BTCOE702 CLOUD COMPUTING

CLOUD COMPUTING
Unit 1

Unit No 1: Introduction [7 Hours]

Definition and evolution of Cloud Computing, Enabling Technologies, Service and Deployment
Models, Popular Cloud Stacks and Use Cases, Benefits, Risks, and Challenges of Cloud Computing,
Economic Models and SLAs, Topics in Cloud Security.

The official definition from the National Institute of Standards and Technology reads: "Cloud
computing is a model for enabling convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications and services) that can
be rapidly provisioned and released with minimal management effort or service provider interaction."

Figure 1.1. Cloud Computing

Means: Accessing the Internet anywhere, anytime and being able to use any or all of the data and
applications that you want.
The concept of cloud computing dates to the 1960s. The phrase originates from the cloud symbol used
by flow charts and diagrams to symbolize the Internet. The diagram to the left underscores the idea
that any Web-connected computer has access to a pool of computing power, applications and files.

The first reported public use of the phrase was in August of 2006 at a search engine conference
in San Jose, Calif., when Eric Schmidt (then Google's CEO), described one approach to data
storage as "cloud computing."
BTCOE702 CLOUD COMPUTING

Who provides Cloud Computing Services?

Dozens of firms are providing "clouds" in the U.S. and other countries. They generally fall into three
categories of service: software, storage and computing power, or platform providers that give site developers
tools to build and host applications. Some do all three. Big or small, all see this as a natural way to make
money in a competitive field.

Some names might be surprising, as they may be better known as content providers or consumer sites. Here
are just a few of the major players:

Dropbox: A file-hosting service offering storage, file synchronization and client software, the company
started in 2007. It allows users to create a special folder on each of their computers, which the company then
synchronizes so that it appears to be the same folder (with the same contents) regardless of which computer
is used to view it. Files placed in this folder also are accessible through a website and mobile phone
applications.

Amazon: Considered one of the innovators in cloud computing since it began offering services in 2006,
Amazon has thousands of small business and individual users, as well as customers such as The New York
Times and Eli Lilly.

Google: In what might have been a strike again Microsoft, the Internet search giant launched Google Apps in
2007. Customers include small businesses and colleges such as Northwestern University.

Microsoft: The tech giant has made its Windows operating system available with cloud computing through
the Azure program. Microsoft also offers various business services. Customers using the program include
Epicor and Micro Focus.

NetSuite: Founded by Oracle CEO Larry Ellison, NetSuite offers Web-based applications for small
businesses that include Wolfgang Puck Coffee.

Salesforce.com: Started in 1999, Salesforce is considered a pioneer in cloud computing, with its software as a
service product. Customers include financial services, media and health firms as well as retail companies.

GoGrid: The Canadian-based firm is privately held and said to be one of Amazon's chief competitors in
cloud storage. Customers are mostly start-ups, though it has a few bigger clients, including Novell

Evolution of cloud Computing

The roots of clouds computing by observing the advancement of several technologies, especially in hardware
(virtualization, multi-core chips), Internet technologies (Web services, service-oriented architectures, Web
2.0), distributed computing (clusters, grids), and systems management (autonomic computing, data center
automation).

From Mainframes to Clouds

We are currently experiencing a switch in the IT world, from in-house generated computing power into
utility- 13 supplied computing resources delivered over the Internet as Web services. This trend is similar to
what occurred about a century ago when factories, which used to generate their own electric power, realized
that it is was cheaper just plugging their machines into the newly formed electric power grid.

Computing delivered as a utility can be defined as ―on demand delivery of infrastructure, applications, and
business processes in a security-rich, shared, scalable, and based computer environment over the Internet for
a fee‖
BTCOE702 CLOUD COMPUTING

Figure :1.2 Convergence of various advances leading to the advent of cloud computing

This model brings benefits to both consumers and providers of IT services. Consumers can attain
reduction on IT-related costs by choosing to obtain cheaper services from external providers as
opposed to heavily investing on IT infrastructure and personnel hiring. The ―on-demand‖ component
of this model allows consumers to adapt their IT usage to rapidly increasing or unpredictable
computing needs.

