaaS (ES2) and IaaS (S3) services and IBM bundles BlueMix(PaaS) and SoftLayer
(IaaS) services on a packaged model.
Let’s consider the example of Microsoft Azure. It is a cloud computing platform and infrastructure
designed, developed and launched by Microsoft. Organisations and developers can utilise
Microsoft Azure to build, deploy and manage their infrastructure services through a global network
of datacenters. Microsoft Azure provides both PaaS and IaaS support to all its customers in an
efficient manner. Azure also supports lot of programming languages, Microsoft supported as well
as third-party tools and frameworks.
The “cloud” has become a universal buzzword and all types of organizations are looking at
deriving the benefits of the cloud. The first step towards migrating to the cloud is to understand
the three service delivery models, their capabilities and limitations. Figure 1.2.2 explains the
distinction in services offered by each cloud delivery model.
Fig. 1.2.6: Cloud Computing – Difference between SaaS, PaaS and IaaS
The blue boxes in 1.2.6 are the ones that are managed by the organisation and the grey ones are
those managed by cloud service provider.
The table below throws light on the key features of SaaS, PaaS and IaaS models and brings out the
differences between them.
System managers / IT
Target audience Business user Software developers
admin
Enables organizations
to create virtual
Reduces capital Organisations can server network (or)
expenditure and build and deploy cluster without
operational applications without investing in
Cost reduction expenditure by investing much hardware, capacity
eliminating software capital in required planning and
license costs and tools and maintenance. This
software upgrades. technologies. impacts both capital
and operational
expenditures.
Google Docs,
Example Google App Engine Amazon AWS, IBM
Dropbox
Activity
Make a list of the top cloud success stories in 2015 and find out what service delivery model
contributed to their success.
The convergence of the three service delivery models - PaaS, IaaS and SaaS seems to be future of
cloud computing. By combining SaaS and PaaS delivery models, organisations can build
applications efficiently and deploy them quickly to end users. When application developers
become increasingly dependent on PaaS tools for building the software, they will ultimately want
better control over the underlying infrastructure. Thus, upcoming cloud solutions will focus
towards satisfying the entire stack of organizational needs.
Like with any other technology, cloud computing also faces some significant obstacles to be
overcome before turning into a part of the mainstream operations in an organization. Common
concerns that arise while choosing to adopt the cloud are:
• Data security and privacy issues: Moving to the cloud means loss of control over
applications and data to a third party provider and therefore issues related to security and
privacy are inevitable.
• Failed adherence to regulatory and compliance measures: Data in the cloud may be
stored in a different location for better performance and to avoid localized outages. In such
cases, apart from the industry-specific regulations, location-specific compliance measures
must also be met.
• Vendor lock-in: A robust SLA must be established to avoid too much dependence on the
cloud service provider.
• Lack of performance and uptime: Will your applications perform better in the cloud? Is
your cloud service provider promising the maximum uptime? These issues must be
addressed before moving to the cloud.
• Dependency on outside agency: The involvement of a third party into the internal
operations of an enterprise may sometime causes psychological obstacles for CIOs and IT
managers.
• Knowledge and integration: Cloud migration process must be done through a well-
structured procedure which will be explained in detail in the upcoming chapters. With
cloud computing, the IT department must be prepared to embrace the changes in their roles
and responsibilities.
• Long-term stability of the service provider: The financial stability of the cloud service
provider is an important factor to be considered while choosing one.
Activity
Cloud vulnerability can be defined as a weakness in any part of the cloud environment and can be
used by a potential attacker for personal gain. Some common vulnerabilities are,
• Session riding: When attackers use the information from cookies to perform data theft or
any similar cyber crime it is referred to as session riding. Tricking users into sending
authenticated requests to fake websites is another form of this vulnerability.
• Virtual Machine Escape: Any vulnerability in the hypervisor paves away for potential
attacks for the hypervisors as well as for all virtual machines running on top of it. This
vulnerability though rare, still exists and can cause serious damage in the worst cases.
• Data Portability: There maybe several reasons for an organisation to move its data from
one cloud service provider to another. Unsatisfying performance, finding a cheaper option
or the cloud service provider running out of business could be some the possible reasons.
In any case, data backup must in place and the old cloud service provider must delete 100%
of the data owned by the client organization.
• Vendor Lock-in: Do you want to be stuck with one single cloud service provider forever?
The answer is definitely no, given that the IT needs keeping changing for every
organization and another provider in the industry may just come up with the most perfect
solution for your current needs.
• Internet Dependency: The Internet is the unsung hero of the entire cloud setup. An
unfailing internet service provider is what an organisation needs to achieve 100% success
in the cloud. This is especially critical for key applications like the ones running in hospitals
that could cost human lives in the worst case.
Once the decision to embrace the cloud has been taken, organizations must chart out a detailed
plan that marks their journey to the cloud. Listed below are the top challenges battled in a cloud
environment by the cloud vendor, client as well as the end user.
• Keeping up with security requirements: Security tops the list of challenges when it
comes to cloud computing as organisations lose their direct control over data. A cloud
vendor must be aware of all security measures to be implemented while dealing with
critical data and have them in place.
• Obtaining the right knowledge and expertise: With the advent of cloud computing, the
role of the IT department has significantly changed and so has their need for knowledge
and skills. Organisations must equip themselves with the required resources as well as the
tools to implement robust cloud applications.
• Choosing the right vendor: Partnering with the right vendor is the key to success in the
cloud. Organisations must follow a fail-safe mechanism in evaluating potential cloud
vendors and ensure that they meet all security and privacy standards.
• Data interoperability and portability: Organisations expand with time and their needs
change rapidly. Therefore, additional caution must be practiced to avoid choosing a
platform/technology/provider that makes the organization too dependent on them.
• Budgeting difficulties while moving to the cloud: The very nature of cloud is that it is
scalable and is delivered on demand. This in turn may cause difficulties while drawing IT
budgets for the entire organization. The fluctuating cost of cloud services is a very common
challenge for small as well as medium-sized organisations.
Complexities while migrating to the cloud vary from one organization to the other. However,
partnering with a reliable cloud service provider and planning ahead will deliver higher chances
for optimised performance through the cloud.
Cloud Computing can be practically used to host any kind of web application. Some of the
common applications hosted on the cloud are CRM, email archiving system, payroll processing
and so on. The conditions below outline the most preferred cases where cloud computing can yield
the maximum benefits.
• Resource hungry applications: Applications that demand many resources like the CPU,
memory, storage or time can be hosted on the cloud efficiently.
• Applications with extreme spikes and troughs: Consider the example of an HR system
that is accessed by employees only a few times in a year. However, on the review day,
every employee in the organization logs onto the system thus slowing down the system.
Such applications with varying utilisation rates are most suitable to be hosted on the cloud.
• Backup and Recovery: This is the most common application of cloud as it is clearly more
expensive to manage the entire duplicate infrastructure. Cloud backup solutions are safe,
reliable and cost-efficient.
WhatsApp, what started as an idea to link people, and was an inexpensive messaging service that
allows users to send and receive images and texts, turned into a messaging app behemoth.
Case Scenario:
WhatsApp has a pioneering lead in volume of users over other messaging apps and services. Itgrew
from about 50 million users at the beginning of operations for two years to more than 200 million
the next year, when once again it doubled its user base beyond 400 million before celebrating its
four-year anniversary. The messaging app made top news recently when Facebook announced it
would acquire WhatsApp for $19 billion. WhatsApp’s challenge came from the growing numbers
and the need to send its 1 billion new users to the social network, even as WhatsApp services
remain apart from Facebook’s.
Solution: The Company turned to IBM Softlayer to find unique platform-as-a-service capabilities
which could connect its app and data to the cloud.
Benefits:
ICICI Lombard lays its expansion plans by leveraging the power of public cloud with no
compromise on security.
Case Scenario:
As ICICI Lombard was moving towards a more customer centric approach with cutting edge
technology, there was one unsolved mystery to be tackled, “How to handle applications with peak
times that are exponentially higher than the average?” Provisioning and de-provisioning of servers
based on these varying peak loads caused time, cost and resource pressures on the organization.
Solution:
ICICI Lombard turned to Microsoft Azure to manage the IT infrastructure for applications like
email systems and storage. The constant technical support and the matured security measures
offered by Azure enabled the client to move more complex applications to the cloud.
Benefits:
• ICICI Lombard now enjoys automated management of the platform and applications thus
reducing the cost and time considerably.
• More than 30 UAT servers have been decommissioned after a batch of 17 applications
were moved to the cloud.
• With more non-production applications being hosted on the Azure cloud, the time-to-
market has been enhanced, and more maturity is observed in SDLC.
Expedia partners with Amazon Web Services (AWS) to enhance online customer experience.
Case Scenario:
Expedia is thelargest online travel brand that includes several travel and hospitality platforms such
as Expedia.com, Hotwire.com, and Hotels.com and so on. It acts as the ultimate bridge between
consumers and the travel industry in several countries. In 2010, Expedia launched the Expedia
Suggest Service (ESS) that assists travellers to enter their travel information accurately. Delivering
the maximum level of responsiveness with minimal network latency was the biggest challenges of
ESS.
Solution:
The cloud expertise offered by AWS enabled Expedia to build ESS in only 3 months. The service
was launched initially in Singapore and after tasting success it was quickly replicated across
regions in the US and Europe. The average network latency was reduced from almost 700
milliseconds to just 50 milliseconds by hosting the high-volume, critical ESS on AWS cloud.
Benefits:
• Enhanced online customer experience through reduced errors and increased speed.
• Reduced costs by eliminating the need to run the service full-fledged across locations closer
to the customers.
Summary:
• The three categories of cloud services, Software as a Service (SaaS), Platform as a Service
(PaaS) and Infrastructure as a Service (IaaS) together form the cloud computing stack.
• The PaaS model of cloud computing enables organizations to access the toolkit to build the
software application and the virtual machine to run it.
• IaaS is the ability to provision server, storage, networking and other basic computing
resources through the internet as and when required.
• Implementing the cloud paves way for some challenges like privacy and security concerns,
low quality of service, and loss of control and so on. The key lies in choosing a reliable
cloud service vendor and establishing strong SLAs.
• Though all kinds of web applications can be hosted on the cloud, applications with special
server configuration, varying levels of utilization and resource hungry application are the
most suitable candidates for the cloud.
• ICICI Lombard, WhatsApp and Expedia are great stories that exemplify the power of cloud
in today’s business world.
Self-Assessment Questions:
1) The cloud service that offers the tools required to build, deploy and manage software
applications is called…………..
(a) SaaS (b) PaaS (c) IaaS (d) None of the above
3) One common challenge faced during the implementation of cloud computing is……….
(a) Increased costs (b) Lack of personnel
(c) Lack of control (d) Lack of expertise
7) What type of cloud delivery model is most suited for start-ups dealing with systems that have
an unpredictable utilization rate?
(a) Saas (b) PaaS
(c) IaaS (d) Start-ups are not eligible for the cloud
Answers:
Q. No. 1 2 3 4 5 6 7
Activity
Prepare a table to compare the typical activities carried out by cloud consumers and
cloud providers in relation to the cloud delivery models
Bibliography
References
• Amazon Web Services. AWS Case Study: Expedia.Retrieved October 27, 2015, from
https://aws.amazon.com/solutions/case-studies/expedia/
• CISCO. Networking and Cloud: An Era of Change. Retrieved October 27, 2015, from
http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/cloud-
computing/white_paper_c11-677946.html
• Computer Weekly. The difference between SaaS, PaaS and IaaS. Retrieved October 27,
2015, from http://www.computerweekly.com/photostory/2240109268/The-Computer-
Weekly-guide-to-Cloud-Computing/2/The-difference-between-Saas-Paas-and-Iaas
• EMC2. Cloud Computing Services. Retrieved October 27, 2015, from
http://www.emc.com/corporate/glossary/cloud-computing-services.htm
• IBM Cloud. What is Infrastructure as a Service? Retrieved October 27, 2015, from
http://www.ibm.com/cloud-computing/uk/en/what-is-iaas.html
• Microsoft. ICICI Lombard: Financial Services Major Prepares for the Future with
Microsoft Azure, Bets on Hybrid Cloud.Retrieved October 27, 2015, from
https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=10442
• Rackspace. Understanding the Cloud Computing Stack SaaS, PaaS, IaaS. Retrieved
October 27, 2015, from
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Understanding-the-
Cloud-Computing-Stack.pdf
• Slideshare. Cloud Software-As-a-Service. Retrieved October 27, 2015, from
http://www.slideshare.net/cloudcomputingwire/8-cloud-software-as-a-service-examples-
14728310
• Software & Information Industry Association.Software-as-a-Service; A Comprehensive
Look at the Total Cost of Ownership of Software Applications. Retrieved October 27, 2015,
from http://www.winnou.com/saas.pdf
• Tech Target. Metered Services. Retrieved October 27, 2015, from
http://searchcio.techtarget.com/definition/metered-services
• Tech Target. Platform as a Service. Retrieved October 27, 2015 from
http://searchcloudcomputing.techtarget.com/definition/Platform-as-a-Service-PaaS
• Venture Beat.The 5 key challenges enterprises face when moving to the public cloud.
Retrieved October 28, 2015 from http://venturebeat.com/2012/12/12/the-5-key-
challenges-enterprise-face-when-moving-to-the-public-cloud/
• What is Cloud? Cloud Delivery Models. Retrieved October 27, 2015, from
http://whatiscloud.com/cloud_delivery_models/index
External Resources
• Bento, Al. (2012). Cloud Computing Service and Deployment Models: Layers and
Management. USA:IGI Global
• Buyya.R&Broberg, J. ( 2010). Cloud Computing: Principles and Paradigms.USA: John
Wiley & Sons
• Kale, V. (2014). Guide to Cloud Computing for Business and Technology Managers. USA:
Chapman &Hall
• Sosinsky, B. (2010). Cloud Computing Bible. USA: John Wiley & Sons.
Video Links
Topic Link
https://www.youtube.com/watch?v=kGUPSvs
Software as a Service
wmY0
https://www.youtube.com/watch?v=nBP4Aui4
Platform as a Service - Overview
gZ0
https://www.youtube.com/watch?v=dVY6zZT
Infrastructure as a Service - Overview
HsDk
https://www.youtube.com/watch?v=jBKXtSqx
M.G.Bryan cloud computing case study
Qas
Chapter 2.1
Migrating to Cloud
Page No.
Aim 44
Learning Objectives 44
Learning Outcome 44
2.1.1 Introduction 45
Summary 61
SAQs 62
Bibliography 64
References 64
External Resources 64
Video Links 65
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Risks Migrating to Cloud
Aim
Learning Objectives
Learning Outcome
2.1.1. Introduction
In order to build a sustainable and competitive advantage for the business, organisations are
continually striving to innovate and adapt themselves to the changing needs of the customers.
Cloud computing is widely regarded as a boon to both start-ups as well as enterprises as it opens
the gateways to transformation and agility. Present day cloud infrastructures offered by leading
cloud service providers does an amazing job in providing highly elastic and scalable solutions in
the most economical manner possible. Pay-as-you-go subscription model - which is the key selling
point of cloud based models attracts startups, small and medium businesses and even large
corporations to build their information technology services and applications on the cloud or
migrate the existing infrastructure and services to the cloud.
That being said, the application migration process from an on-premise model to cloud based model
comes with its own complications. Even after all the complications are dealt with, still the
application may or may not work correctly due to its interactions with various online and offline
services, database etc. Hence, migration to the cloud is a critical challenge for both - organisations
as well as to the cloud service providers who help these organisations.
In this chapter, you will learn about the various web applications that use cloud computing to
deliver outstanding results and understand in detail about how migration to the cloud can be best
achieved.
In today’s digital world, business innovation and transformation have paved way for the
emergence of new business models, delivery channels, ways of communication and has recognised
market needs that did not exist before.
Technology has been of tremendous support through this phase of transformation by opening the
gateway to many lucrative opportunities. Cloud computing is one such technology that has
transformed the traditional norms for businesses as well as for consumers and made the use of
web-based systems more practical and easy.
Imagine a world without Gmail, Facebook (or) WhatsApp? Imagine how difficult it would be for
you to be in touch with your friends? How painful it would be if you don't have YouTube? How
difficult it would be if you have to wait to watch the new movie trailer of your favourite star on
television (or) to hear a recent hit song only when it is played in the next radio show? Cloud as a
technology has brought so much innovation into our life and has brought in a lot of transformation
that helps us satisfy our needs almost instantaneously.
Cloud Crumbs
“Do you know of any such organisations that transformed itself through the cloud?”
There is EasyJet, Unilever, BP3 and so on. See how many you can add to the list.
Web-based business services are online services that render various functions like data storage,
processing, sharing of information and so on using the World Wide Web. The service may be
hosted in a web-based server or various servers across the globe. A user can access these services
using a login and password. Web-based business services play a significant part in today’s digital
world. Let us discuss in detail about the few web applications that serve different types of customer
segments today.
Email systems, social media websites, data storage applications are some common web apps used
by individuals. Examples include Dropbox, Gmail, Facebook and so on.
Activity
From Figure 2.1.1, Can you name at least six cloud-based social media apps that you use in
your day-to-day life?
Cloud applications have proven to be a boon to small and medium businesses that do not have the
sufficient resources or funds to expand their services. Custom applications for email, billing, HR
and inventory management are widely adopted by small- and medium-sized businesses (SMBs)
across the world.
Lets consider the example of Google Docs. Users can access Google docs through a web browser.
All they need is a user name and password which they can obtain by registering with Google Apps.
There are a lot of small and medium enterprises that primarily rely on Google Docs for doing their
documentation work, reporting, presentations and accounting.
