Q1. Explain four different types of cloud deployment models.

1. Public Cloud are the computing services provided to the general public over
the internet, making it available to anyone who wants to either use it or
purchase it with minimum costs.
They may be free or sold on-demand, allowing customers to pay only per
usage for the CPU cycles, storage, or bandwidth they consume.

Benefits –
a. Cost efficient – They are normally free or paid with minimum expenses.
b. Lesser Responsibility- the cloud service provider is held responsible for all
management and maintenance of the system.
c. Faster deployment- Public clouds can also be deployed faster than on-
premises infrastructures and with an almost infinitely scalable platform.

2. Private Cloud are the computing services offered to a particular organisation.

It provides increased security of its private nature.

Benefits -
a. Freedom to customisation hardware and software in any way.
b. Greater visibility to security and access control
c. Full control over hardware and software choices

3. Community Cloud allows systems and services to be accessible by a group of

organisations from a specific community with common interests.

Benefits -
a. Cost Saving As multiple users of an organisation can access a common pin.
b. Enhanced Security
c. Customisation as per company’s preferences.
d. Increased Collaboration Community cloud allows increased collaboration
among organisations. It allows the sharing of infrastructure, cloud
resources, and other capabilities between businesses.

4. Hybrid Cloud is a mixture of public and private cloud. However the critical
activities are performed using private clouds and non- critical activities are
performed using publ cloud.

Benefits -
a. Cost control
b. Scalability
c. Reduced latency
d. Processes larger data sets
Q2. Explain some of the most common causes of data leaks in SaaS Clouds.

The most common causes of data leaks in SaaS Clouds include.

Misconfigured cloud settings: Improper configuration of cloud settings can lead to

unintended exposure of sensitive data, such as leaving data repositories open to the
public or misconfiguring security protocols, allowing unauthorized access.

• Insider threats: Employees with access to sensitive data can either intentionally or
unintentionally leak information. This can occur through sharing confidential
information, downloading data onto personal devices, or inadvertently exposing data
due to a lack of awareness about security best practices.

• Phishing attacks: Phishing remains a common tactic used by attackers to gain

unauthorized access to SaaS accounts. Through deceptive emails or messages, users
may unknowingly provide their login credentials, enabling attackers to infiltrate the
SaaS environment and access sensitive data.

• Inadequate data encryption: Insufficient data encryption protocols can make data
susceptible to interception during transmission or while at rest. Without robust
encryption measures, data can be compromised if intercepted during communication
between the user and the SaaS provider's servers.

• Vulnerabilities in third-party integrations: Integrations with third-party applications

can introduce security vulnerabilities, potentially leading to data leaks. If these
integrations lack proper security measures or are not regularly updated to address
known vulnerabilities, they can provide an entry point for attackers to gain
unauthorized access to the SaaS environment.

• Weak access controls: Inadequate access control mechanisms can result in

unauthorized individuals gaining access to sensitive data. Weak authentication
protocols, insufficient user permission management, and the lack of multi-factor
authentication can all contribute to data leaks within SaaS cloud environments.

Q3. Explain the pros and cons of Cloud.

 PROS :

1. Cheaper – Cloud Services offers a low cost of using and ownership expenses.
Most services are offered free and some that are to minimal expenses.
2. Back up and restore data – cloud services offer facilities that are one stored on cloud
are easy to back up and restore the data again.
3. Improved collaboration – one of the most amazing services offered by cloud
computing is that multiple users can easily axis and share information through
shared cloud storage.
4. Services in the pay per user model - Cloud computing offers Application
Programming Interfaces (APIs) to the users for access services on the cloud and pays
the charges as per the usage of service.
5. Storage facility- clouds offers a vast storage facility to its customers, saving, its
documents, files, photos, images and et cetera.
6. Data security – the best advantage of cloud computing is the security service. It
facilitates that with all the facilities availed, we have our data stored with highest
security that cannot breached.
CONS :

1. Internet connectivity- to access the data, interpret, download even a single

image high Internet connectivity is required so if you don’t have a proper Internet
connection, this will cause a hurdle to use cloud computing.
2. Security- even that all the cloud computing sources ensure highest data privacy but
while uploading it, we should always look up that we are providing our organisation
sensitive information to a third-party (service provider).
3. Vendor lock in - Vendor lock-in is the biggest disadvantage of cloud
computing. Organisations may face problems when transferring their services from
one vendor to another. As different vendors provide different platforms, that can
cause difficulty moving from one cloud to another.