Providers of IT services achieve better operational costs; hardware and software infrastructures are
built to provide multiple solutions and serve many users, thus increasing efficiency and ultimately
leading to faster return on investment (ROI) as well as lower total cost of ownership (TCO)

The mainframe era collapsed with the advent of fast and inexpensive microprocessors and IT data
centers moved to collections of commodity servers. Apart from its clear advantages, this new model
inevitably led to isolation of workload into dedicated servers, mainly due to incompatibilities
Between software stacks and operating systems.

These facts reveal the potential of delivering computing services with the speed and reliability that
businesses enjoy with their local machines. The benefits of economies of scale and high utilization
allow providers to offer computing services for a fraction of what it costs for a typical company that
generates its own computing power.

SOA, WEB SERVICES, WEB 2.0, AND MASHUPS

The emergence of Web services (WS) open standards has significantly contributed to advances in the
domain of software integration. Web services can glue together applications running on different
messaging product platforms, enabling information from one application to be made available to
others, and enabling internal applications to be made available over the Internet.
BTCOE702 CLOUD COMPUTING

Over the years a rich WS software stack has been specified and standardized, resulting in a multitude
of technologies to describe, compose, and orchestrate services, package and transport messages
between services, publish and discover services, represent quality of service (QoS) parameters, and
ensure security in service access.
WS standards have been created on top of existing ubiquitous technologies such as HTTP and XML,
thus providing a common mechanism for delivering services, making them ideal for implementing a
service-oriented architecture (SOA)
The purpose of a SOA is to address requirements of loosely coupled, standards-based, and
protocolindependent distributed computing. In a SOA, software resources are packaged as ―services,‖
which are welldefined, self- contained modules that provide standard business functionality and are
independent of the state or context of other services. Services are described in a standard definition
language and have a published interface.
The maturity of WS has enabled the creation of powerful services that can be accessed on-demand, in
a uniform way. While some WS are published with the intent of serving end-user applications, their
true power resides in its interface being accessible by other services. An enterprise application that
follows the SOA paradigm is a collection of services that together perform complex business logic.
In the consumer Web, information and services may be programmatically aggregated, acting as
building blocks of complex compositions, called service mashups. Many service providers, such as
Amazon, del.icio.us, Facebook, and Google, make their service APIs publicly accessible using
standard protocols such as SOAP and REST.
In the Software as a Service (SaaS) domain, cloud applications can be built as compositions of other
services from the same or different providers. Services such user authentication, e-mail, payroll
management, and calendars are examples of building blocks that can be reused and combined in a
business solution in case a single, readymade system does not provide all those features. Many
building blocks and solutions are now available in public marketplaces.
For example, Programmable Web is a public repository of service APIs and mashups currently listing
thousands of APIs and mash ups. Popular APIs such as Google Maps, Flickr, YouTube, Amazon
eCommerce, and Twitter, when combined, produce a variety of interesting solutions, from finding
video game retailers to weather maps. Similarly, Salesforce.com offers AppExchange, which enables
the sharing of solutions developed by third-party developers on top of Salesforce.com components.

GRID COMPUTING
Grid computing enables aggregation of distributed resources and transparently access to them. Most
production grids such as TeraGrid and EGEE seek to share compute and storage resources distributed
across different administrative domains, with their main focus being speeding up a broad range of
scientific applications, such as climate modeling, drug design, and protein analysis.
A key aspect of the grid vision realization has been building standard Web services-based protocols
that allow distributed resources to be ―discovered, accessed, allocated, monitored, accounted for and
billed for etc., and in general managed as a single virtual system.‖ The Open Grid Services
Architecture (OGSA) addresses this need for standardization by defining a set of core capabilities and
behaviors that address key concerns in grid systems.