A decade ago, enterprises were investing in Microsoft Office. They have to physically purchase
the DVD containing the MS-Office enterprise edition installation files. Then they need to install it
either in individual computers based on the requirements (or) they install it in a centralised server,
so that all the networked computers can access it. IT departments had to undergo lot of pain to
install MS-Office to thousands of computers across the organisation, maintain them well,
troubleshoot when it crashes and upgrade whenever there is a new version of Office available in
the market. A huge chunk of their time, efforts and resources went into deploying, managing and
maintaining the Office packages.
But these days, it has become much easier to work on documents, presentations and worksheets
without the need to undergo such pain. Thanks to Google Docs, the user just needs to register and
have login id and password to access a sleuth of services like Google Docs, Slides, Sheets, Forms
etc.
There is no need to install, manage or upgrade each time a new version is released. It is completely
managed by Google. As and when there is an upgrade, all the users will be able to access the
additional features at a stretch – when they login the next time. That is how easy it is.
As organisations grow, they tend to lose their agility and succumb to the ordeal of maintaining
legacy applications and huge data centers. With the advent of cloud computing, large enterprises
become flexible, save costs and put themselves in a better position for innovation. ERP systems,
CRMs and IT Service management applications are some manifestations of the cloud in large
organisations.
A classic example would be of Ramco On-demand ERP solutions. Earlier, Ramco was offering
on-premise ERP earlier for lot of sectors. The organisation has to purchase the whole version and
install it in their centralised server - to make it available to the whole organisation. It involved lot
of resources including investments, manpower, huge storage and servers with good computing
capacity. Then, Ramco moved to the cloud and started offering Ramco On-demand ERP solutions.
This enabled organisations to just subscribe to Ramco and obtain a login id and password. All they
need to do is to open a web browser, enter the login credentials and they can access the complete
software over cloud. All updates to the ERP application, platform, infrastructure were all managed
by Ramco and its vendors.
Organisations across the globe are in the middle of a great transformation - from building their
own software products (or) using packaged software for their business processes to utilising cloud
based applications for their business processes. According to economists business processes that
are available on the cloud should have very large number of users and should be made autonomous
in order to manage it and remain profitable. Other than that, few more perspectives worth thinking
about are:
• Productivity: By delivering business processes through the cloud, does it really impact
the productivity of the client? Cloud service providers and organisations that offer business
services from the cloud need to think from such a productivity perspective. If delivering
the business services significantly reduces burden of the client (or) the users and if it allows
them to concentrate on more important functions, then cloud should definitely be
considered as an option.
• Seamless Integration: If the cloud application (or) platform has the ability to seamlessly
integrate into the existing tools and processes of the enterprise (or) the user? Does it require
very minor changes to be done on the client (or) user side - for them to adapt? If yes, then
it is good to deliver cloud based business services. Otherwise, if it is going to make the life
tougher for the client (or) make more redundant work load for them, then it is good not to
deliver it through the cloud.
• Technical capabilities of the end-user: Organic chemists across the globe use specific
programs and software to develop and simulate organic models and experiments. These
tools and software can be delivered through the cloud. But organic chemists are more
comfortable using the existing systems and on-premise tools to carry out their work Neither
they are tech savvy nor do they understand much about cloud based tools as they have very
less connectivity amidst forest areas (or) huge plantation setup. So, it is not feasible to
deliver such applications through the cloud. Hence, the technical capabilities of the end-
user also needs to be considered before delivering the business services through the cloud.
The table below illustrates the different types of business process delivered through cloud from
top cloud vendors in the market. A clear insight about these business processes is essential for
people who wish to pursue cloud-based careers.
The first step towards building a strong cloud strategy is planning the migration of the existing
applications to cloud. This task requires much effort, the right skill set and planning. There are
three common approaches to migrate the on-premise applications to the cloud. They are:
As the name suggests, the Lift and Shift approach involves the exact replication of the in-house
applications in the cloud. There is no change made to the code or the design of applications. It
involves much lesser time, cost and complexity when compared to other methods. However,
applications migrated to the cloud using this technique do not take complete advantage of the
native cloud capabilities. Storage infrastructure and disaster recovery are common applications
migrated using this approach.
2. Refactoring
Refactoring refers to changes made in the structure of the source code of the application in order
to make it more efficient. The code is modified such that it becomes more scalable and reusable
without changing the functions of the application. In other words, this approach to cloud migration
adheres to the concept of get-something-working-now-and-perfect-it-later.
3. Modernisation
The modernisation application approach to cloud computing redesigns the application from
ground-up, thus making it completely flexible for the cloud environment. While superficially this
procedure may seem expensive or complex, the new applications provide maximised benefits
through decreasing the costs substantially.
Note:
Irrespective of the migration approach adopted, the Seven-Step Model of Cloud Migration creates
a more rational point of view towards the migration process and offers the ability to imbibe several
best practices throughout the journey.
Step 1: Assess
Cloud migration assessments are conducted to understand the complexities in the migration
process at the code, design and architectural levels. The investment and the recurring costs are also
evaluated along with gauging the tools, test cases, functionalities and other features related to the
configuration.
Step 2: Isolate
The applications to be migrated to the cloud from the internal data center are freed of dependencies
pertaining to the environment and the existing system. This step cuts a clearer picture about the
complexity of the migration process.
Step 3: Map
Most organisations hold a detailed mapping of their environment with all the systems and
applications. Make use of this information to distinguish between the components that have to be
moved to the cloud from the ones that should continue to reside in the data center.
Step 4: Re-Architect
Migration to the cloud demands re-architecting of applications in most cases. This may result in
the loss of certain functionalities and this can be approximated by using relevant APIs.
Step 5: Augment
The applications are augmented to make them cloud-ready. Augmenting the applications is crucial
to derive the best benefits of the cloud.
Step 6: Test
Right after the applications are augmented, they need to be tested for the new environment. The
augmentation and migration strategies are validated at this step.
Step 7: Optimise
Based on the test results, the migration strategy is optimised for delivering the best ROI. A
roadmap for leveraging the new cloud features is laid.
As cloud computing gains momentum, organisations are looking for a more robust way to
approach the cloud. In order to leverage the benefits of the cloud, a strong cloud strategy must be
in place. Based on the approach framed by the popular research firm, The Burton Group, the
following five steps define the framework for a strong cloud adoption strategy.
1. Pre-Work
To start with, organisations must build an internal cloud team, which together will set the scope of
the cloud project. Expectations, standards to be achieved and cloud objectives must be well defined
during the initial stages of the cloud journey.
The cloud cannot be considered as plainly a technical enhancement since it has a strong impact on
the various business functions. During this stage, business applications moving into the cloud are
evaluated based on the costs and architectural requirements. The operational changes to be made
within an organisation are also determined. The four significant components of this stage are
business impact evaluation, assessment of organisational impact, cost analysis and application
analysis.
Solutions from different cloud service providers are reviewed and the most suitable one is chosen.
The migration plan is initiated and the roadmap to cloud is thus made clear.
No cloud adoption framework can be complete without the risks and challenges being included. A
risk mitigation plan is drawn and the exit strategy is devised.
Once applications are moved to cloud, there needs to be a plan in place for the cloud governance
and vendor management. Regular reviews of the strategy must be conducted and the cloud team
must ensure that both internal processes and personnel issues are addressed during the move.
Why?
If you were a member of the IT team in a large organization and were asked to make a
list of potential cloud vendors. Whom would you choose and why?
SmugMug is a popular photo and video-sharing service that stores billions of customer photos and
videos. As the company began to grow in volume, the team at SmugMug could not afford to invest
in data centers to support their growth. They wanted a solution that could ensure easy storage with
maximum security for their customers.
The Solution
The journey to cloud for SmugMug began with AWS solutions. Initially, they adopted the Amazon
S3 solution for backup of data from their local data centers. Overwhelmed by the performance of
the system, they soon made the Amazon S3 their source of primary storage.
The next step was to transfer their computer services into the cloud by using the Amazon EC2
solution. With Amazon EC2, SmugMug moved many of its specialised services to the cloud.
Through this very carefully crafted phased migration to the cloud, SmugMug derived the following
benefits.
Ramco Systems is a leader in providing ERP solutions to thousands of companies across the world.
With more than 150,000 users Ramco Systems had to draw the balance between offering
competent capabilities and meeting the service level agreements. They needed to provision servers
instantly to the varying demands of their customers and also contend with the increasing costs of
capital investment, security measures and power supply.
The Solution
Ramco Systems found its ideal solution from the extensive portfolio of services offered by AWS.
Its journey to the cloud started by adopting the Amazon Elastic Compute Cloud which later went
on to include other services such as storage, email, resource monitoring and so on. Today Ramco
Systems experiences the following benefits through successful migration to the cloud.
Not every cloud migration project has a happy ending. Without the required resources, knowledge
and skillset, cloud migration can turn out to be a nightmare. Outlined below are some contingency
measures that mitigate risks considerably during the cloud migration process.
• Poor planning is the most common reason for the failure in any IT project. The entire
lifecycle of the migration project must be planned ahead. Every specific task and the
allocated responsibility of the task must be documented.
• The changes pertaining to people, processes and culture of the organisation must be
addressed. The required training and technical support must be implemented.
• Security of data during migration process is highly crucial. The cloud service provider must
hold all the accreditations that can insulate the client from any chances of a data breach or
failure to adhere to industry compliance requirements.
• The cloud service provider must be ISO 27001 certified to assure its ability to offer the
maximum security for all systems and data.
A robust SLA must be drawn with the service provider. They must commit to a specific level of
service, failing which they must be prepared to fulfil the compensation policy mentioned in the
SLA.
Summary:
• With time, web applications have taken the prime position in enabling various business
operations in all types of organisations.
• Migration to the cloud can be done using any one of these three approaches, Lift and Shift,
Refactoring and Modernisation.
• The lift and shift approach involves the exact replication of the in-house applications in the
cloud.
• Refactoring involves changes to the source code of the application to enhance its
performance in the cloud.
• The seven stages included in the model are Assess, Isolate, Map, Re-architect, Augment,
Test and Optimise.
• Based on a study by Burton Group, the cloud adoption within an organisation can be
simplified through the five phases, Pre-workBusiness and Application
AnalysisSelecting the cloud vendorBuilding the Risk Mitigation Plan.
Self-Assessment Questions:
1) The cloud migration approach that demands the least cost and complexity is ________
(a) Lift and Shift (b) Refactoring
(c) Cloud Modernization (d) Lift and Refit
2) Which phase of the Seven Step Cloud Migration model approximates the lost
functionalities of the application?
(a) Map (b) Augment (c) Re-architect (d) Isolate
3) The main aim behind adopting the seven step cloud migration model in an organization
is____________.
(a) To enhance the success rate of the migration process
(b) To obtain a more rational view point
(c) Both
(d) None
5) The most important accreditation to be checked while choosing a cloud service provider is
(a) ISO 27001 (b) ISO 27002
(c) ISO 27003 (d) ISO 27004
6) Larger enterprises move to the cloud for many reasons, one of the most important being,
(a) Enhanced agility (b) Customer satisfaction
(c) Personnel management (d) None of the above
7) Which one of the following cloud services is data storage application used by individuals
as well as SMBs
(a) Gmail (b) Netflix (c) Dropbox (d) Google drive
9) To analyse what applications are best suited for the cloud, organisation conduct a______
(a) Cloud migration (b) Cloud analysis
(c) Application portfolio analysis (d) Modernisation
10) The company that has acquired MyCharity in Ireland to stabilize its presence in the
European market is
(a) Microsoft (b) Adobe (c) Blackbaud (d) ADP
Answers:
Q. No. 1 2 3 4 5 6 7 8 9 10
Ans (a) (c) (c) (b) (a) (a) (c) (a) (c) (c)
Activity
Activity Type: Online Time: 30 minutes
Visit: http://www.ibm.com/cloud-computing/#infrastructure
Chat with IM cloud experts and list out the benefits provided by IBM in terms of security
and efficiency.
Bibliography
References
• Cloud Direct. Why So Many Cloud Migrations end in failure.Retrieved October 30, 2015
from https://www.clouddirect.net/insights/business/%E2%80%9Cit%E2%80%99s-
complicated.%E2%80%9D-why-so-many-cloud-migrations-end-in-failure/
• Eazework. Business Applications for Small and Medium Enterprises. Retrieved October
31, 2015 from
https://www.eazework.com/downloads/business_applications_for_smes.pdf
• EBiz. Burton Group Outlines a 5 Step Process to the Cloud.Retrieved October 30, 2015
from http://www.ebizq.net/blogs/cloudsoa/2010/08/burton-group-outlines-a-5-step-
process-to-the-cloud.php
• Gartner.Building a Solid Cloud Adoption Strategy: Success by Design.Retrieved October
30, 2015 from https://www.gartner.com/doc/1405800/building-solid-cloud-adoption-
strategy
• GCFLearn. Understanding the Cloud. Retrieved October 29, 2015 from
http://www.gcflearnfree.org/computerbasics/4
• PC Mag.20 Top Cloud Services for Small Businesses. Retrieved October 31, 2015 from
http://in.pcmag.com/software/78749/feature/20-top-cloud-services-for-small-businesses
• Polar Sever. Cloud Migration and Creation.Retrieved October 30, 2015 from
http://polarseven.com/what-we-do/cloud-migration-creation/
• Tech Target. Web Application. Retrieved October 29, 2015 from
http://searchsoftwarequality.techtarget.com/definition/Web-application-Web-app
• Tech Target. Cloud Migration Strategies for a Hybrid Cloud World. Retrieved October 30,
2015 from http://searchcloudcomputing.techtarget.com/feature/Cloud-migration-
strategies-for-a-hybrid-cloud-world
• Tech Target. When to Adopt the Lift-and-Shift Cloud Migration Model. Retrieved October
30, 2015 from http://searchcloudcomputing.techtarget.com/feature/When-to-adopt-the-
lift-and-shift-cloud-migration-model
• Tech Target.Refactoring.Retrieved October 30, 2015 from
http://searchsoa.techtarget.com/definition/refactoring
External Resources
Video Links
Topic Link
Cloud Computing and Innovation –
https://www.youtube.com/watch?v=K_g7ncE_vzk
Expert Views on Cloud Computing
https://www.youtube.com/watch?v=sEywo-
Tips for Successful Cloud Migration
eMTEU
Chapter 2.2
Page No.
Aim 66
Learning Objectives 66
Learning Outcome 66
2.2.1 Introduction 67
SAQs 77
Bibliography 79
References 79
External Resources 80
Video Links 80
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Risks Risk Management in Cloud Computing
Aim
To study the various risk factors and their mitigation strategies involved in cloud
computing
Learning Objectives
• Describe the process of measuring and assessing the risks in cloud computing
• Explain the major concerns involved in cloud computing
• Illustrate risk mitigation methodology
Learning Outcome
• Discuss the importance of risk assessment in choosing the form of cloud computing to
use
• List the major concerns that firms need to consider when moving to the cloud.
• Identify the best practice for risk management in cloud
2.2.1. Introduction
As the demands of the business environment increase and IT budgets dwindle, cloud computing
seems to be an effective alternative to achieve organisational goals easily and in a cost-efficient
manner. To enjoy the tremendous benefits of cloud computing, risks must be evaluated and
managed appropriately.
From due diligence of the cloud service provider to adopting various security techniques like
encryption and single sign-on, risk mitigation strategies are plenty in number. A thorough
understanding of cloud risks, their mitigation plans and several case studies from the past can be a
great start towards reaping the best benefits of the cloud. In this chapter you will learn about
various risks and the mitigation plans associated in cloud computing.
In general, Risk can be explained as the probability at which something unwanted might happen.
The higher the risk, the higher things can go wrong and vice versa. In Cloud environment, Risk
can be defined as the probability that a malicious (hack attack or security breach) or non-malicious
event (hardware or software malfunction) might occur that could potentially degrade the user
experience (or) expose confidential information (or) threaten to corrupt the software or hardware
components. Any organisation that provides cloud based services (or) utilises cloud based services
is prone to high risks of occurrence of malicious or non-malicious event.
With the rise of cloud computing, several technical and commercial changes have crept into the
world of business. From infrastructure to data, cloud delivers different virtual services on an on-
demand basis, thus enabling organisations to enhance their capabilities, meet the varying needs of
computing resources and transform themselves.
A recent survey on cloud risk by Cloud Security Alliance** revealed that 85% of the
companies have experienced insider threat in the cloud.
** Cloud Security Alliance is a world leader in creating awareness about the best
practices of secure cloud computing.
With any new opportunity, using the cloud involves some significant risks which includes but not
limited to data security, data storage location, cloud service outage, shared access, regulations etc.
The following sections briefly discuss all the risks.
Protecting sensitive and confidential data is termed as Data security. Data security tops the list of
the most prevalent concerns amongst cloud consumers. Lack of security of data in the cloud
implies to potential unauthorised access and privacy deficiency. By washing off the responsibility
of data storage and management into the hands of the cloud service provider, enterprises invite
outsiders to gain visibility and control over sensitive data. Common areas of the cloud that show
possibilities of compromised data are:
Fact
The healthcare industry is the most exposed to policy violations in the cloud.
Data storage location is the physical place where the servers and storage devices are present. A
few years ago, data from an organisation resided only within its data center and was under the
logical and physical control of that particular organisation. This defines the data storage location.
With cloud, data has moved into the physical infrastructure of a third party and is maintained by
an entity outside the control of the enterprise. This shift in data storage location has caused
considerable concern over data governance.
Can you always be 100% certain that your assets will be safe in the hands of non-family member?
Probably no! A bank is always a more “lucrative” loot for burglars than an individual household.
Similarly, data centers of cloud service providers with multiple tenants are often the target for
hackers who steal valuable customer data.
Cloud service outage is the time when cloud services are suspended due to reasons like technical
glitches, failure of the cloud service provider or a security threat. Microsoft, Google, Amazon,
Yahoo and almost every trusted brand you can think of has been in the news for distressing outages.