Q4. What is NIST definition of Cloud Computing and Essential characteristics?

 Definition:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly provisioned and
released with minimal management effort or service provider interaction. This cloud
model is composed of five essential characteristics, three service models, and four
deployment models.

Essential Characteristics:
a. On-demand self-service. A consumer can easily access cloud facilities when
needed by himself without the tiresome process of contacting service
providers.
b. Broad network access. You can access cloud services over the network and
on portable devices like mobile phones, tablets, laptops, and desktop
computers. A public cloud uses the internet; a private cloud uses a local area
network.
c. Resource pooling. With resource pooling, multiple customers can share
physical resources using a multi-tenant model. This model assigns and
reassigns physical and virtual resources based on demand. Multi-tenancy
allows customers to share the same applications or infrastructure while
maintaining privacy and security. Though customers won't know the exact
location of their resources, they may be able to specify the location at a higher
level of abstraction, such as a country, state, or data centre. Memory,
processing, and bandwidth are among the resources that customers can pool.
d. Rapid elasticity. Cloud services can be elastically provisioned and released,
sometimes automatically, so customers can scale quickly based on demand.
The capabilities available for provisioning are practically unlimited. Customers
can engage with these capabilities at any time in any quantity. Customers can
also scale cloud use, capacity, and cost without extra contracts or fees. With
rapid elasticity, you won’t need to buy computer hardware.
Instead, canuse the cloud provider's cloud computing resources.
e. Measured service. Cloud systems automatically control and optimise resource
use by leveraging a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth, and
active user accounts). Resource usage can be monitored, controlled, and
reported, providing transparency for both the provider and consumer of
the utilised service.

Q5. Explain Any one of the following Cloud Actors.

Cloud Broker
• As per the definition provided by NIST, a cloud broker is “an entity that manages the
use, performance, and delivery of cloud services and negotiates relationships
between Cloud Providers and Cloud Consumers.”
• A cloud broker essentially acts as a middleman between organisations seeking cloud
computing services and the providers offering these services. Their main job is to
help clients choose the most suitable cloud services based on their specific needs
and budget.

• This involves providing guidance on different cloud service options, negotiating terms
and prices with providers, and overseeing the integration and deployment of chosen
cloud services within the organisation’s existing setup.

• Additionally, cloud brokers may also offer ongoing services such as performance
monitoring, security management, and issue resolution to ensure that the selected
cloud solutions continue to meet the organisation’s requirements.

• With the increasing demand for cloud computing, the role of cloud brokers has
become crucial in simplifying the cloud adoption process and enabling organisations
to derive maximum benefit from their investment in cloud resources.

Examples of Cloud Brokers

• RightScale: This platform offers a cloud management solution that allows businesses
to effectively manage and optimise their cloud infrastructure across various public
and private cloud services.

• CloudHealth by VMware: Cloud health provides a comprehensive cloud service

management platform that assists organisations in overseeing and analysing their
cloud costs, usage, performance, and security across different cloud providers.

• Jam-cracker: Jam-cracker serves as a cloud services brokerage platform, enabling

organisations to manage and deliver cloud services to their end-users through a
unified multi-cloud catalog and marketplace.

• Cloud checker: Cloud checker provides a robust cloud management platform,

enabling businesses to efficiently manage and streamline their cloud infrastructure,
control expenditures, and ensure security and compliance across different cloud
service providers.

• These examples demonstrate how these cloud brokers offer a range of services,
including cloud service management, cost optimisation, performance monitoring,
and security management, all geared towards helping organisations effectively utilise
and benefit from cloud services offered by various providers.