UTILITY COMPUTING
In utility computing environments, users assign a ―utility‖ value to their jobs, where utility is a fixed
or time-varying valuation that captures various QoS constraints (deadline, importance, satisfaction).
The valuation is the amount they are willing to pay a service provider to satisfy their demands. The
service providers then attempt to maximize their own utility, where said utility may directly correlate
with their profit. Providers can choose to prioritize.
BTCOE702 CLOUD COMPUTING

Cloud Computing Architecture:

Cloud computing architecture refers to the components and sub-components required for cloud computing.
These components typically refer to:
1. Front end(fat client, thin client)
2. Back-end platforms(servers, storage)
Cloud-based delivery and a network(Internet, Intranet, Intercloud).

Hosting a cloud: There are three layers in cloud computing. Companies use these layers based on the service
they provide.
● Infrastructure
● Platform
● Application

Differences between Cloud Servers and Dedicated Servers:

Cloud Servers Dedicated Servers

Cloud servers are profoundly adaptable, We can’t change the configuration in a

Scalability as per our need, can transform anything, dedicated server since we have dedicated
for example, assets and space. equipment being used.

Cloud services are cost-effective as we

In dedicated servers, we require expert
pay just for the assets and resources we
knowledge and high-level resources to
Cost Factor are utilizing and do not require any
manage the server, thus, making it more
special knowledge on the server to
costly.
manage the server.

Cloud server additionally gives security,

however, a no holds barred examination
To assault a dedicated server could be an
with the dedicated server, its loss. It
extreme call for a hacker since it’s
Security doesn’t imply that anybody can attack the
exceptionally difficult to breach the
cloud server, cloud servers are
security of this server.
exceptionally secure as well yet not
excessively much as devoted.

In the cloud, numerous servers hold the

webpage instances, so regardless of
whether a server crumples or gets down,
Reliable the instance of your web page is taken
care of by another server. These multiple
servers make cloud computing
increasingly dependable.
In a dedicated server, we deal with a
solitary server, so if there is some failure in
the system, it can crumple the entire server
and data as well, which can bring down the
server.

For a devoted server, we pay more as

Incorporation The cloud provides with different utilities compared to the cloud server if we want to
of Tools within less expense. incorporate the server with some
utility-based tool.
BTCOE702 CLOUD COMPUTING

Cloud Servers Dedicated Servers

Cloud doesn’t provide much control to its The customer can customize the server
Customization customer, so a cloud user cannot according to the need as the customer has
customize the server. full authority over his server.

The dedicated servers process the data

Cloud servers must experience the SAN
locally, they do not encounter a slack while
to ingress data, which takes the procedure
performing various functions like retrieval
through the back end of the infrastructure.
of data, which makes the process faster.
Performance The solicitation should likewise route
This execution speed is particularly
through the hypervisor. This additional
significant in industries where each 1/10th
preparation adds a certain level of latency
of a second count, for example, web-based
that cannot be reduced.
business.

In cloud server migration both the old and

A dedicated server requires more planning
new solutions can simultaneously run
while migration as the client has to be
until the new server is totally prepared to
conscious of both the future and current
Migration dominate. It keeps up the more
development of the enterprise, which
established servers as a reinforcement and
eventually requires a full-scale intend to be
tests out the new solutions sufficiently to
created and implemented.
support a hassle-free migration.

Cloud server, scalability is accomplished The dedicated server requires appropriate

with less impact on operations and it is
increasingly available to regulate. The
Management
cloud servers require planning to work
around to reduce the limitations that
could possibly incur.
intending to appraise server requirements.
Scaling, upgrade, and maintenance is all
firmly sewn necessities to downplay the
server downtime and requires cautious
building.