Every case of cloud outage, irrespective of its duration has a significant effect on the client
business. Enterprises lose their credibility; start-ups are dissuaded from greater cloud adoption and
organisations of all types and sizes miss revenue opportunities- such is the impact of a business
outage. The prevalence of cloud service outages has come down in recentyears, but with the
escalating number of business critical applications being moved to the cloud, the risk still lingers
on the top.
Every year, network outages are reported across the world. Find out about victim companies
that fought cloud outage issues in 2015.
One of the defining features of public cloud computing is multi-tenancy. The multi-tenant
environment of a public cloud allows the sharing of resources such as CPU, memory, storage space
and servers between multiple unrelated clients. Such shared access to computing resources may
pave the way for accidental sharing of data and higher chances of access to private data from the
smallest discrepancies in the system.
In order to set the expectations right for both the cloud vendor and the customer, a service level
agreement is essential. A comprehensive agreement between the two parties must eliminate the
risks related to service uptime, performance, security, disaster recovery, access to data as well as
the location of data. Service level agreement also plays a key role in accommodating changes and
in dispute mediation.
When critical information moves past the boundaries of the data centre of an organisation, it carries
the risk of noncompliance to industrial and geographical regulatory measures. For instance, a
healthcare organisation located in Germany stores data based on the European Data Protection
Directive regulations (EU DPD). When that same company partners with a US-based cloud service
provider for backup solutions, the Health Insurance Portability and Accountability Act regulations
(HIPAA) comes into picture. Failure to abide by these location- or industry-specific regulations
may result in substantial penalties and prove to be a heavy blow to small- and medium-sized
organisations
Table no. 2.2.1: Risks Associated with Cloud Service Delivery Model
Risks associated with cloud service delivery model are mentioned in Table 2.2.1. The digital age
has enabled organisations to store and disseminate data at ease. The size and volume of data that
gets stored in the cloud are incomprehensibly humungous and growing in leaps and bounds. If ever
there is a security breach or data leakage, it would be disastrous for all stakeholders. The
organisations that encountered bitter experiences have measured potential risks and implemented
various cloud security measures foreseeing the risks associated with them. Lets discuss these
briefly:
• Measures related to data security such as data encryption standards, key management and
hierarchal access.
• Client side efforts - as nothing can prevent data espionage when the customers are not
vigilant enough to avert disasters.
• Service level agreements to ensure proper service by the cloud service providers.
• Access Controls to ensure efficient, effective and secure sharing of resources between
clients utilising the same infrastructure.
• Financial Controls within and outside the organisation to ensure that both internal teams
and cloud service providers operate well within budgets allocated
The nebulous nature of the cloud has brought in the perception of high risk and low control over
infrastructure and data utilised by an enterprise. This is one of the primary reasons why people in
the executive team of organisations want to know what could potentially happen if they move into
the cloud. Whenever something new comes up, people take time to accept and adopt.
A classic example would be the reaction of people when Telephone was introduced. This quote by
Mr.Rutherford B. Hayes – the 19th President of the United States is very famous and clearly
indicates how people think when there is a technological breakthrough. Telephone was first
installed at the White House. Mr.Rutherford then quoted:
The reason why he said so was telephone was a new invention in 1800's and people were so used
to telegraphs. They were so comfortable with telegraph that most of them thought why people
would actually want to hear another person's voice especially while communicating to a place far
away. But later, when people realised about the immense benefits of telephone, they accepted it
slowly. That’s exactly the case of Cloud computing these days.
Even though the executive teams understand the potential, most of them are very comfortable with
on-premise software and solutions. This is also due to risk aversion towards cloud – as with all
other technologies. Therefore, a thorough assessment of risks must be conducted before the
commencement of the project. The risk assessment strategy used by an organisation must contain
the following elements:
• Effective Control Mechanism: All the current controls over data are to be analysed. If
it doesn't provide adequate protections for the data or service, then necessary data control
mechanisms are to be implemented.
• Necessary Periodical Audits: The cloud service provider and the services rendered are
to be analysed and audited on a monthly, quarterly or annual basis. Any kind of
discrepancies in service should be noted, informed and necessary corrective measures are
to be implemented.
• Data Integrity: The cloud service provider would be rendering the services to multiple
clients at a time. How well the data is stored, what kind of hardware is being used, if the
confidential data is being stored in a shared storage etc. - are to be analysed and understood
beforehand. It is much better to have discussions with the cloud service provider before
even moving all the data to the cloud.
• Data Encryption: The name says it all. The data encryption standards that the cloud
service providers utilise is to be audited beforehand. Strict investigation has to be carried
out in this aspect, as its one of the high risk areas. Sony suffered a major outage in its
PlayStation Network in 2011 due to their poor data encryption standards and hackers
exploiting it.
• Disaster Recovery Plan: What happens when there is anearthquake? Or flooding (or)
some other natural calamity that hits the data center in which all the confidential data is
being stored? Before getting into contracts, the disaster recovery and contingency plan
provided by the cloud service provider should be reviewed thoroughly. Internally, the
organisation should have a clear business continuity plan to ensure that the business doesn't
get affected if in case there is a disaster.
• Standard Procedures: Its good to evaluate the standard procedures followed by the
cloud service provider internally in their operations. A typical example would be the offsite
tape backup procedure for all the data stored in their data centre. Another example would
be a background pre-employment screening procedure to see if any of the employees
working at the data center (or) those to be involved in managing the data centre has any
malicious intent.
• Business Operations of the Cloud Service Provider: The current operational and
financial conditions of the cloud service provider should be diligently verified along with
the history of operations. For publicly traded companies, its easy to find this information.
For private companies, either an internal team can do the due-diligence (or) a third-party
can do the background check.
The above few elements to be considered and included in the risk assessment strategy of any
organisation.
Now that we have explored the potential risks associated with cloud computing, the next step
would be to draw the relevant mitigation measures to ensure long-term cloud success. Some of the
most effective cloud risk mitigation strategies are listed below:
Cloud computing leads to a higher dependence on cloud-based vendors and thus demands clients
of an evaluation of their capabilities beforehand. Optimised security measures, industry-
recognised compliance standards and the ability to support the unique requirements of an
expanding organisation must be analysed to mitigate the risk potential in a cloud project.
Encryption of data is the act of converting sensitive data into undecipherable text by using the
relevant algorithms. The encrypted data is calledciphertext, and the level of encryption depends
on the sensitivity of the data. Encryption solutions are of two types:
• Provider-side cloud encryption: The cloud service provider encrypts the data received
from clients and adds an extra layer of protection from potential threats. Many leading
cloud vendors in the market, such as Amazon, Microsoft and EMC, offer these solutions
to their clients.
• Client –side cloud encryption: Companies dealing with multiple cloud vendors make
use of cloud encryption gateways to turn their plain text data into ciphertext. Encryption
makes the text unreadable without a special key.
Activity
Draw a table to highlight the difference between the two encryption solutions. Discuss the pros
and cons of each.
Cloud security is better said than done. Not every cloud service provider is successful in keeping
up with the security demands of the customer. This makes third party validation a must for cloud
solutions. Independent technology auditors assess the solutions to ensure that they are capable of
delivering the desired results.
The risk of unauthorised access to critical information exists in both private and public cloud
environments. As opposed to the application-based access control in the traditional system of
computing, cloud environments work better with Role-Based Access Control (RBAC). In this
method, users of the system are assigned a specific role and can perform a precise set of functions
based on this role. By restricting access to cloud resources, unauthorised access, accidental
manipulation of data and sharing of credentials can be prevented.
A robust service level agreement holds the key to the performance levels of every element of the
service provided by the cloud vendor. It affirms the ownership of data and lays the foundation for
the security measures to be adopted during implementation.
The Single Sign-On (SSO) is one way of mitigating risk when it comes to protecting user data.
The user logs in using his/her email id (or) any id that has been created along with the password
to a particular application through the web browser. Once he/she logs in, the sessions starts and all
user information is encrypted and stored using specific protocols. After the user logs in, he/she
may use any of the connected systems (or) applications without having to login multiple times.
For example Gmail and all other applications of Google. In a browser, if the user has signed into
Gmail (or) Youtube once, then there is no need to sign-in again and again for other Google
applications. He/she can access Google Docs, Drive, PlayStore etc. without having to login to each
of these applications. The SSO technique eliminates the need for multiple re-authentications while
using the system (or) set of applications and thus prevents authentication requests to be made to
the server back and forth every time the user wants to use a particular application.
A recent study conducted by Avanade, a business technology and managed services provider
revealedthat more than 60% of the participants believed that the hybrid approach (the blending of
private and public cloud) was a safer way to conduct business in the cloud. This model of cloud
computing allows organisations to host their most sensitive data internally while allowing the other
secondary functions to reside on the public infrastructure. It offers the highest level of flexibility
with no additional capital expense. With more business critical applications moving to the cloud,
hybrid offers the best of both worlds.
Case Scenario
Sony Corporation first introduced the PlayStation Console in December 1994 in Japan. Since then
the product has undergone a series of upgrades and enhancement. The latest version of the
PlayStation called PS3 was a complete entertainment package and included internet browsing
capabilities, chat functions, media downloads and gaming options. Registered users of the system
were more than 75 million, and a huge chunk had also recorded sensitive information like credit
card details for the purpose of online purchases.
The Outage
On April 19, 2011, Sony’s PlayStation Network experienced one of the worst cases of data security
breach in the history of IT. The servers were hacked by an unauthorised group leading to the theft
of usernames, passwords, credit card details and other personal information of millions of PSN
users. The system was shut down for almost 7 days following the attack. The cause of the incident
was mainly due to the poor security mechanisms of Sony and its failure to encrypt critical data.
Impact
This unfortunate event for Sony brought down its reputation, credibility and stock value. Sony
rebuilt its security system, faced a lawsuit that was settled after almost 4 years and paid huge
compensation to its customers who were exposed to the incident. The service was made to shut
down for almost 3 weeks, and the cost of the outage was over 170 million dollars.
Activity
Just after the outage about Sony hit the headlines in 2011, the world leader in cloud services,
Amazon also experienced a similar situation. Find out the cause and impact of this incident
and write down a case story on the same.
Summary:
• Protecting data in the cloud from unauthorised access is the major concern for cloud
customers.
• With critical business data hosted in the cloud, organisations must ensure that they have
laid the right security measures for protection and privacy of data.
• Business outages cost huge revenue loss to businesses and organisation musttherefore
ensure that the cloud service provider can promise and deliver 99.99% uptime.
• The common risks associated with cloud computing are shared access to computing
resources, compliance issues and regulations across geographies.
• The risks associated with cloud implementation must be assessed during the initial stages
of the project, and the right mitigation strategies must be determined.
• To protect the sensitive data in the cloud, data encryption, well-defined access controls,
third party validation and robust SLAs must be implemented.
• The hybrid approach to cloud computing allows organisations to host their most sensitive
data internally while allowing the other secondary functions to reside on the public
infrastructure
Self-Assessment Questions:
1) ___________ tops/ top the list of most common concerns among cloud consumers.
(a) Cost (b) Network issues (c) Data Security (d) Data Mobility
2) Which one of the following industries is expected to have a very high concern over
regulatory and compliance measures?
(a) Petroleum (b) Healthcare (c) Gas & Oil (d) Education
3) Google encrypts all critical data that is stored on its cloud. The cloud encryption solution
offered by Google can be called:
(a) Provider-side cloud encryption (b) Client - side cloud encryption
(c) Cipher texts (d) None of the above
5) One main reason behind Sony’s data breach incident in 2011 was
(a) Lack of cloud expertise (b) Failure to encrypt data
(c) Shared Access (d) Malicious Insiders
Answers:
Q. No. 1 2 3 4 5 6
Activity
Activity Type: Online Time: 30 minutes
Bibliography
References
• CIO. The Death of the SLA. Retrieved November 01, 2015, from
http://www.cio.com/article/2883770/cloud-computing/the-death-of-the-sla.html
• Coalfire. Spotlight on Cloud Computing: An Overview. Retrieved November 01, 2015,
from http://www.coalfire.com/Resources/Spotlight-Compliance
• CRN. The 10 Biggest Cloud Outages of 2015. Retrieved November 01, 2015, from
http://www.crn.com/slide-shows/cloud/300077635/the-10-biggest-cloud-outages-of-
2015-so-far.htm
• Fidelity Investments. Vendor Due Diligence: Evaluating the Security of Hosted Solutions.
Retrieved November 01, 2015, from
https://fiws.fidelity.com/app/literature/log?literatureURL=952749.pdf?misc=ch3
• Forbes. Storing Data In The Cloud Raises Compliance Challenges. Retrieved November
01, 2015, from http://www.forbes.com/sites/ciocentral/2012/01/19/storing-data-in-the-
cloud-raises-compliance-challenges/
• InfoWorld. The 5 cloud risks you have to stop ignoring. Retrieved November 01, 2015,
from http://www.infoworld.com/article/2614369/security/the-5-cloud-risks-you-have-to-
stop-ignoring.html
• Journal of Security Engineering. Cloud Computing Security Issues and Access Control
Solutions. Retrieved November 01, 2015, from
http://www.sersc.org/journals/JSE/vol9_no2_2012/1.pdf
• KPMG. Clarity in the Cloud. Retrieved November 01, 2015, from
http://www.kpmg.com/SG/en/IssuesAndInsights/Documents/ICE-ClarityInTheCloud.pdf
• PerspecSys. Gartner Highlights the Importance of 3rd Party Validation. Retrieved
November 01, 2015, from http://perspecsys.com/gartner-highlights-the-importance-of-
3rd-party-validation/
• TechNet. Cloud Computing: Legal and Regulatory Issues. Retrieved November 01, 2015,
from https://technet.microsoft.com/en-us/magazine/hh994647.aspx
• Tech Target. Cloud Encryption. Retrieved November 01, 2015, from
http://searchcloudstorage.techtarget.com/definition/cloud-storage-encryption
• SlideShare. Cloud Computing. Retrieved November 01, 2015, from
http://www.slideshare.net/EdurekaIN/cloud-computing-pdf-1
External Resources
• Buyya, R., Broberg, J., & Goscinski, A, (2010). Cloud Computing: Principles and
Paradigms. US: John Wiley & Sons
• ISACA .(2011). IT Control Objectives for Cloud Computing. US:ISACA
• Pearson, S., & Yee, G. (2012). Privacy and Security for Cloud Computing. UK: Springer
• Yeluri, R.,& Castro-Leon, E. (2014). Building the Infrastructure for Cloud Security. US:
Apress
Video Links
Topic Link
https://www.youtube.com/watch?v=Cy5OV_F
The Risks in Cloud Computing
M3S8
Overcoming Data Security Challenges in the https://www.youtube.com/watch?v=55jdSe7Ro
Cloud World 68
http://searchcompliance.techtarget.com/video/
Keys to reducing cloud computing risks and
Webcast-Keys-to-reducing-cloud-computing-
security concerns
risks-and-security-concerns
https://www.youtube.com/watch?v=HdX2VetF
The Dangers of Cloud Storage
c6M
https://www.youtube.com/watch?v=P3CnckbeF
How to protect data in the cloud? - Encryption
mY
Cloud Management
Chapter 3.1
Page No.
Aim 81
Learning Objectives 81
Learning Outcome 81
3.1.1 Introduction 82
3.1.2 Evaluating the Business Need 82
3.1.2.(i) Cloud Vs. Hosted Applications 83
3.1.2.(ii) Cloud Vs. Licensed Software Vendors 84
3.1.3 Evaluating Cloud Computing Solution 85
3.1.3.(i) Location and Data Privacy 85
3.1.3.(ii) Network and Security 85
3.1.3.(iii) Service Level Agreements (SLA) 86
3.1.3.(iv) Software Stack and Storage 86
3.1.3.(v) Vendor Lock-in and Legal Compliances 87
3.1.3.(vi) System Testing 87
3.1.3.(vii) Seasonal or Peak Loading 88
3.1.4 Upscaling and Downsizing 89
3.1.5 Virtualisation 90
3.1.6 Cost Benefit Analysis 90
3.1.6.(i) Measuring Actual Costs 92
3.1.6.(ii) Forecasting, Load balancing and Associated costs 92
3.1.6.(iii) Right Sizing 93
3.1.6.(iv) Computing Total Cost of Ownership (TCO) 93
3.1.6.(v) Subscriptions, Licensing Models and Cost Cutting 93
Page No.
3.1.7 Cloud Vendor Interdependence and Governance 94
3.1.8 Selecting the Right Scalable Application 96
Summary 97
SAQs 98
Bibliography 100
References 101
External Resources 101
Video Links 101
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Management Assessing the Cloud
Aim
To analyse the various steps required to assess the need, costs and implications of moving
to the cloud
Learning Objectives
Learning Outcome
3.1.1. Introduction
Close to a decade ago, it required a consultant with expert level knowledge and excellent exposure
to cloud computing to educate the clients and help them realise the benefits of moving to the cloud.
But times have changed. At present, the penetration of cloud computing technologies is really deep
that businesses understand the importance of being in the cloud and associated pros and cons.
When an organisation is overwhelmed by the magnificent benefits of the cloud and decides to take
the plunge, it must first assess its own readiness for the big move. From considering the alternative
solutions to assessing the risks and costs, this initial preparation lays the foundation for grand
success in the cloud. In this chapter we will discuss about all factors that must be considered during
the cloud assessment phase.
With the insight gained thus far, you should know that cloud computing isn’t a one-size-fits-all
kind of deal. In fact, in many scenarios, your business may not even need to rely on cloud
computing for its information, networking and data storage requirements.
How companies today are using the cloud is quite unique at a granular level. However, when
looking at the bigger picture, you will find that they usually fall under one of the three solutions
– Compute Cloud, Cloud Storage and Cloud Applications. That said, there are also a number of
cases where cloud computing may not be the most appropriate solution for your business. These
cases could range anywhere between the unaffordable cost of hardware to something as simple as
just not needing it. In such cases, there are alternatives such as relying on hosted applications and
licensed software vendors.
Want to know if a business should use cloud computing? Here is a checklist to be acknowledged.
Hosted applications are not web-enabled like cloud applications. They are purchased and
installed by the organisation and accessed through a virtual private network (VPN).
While in many scenarios, cloud and hosted applications deliver similar results, they aren’t the same
thing. Both these solutions offer the implication of procession through physical servers that are
operated off-premise at a location that is remote to the customers. That said, remote hosting is a
concept that goes back to the days of mainframe time-share. It refers to a variety of computing
models including common or shared hosting centre resources.
Over the years, the evolution of cloud computing has introduced a range of options such as public
and community cloud models to hybrid solutions as well as entirely private single-entity cloud
operations.
Cloud computing is essentially a service oriented architecture (SOA) and collaborative in nature.
Cloud enables businesses to consume and to share by leveraging key web services. This implies
that if the application design cannot be optimised for web based services and merged into the
cloud ecosystem, it cannot be labelled as a cloud application.
• Service Level Agreement for scalability, back-up management and disaster recovery
A Licensed Software Vendor is the one who holds the right to redistribute or resell the
software to their clients by purchasing the license from the software supplier.
One of the major advantages that cloud offers over licensed software vendors to businesses today
is the cost benefit. That said, the idea of cost effectiveness associated with the running of an on
premise software still exists. Most often, this is attributed to the fact that on premise solutions
come with a host of hidden costs that are overlooked to too complicated to calculate.
Some of the key advantages that Cloud Computing offers over Licensed Software Vendors include
• Economies of Scale
• Ability to optimise network resources, data centre space, connectivity and cooling
• Impressive levels of automation
• Enhanced consolidation and usage ratios across resources
Many cloud experts believe that drawing a comparison between the traditional on premise software
licensing and cloud models is as good as comparing apples to oranges. Many argue that
subscription for cloud applications may be cheaper upfront but since they tend to come up every
year, prove to be more expensive in the long run. To be able to get the best value for the business
over all, it is important to understand the inherent needs of the organisation and pick a solution
that best suits its needs.
Selecting the ideal cloud computing solution is anything but easy. The process demands the
involvement of IT personnel at different levels of management. Each solution provider will offer
a different stack of offerings that together represent a unique value proposition. Some depend on
the power of technology, while others offer location that is safe and secure. Some providers offer
data privacy as the unique selling point.As an organisation that is making the big move, you need
to consider five significant criteria to be able to select the right cloud computing solution for your
business needs.
Most service providers would not be able to share the exact location of the data in the cloud. The
distributed technology, and multilayer cloud architecture makes it slightly difficult for the
providers to answer this question with accuracy. Before hiring the cloud solution provider,
organisations must look for the network and data diagrams to help understand the exact location
for the data. The provider should be able to give details on the data stored in the cloud, and the
privacy levels offered by the cloud solution. The provider needs to maintain transparency on who
will access the data, and whether or not they will share the data with others. Regular audits of the
data location and accessibility should be conducted.
Cloud solutions are based on different layers like application layer, host layer, and network layer
which make it complex and interconnected in many ways. The solution has to be secure at all
levels in order to ensure that the enterprise data stored in the cloud remains protected. Efforts need
to be made to maintain the adequate level of application maturity, and build on its security levels.
For this, the provider’s application and network level security need to be scrutinised. Know if the
cloud solution offers application-layer firewalls. Secure a sanity checklist for pre and post
deployment and keep reviewing the security development programs at regular intervals to keep the
code secure. The application security should be integrated into the system at regular intervals. The
architecture and functional design of the cloud should be reviewed from a security perspective.
Some cloud solutions providers offer higher service level guarantees in order to differentiate
themselves from the competition. SLA has been defined majorly to understand the consequences
of the failure of a service, and has nothing to do with the actual reliability of the service.
The cloud provider needs to guarantee the service that they will offer in case they are hired. The
guarantee of uptime and services that are hired are being noted in the SLA. In case, the provider
fails to meet the level of availability signed in the SLA, they will need to compensate the customer
as signed in the document.
There will be a certain percentage of the fee that the providers will offer during downtime. This
SLA will offer an insight into the provider’s level of commitment. The reason SLA is a criterion
that one should take into consideration, as the real uptime will not be known. Testimonials and
reviews will give the provider’s real uptime, but till then SLA is a better proposition.
The cloud providers offer a certain technology and storage solution which becomes their unique
selling point. The focus for some providers is majorly based on the software stack they offer. Most
providers move from offering plain infrastructure as a service to offering platform as a service.
The stack specific clouds are known to align with the popular cloud solutions available. The
application which is built using the software stack defined by the cloud will save a lot of time and
cost. With this solution, enterprises need not use the lower level infrastructure setup and
configuration. This software stack that is provided need the enterprises to follow certain best
practices while designing and writing the apps, which in turn requires high levels of vendor lock-
in.
Along with software stack, storage is an important consideration. How will the data be stored in
the cloud, and made accessible to the enterprises? Will the storage solution make way for remote
access and virtualisation is another concern that should be addressed before hiring the cloud
solution.
The application programming interface (API) offered by the cloud solution is an important criteria
that one should evaluate. This helps access the infrastructure, and performs operations like
provisioning and de-provisioning servers.
The API is supported by multiple providers and vendors will reduce the lock-in, and help towards
migration whenever needed. Again, the application need not be changed majorly in this case. The
developer-vendor ecosystem will help enhance the services and capabilities of the cloud solution
provider.
Consider the cloud solution provider that offers a developer-vendor ecosystem, and has considered
all the legal compliances that will make migration easy and convenient. The API should be
supported by majorly all vendors, and should comply with all the legal and security requirements
as defined by the enterprises. API monitoring and management should be easy with the tools
offered by the cloud solution provider.
Testing all the 3 layers of the system offered by the cloud service provider is extremely
important. How well the complete system functions can be understood by utilising the trial
period / trial account for a specific unit. e.g.: SalesForce offers a free trial to access all their
features for a limited period of 30 days.
Using the free trial, the organisation can easily understand how well the system performs under
different loads. Depending on the type of services that an organisation wants to avail from a
vendor, the resources would be allocated by the vendor depending on their service agreements for
the specific time period (or) for a specific limit. Once the trial period gets over and all the
components and features are tested positive, the organisation can opt for a subscription package
for a specific time period as per the business requirements.
Activity
Give a free try of Office 365 – which is an online version of Microsoft Office. Compare it with
your desktop version of Microsoft office and list down your test results.
Whenever a cloud based application is accessed by millions of users at the same time, the load for
the cloud servers increases. The server should be capable enough to handle all the requests at the
same time. To handle all the requests, different cloud vendors have different solutions.
One of the most popular solution available in the market is Amazon's Elastic Load Balancing. Its
part of Awazon Web Services (AWS).
Elastic Load Balancing handles all the users effectively by distributing the requests made by all
the users across different virtual servers (technically called as Virtualisation). The organisation
which expects high traffic to its cloud based application has to create a load balancer (through
easily customising the AWS settings) in one of more of its availability zones. All the traffic to the
application first hits the load balancer – which routes the traffic evenly to different virtual servers
to process the requests.
Lets take an example of Expedia which is hosted on - and utilises Amazon web services. There are
millions of customers booking flight tickets and hotels through Expedia every single second. All
these booking requests come to the load balancers created by Expedia. Then based on the
availability of virtual servers, they are routed accordingly to be processed and tickets to be booked
for the customer. Number of ticket bookings would be high especially during holiday and festival
seasons like Diwali, Christmas, New Year etc., as lot of people travel to their natives. AWS offers
plenty of services that helps Expedia and many such organisations handle seasonal loads.
Delivery of scalable IT resources is almost synonymous with cloud computing. The cloud service
provider must allow business organisations to easily upscale and downscale their IT resources
without making much expensive changes to the existing setup. For instance, consider an
application that is used to book hotels across the country. Traffic to the application will reach its
peak during holiday seasons, come down during the other months of the year and reduce drastically
during heavy rains or any form of national unrest. Investing much into the infrastructure to satisfy
the peak loads during the holiday season will result in ideal servers for most parts of the year
Moving to the cloud helps the organisation to scale resources up and down without the need
forcapital investment. The ability of the cloud to allow small- and medium-sized businesses
(SMBs) to rapidly scale their resources turns out to be the one of the significant factors in
outperforming competition.
A recent research has revealed that 85% of Small- and medium-sized businesses (SMBs) point
their fingers to the cloud for being able to scale resources efficiently.
3.1.5. Virtualisation
Virtualisation can be considered as the backbone of cloud computing. It can be defined as the
manipulation of hardware resources for a more economical model of computing. Cloud computing
derives its value from virtualisation which lowers the number of physical systems required by an
organisation. Say for example, a cloud service provider has a data center having about 1 Tera Byte
(1 Tera Byte = 1024 Giga Bytes) of storage space. This 1 TB of storage space can be virtually
shared between 10 websites. These 10 Websites may be promised 100 GB space each – but not all
the 10 would be effectively utilising all the 100 GB allocated. So, the cloud service provider shares
the same infrastructure (of 1 TB storage) with 20 websites over a specific period (promising all
the 20 websites 100 GB of storage space). All these 20 websites might be paying for 100GB of
space – but may (or) may not be using it all. One of them might be using only 10 GB of space,
another may be using maximum 50GB and some other website may just be using 2GB of space.
Thus, the cloud service provider virtually shares the 1 TB storage with multiple clients and still be
earning the same amount from all the websites (for 100 GB storage space). Whenever all the
websites start utilising the complete space, then the storage capacity may be increased to another
1 TB and so on. Because of this virtual sharing of resources (or) Virtualisation, the cloud service
provider is able to pass on the cost benefit to the clients. The major beneficiaries of virtualisation
are startups and small and medium enterprises.
One of the most significant benefits of cloud computing is cost savings. It eliminates the need for
upfront capital investment and also cuts down on costs such as space, power and personnel. Five
significant way in which cloud enables cost cutting are,
• The pay-as-go-model eliminates the need to spend on the purchase and maintenance of
ideal servers.
• Allows businesses to focus on their core business function thus paving for better innovation
and greater revenue.
• Eliminates the need to spend on additional resources as the business expands. Cloud model
is highly scalable at fraction of cost.
• Cost for Back-up, restoration, depreciation and replacement of faulty hardware are taken
care of by the service provider. This is a huge cost cutting measure from the traditional on-
premise infrastructure.
To ensure that the move to the cloud is truly a cost efficient choice, all hidden costs must be
unravelled. A comprehensive cost benefit analysis must be performed to achieve a holistic
assessment of the cloud solution.
The key factors to consider while doing cost benefit analysis are as follows:
Table no. 3.1.2: Key factors to consider while doing Cost Benefit Analysis
Cloud computing is an investment made to reap some solid benefits for the long term. To assess
the value of this investment, the actual costs must be weighed against the benefits of the cloud
outcomes. A comparison must be drawn between hosting the infrastructure and applications on the
cloud to doing so in the in-house data center.
The formula to calculate the cost of cloud deployment can be expressed as,
(Unit cost of cloud refers to the cost of a machine instance per hour)
Applications that experience drastic demand fluctuations are best suited for the cloud. The seasonal
peak loads experienced by these applications often tend to be the most profitable and important
time period for the business. Therefore ensuring availability of the application through the peak
load of additional requests becomes significant.
The use of load balancers in the cloud computing environment enables the optimum use of
resources in the cost efficient manner. Some cloud service providers offer enterprise class load
balancing options while some limit their services to more simplistic ways of cloning new
application instances. Organisations must opt for the former service as these load balancers use a
wide range of TCP optimisations to improve the capabilities of the server instead of launching
more instances frequently. This prevents the need to pay for the additional instances and save more
for almost 25% of the additional requests.
Group Activity
Discuss within your peer group and come up with a list of functions/industries where workload
can be predicted in advance.
The total cost of ownership can be defined as a financial estimate that covers the complete costs
associated with a service throughout its lifetime. TCO of the cloud computing solution must
include all overheads such as energy costs, cooling costs and cost of space and so on along with
the major cloud deployment expenses. It is a good practice to investigate the hidden costs involved
in the process and account every miscellaneous expense that may occur during the various stages
of cloud deployment.
Activity
Want to learn how cloud giants help calculate the TCO of their solutions?
Visit https://azure.microsoft.com/en-us/ and look for their TCO and ROI tools to learn more
about the various types of costs associated with cloud deployment.
The subscription pricing model allows organisations to access the cloud service after an upfront
payment is made. This payment is based on the time period of the subscription, with longer the
length, lower the price. However, this model is not suitable when the need for cloud resources is
limited and organisations may tend to overpay.
Licensing in the cloud is also a tricky business where organisations must draw the cost difference
between obtaining the license per user, per device or the enterprise license based on their usage
needs. The more characteristic pricing model for a cloud is the pay-per-use method where
organisations pay only for whatever resources they use. This helps cut costs to the maximum
possible extent to all types of organisations as they only pay for those resources that they use.
Rackspace (a popular cloud infrastructure provider) in association with Machester Business School
and Vanson Bourne (a technology market research company) conducted a survey in 2013 - with a
sample size of about 1300 organisations in US and UK using cloud computing technologies.
According to the study, about 88 percent of the organisations have mentioned that they have
significant cost savings by moving their applications to the cloud. More than half of the
organisations have also reported to have higher profits as a result of moving to the cloud. 60 percent
of respondents have reduced their IT team and it helped them focus more on strategy and
innovation than on technology infrastructure. More than 62 percent of companies have also
mentioned that they have reinvested the cost savings into their core business to boost wages and
drive product innovation.
This study clearly indicated the cost savings associated with cloud migration.
Activity
Draw the difference these cloud pricing models and choose the one suitable for small, medium
and large sized organizations. State the reasons for your answers.
Cloud service providers may have partnered with more than one cloud vendor to avail different
services. As a result of this multi-vendor environment there is a lack of clarity and control over
the enterprise data and applications.
The common issues that may arise while integrating the various components of such an
interdependent environment are
Table no. 3.1.3: List of common issues that arise from cloud vendor interdependence
Problems/Issues Solution
To build a strong enterprise risk management system for your cloud operations, you must perform
a risk assessment before adopting the cloud solution and build a robust cloud governance plan.
This plan must include various aspects of the cloud program such as cloud objectives, risk
assessment and response.
The Commission of Sponsoring Organizations of the Treadway Commission (COSO) has put
forward an ERM framework for building a cloud governance plan. Explore more about this
framework to understand what benefits it offers.
Scalability is one of the most significant advantages of cloud computing. However the scalability
of applications must not compromise with the quality of service offered by the cloud service
provider. An adverse impact on the performance of the cloud due to increased scalability may
lower cost benefits. The software features of the application and its design must be able to support
the scalable architecture of the cloud. When an application is not designed to use system resources
efficiently it tends to underperform and demands much attention that required to achieve the
expected level of performance.
Summary:
• Cloud computing offers unprecedented advantages to small, medium and large sized
organisations.
• If cloud computing does not seem to apply to your business, there are other options such
as hosted applications and licensed software vendors.
• A number of criteria must be evaluated to make the move to the cloud most profitable.
• Security in the cloud is the largest concern for most organisations. The security and privacy
policies adopted by the cloud service provider must be examined in detail.
• Service level agreements that clearly outline the performance, availability and security of
the solution must be laid.
• Adherence to legal compliances and attention to vendor lock-in situations must be duly
acknowledged.
• Virtualisation forms the foundation of cloud computing and is responsible for delivering
true economic value through the cloud.
• A cost benefit analysis must be performed to justify the move to the cloud before the
decision is made.
• Different factors such as load balancing, right-sizing and pricing models must be
considered during the cost benefit analysis.
• The TCO of the cloud project must be used to project the real benefit of the cloud for any
organisation.
Self-Assessment Questions:
1) Which one of the following is NOT a criteria for evaluating the need for cloud solution?
(a) The extent to which your data is regulated
(b) The IT and corporate structure of your organization
(c) Cost Benefit Ratio
(d) Scalability of existing applications
5) Which one of the following factors is NOT included in the cost benefit analysis of the cloud
model?
(a) Personnel costs (b) Pricing models
(c) Right Sizing (d) Load Balancing
Answers:
Q. No. 1 2 3 4 5 6
Activity
Activity Type: Online Time: 30 minutes
Do an online study and find out the hidden costs related to cloud and based on that build a
cloud roadmap for the companies who are adopting cloud to cut the costs and boost profits.
Bibliography
References
• Agilysys. Cloud vs. Hosted: What’s the Difference? Retrieved November 12, 2015, from
http://news.agilysys.com/hospitality/cloud-vs-hosted-whats-the-difference/
• Amazon. Cloud Licensing Models That Exist Today. Retrieved November 12, 2015, from
https://aws.amazon.com/blogs/aws/cloud-licensing-models-that-exist-today/
• Betanews. Comparing cloud vs on-premise? Six hidden costs people always forget about.