Consider the below examples:

1. Amazon Web Services(AWS): One of the most successful cloud-based businesses is Amazon Web
Services(AWS), which is an Infrastructure as a Service(Iaas) offering that pays rent for virtual computers
on Amazon’s infrastructure.
2. Microsoft Azure Platform: Microsoft is creating the Azure platform which enables the .NET
Framework Application to run over the internet as an alternative platform for Microsoft developers. This
is the classic Platform as a Service(PaaS).
3. Google: Google has built a worldwide network of data centers to service its search engine. From this
service, Google has captured the world’s advertising revenue. By using that revenue, Google offers free
software to users based on infrastructure. This is called Software as a Service(SaaS).
4. IBM Cloud is a collection of cloud computing services for business provided by the IBM Corporation. It
provides infrastructure as a service, software as a service, and platform as a service.
5. Oracle Cloud is a collection of cloud services offered by Oracle Corporation, including infrastructure as
a service (IaaS), platform as a service (PaaS), and software as a service (SaaS).
6. Alibaba Cloud is the cloud computing arm of Alibaba Group, providing a comprehensive suite of global
cloud computing services to power both their international customers’ online businesses and Alibaba
Group’s own e-commerce ecosystem.
7. Tencent Cloud is a cloud service platform provided by Tencent. It provides a range of services such as
virtual machines, storage, databases, and analytics.
BTCOE702 CLOUD COMPUTING

8. Rackspace is a provider of hybrid cloud computing, founded in 1998. It provides managed hosting,
cloud hosting, and email and apps services.
9. Salesforce – A cloud-based customer relationship management (CRM) platform used for sales,
marketing, and customer service.
10. VMware Cloud – A cloud platform by VMware, offering services such as virtualization, cloud
management, and network virtualization.
11. DigitalOcean – A cloud platform focused on providing easy-to-use, scalable compute services.
12. Red Hat OpenShift – A cloud platform by Red Hat, offering container-based application development
and management.
13. Cisco Cloud – A cloud platform by Cisco, offering a range of services including networking, security,
and application development.
14. HP Helion – A cloud platform by HP, offering services such as compute, storage, and networking.
15. SAP Cloud Platform – A cloud platform by SAP, offering services such as analytics, application
development, and integration.
16. Fujitsu Cloud – A cloud platform by Fujitsu, offering services such as compute, storage, and
networking.
17. OVHcloud – A cloud platform offering a range of services including compute, storage, and networking.
18. CenturyLink Cloud – A cloud platform offering a range of services including compute, storage, and
networking.
19. Joyent – A cloud platform offering services such as compute, storage, and container-based application
development.
20. NTT Communications Cloud – A cloud platform offering services such as compute, storage, and
networking.

What is a Cloud Deployment Model?

Cloud Deployment Model functions as a virtual computing environment with a deployment architecture that
varies depending on the amount of data you want to store and who has access to the infrastructure.
Types of Cloud Computing Deployment Models
The cloud deployment model identifies the specific type of cloud environment based on ownership, scale,
and access, as well as the cloud’s nature and purpose. The location of the servers you’re utilizing and who
controls them are defined by a cloud deployment model. It specifies how your cloud infrastructure will look,
what you can change, and whether you will be given services or will have to create everything yourself.
Relationships between the infrastructure and your users are also defined by cloud deployment
types. Different types of cloud computing deployment models are described below.

● Public Cloud
● Private Cloud
● Hybrid Cloud
● Community Cloud
● Multi-Cloud
BTCOE702 CLOUD COMPUTING

Public Cloud
The public cloud makes it possible for anybody to access systems and services. The public cloud may be less
secure as it is open to everyone. The public cloud is one in which cloud infrastructure services are provided
over the internet to the general people or major industry groups. The infrastructure in this cloud model is
owned by the entity that delivers the cloud services, not by the consumer. It is a type of cloud hosting that
allows customers and users to easily access systems and services. This form of cloud computing is an
excellent example of cloud hosting, in which service providers supply services to a variety of customers. In
this arrangement, storage backup and retrieval services are given for free, as a subscription, or on a per-user
basis. For example, Google App Engine etc.