Retrieved November 12, 2015, from
http://betanews.com/2013/11/04/comparing-cloud-vs-on-premise-six-hidden-costs-
people-always-forget-about/
• Big Step. The Proper Way to Compare the Cloud Versus On-Premise. Retrieved November
12, 2015, from http://bigstep.com/resources/cloud-vs-on-premise-tco
• DevCentral. How load balancing impacts the cost of cloud. Retrieved November 12, 2015,
from
https://devcentral.f5.com/articles/how-load-balancing-impacts-the-cost-of-cloud
• ERP Software Blog. No Server! Cloud ERP – It’s Growing Up So Fast. Retrieved
November 12, 2015, from http://www.erpsoftwareblog.com/2013/11/look-ma-no-server-
cloud-erp-its-growing-up-so-fast/
• Foration. The benefits of cloud computing. Retrieved November 12, 2015, from
http://foration.com/benefits-cloud-technologies/
• Google for Work. Small business, big technology: How the cloud enables rapid growth in
SMBs. Retrieved November 12, 2015, from
http://googleforwork.blogspot.co.uk/2014/09/small-business-big-technology-how-
cloud.html?utm_source=linkedin&utm_medium=social&utm_content=nwtgrow_deloitte
• IT News Africa. Cloud vs. Hosted Services, what’s the difference? Retrieved November
12, 2015, from http://www.itnewsafrica.com/2011/04/cloud-vs-hosted-services/
• Long View. Comparing Apples and Oranges (On-Premise vs Cloud Licensing). Retrieved
November 12, 2015, from http://www.longviewsystems.com/comparing-apples-oranges-
premise-vs-cloud-licensing/
• Network Computing. Three Ways to avoid Cloud Cost Overruns. Retrieved November 12,
2015 from http://www.networkcomputing.com/storage/3-ways-to-avoid-cloud-cost-
overruns-/a/d-id/1320845
• Rackspace. Cloudnomics – The Economics of Cloud Computing. Retrieved November 12,
2015 from
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Cloudonomics-
The_Economics_of_Cloud_Computing.pdf
• Reuters.88 Per Cent of Cloud Users Point to Cost Savings According to Rackspace Survey.
Retrieved November 12, 2013 from http://www.reuters.com/article/2013/02/20/rackspace-
idUSnBw96MVXqa+11c+BSW20130220
• Shared Assessments. Evaluating Cloud Risk for the Enterprise: A Shared Assessments
Guide. Retrieved November 12, 2015, from
http://sharedassessments.org/wp-content/uploads/2012/01/pdf-EnterpriseCloud-SA.pdf
• Tech Target. Cloud computing licensing: Buyer beware. Retrieved November 12, 2015,
from
http://searchcloudcomputing.techtarget.com/feature/Cloud-computing-licensing-Buyer-
beware
• Tech Target. Right-sizing and capacity planning strategies for private clouds. Retrieved
November 12, 2015, from
• http://searchservervirtualization.techtarget.com/tip/Right-sizing-and-capacity-planning-
strategies-for-private-clouds
External Resources
• COSO. (2012). Enterprise Risk Management for Cloud Computing. US: COSO
• Sosinsky, B. (2011). Cloud Computing Bible. US: Wiley Publishing
• Velte, T. (2009). Cloud Computing, A Practical Approach. US: McGrawHill
• Williams, B. (2012). The Economics of Cloud Computing. US: Cisco Press
• Zhao, H. (2013). Resource Management in Utility and Cloud Computing. UK: Springer
Video Links
Topic Link
VirtualiSation https://www.youtube.com/watch?v=MnNX13yBzAU
Chapter 3.2
Page No.
Aim 102
Summary 112
SAQs 114
Bibliography 116
References 116
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Management Selecting Cloud Provider
Aim
To study the criteria involved in selecting the right cloud service provider
Learning Objectives
Learning Outcome
3.2.1. Introduction
Cloud adoption offers major IT and business benefits to any organisation. On the other hand, Cloud
adoption offers some unique and serious security threats and complications. Moving the secure
data of an organisation into the hands of cloud service providers increases the risk of data security,
information theft and hence the organisation may loose its market position to its competitors.
To manage the risk involved, it is better to assess the cloud service provider thoroughly before
utilising their services and allowing them to manage the IT infrastructure. In this chapter you will
study briefly about selecting the right cloud service provider based on the unique requirements of
the business.
The most fascinating fact about cloud computing for CIOs (Chief Information Officers) is the
unprecedented freedom that it brings in. Once the decision to embrace the technology has been
made, organisations begin to enjoy the “no-commitment” working model of the cloud.
While measures pertaining to security, compliance and the likes can be handled through the
journey, the first step towards adopting the cloud starts with evaluating the market options for the
right cloud provider.
The cloud industry today has a tantalising array of cloud vendors offering IaaS, PaaS and SaaS
solutions. Before we begin exploring the various criteria to be satisfied by cloud service providers,
let us have a look at the top most players in the industry:
Migrating to the cloud is a major move for any organisation. It impacts all stakeholders including
the employees, the clients, the executive team and the cloud service provider. So, its extremely
important to consider all the relevant factors before moving to the cloud. The most important ones
are:
• Business considerations
• Data safety and security
• Interoperability, portability and integration
• Service level considerations
• Pricing and commercials
• Hosting and geographical considerations
• Contingency and recovery management
• Ethical and legal considerations
• Scalability and flexibility considerations
Throughout this chapter, we will discuss in detail about all these considerations.
Organisations move to the cloud to overcome certain inefficiencies and achieve higher operational
parameters. If the cloud vendor is too focused only on delivering technical outcomes, chances are
that they may not really understand the business needs of an organisation. Such a partnership that
fails to deliver services streamlined to business objectives becomes meaningless.
If you are an organisation in a specific market vertical such as healthcare, banking or retail, it is
recommended to choose a cloud service provider with vast experience and expertise in the same
industry. Such niche providers deliver optimum results even while playing along with other cloud
partners of the organisation.
One of the biggest concerns while moving to the cloud is the security of data that resides in the
infrastructure of the cloud service provider. Working with a trusted cloud service provider is the
key to managing the various security issues that arise within the cloud. While choosing a cloud
service vendor, organisations must consider the following parameters:
• Regulatory Compliance
• Segregation of data in multitenant environments
• Data Recovery
• Access Privileges (Logical and Physical)
• Portability of data for business continuity
• Data Provenance
• Monitoring and Reporting
• Network security
• Data Encryption
The cloud service provider must address each of these criteria with solutions that are in adherence
with the requirements of the business as well as the industry. Additional evaluation measures that
reflect the unique demands of an organisation must also be considered while selecting the right
cloud service provider.
Interoperability is the term used to explain the degree to which different systems or components
work together without any glitches. According to IEEE and ISO, interoperability can be defined
as the ability of two or more systems or applications to exchange information and mutually use the
information that has been exchanged. In cloud computing, interoperability can be understood as
the capability of diverse systems to understand the application and interface, authentications,
configurations, data formats etc., between public, private and hybrid clouds. This capability helps
all the systems to cooperate and interoperate to work seamlessly.
Google authentication can be stated here as an excellent example for interoperability. Regardless
of the device that the user has, all the Google applications share and access authentication data
within themselves in a seamless manner. A user can login to Gmail from a particular device and
can use all the Google services like YouTube, PlayStore, Google Docs, Google Drive etc. without
having to login again and again. Its enough for the user to login to any one of the applications. The
data will be shared by all the other apps. This helps the apps to interoperate seamlessly without
any glitches.
The ability to move an entity between different systems seamless to be used on the target system
is termed as Portability. The entity could be data or application. Data stored in a particular database
should be usable by many systems without the need to re-enter data. This can be achieved by using
a common data format for sharing between different services. The syntax and semantics of the data
are to be the same for ease of portability. XML is a common format used for data portability
universally and it works really well with multiple systems. Application portability can be defined
as the ability to transfer a particular application and/or its components between different cloud
services. The application should have the ability to be recompiled and relinked to ensure ease of
portability. Application Program Interfaces (APIs) are universally used routines, protocols and
tools to make application portability easier. A good API contains all building blocks of that
application to be recompiled and relinked by different systems.
YouTube API is a classic example. It lets developers and users integrate YouTube videos and
relative functionalities into websites or applications seamlessly. Usually YouTube APIs include
the building blocks for Analytics, Live Streaming, Data Capture, YouTube Player and ClickStream
data. Anybody with an embed link (provided by YouTube) can easily integrate the YouTube video
in their website (or) blog. It seamlessly ports all the necessary data and the application as a whole
- across different hosting platforms.
When determining the service level of a cloud vendor, there are essentially three factors to be
considered, availability, performance and reliability. Availability of the service is determined by
the number of “nines” mentioned in the SLA. Cloud service providers generally promise their
availability by a guaranteed uptime of 99.9 or 99.999% uptime for an entire year.
While availability of the service is crucial, the speed at which it handles the business-critical
operations has a direct impact on the business outcome. The reliability of a cloud vendor is
determined through its transparency in operations. The cloud contract must include information
pertaining to frequency of backups, fault tolerance rate, provider response in case of outages and
prior information about scheduled downtimes for maintenance tasks. While the exact location of
the data center may not be revealed, the country or region where the data resides must be known
for regulatory and legal purposes.
The pricing structure is one of the major deciding factors for start-ups as well as enterprises looking
to move to the cloud. A transparent cost structure that includes both one-time costs as well as
ongoing costs must be presented by the cloud service provider. The pricing offered by a vendor
may depend upon a number of factors like security level, storage space and so on. In any case the
pricing must be flexible and must not carry any hidden costs. A historical review of the prices
offered by cloud service providers may offer some standard insights about their cost structure and
organisations must always ensure that the comparison made between different vendors is strictly
apples-to-apples.
Do you have the budget for a private cloud? Is your data suitable for the public infrastructure? Is
hybrid cloud the right solution for your storage needs? There are several questions that arise while
choosing the right cloud solution for your business needs. Organisations must pick the cloud
vendor based on their hosting expertise and ensure that it matched with their cloud requirements.
For instance, a large or medium sized enterprise looking to move its infrastructure to the cloud,
can consider AWS, which is hands-down the best provider in this market space. The same
organisation must realise that for the expertise of PaaS platform is must look elsewhere.
Your cloud service provider may carry your data across multiple locations in various geographic
regions to mitigate risks such as localised outages, service latency and increased costs. Enterprises
must learn about the different locations of their data as the laws governing the storage and use of
data vary with different jurisdictions.
Additionally, certain locations may also violate certain regulatory requirements and cause serious
threats to data security. Organisations that wish to limit the geographic location on any of the above
basis must practice care while choosing their cloud service provider.
While contractual agreement and pre-engagement scrutinising are the common measures to limit
the geographic boundaries of data, enterprises must obtain a clearer insight into the technical
controls such as cryptography to ensure maximum protection against such considerations.
The cloud is very vulnerable and disaster recovery for applications hosted in the cloud must not
be assumed as an inherent feature in the architecture of the cloud host. Due diligence for disaster
recovery (DR) must be implemented by the client organisation just like it would be performed for
their own in-house infrastructure.
The cloud vendor must be prepared to share its literature that explains the various data protection
solutions in detail. The client must look for the DR features enclosed within the base price and
have a thorough understanding of the vendor’s backup capabilities. Other significant elements to
be considered while picking a cloud service provider are DR contingencies, location of the data
center, links with the recovery destinations and data center hardening features. In short, the cloud
service provider must work hand-in-hand with the IT managers to assess risks, determine
requirements and architect the desired DR solution at the least possible cost.
Did you know that the data hosted in the cloud can be scrutinised directly by the government for
regulatory and compliance issues? Did you know that your clients can get the lawsuits flying for
the failure of security and privacy promises made by your cloud service provider? Cloud
computing comes with significant ethical and legal considerations and organisations must
acknowledge them to have a smooth relationship with the service provider and to ensure there is
no financial loss in the form of legal penalties.
With time organisations grow and so do their storage needs and number of IT staff. The cloud
service provider must be able to scale up to accommodate the additional storage requirements and
add the new users into the system with no difficulty. Alternatively, the services must also be able
to scale down resources when the organisation is passing through a lull. Such dynamic scaling of
resources makes businesses highly agile in the competitive environment.
Every workload within an organisation is unique and demands a different configuration and
delivery parameters. The right cloud service provider must be able to provide a large range of
options pertaining to security, resilience as well as performance such that the organisation can
customise its needs and pay the cost of usage at the workload level.
Cloud computing delivers a fine set of benefits but however has certain risks involved. With
standard practices that have proved to mitigate risks and enhance the chances of cloud success, the
move to the cloud can turn out to be a real game-changer for any organisation.
There are lot of cloud computing standards organisations and informal groups that are dedicated
to address various standards issues that arise in any cloud environment. These groups have defined
various guidelines and best practices to help interoperability and portability of data and
applications. Some of the well known organisations are as follows.
Best Practice #1
Choose the right cloud service provider
With the checklist outlined in the first section of this chapter, making the right vendor choice
becomes easy for any organisation. Assess their availability, performance and security measures
well before you start working with them and focus on crafting a foolproof SLA.
Best Practice #2
Adopt a phased-in approach
While moving to the cloud, organisations literally share their right of control over their data with
the cloud vendors. While this may be a difficult decision to make, using the phased-in approach
can reduce the mental stress caused due to physical relocation of data. In this approach, the
organisation moves data to the cloud only in parts rather than putting the whole thing into the
cloud.
Best Practice #3
Leverage the goodness of the cloud with creativity
Cloud offers an unprecedented level of flexibility and scalability to enterprises. IT managers and
administrators must leverage the power of cloud creatively to derive the best benefits from the
cloud investment.
Best Practice #4
Audit to ensure better security in the cloud
Regular assessment of problems, compliance of policies set earlier and identification of required
upgrades must be performed to ensure the highest level of security for the cloud system. Audit
tools are available to perform these functions and the right ones must be organisation.
Best Practice #5
Keep data closer to lower latency and costs
Placing data as close as possible to the compute and processing resource reduces latency.
Additionally, this practice also reduces the cost of shipping data as organisations pay for the
bandwidth used in the cloud.
Once you have chosen the right cloud vendor and equipped yourself with the right expertise for
the cloud, here is a list of practical issues (as discussed in chapter 3.1) to be remembered to make
the cloud journey as smooth as possible.
Summary:
• Partnering with the right cloud service provider offers a significant range of benefits.
• The cloud industry today has a tantalising array of cloud vendors offering IaaS, PaaS and
SaaS solutions.
• To choose the right cloud service provider, organisations must acknowledge the following
parameters
Business Considerations: The cloud vendor must be technically advanced and also be
able to understand the specific business needs of the client.
Data Security and Safety: Working with a trusted cloud service provider is the key to
managing the various security, compliance and regulatory issues that arises within the
cloud.
Pricing Structure and Commercials: The pricing offered by a vendor may depend
upon a number of factors like security level, storage space and so on. In any case the
pricing must be flexible and must not carry any hidden costs
Ethical and legal considerations:Cloud computing comes with significant ethical and
legal considerations and organisations must acknowledge them to have a smooth
relationship with the service provider and to ensure there is no financial loss in the form
of legal penalties.
Scalability and Flexibility: The cloud service provider must be able scale up to
accommodate the additional storage requirements and add the new users into the
system with no difficulty.
• With standard practices that have proved to mitigate risks and enhance the chances of cloud
success, the move to the cloud can turn out to be a real game-changer for any organisations.
Self-Assessment Questions:
2) Cloud service providers may transfer data from geographic location to another because
(a) It is a part of the cloud computing model
(b) To avoid localized outages
(c) To explore the regulations in other regions
(d) Data is not transferred to other locations
4) The three factors to be considered while evaluation the service of a cloud vendor are
(a) Cost, Privacy, Security
(b) Cost, Performance, Security
(c) Privacy, Availability, Reliability
(d) Performance, Availability and Reliability
6) Which one of the cloud service offers data storage for students?
(a) Microsoft Office (b) Gmail (c) Google Drive (d) Amazon AWS
Answers:
Q. No. 1 2 3 4 5 6
Activity
Make a list of 10 questions which you will ask to choose a cloud provider. Furnish the
evidence in respect to each question which would be convincing to you.
Bibliography
References
• Amazon Web Services. Architecting for the Cloud: Best Practices. Retrieved November
8, 2015, from https://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf
• CIO. Cloudnomics: The Economics of Cloud Computing. Retrieved November 8, 2015,
from http://www.cio.com/article/2419604/virtualization/cloudnomics--the-economics-of-
cloud-computing.html
• Cloud Computing Admin. Selecting a Cloud Provider. Retrieved November 8, 2015,
from http://www.cloudcomputingadmin.com/articles-tutorials/architecture-
design/selecting-cloud-provider-part3.html
• Cloud Technology Partners. How do you select the best cloud provider? Retrieved
November 8, 2015, from http://www.cloudtp.com/insights/cloud-computing-
webinars/how-do-you-select-a-cloud-provider/
• Cognizant. Cloud Disaster Recovery: Five Key Steps to Avoid Risk and Protect Your
Data. Retrieved November 8, 2015, from
http://www.cognizant.com/InsightsWhitepapers/Cloud-Disaster-Recovery-Five-Key-
Steps-to-Avoid-Risk-and-Protect-Your-Data.pdf
• Freeform Dynamics. Applied Cloud Computing. Retrieved November 8, 2015, from
Frost & Sullivan. http://www.freeformdynamics.com/pdf/10-10-Applied-Cloud-
Computing.pdf
• Tips for choosing a cloud service provider. Retrieved November 8, 2015, from
http://www-
935.ibm.com/services/us/leveragingit/SmartCloud_Choosing_a_Provider_IBM.pdf
• Leigh University. Guide for Evaluating Service & Security of Cloud Service Providers.
Retrieved November 8, 2015, from http://lts.lehigh.edu/services/explanation/guide-
evaluating-service-security-cloud-service-providers
• Tech Target. Storing data in the cloud: Addressing data location security issues.