Public Cloud

Advantages of the Public Cloud Model

● Minimal Investment: Because it is a pay-per-use service, there is no substantial upfront fee, making it
excellent for enterprises that require immediate access to resources.
● No setup cost: The entire infrastructure is fully subsidized by the cloud service providers, thus there is no
need to set up any hardware.
● Infrastructure Management is not required: Using the public cloud does not necessitate infrastructure
management.
● No maintenance: The maintenance work is done by the service provider (not users).
● Dynamic Scalability: To fulfill your company’s needs, on-demand resources are accessible.
Disadvantages of the Public Cloud Model
● Less secure: Public cloud is less secure as resources are public so there is no guarantee of high-level
security.
● Low customization: It is accessed by many public so it can’t be customized according to personal
requirements.
Private Cloud
The private cloud deployment model is the exact opposite of the public cloud deployment model. It’s a
one-on-one environment for a single user (customer). There is no need to share your hardware with anyone
else. The distinction between private and public clouds is in how you handle all of the hardware. It is also
called the “internal cloud” & it refers to the ability to access systems and services within a given border or
organization. The cloud platform is implemented in a cloud-based secure environment that is protected by
BTCOE702 CLOUD COMPUTING

powerful firewalls and under the supervision of an organization’s IT department. The private cloud gives
greater flexibility of control over cloud resources.

Private Cloud

Advantages of the Private Cloud Model

● Better Control: You are the sole owner of the property. You gain complete command over service
integration, IT operations, policies, and user behavior.
● Data Security and Privacy: It’s suitable for storing corporate information to which only authorized staff
have access. By segmenting resources within the same infrastructure, improved access and security can
be achieved.
● Supports Legacy Systems: This approach is designed to work with legacy systems that are unable to
access the public cloud.
● Customization: Unlike a public cloud deployment, a private cloud allows a company to tailor its
solution to meet its specific needs.
Disadvantages of the Private Cloud Model
● Less scalable: Private clouds are scaled within a certain range as there is less number of clients.
● Costly: Private clouds are more costly as they provide personalized facilities.
Hybrid Cloud
By bridging the public and private worlds with a layer of proprietary software, hybrid cloud computing gives
the best of both worlds. With a hybrid solution, you may host the app in a safe environment while taking
advantage of the public cloud’s cost savings. Organizations can move data and applications between different
clouds using a combination of two or more cloud deployment methods, depending on their needs.
BTCOE702 CLOUD COMPUTING

Hybrid Cloud

Advantages of the Hybrid Cloud Model

● Flexibility and control: Businesses with more flexibility can design personalized solutions that meet
their particular needs.
● Cost: Because public clouds provide scalability, you’ll only be responsible for paying for the extra
capacity if you require it.
● Security: Because data is properly separated, the chances of data theft by attackers are considerably
reduced.
Disadvantages of the Hybrid Cloud Model
● Difficult to manage: Hybrid clouds are difficult to manage as it is a combination of both public and
private cloud. So, it is complex.
● Slow data transmission: Data transmission in the hybrid cloud takes place through the public cloud so
latency occurs.
Community Cloud
It allows systems and services to be accessible by a group of organizations. It is a distributed system that is
created by integrating the services of different clouds to address the specific needs of a community, industry,
or business. The infrastructure of the community could be shared between the organization which has shared
concerns or tasks. It is generally managed by a third party or by the combination of one or more
organizations in the community.
BTCOE702 CLOUD COMPUTING

Community Cloud

Advantages of the Community Cloud Model

● Cost Effective: It is cost-effective because the cloud is shared by multiple organizations or communities.
● Security: Community cloud provides better security.
● Shared resources: It allows you to share resources, infrastructure, etc. with multiple organizations.
● Collaboration and data sharing: It is suitable for both collaboration and data sharing.
Disadvantages of the Community Cloud Model
● Limited Scalability: Community cloud is relatively less scalable as many organizations share the same
resources according to their collaborative interests.
● Rigid in customization: As the data and resources are shared among different organizations according to
their mutual interests if an organization wants some changes according to their needs they cannot do so
because it will have an impact on other organizations.
Multi-Cloud
We’re talking about employing multiple cloud providers at the same time under this paradigm, as the name
implies. It’s similar to the hybrid cloud deployment approach, which combines public and private cloud
resources. Instead of merging private and public clouds, multi-cloud uses many public clouds. Although
public cloud providers provide numerous tools to improve the reliability of their services, mishaps still occur.
It’s quite rare that two distinct clouds would have an incident at the same moment. As a result, multi-cloud
deployment improves the high availability of your services even more.

Advantages of the Multi-Cloud Model

● You can mix and match the best features of each cloud provider’s services to suit the demands of your
apps, workloads, and business by choosing different cloud providers.
● Reduced Latency: To reduce latency and improve user experience, you can choose cloud regions and
zones that are close to your clients.
● High availability of service: It’s quite rare that two distinct clouds would have an incident at the same
moment. So, the multi-cloud deployment improves the high availability of your services.
Disadvantages of the Multi-Cloud Model
● Complex: The combination of many clouds makes the system complex and bottlenecks may occur.
● Security issue: Due to the complex structure, there may be loopholes to which a hacker can take
advantage hence, makes the data insecure.
BTCOE702 CLOUD COMPUTING

Types of Cloud Computing

Most cloud computing services fall into five broad categories:
1. Software as a service (SaaS)
2. Platform as a service (PaaS)
3. Infrastructure as a service (IaaS)
4. Anything/Everything as a service (XaaS)
5. Function as a Service (FaaS)
These are sometimes called the cloud computing stack because they are built on top of one another.
Knowing what they are and how they are different, makes it easier to accomplish your goals. These
abstraction layers can also be viewed as a layered architecture where services of a higher layer can be
composed of services of the underlying layer i.e, SaaS can provide Infrastructure.

Software as a Service(SaaS)

Software-as-a-Service (SaaS) is a way of delivering services and applications over the Internet. Instead of
installing and maintaining software, we simply access it via the Internet, freeing ourselves from the complex
software and hardware management. It removes the need to install and run applications on our own
BTCOE702 CLOUD COMPUTING

computers or in the data centers eliminating the expenses of hardware as well as software maintenance.
SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service
provider. Most SaaS applications can be run directly from a web browser without any downloads or
installations required. The SaaS applications are sometimes called Web-based software, on-demand
software, or hosted software.

Advantages of SaaS
1. Cost-Effective: Pay only for what you use.
2. Reduced time: Users can run most SaaS apps directly from their web browser without needing to
download and install any software. This reduces the time spent in installation and configuration and can
reduce the issues that can get in the way of the software deployment.
3. Accessibility: We can Access app data from anywhere.
4. Automatic updates: Rather than purchasing new software, customers rely on a SaaS provider to
automatically perform the updates.
5. Scalability: It allows the users to access the services and features on-demand.
The various companies providing Software as a service are Cloud9 Analytics, Salesforce.com, Cloud Switch,
Microsoft Office 365, Big Commerce, Eloqua, dropBox, and Cloud Tran.
Disadvantages of Saas :
1. Limited customization: SaaS solutions are typically not as customizable as on-premises software,
meaning that users may have to work within the constraints of the SaaS provider’s platform and may not
be able to tailor the software to their specific needs.
2. Dependence on internet connectivity: SaaS solutions are typically cloud-based, which means that they
require a stable internet connection to function properly. This can be problematic for users in areas with
poor connectivity or for those who need to access the software in offline environments.
3. Security concerns: SaaS providers are responsible for maintaining the security of the data stored on their
servers, but there is still a risk of data breaches or other security incidents.
4. Limited control over data: SaaS providers may have access to a user’s data, which can be a concern for
organizations that need to maintain strict control over their data for regulatory or other reasons.