Retrieved November 8, 2015, from http://searchcloudsecurity.techtarget.com/tip/Storing-
data-in-the-cloud-Addressing-data-location-security-issues
• Tech Target. Understanding cloud computing pricing. Retrieved November 8, 2015, from
http://searchcloudcomputing.techtarget.com/tutorial/Understanding-cloud-computing-
pricing
• TechTarget. Top considerations for choosing a cloud provider. Retrieved November 06,
2015, from http://searchcloudcomputing.techtarget.com/feature/Top-considerations-for-
choosing-a-cloud-provider
External Resources
Video Links
Topic Link
The SumAll and Rackspace Story:
https://www.youtube.com/watch?v=7yZxXGKkduI
Case Study
Cloud Computing Companies and
https://www.youtube.com/watch?v=996Vn8GOvjs
Services - What to look for?
Chapter 4.1
Governance in Cloud
Page No.
Aim 118
Learning Objectives 118
Learning Outcome 118
4.1.1 Introduction 119
4.1.2 What is Cloud Governance? 119
Organisations and Groups that Focus on Addressing
4.1.2.(i) 119
Standard Issues
4.1.3 Need for Cloud Governance 120
4.1.4 Cloud Governance in Enterprise 121
4.1.4.(i) Access Controls 121
4.1.4.(ii) Financial Controls 122
4.1.4.(iii) API (Application Program Interface) Integration 122
4.1.4.(iv) Logging and Auditing 122
4.1.4.(v) Key Management and Encryption 122
4.1.5 Cloud Governance – High Level Requirements 123
4.1.6 Important Aspects in Cloud Governance 123
4.1.6.(i) Key Dimensions of Cloud Governance 123
4.1.6.(ii) Activities in Cloud Governance 124
4.1.7 SPOT Framework 125
4.1.8 Cloud Governance for Different Delivery Models 127
4.1.8.(i) Private Cloud Governance 128
4.1.8.(ii) Public Cloud Governance 128
4.1.8.(iii) Hybrid Cloud Governance 128
4.1.8.(iv) Community Cloud Governance 129
Page No.
4.1.9 Cloud Governance Solutions 129
4.1.10 IT Disintermediation 130
4.1.10.(i) Avoiding Disintermediation : IT Org of the Future 131
4.1.10.(ii) New Role of IT Leadership 132
4.1.11 Cloud Centric IT Leadership Principles 132
Summary 134
SAQs 135
Bibliography 137
References 137
External Resources 138
Video Links 138
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Controls Governance in Cloud
Aim
Learning Objectives
• List the various standard organisations and groups that focus on addressing standard
issues in regards to the cloud environment
• Describe the significance of IT governance in cloud computing
• Explain cloud governance solution
Learning Outcome
• Discuss how cloud computing standard organisations and groups ensure that different
providers are able to work together
• Explain the impact of cloud computing on corporate IT governance
• Summarise the importance of cloud governance solution
4.1.1. Introduction
Cloud computing, one of the rapidly growing technologies, has gained its entrance in almost all
big companies. Day by day the cloud is becoming bigger and vast. The computing resources, as
well as the people working in the cloud, are increasing. This pays the way for governance in cloud
in the organisation. All the resources in the cloud are to be regulated so that the people involved
or affected by the cloud directly or indirectly are benefitted and the tasks that happen to the cloud
are monitored properly. Cloud governance is important because a well-governed organisation has
a high probability of sustaining business and retaining the position in the industry. In this chapter,
you will learn about the cloud governance.
Cloud Governance can be defined as the set of policies or principles that act as the guidance for
the adoption, use and management of cloud technology services. Cloud governance is an ongoing
process that must sit on top of existing governance models. Cloud governance can be compared to
an insurance policy which does not prevent disaster but instead lays the path to easy recovery in
case of a catastrophe.
Microsoft defines cloud governance as “defining policies for the management of cloud
availability, security, location, privacy and compliance and tracking them at run time when
applications are running.”
There are lot of cloud computing standard organisations and informal groups that are dedicated to
address various standards issues that arise in any cloud environment. These groups have defined
various guidelines and best practices to help interoperability and portability of data and
applications. Some of the well-known organisations are as follows:
Ever since the cloud technology has turned into a mainstream IT resource, security and compliance
have been its major issues. Not every cloud deployment sees success and not every cloud project
yields the desired results for its organisation. However, most IT decision makers have come to
terms with the fact that when coupled with the right tools and strategies, cloud usage can surpass
the security offered by in-house legacy applications and emerge as a true game changer. Cloud
governance plays a vital role in this capability. By implementing cloud governance, organisations
can avoid the following issues:
• Security and privacy risks: Which may arise due to unauthorised downloads /
installation of software, storage of illegal data and access to restricted sites by users.
• Vendor lock-in: Many vendors opt for this, as this clause creates organisations to depend
on the cloud service provider (or vendor) for products and services. The clause is usually
made part of the agreement, and as a result, it prevents the organisations to bring in another
vendor to work on different modules, for a specific period of time. This can be avoided by
making changes to the SLA suitably and reduce dependencies on a single vendor, thus
ensuring freedom to the organisation.
• Lack of data portability and interoperability: Happens when the cloud service
provider or the inbuilt cloud infrastructure is incapable of connecting well with other
software and products outside the organisation. This may also lead to modules not
compatible with each other and hence chaos in the cloud due to inefficient system.
Figure 4.1.1 shows various aspects of cloud governance in any enterprise, which we will discuss
in the following sections.
In order for a cloud application to work seamlessly, it is very essential to avoid multiple employees
making changes (or) modifications at the same instance. Instead of providing access to the whole
IT team, it is good to limit access to a specific people (or) specific team. All others can have their
modifications done to the application through raising requests to the specific set of individuals. In
some enterprises, they have implemented role based security model. Here, the roles would be
super-administrators, administrators, developers, managers and employees. Different roles would
have different access levels. For example, super-administrators (or) super-admins would have
complete access to everything – including the ability to assign administrator roles to people.
Managers might only have approval rights for specific team related requirements. They might have
limited access to specific modules related to their team (or) department - in the application. Thus,
by limited access, all the cloud based assets can be effectively controlled and managed.
Implementing financial controls helps organisations having lot of teams and cloud based projects
running in parallel. The Finance team would allocate specific budgets to each cloud based project
based on the scope and requirements. Some of the cloud based applications might have high
Infrastructure and Software requirements and hence the finance team has to allocate bigger
budgets. This holds true for high impact projects, mission critical projects and projects carried out
for premium clients of the organisation. Multi-national corporations have implemented effective
governance measures to track the budgets for each and every project in the cloud and effectively
control the spending based on periodic reviews on a monthly, quarterly or yearly basis.
API integration becomes important when the cloud based application (or) infrastructure is to be
shared with other applications developed by third-party developers outside the organisation for
various business reasons. Necessary protocols and policies are to be communicated while the API
is shared with the public. Strict regulations have to be implemented to provide restricted access to
outsiders.
Almost all corporations log every activity across the private, public and hybrid clouds. Activities
like changes to code, changes to database, addition (or) modification (or) edits done to a specific
application are all tracked and logged. These log files are audited regularly by system
administrators and quality assessment professionals to ensure everything is executed as per the
Cloud Governance policies. Any discrepancies are monitored and necessary corrective measures
are taken. The Sony PlayStation Network hack that happened in 2011 came to limelight when
system administrators did periodic audit of the log files. They figured out malicious activities that
were logged in the activity log and hence went on to track the whole hacking attack.
Few corporations have achieved excellence in implementing Cloud Governance across their
geographies. One of the unique security architecture found to be implemented in such corporations
enforces separation of roles through sophisticated algorithms running independently. These
independent algorithms guards all the security keys and credentials across the cloud based
applications. They don't essentially run on the same servers where actual applications are hosted
and hence, they have no access to confidential data. That means, the servers and storage capacity
of such corporations contain all the confidential and non-confidential data in an encrypted format
– but encryption keys are operated and managed by independent algorithms available outside these
servers. This not only makes Cloud Governance efficient, but also provides high security levels
and avoids security breach and data theft during hacking attacks.
While most definitions of cloud governance focus only on its policy creation and management
functions, the scope of cloud governance covers much more than that. Cloud governance is a way
of managing relationships with cloud service providers and has a direct connection to high level
business strategy. A good cloud governance model must satisfy the high level requirements such
as:
• What business goals must be achieved through implementation of the cloud strategy?
• What key performance indicators can be used to measure these business goals?
• Has a solid business case been defined for moving to the cloud?
• How will ROI be calculated?
In short, cloud governance does not just end with establishing a few rules about cloud decision
making but lays the foundation to achieve the desired business goals through cloud
implementation.
As cloud modelling and architecture gains momentum, organisations must be very explicit with
their model of cloud governance. The cloud governance lifecycle model must be representative of
the fact that cloud governance is a multi-dimensional discipline and must not be restricted to the
runtime operations alone. Cloud governance takes on a significant role in the cloud strategy of an
organisation. Cloud activities can be categorised along five dimensions as given below.
As mentioned earlier, cloud governance has several dimensions to it and the lifecycle model is
representative of the key aspects. Each of the five dimensions of cloud governance is defined by a
set of activities which are aimed towards achieving the highest level of performance from the
cloud. These dimensions include:
• Cloud Strategy and Planning
• Architecture, Design and Deployment of Cloud
• Cloud Acquisition and Contracting
Every dimension within the cloud governance lifecycle model is defined by a set of governance
activities. The table below illustrates the mapping of these activities to their respective dimension
in cloud governance lifecycle model.
Dimension Activities
1) Planning the Cloud Strategy
2) Define the cloud business case
Cloud Strategy and Planning 3) Launch the cloud pilot program
Cloud bursting happens when applications cannot be satisfied by the resources in the internal
data centre and makes use of the public cloud resources to handle spikes in demand.
Cloud governance does not belong to the IT department or it is not just a document that outlines
the policies to be considered while on boarding the cloud. It demands a more holistic approach to
achieve the desired benefits and involves a number of professionals within the organisation. The
SPOT framework of cloud governance enables easy understanding of how cloud governance can
be established in an organisation.
Like the SOA governance, cloud governance also demands stakeholder and decision authority
enablement. For instance, who is held accountable for the deployment of cloud? Who makes
decisions on the procurement of cloud solutions? The cloud governance committee must be formed
with the participation of employees from different departments such as IT, compliance, legal,
audit, the particular line of business and risk management.
The “Policies and Process”’ part of the framework refers to defining and mapping of each
governance policy and process to their respective dimension in the cloud governance lifecycle
management. Legal contracts, SLA management, architectural processes and fault alerts are some
of the processes established through this component of the SPOT framework.
O – Organisations
Cloud governance is an expense and a massive task for any organisation. Determining the different
bodies that can undertake various responsibilities of cloud governance is an easier approach to
achieving better results. This includes,
The Executive Team that takes care of the end-to-end operations of the cloud.
The Operations Team takes responsibility of all routine cloud activities with a special attention to
resource management.
The Cloud Working Group is in charge of all activities such cloud pilot and R&D established
before the adoption of cloud.
The Consumer Stakeholder Board is responsible for all activities needed to steer the cloud adoption
process. Examples include pricing, accounting and so on.
The field of cloud governance has a vast range of proven techniques and tools that must be
deployed during various stages of the governance lifecycle. Some of the common tools used by
enterprises are cloud contract tools, cloud management and monitoring tools and cloud services
portfolio.
Cloud computing comes in three different forms, public, private and hybrid. Depending upon the
type of data used, different levels of security and regulatory measures must be practised.
Group Activity
Form groups of three and list the three different cloud delivery models. Take turns to
define each model and explain how they differ from one another.
Lower security concerns are the main reasons why organisations favour the private cloud over the
public setup. However this does not guarantee a license to completely ignore governance. The
private cloud also faces some serious threats such as compliance and regulatory issues, viability
of existing security tools with expanding operations and outlining service levels. Private cloud
governance includes:
• Determining the service level agreements, QoS and incentive models of returning to the
cloud.
The most important aspect of concern in a public cloud environment is security. Cloud governance
in the public cloud must greatly focus its attention towards on delivering cloud benefits through a
wide maze of security and privacy issues. Important parameters covered by public cloud
governance are,
• Defining the cloud contract terms with the highest chances of recovery in case of failure.
When opting for the hybrid model of cloud computing, your data governance strategy must be
reconsidered. Ideally your data resides in the private cloud from where the public cloud gains
access through fast links. In the absence of these links, the governance strategy must be secured to
mitigate the potential risks. The governance strategy of the public cloud service providers must be
evaluated and the one most suitable must be chosen. The private cloud which is secured by firewall
must be co-located with a public cloud and they must be connected through LAN. Engage
stakeholders effectively, keep all governance policies simple and understand your data before
moving into the hybrid environment.
Collaboration between teams or organisations are enabled better by community cloud as there is
an absolute possibility of high transparency in community cloud which may or may not be suitable
for an organisation or a team.A community cloud has higher impact when it comes to data security.
Hence, it is good to have better community guidelines to manage a community cloud.
If the community cloud is used in the organisation then, the cloud experts advise, there should be
a tight control over the access that is provided to different members in the community cloud. It is
always good to have restricted or controlled access provided to different members in the
community cloud, no matter if it is hosted on-premises or by a third party service provider.
Multiple authentication systems are to be given according to the privileges of the data a community
member can access. This method has to be followed across the community members of a particular
organisation or the set of organisations connected. To access the resources many organisations set
up a process of hierarchy which is to be followed by all the community members. Authentication
mechanism for getting access to the resources is also included in the process of hierarchy.
For potential security breach and addition or deletion of the existing members, the community
cloud has to be investigated after a particular decided period by the organisation. A well
investigated and moderated community cloud would be safe, secure and will allow better
collaboration between the members.
As the need to carefully handle the complex IT systems and services in enterprises increase, the
significance of cloud governance also increases. The enterprise governance solution will comprise
of the following measures:
• Financial Controls: Tracking cloud expenditure can be done by recording the cost
involved each time a new resource is provisioned across the cloud. The cost can be limited
when a hard cap is reached.
• Key Management and Encryption: While the encrypted data stays with the service
provider, access to the encryption key, credentials and other security keys must be
restricted.
• Logging and Auditing: All activities pertaining to the cloud must be logged. Auditing
of all entries based on the user must be monitored and managed by using a reporting
system.
• API integration: Application Programming Interface (API) is a tool used to connect two
programs with no previous knowledge or interference. API integration in cloud governance
refers to easy integration with monitoring, service ticketing and other significant operations
to enhance the level of governance across the enterprise.
4.1.10. IT Disintermediation
With the advent of cloud computing, there have been many changes in the world of IT and
disintermediation is one among them. IT disintermediation occurs when users cut off the
traditional middlemen and approach the cloud vendors directly for their services.
This paradigm shift may be due to the lack of technical or personnel support from the internal IT
team or to simply leverage the benefits of higher profits, increased flexibility or business agility
offered by the cloud.
For instance, consider a marketing cloud app that enters an organisation straight into the sales and
marketing department without the interference of IT. If there is a need for customisation of the
application or integration into the existing system, then IT is summoned. Clearly IT is not over.
There is however a shift in its responsibilities and a change in its way of adding value to the
business. The key to organisational success is in keeping disintermediation at bay by empowering
IT to suit changing environment.
Group Activity
With more and more business consumers bypassing the traditional IT and cloud governance
policies and acquisition processes, cloud issues begin to creep in and performance is compromised.
To be able to avoid this unwarranted situation and establish a better control over cloud usage, the
following measures must be adopted:
• The delivery of top class IT services must be independent of the provider and IT must
monitor and manage all IT services.
• IT must set the highest benchmark and stay unaffected by comparisons from other external
service providers.
• IT must play a key role in determining the IT needs of the organisation and acts as a major
source of trusted advice.
Disintermediation occurs in almost every industry – travel, logistics, healthcare and so on.
Can you think of any other options?
With a growing focus towards ICT (Information and Communications Technology) services on
demand, IT evolves itself from the state of an organisational function to an enabler or guarantor of
IT services. It aims at creating a platform that facilitates the availing of the cloud services through
the most efficient and risk-free platform. In other words, IT takes the position of a resource broker
and a business relationship manager who is expected to perform the following functions.
Does the role IT stop with brokering the IT resources and managing the enterprise services
computing strategy? The answer is a definite NO. IT must move further to re-invent itself as a true
enabler of business, an innovator and a differentiating element of the enterprise.
• Integrate the internal users, third party providers and solutions partners into a single unit
and drive them towards increased efficiency.
• Integrated resource management and cloud governance lifecycle principles are both
characteristic of cloud centric IT.
Summary:
• Cloud Governance can be defined as the set of policies or principles that act as the guidance
for the adoption, use and management of cloud technology services.
• Cloud governance plays a vital role in keeping the cloud safe from a wide range of security,
compliance and other operational risks.
• Enterprises with their complex multi-cloud environment require a robust cloud governance
strategy to manage the cloud operations. The biggest challenge however is the inclusion
of cloud governance into the already existing enterprise governance model.
• Cloud governance is much more than policy management. It satisfies high level business
requirements and is directly connected to high level business strategy.
• Cloud governance takes on a significant role in the cloud strategy of an organisation and
the lifecycle model must represent the end-to-end perspective of the cloud journey.
• Cloud Governance must be implemented in the public, private as well as hybrid cloud
platforms.
• IT disintermediation occurs when users cut off the traditional middlemen and approach the
cloud vendors directly for their services.
• A cloud centric IT leader embraces innovation, discovers new pathways for revenue and
creates a trusted platform to avail third party cloud services.
Self-Assessment Questions:
7) The terms and conditions and SLAs related to the cloud service are determined under which
dimension of the lifecycle model?
(a) Cloud Strategy and Planning
(b) Architecture, Design and Deployment of Cloud
(c) Cloud Acquisition and Contracting
(d) Contingency Planning and Provider Management
10) IT takes the new role of _______ in the cloud centric environment
(a) IT is dead
(b) Business Relationship Manager
(c) IT Resource Broker and Business Relationship Manager
(d) IT Resource Broker and Cloud strategist
Answers:
Q. No. 1 2 3 4 5 6 7 8 9 10
Ans (a) (b) (d) (d) (a) (c) (c) (c) (c) (c)
Activity
Activity Type: Online Time: 30 minutes
Compare and contrast IT governance with corporate governance and justify the differences
with a suitable example
Bibliography
References
• AgilePath Corporation. Cloud Leadership Forum. Retrieved November 12, 2015, from
https://www.eiseverywhere.com/file_uploads/8d78b669e86b0120d704469d84fbf680_CL
F_2011_Governance_Frameworks_Eric_Marks.pdf
• Cloud Computing Scap. Governance Considerations for the Cloud. Retrieved November
12, 2015, from
http://scap.nist.gov/events/2009/itsac/presentations/day3/Day3_Cloud_Ritchey.pdf
• CSO. Cloud governance – manage the cloud challenge. Retrieved November 12, 2015,
from
http://www.cso.com.au/article/423088/cloud_governance_manage_cloud_challenge_/
• Dell. The Enterprise Cloud Governance Solution. Retrieved November 12, 2015, from
http://www.enstratius.com/our-product/governance
• Ezine Articles. The Trouble With IT Disintermediation. Retrieved November 12, 2015,
from http://essay.utwente.nl/61131/1/MSc_Y_He.pdf
• IBM. Why Do You Need Governance in the Cloud? Project and Service Governance.
Retrieved November 12, 2015, from https://www-
304.ibm.com/connections/blogs/aim/entry/why_do_you_need_governance_in_the_cloud
_project_and_service_governance2?lang=en_us
• IT Business Edge. Seven Rules for Information Governance in the Cloud. Retrieved
November 12, 2015, from
http://www.itbusinessedge.com/slideshows/show.aspx?c=85562&slide=9
• Logica. The Lifecycle Model of Cloud Governance. Retrieved November 12, 2015 from
• Sky High. The Cloud Governance Challenge. Retrieved November 12, 2015, from
https://www.skyhighnetworks.com/cloud-governance/
• Tech Republic. Cloud bursting: Better tools are needed to live up to its promise. Retrieved
November 12, 2015, from http://www.techrepublic.com/article/cloud-bursting-better-
tools-are-needed-to-live-up-to-its-promise/
• Tech Target. Cloud Service Governance. Retrieved November 12, 2015, from
http://searchsoa.techtarget.com/definition/cloud-governance
External Resources
• Halpert, B. (2011). Auditing Cloud Computing: A Security and Privacy Guide. US: John
Wiley & Sons, Inc.
• Marks, E. (2010). Executive's Guide to Cloud Computing. US: John Wiley & Sons, Inc.
• Molen, F. (2012). Get Ready for Cloud Computing (Second ed.). UK: Van Haren
Publishers
Video Links
Topic Link
Chapter 4.2
Page No.
Aim 139
SAQs 152
Bibliography 154
References 154
External Resources 155
Video Links 155
Legends:
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Controls Legal Issues in Cloud Computing
Aim
To study various legal issues that could possibly arise in a cloud computing environment
Learning Objectives
Learning Outcome
• Discuss data privacy and data security as a critical concern of cloud computing
• Review the contract terms with a cloud services provider
• Outline some of the jurisdictional issues that accompany adoption of cloud services
by an organisation or entity
• Summarise the significance of legal risks and considerations in cloud
4.2.1. Introduction
As companies enjoy the freedom and flexibility of the cloud, they must also be aware that major
activities of cyber crime have moved from the personal computers of end users to servers in the
cloud. A multitenant environment with a single flawed application from one of the clients puts the
entire cloud infrastructure at risk.
Cyber crime is the theft or unauthorised use of information facilitated by the internet. Cyber crimes
involve the use of computers and networks and include both monetary and non-monetary offences.
Some common instances of cyber crime include theft of banking passwords, illegal downloading
of sensitive information, phishing, cyber stalking, spyware, identity theft and computer viruses.
History has witnessed a number of cases of data breach, financial frauds, identity thefts and cloud
abuse resulting in the loss of money, reputation and brand power for many organisations. With so
much riding on data security in the cloud, the legal aspects for safe cloud computing must be
significantly addressed through due diligence of the cloud service provider. This chapter you will
learn about the legal aspects of cloud computing.
Activity
WikiLeaks is the source of classified information from business organisation, governments and
noted individuals from across the world. WikiLeaks fights legal discrepancies without involving
its hosting company into the picture. How do you think this is possible? What kind of legal
protection does the hosting company hold on to stay away from the chaos?
With a third party organisation managing the infrastructure in the cloud, the responsibility to
maintain privacy of all personal data is enhanced. It is common and acceptable to share personal
data with the cloud but the decision must be an informed one. Personal details of employees,
customer data and company secrets must be protected against the potential risks of theft and
leakage. One of the classic examples would be that of hacking attacks on Sony PlayStation
Network in 2011 – which we discussed in earlier chapters. If this can happen to Sony, which has
most of its infrastructure internally, imagine the level of caution that needs to be in place while
trusting third party cloud service providers. Let us briefly discuss different elements that needs to
be made available in contracts and agreements while moving to the cloud.
Data that can be traced back to a single individual can be categorised as “personal”. Companies
must look for cloud service providers that offer sufficient protection to such sensitive information.
To start with, when third party data has to be moved to the cloud, the existence of any contracts or
obligations against such action must be checked for. Following this, depending upon the location
of the cloud service provider and industry specific laws of privacy such as Health Insurance
Portability and Accountability Act (HIPAA) or the Gramm-Leach-Bliley Act (GLBA) stringent
privacy measures must be applied.
In order to regulate the use of personal data, the Data Protection Act was established. Under this
act, the data controller implies to an entity that determines the purpose of holding personal data
and the data processor “processes” the data on behalf of the controller. The data controller takes
the ultimate responsibility of complying with the Data Protection Act in case of any discrepancies.
Though the cloud service provider is often the data processor, there are some cases where it takes
the role of a data controller too. The precise role of the cloud service provider must be evaluated
in each case and the obligation for data protection must be assigned to the right entity.
Illustration
Consider an organisation which partners with a social media platform to enhance its
online presence. It develops a third party application to be integrated with the social
platform. In this case, the organisation acts as data controller of all personal data
collected through the application that is present within the social environment. The social
platform acts as the data controller for all data processed by the social network. Thus both
act as data controllers in this case.
With the role of the data controller and data processor defined and the level of obligation stated,
cloud customers must now evaluate the technical aspects of the provider and learn how they
promise to deliver services within the established expectations of protection. Failing this, the
following data protection issues can be expected in the cloud environment:
Data protection risks are further amplified when the cloud service provider involves multiple tiers
of sub-processors/ sub-contractors and data transfer happens between different countries.
The data controller must be completely aware of the kind of services sub-contracted by the
data processor (cloud service provider) and their guarantees to minimise the risk around
data protection.
Prior to 2011, the Indian judiciary system did not provide space for clear - cut laws pertaining to
data protection. However with the enhancement of the data protection laws in the European Union,
Information Technology Rules 2011 came into place. Under this act, corporate bodies, Indian
government and information providers were subjected to sensible security practices.
Activity
Find out what are the key features of Information Technology Rules 2011 that relate to
business organization dealing with sensitive/personal data
In addition to this, there are other laws within the Indian Penal Code (IPC) that can assist in
practising a reasonable level of security while handling data in the cloud
Law/Act/Rights Explanation
Activity
Lets us hypothetically believe that you are in China; now make a list of websites that you not
be able to access without a proxy.
Note: China has one of the most stringent set of laws when it comes to data protection and
privacy. Find out more!
While engaging with cloud service providers, there are few models that are available in the industry
- that an organisation can assess and adopt. We will briefly discuss about these models.
Standard Contract model contains the most common terms and conditions listed in the agreement.
It talks about
• The security and data protection standards followed by the cloud service providers
• Capacity allocation and scalability terms
• Location of the datacenters
• Lock-in period (which talks about how long the client would sign up for)
• Pricing structure and payments terms
• Periodic audits and updates
These are the general terms that would be included in a standard contracting model. This model is
also referred to as Click-Through Agreement - as the client just needs to review the contract and
sign off with minimal or no changes. Both the client and the service provider know about all the
agreement terms prevalent in the industry. Usually, standard contracting model is utilised by the
organisation whose cloud requirements are not mission critical (or) when they don't intend to move
their confidential and core business applications to the cloud.
As the name indicates, Negotiated Contract talks about specific terms and conditions in the
agreement as per the unique requirements of the organisation. Usually, organisations which serve
business customers negotiate strict terms and conditions and they would insist the cloud service
provider to abide to it. The additional terms that are negotiated includes
The more sensitive the data being handled, stricter the terms and conditions would be.
This is either a standard contract (or) a negotiated contract whole validity is for a specific period.
Say for example, some organisations have internal policies to change vendors every year (or) once
in 3 years etc. This applies for all types of vendors they deal with. This ensures efficiency in
services provided and move to the better ones if in case there are issues with existing vendors. This
holds true for cloud service providers as well. If the organisation is happy with a specific cloud
service provider whom they have trusted their data with, then they would renew it after the time
frame in the contract gets over. If they are unhappy (or) if they found any discrepancies with the
existing cloud service provider, then they would change them after a certain period. Some of the
multinational corporations are known to levy heavy penalties for their vendors who don't comply
with the contracts. The industrial term for such activity is “Contract Deviation”. If the cloud service
provider is said to deviate from the contracts, then they might end up paying heavy penalties and
in some cases, also face law suits. In such cases, the contract is terminated immediately and the
data is moved to other third party service providers.
Negotiating contracts with the potential cloud vendors is complex but crucial for success in the
cloud. While click-through agreements seem to make the work easier for low risk applications
momentarily, organisations must consider opting for tailored contracts to ensure that all future
applications to be hosted in the cloud are completely safe and devoid of legal issues. Some of the
common issues that arise due to contracting pitfalls are:
More than 75% of enterprises feel that moving to the cloud comes with some percentage of vendor
lock-in. While the convenience to shop at one stop, draw a single tailored contract and the
standardisation of technology seem alluring, things may not look the same in the long run. Vendor
lock-in hinders the path to rapid innovation and ultimately knocks down organisational health.
Examining the exit options in the contract or opting for an open source cloud stack such as
OpenStack may mitigate these problems.
Standardised contracts from bigger cloud vendors may sometimes allow unilateral termination of
the contract with a very small notice period. In such cases, the contract must outline the potential
effects of the termination and ways to regulate them. The terms of post termination support must
also be outlined in the legal contract drawn between the two parties.
Does your cloud provider reveal the exact location of your data? Does your contract outline the
procedures and technical solutions that are in place to protect data once it crosses the judicial
boundaries? Cloud vendors transfer data from one location to another to balance load and avoid
latency. As the data controller of the cloud, organisations must comply with the laws and
regulations of the country where the service provider is located as well as with the location of data
storage. Cloud auditing is the solution to ensure 100% compliance with all rules and legal
requirements of the new environment.
Apart from these major issues, there are few other legal clauses that need the attention of the data
controller while establishing a contract with a cloud provider.
One of the most common factors taken for granted while working with the cloud is the ownership
of data. Quite obviously data collected, used and stored on behalf of an organisation belongs to
that particular organisation. But has this ownership of data been legally recorded in your contract?
Data ownership must never be left to assumptions. The legal contract drawn between the cloud
provider and the cloud customer must clearly state the ownership of data and must hold the cloud
service provider responsible for delivering a complete copy of the data and erasing all copies
permanently in the event of termination.
Data security breach or loss of critical data due to a technical glitch can happen due to the
negligence of the cloud provider. In such cases, the organisation may face a high-dollar lawsuit
and may suffer some serious business damages. The “limitation to liability” clause of the contract
often hardly covers only a portion of the financial loss in most cases. Another security threat to
data may happen during the event of a government order. While data residing within the
organisation is analysed before being subjected to legal scrutiny, the same cannot always be
expected from the cloud provider. The most practical and viable solution to these data security
threats would be the good old due diligence of potential cloud vendors.
Virtualisation forms the backbone of cloud computing. Virtual Desktop Infrastructure (VDI)
allows an employee’s desktop to be moved into the virtual environment in a central server thus
enabling hardware cost reduction and better control over the use of software applications.
However, doing so with a software license that has geographical limitations on the type of
hardware deployed or does not allow the use of the software in a virtualised setup may result in
copyright infringement. In such cases, the license must be re-negotiated at an additional cost for
unlimited number of instances or for a specific number of instances in the virtual machine.
Additionally the confidentiality provisions of the software license regarding the disclosure of
proprietary software must be reviewed to avoid the breach situation.
Any organisation dealing with sensitive/personal information must regulate this information
carefully to avoid legal disputes in case of any discrepancies. Legal contracts must be drawn to
ensure that the liability of data is shifted to the side of the user and the organisation is insulated
from any issues pertaining to content such as copyright infringement, illegal data, and classified
information.
Businesses need to have expectations right when it comes to Legal issues related to the cloud.
What kind of information does the user / employees of a company store in the cloud are to be
strictly monitored and regulated. If the company doesn't have such resources to mediate, then it
should have Terms and Agreements duly signed by the user - so that the liability of content / data
stored on the cloud is on the user. This way, the business can avoid legal issues. Content issues
that may arise includes Copyright infringement, illegal data, classified information etc.
One classic example could be WikiLeaks. Its a website primarily dedicated to provide secret and
classified information from corporations & governments. It is currently hosted in servers located
in Sweden's former nuclear bunkers, the location for which is unknown. The data is also spread
across distributed servers in the world. This way, the cloud service provider has ensured that the
data is safe and secure and untraceable. The reason why its kept like it is because, the cloud service
provider that hosts WikiLeaks may get into too much legal trouble because of the content that is
being published on the site. Most content are classified by Government across the globe (or)
sensitive information related to major corporations (or) military secrets. What protects the hosting
service provider is the legal agreements and contracts. This way, the legal battle is only on Julian
Assange who is the founder of WikiLeaks and not on the cloud service provider.
Data compliance is critical in the cloud and is in fact a major area of concern for organisations
moving to the cloud. Compliance in the cloud can be categorised into two types
i. Geographic compliance
ii. Industry compliance
i. Geographic compliance: With the flow of personal data across borders, geographic
locations play a vital role in the storage and processing of data. For instance, what may
seem right in the US may be a breach in Canada or Europe. Also different regions within
the same country may follow a different set of compliance measures.
The Federal Rules of Civil Procedure that affect cloud data is effective only in 35 US states.
Similarly while working with a cloud service provider in Europe organisation must consider the
National, European as well as Federal law depending upon the exact location of the cloud
service provider.
ii. Industry compliance: Some industries like healthcare and finance pose very stringent
compliance measures while working in the cloud. These compliance measures are
practiced to makes the regulation of sensitive data more centralised.
To avoid any legal issues that might arise from compliance matters, organisations must,
• Analyse the data to be moved to the cloud. Data that is prone to maximum risk must be
kept internal or in the private cloud.
• Draw a compliance checklist and ensure the cloud provider has the capabilities to
protect data with the right compliance framework.
• Conduct an audit to ensure that compliance measures offered by the provider have been
implemented in real.
Activity
Find out what particular industry do these below compliance acts belong to.
Summary:
• The theft or unauthorised use of information facilitated by the internet is called cyber crime.
• Common examples of cyber crime are cyber stalking, identity theft, hacking bank accounts,
stealing personal information and so on.
• With cloud computing, sensitive data leaves the protective borders of the organisation and
is subjected to a number of legal issues.
• Privacy of personal data stored in the cloud must be acknowledged to avoid legal lawsuits.
• According to the Data Protection Act, the data controller implies to an entity that
determines the purpose of holding personal data and the data processor “processes” the
data on behalf of the controller. The data controller takes the ultimate responsibility of
complying with the Data Protection Act in case of any discrepancies.
• Lack of sufficient data protection in the cloud leads to a number of risks such as lack of
integrity, data compliance and data portability.
• When it comes to establishing cloud contracts, negotiating them to suit the particular needs
of the organisation is recommended over click-through agreements.
• The common challenges in cloud contract are vendor lock-in, unilateral termination, cloud
auditing, limited liability and force majeure clauses and indemnification.
• Data ownership in the cloud must never be left to assumptions. The legal contract drawn
between the cloud provider and the cloud customer must clearly state the ownership of data
and must hold the cloud service provider responsible for delivering a complete copy of the
data and erasing all copies permanently in the event of termination.
• Virtualisation forms the backbone of cloud computing and to deliver the expected benefits,
negotiating of software licenses to suit the virtual environment must be accomplished.
• Cloud compliance can be categorised into two, Geographic compliance and Industry
Compliance.
Self-Assessment Questions:
4) One common risk that arises from lack of data protection in the cloud is
(a) Lack of good data (b) Lack of data integrity
(c) Loss of money (d) None of the above
Answers:
Q. No. 1 2 3 4 5 6 7 8
Activity
Activity Type: Online Time: 30 minutes
Consider a situation where you want to develop an IT governance board. Figure out the
skills required to be a member of governance board and identify the scope of the board’s
responsibilities.
Bibliography
References
• Arthur Cox. Tackling Data Protection in the Cloud. Retrieved November 18, 2015,
from,http://www.arthurcox.com/wp-content/uploads/2014/01/Tackling-data-protection-
in-thecloud-by-Colin-Rooney-Arthur-Cox.pdf
• CNet. Cybercrime moves to the cloud. Retrieved November 18, 2015, from
http://www.cnet.com/news/cybercrime-moves-to-the-cloud/
• Computer Weekly. Cloud storage needs an audit process to stay compliant. Retrieved
November 18, 2015, from http://www.computerweekly.com/opinion/Cloud-storage-
needs-an-audit-process-to-stay-compliant
• Computing. Legal issues surrounding virtualization. Retrieved November 18, 2015, from
http://www.computing.co.uk/ctg/feature/1860596/legal-issues-surrounding-virtualisation
• ICO. Data controllers and data processors. Retrieved November 18, 2015, from
https://ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-
processors-dp-guidance.pdf
• ICO. Guidance on the use of cloud computing. Retrieved November 18, 2015, from
https://ico.org.uk/media/for-
organisations/documents/1540/cloud_computing_guidance_for_organisations.pdf
• Infoworld. 9 top threats to cloud computing security. Retrieved November 18, 2015, from
http://www.infoworld.com/article/2613560/cloud-security/cloud-security-9-top-threats-
to-cloud-computing-security.html
• ISACA. Cloud Computing Legal Issues. Retrieved November 18, 2015, from
http://www.isaca.org/Groups/Professional-English/cloud-
computing/GroupDocuments/DLA_Cloud%20computing%20legal%20issues.pdf
• NCPC. Cybercrimes. Retrieved November 18, 2015, from
http://www.ncpc.org/resources/files/pdf/internet-safety/13020-Cybercrimes-revSPR.pdf
• Socially Aware. Privacy in the Cloud: A Legal Framework for Moving Personal Data to
the Cloud. Retrieved November 18, 2015, from,
http://www.sociallyawareblog.com/2014/10/29/privacy-in-the-cloud-a-legal-framework-
for-moving-personal-data-to-the-cloud/
• Study.com. What is Cyber Crime? – Definition, Types and Examples. Retrieved November
18, 2015, from, http://study.com/academy/lesson/what-is-cyber-crime-definition-types-
examples.html
• Tech Net. Cloud Computing : Negotiating Cloud Contracts. Retrieved November 18, 2015,
from, https://technet.microsoft.com/en-us/magazine/jj149022.aspx
• Tech Republic. Legal issues to consider with cloud computing. Retrieved November 18,
2015, from,http://www.techrepublic.com/blog/tech-decision-maker/legal-issues-to-
consider-with-cloud-computing/
• Tech Target. Ten key provisions in cloud computing contracts. Retrieved November 18,
2015, from http://searchcloudsecurity.techtarget.com/tip/Ten-key-provisions-in-cloud-
computing-contracts
• TechNet. Compliance Issues in the Cloud. Retrieved November 18, 2015, from
http://social.technet.microsoft.com/wiki/contents/articles/3800.compliance-issues-in-the-
cloud.aspx
• ZDNet. Is vendor lock-in different with cloud? Retrieved November 18, 2015, from
http://www.zdnet.com/article/is-vendor-lock-in-different-with-cloud/
External Resources
• Cheung, A. (2015). Privacy and Legal Issues in Cloud Computing. US: Edward Elgar
Publishing
• Katarina, S. (2009). Grid and Cloud Computing. UK: Springer Heidelberg
• Ko, R. (2015). The Cloud Security Ecosystem. US: Elsevier
Video Links
Topic Link
Know the legal issues surrounding
https://www.youtube.com/watch?v=BBHZb0flXgw
Cloud Computing
Chapter 5.1
Cloud Practices
Page No.
Aim 156
Summary 169
SAQs 170
Bibliography 172
References 172
Aim
Learning Objectives
Learning Outcome
Summary
Self-assessment Questions
References
External Resources
Video Links
Cloud Computing Considerations Cloud Practices
Aim
To study the best practices to follow and worst practices to avoid while migrating to the
cloud
Learning Objectives
Learning Outcome
5.1.1. Introduction
In the previous chapters we have learnt about the various ways to assess cloud solutions and the
legal and compliance issues related to it. In this chapter we will look into the different ways that
can make cloud experience an absolute success and also draw a few inferences about the future of
cloud. With cloud computing quickly finding its foot in various sectors we will also explore the
various career opportunities that one can secure in this field of technology.
Every organisation must have established sufficient research before choosing a cloud vendor. It is
now time to check if the promised services are continuing to benefit your business. The
performance of your cloud vendor must be consistent irrespective of the fluctuations in your
business needs. Some of the common factors that can be used to determine the consistency in
performance by the cloud vendor are:
Fact
Some of the popular tools used to monitor and manage the performance of cloud
solutions are Hyperic HQ, CloudStatus, CollabNet CUBiT 2.0 and Cassatt.
Best practices for cloud computing can be defined as the set of actions that render the optimal
cloud experience at the most reasonable costs. They begin with vendor selection and continue to
guide organisations through every action in the cloud. The following section will outline four of
the industry’s best practices that must be followed for optimised success in the cloud.
The cost-effectiveness of cloud has been flaunted widely and this is indeed one of the most
attractive benefits of moving to the cloud. To be able to reap the cloud cost benefits it is critical to
choose the right vendor.
The following checklist can help organisations to best choose their cloud vendor:
• Organisations that are looking to expand operations must pay attention to the user limit cap
to avoid penalty charges as the number of users grow.
• A service level agreement that outlines the availability, performance, security measures
and guaranteed uptime must be in place.
• Partnering with more than one cloud vendor to satisfy all business needs is recommended.
This makes the organisation less prone to downtime issues.
• The cloud vendor must allow customisable viewing and reporting of data rather than a
proprietary format.
• The cloud vendor must be able to provide customised workflows and user profiles with
well-defined role hierarchies. The cost and effort required to achieve these parameters must
be determined.
Activity
Letting go of the control over IT resources and critical data to a third party can be a difficult
decision for any organisation. Once it is decided, there are two approaches to moving to the cloud.
The first one is Flash-Cut approach wherein the cloud infrastructure and all the necessary tools
and systems are built internally or by a vendor. Once the complete infrastructure, platform and
necessary software are ready, the migration is carried out completely at a stretch. The second
approach is the Phased-in approach where the migration is carried out in a phased manner, as and
when necessary things are developed and commissioned.
A phased-in approach (where you do not have to move everything to the cloud at one single time)
allows smoother transition as well as broader acceptance than in the other methods.
In many cases, cloud service agreements are only a way out of legal trouble for cloud providers,
while they should in reality be an assurance of high-level customer service. It is the responsibility
of the cloud consumer to read and understand the service agreements in detail.
• Internal policies, processes and culture that may influence cloud usage
• Overall objectives and expectations from the cloud service
• Trust and assurance through good governance
• The metrics used to validate the service levels
• Compensations in case of trouble
• Limitations, disclaimers, and exclusions
What if the cloud based application crashes? What will you do if there is a hack? What is the plan
B if your cloud service provider goes bankrupt and hence not able to support your application
anymore? What happens if there is a security breach?
Situations like these are meant to arise especially in a cloud environment. It is extremely important
to have a contingency plan in place to tackle such situations and a team always ready to implement
recovery management within short notice. This could help the organisation technically and
financially and hence, saves the online reputation.
Just like how cloud computing has some best practices to be followed, there are also a few
“customs” that must be avoided. The section below outlines these practices in detail.
The incredible benefits of cloud strongly attract organisations of all kinds and sizes. Adopting
cloud technology is a great decision but it must be backed with the required homework. Moving
to the cloud does not imply purchasing a random solution with one card swipe. It requires the due
diligence of a number of factors such as security, regulatory measures, business needs, cost
analysis and so on.
In the best practices section, we already discussed about having a contingency plan. Uncertainty
is an indispensable part conducting business. Your cloud solution may encounter unexpected
pitfalls such as natural calamities, vendor failure, business outage, unexpected costs and so on.
Moving to the cloud without a contingency plan is like setting oneself up for failure. Organisations
must evaluate the various risks associated with the cloud and have a recovery plan in place before
migrating to the cloud.
Is moving to the cloud the most viable option for your business organisation? The best place to
start the cloud journey would be to evaluate the actual needs of the business and then map it onto
the solutions available in the market. Cloud customers must be able define the exact business case,
the issues that must be solved and the ways in which they believe that moving to the cloud can
help their organisation.
Choosing the wrong cloud service provider is often the reason that prevents organisations from
growing. A reliable cloud service provider with a proven track record and with solutions that best
suit the business needs has the highest chance of contributing towards organisational success.
The questions below can be used as a checklist while selecting the right cloud vendor:
In the previous chapters, we saw the case of WikiLeaks where the cloud vendor was smartly
shielded against the violation of law through strong service contracts. Cloud services subject
organisations to legal and compliance issues and as the controller of data, organisations must
handle these issues appropriately to avoid expensive legal penalties.
Activity
Recall previous chapters and list five sources of legal concerns that may arise while using
cloud services.
Security and privacy concerns in the cloud are like urban legends that will continue to exist forever.
To be able to look beyond these pitfalls and ensure safe cloud operations, due diligence of security
measures provided by the cloud vendor is mandatory. Following is a list of security questions that
you must ask your cloud vendor before giving the final nod:
While the potential of cloud technology to save costs and enhance productivity is touted by
organisations, user experience often remains a forgotten metric in most cases. A service level
agreement is a significant legal tool that determines how well the cloud experience turns out to be
from the end user perspective. It helps evaluate parameters such as cloud availability, quality of
service, response time, capacity and so on. Ignoring these legal aids leads to misinterpreted
obligations and risks in the cloud.
It is true that cloud is a strong enabler of cost savings. However cost must not be the only factor
that influences the choice of cloud vendor. The suitability of the cloud solution and the reliability
of the vendor must be counted in primarily to avoid expensive mistakes in the cloud
Cloud computing has been the technology buzzword in the business environment for a few years
now and will continue to create a strong impact in the upcoming years. Several research firms and
consulting companies have come up with their own set of predictions and forecasts about the cloud.
However one common fact that can be drawn unanimously from these reports is that “the cloud is
here to stay”.
The points below illustrate the key predictions on various aspects of cloud from the world-
renowned technology research firm, Gartner Incorporation.
• Through 2020, there will be a shift in the reason behind cloud security failures from the
vendor to customer side. More than 50% of the enterprises will invest explicit effort in
achieving a high level of security in the cloud.
• Cloud Enterprise Resource Planning (ERP) providers and cloud-based IoT platforms will
evolve to enable the proliferation of smart technology.
• The compound annual growth rate of IaaS for the time period from 2014 to 2019 is
expected to hit 29%.
• Cloud along with mobile, big data and social media will continue to disrupt the traditional
ways of business.
The graph below indicates the projected growth of cloud computing market for a ten year period
starting from 2008. This indication comes from Bessemer Venture Partners, a global venture
capital company.
“The State of the Cloud Computing 2015” is a report by Bessemer Venture Partners, a global
venture capital company located in the US. According to this report, the cloud computing
market is expected to reach $127.5 billion by 2018. The report also states that, more than 60%
of all CRM applications would be cloud-based and the overall growth rate of SaaS-based
applications would exceed 17%.
Once you have addressed the concerns relating to security and privacy, cloud computing can be
applied to a number of sectors comfortably. The following section will illustrate the key
applications of cloud across some of the largest industry sectors:
Key applications
Pros
• Cloud computing enables efficient and cost-effective management of large amount of data.
• Reputed cloud provider practice more sophisticated ways of data protection than most
educational institutions.
Cons
Key applications
• Cloud creates a marketplace for sellers without the need for investment in hardware or
software elements.
• It creates a marketplace for buyers with more product options and services.
• Cloud-based forums and social network are the major source of word-of-the-mouth
marketing.
Pros
Cons
• A number of cloud-optimised marketing techniques like SEO, social media and PPC
deliver both short and long term benefits. Using them effectively and in the right mix still
remains a challenge.
Key applications
Pros
• Cloud computing has redefined this industry by opening the gates for several new and
innovative modes of entertainment
Cons
• Using the cloud to store and process our personal media calls for a strong security check
Key applications
Pros
• Cloud applications are an excellent way of storing, managing and using the enormous
amount of data generated by the healthcare industry
• Facilitates information sharing by connecting various elements of the healthcare system
such as labs, medical centres and hospitals
Cons
• Hospitals generate an enormous of data that must be secured and made compliant. With
cloud computing the data must be well-protected and must also adhere to all applicable
regulatory measures
Cloud computing is quickly growing into an attractive sector for great careers. The following
sections provides further details on lucrative job opportunities in various areas of cloud computing.
Activity
Recall the three components that together make up the cloud architecture.
The front end of a cloud computing system refers to the client’s device that creates an interface
with the system. It may be a thin client, a mobile device or a network that is running a few
applications to facilitate access to the cloud.
Apart from these two major roles, candidates can also look for positions like visual interaction
designer, UX practitioner and front-end engineer.
The component of the cloud architecture that manages and monitors communication between the
front and back end is called middleware.
The back-end of a cloud computing system refers to physical peripherals such as servers and
storage. Lucrative opportunities in this area are:
Operations Manager Sufficient knowledge and • The main link between the
experience in dealing with all data centre and
operational demands of a data stakeholders.
centre. • Takes care of budgeting,
planning, technical
guidance, disaster recovery
and all operational
activities in the data
centre.
Cloud System Administrator Clear understanding of the • Responsible for the
demands in a data centre. configuration and
Ability to troubleshoot, maintenance of all
planning of capacity and components within the
knowledge about all hardware cloud infrastructure
components is mandatory.
Data Centre Technician Proficiency in working with • Debugging and
Linux and Unix operating troubleshooting of
systems. Thorough knowledge physical and virtual
about hypervisors, network servers.
deployment, compression and • Load balancing and cloud-
storage technologies. based deployment.
Data centre management is one of the most potential technical fields for job opportunities.
Significant roles in this field are DC (Data centre) infrastructure consultant, Data analyst,
Network Manager and so on.
Summary:
• Following a smooth transition to the cloud, organisations must continue to manage a whole
plethora of parameters to ensure that the cloud investment is best optimised.
• The existing cloud service must be regularly evaluated to ensure that vendor promises are
rendered seamlessly and the business continues to benefit from them.
• Finding the right cloud vendor and using the phased-in approach are significant best
practices in the cloud.
• Some of the practices that must be avoided while moving to the cloud are:
• Cloud will continue to disrupt the way businesses function and will stay strong for a long
time.
• Cloud opens up whole range of career opportunities in both technical and managerial
spheres.
• Key roles in cloud back-end are Data Centre Manager, Operations Manager, Cloud System
Administrator and Data Centre Technician.
Self-Assessment Questions:
1) One of the best practices to follow after transitioning to the cloud is:
(a) Calculating the ROI
(b) Eliminating the redundant personnel
(c) Analysing the existing service
(d) Looking to move more services to the cloud
3) Which one of the following must be avoided while moving to the cloud?
(a) Security measures (b) Cloud Governance
(c) Due-diligence (d) Jumping in too soon
6) _______ is NOT the only factor must approve your choice of cloud vendor.
(a) Cost (b) Reliability
(c) Trust Issues (d) Location of cloud vendor
8) Which one of the following roles belongs to the back-end of the cloud architecture?
(a) Data center manager (b) User experience designer
(c) User interface designer (d) Cloud software developer
9) Debugging and troubleshooting of physical and virtual servers in a data centre is taken
care by_________
(a) Data Centre Manager (b) Operations Manager
(c) Data Centre Technician (d) Cloud System Administrator
10) Which one of the following industry widely uses cloud based applications for various
business functions?
(a) Healthcare (b) Entertainment
(c) Education (d) Marketing
Answers:
Q. No. 1 2 3 4 5 6 7 8 9 10
Ans (c) (a) (d) (c) (b) (a) (b) (d) (c) (a)
Activity
Activity Type: Online Time: 30 minutes
Prepare a presentation (around 10 slides) for the learner focusing on the do’s and don’ts
while migrating Apps to the cloud.
Bibliography
References
• Cloud Standards Customer Council. Practical Guide to Cloud Computing Version 2.0.
Retrieved November 22, 2015, from http://www.cloud-
council.org/2011_Practical_Guide_to_Cloud%20Computing.pdf
• Dazeinfo. The future of cloud computing. Retrieved November 22, 2015, from
http://dazeinfo.com/2015/07/01/the-future-of-cloud-computing-127-billion-market-by-
2018-report/
• Forbes. 83% of Healthcare Organizations Are Using Cloud-Based Apps Today. Retrieved
November 22, 2015, from http://www.forbes.com/sites/louiscolumbus/2014/07/17/83-of-
healthcare-organizations-are-using-cloud-based-apps-today/
• Gartner. Gartner Says Worldwide Cloud Infrastructure-as-a-Service Spending to Grow
32.8 Percent in 2015. Retrieved November 22, 2015, from
http://www.gartner.com/newsroom/id/3055225
• Hostway. Five Worst Practices to Avoid in the Cloud. Retrieved November 22, 2015, from
http://www.hostway.com/blog/five-worst-practices-to-avoid-in-the-cloud/
• IJSETR. A Survey on Use of Cloud Computing in various Field. Retrieved November 22,
2015, from http://ijsetr.org/wp-content/uploads/2013/07/IJSETR-VOL-2-ISSUE-2-480-
488.pdf
• IT World Canada. Gartner’s top 10 predictions for 2016 and the ‘post-app’ era. Retrieved
November 22, 2015, from http://www.itworldcanada.com/article/gartner-top-ten-
predictions-for-2016-and-post-app-era/377594
• Lexology. Contracting for end user experience: 10 issues to consider in service level
agreements. Retrieved November 22, 2015, from
http://www.lexology.com/library/detail.aspx?g=b9a5aa5d-3cf0-43f4-82d8-724a8cd144a0
External Resources
• Velte, A., Velte, T., & Elsenpeter, R. (2010). Cloud Computing: A Practical Approach.
US: McGraw Hill
Video Links
Topic Link
https://www.youtube.com/watch?v=bu3kIAZA
Future of Cloud Computing
KTs
https://www.youtube.com/watch?v=D_5UHuB
Cloud Best Practices
_hMo