Platform as a Service

PaaS is a category of cloud computing that provides a platform and environment to allow developers to build
applications and services over the internet. PaaS services are hosted in the cloud and accessed by users
simply via their web browser.
A PaaS provider hosts the hardware and software on its own infrastructure. As a result, PaaS frees users from
having to install in-house hardware and software to develop or run a new application. Thus, the development
and deployment of the application take place independent of the hardware.
The consumer does not manage or control the underlying cloud infrastructure including network, servers,
operating systems, or storage, but has control over the deployed applications and possibly configuration
settings for the application-hosting environment. To make it simple, take the example of an annual day
function, you will have two options either to create a venue or to rent a venue but the function is the same.

Advantages of PaaS:
1. Simple and convenient for users: It provides much of the infrastructure and other IT services, which
users can access anywhere via a web browser.
2. Cost-Effective: It charges for the services provided on a per-use basis thus eliminating the expenses one
may have for on-premises hardware and software.
3. Efficiently managing the lifecycle: It is designed to support the complete web application lifecycle:
building, testing, deploying, managing, and updating.
4. Efficiency: It allows for higher-level programming with reduced complexity thus, the overall
development of the application can be more effective.
BTCOE702 CLOUD COMPUTING

The various companies providing Platform as a service are Amazon Web services Elastic Beanstalk,
Salesforce, Windows Azure, Google App Engine, cloud Bees and IBM smart cloud.
Disadvantages of Paas:
1. Limited control over infrastructure: PaaS providers typically manage the underlying infrastructure and
take care of maintenance and updates, but this can also mean that users have less control over the
environment and may not be able to make certain customizations.
2. Dependence on the provider: Users are dependent on the PaaS provider for the availability, scalability,
and reliability of the platform, which can be a risk if the provider experiences outages or other issues.
3. Limited flexibility: PaaS solutions may not be able to accommodate certain types of workloads or
applications, which can limit the value of the solution for certain organizations.

Infrastructure as a Service

Infrastructure as a service (IaaS) is a service model that delivers computer infrastructure on an outsourced
basis to support various operations. Typically IaaS is a service where infrastructure is provided as
outsourcing to enterprises such as networking equipment, devices, database, and web servers.
It is also known as Hardware as a Service (HaaS). IaaS customers pay on a per-user basis, typically by the
hour, week, or month. Some providers also charge customers based on the amount of virtual machine space
they use.
It simply provides the underlying operating systems, security, networking, and servers for developing such
applications, and services, and deploying development tools, databases, etc.
Advantages of IaaS:
1. Cost-Effective: Eliminates capital expense and reduces ongoing cost and IaaS customers pay on a
per-user basis, typically by the hour, week, or month.
2. Website hosting: Running websites using IaaS can be less expensive than traditional web hosting.
3. Security: The IaaS Cloud Provider may provide better security than your existing software.
4. Maintenance: There is no need to manage the underlying data center or the introduction of new releases
of the development or underlying software. This is all handled by the IaaS Cloud Provider.
The various companies providing Infrastructure as a service are Amazon web services, Bluestack, IBM,
Openstack, Rackspace, and Vmware.
Disadvantages of laaS :
1. Limited control over infrastructure: IaaS providers typically manage the underlying infrastructure and
take care of maintenance and updates, but this can also mean that users have less control over the
environment and may not be able to make certain customizations.
2. Security concerns: Users are responsible for securing their own data and applications, which can be a
significant undertaking.
3. Limited access: Cloud computing may not be accessible in certain regions and countries due to legal
policies.

Anything as a Service

It is also known as Everything as a Service. Most of the cloud service providers nowadays offer anything as a
service that is a compilation of all of the above services including some additional services.
Advantages of XaaS:
1. Scalability: XaaS solutions can be easily scaled up or down to meet the changing needs of an
organization.
2. Flexibility: XaaS solutions can be used to provide a wide range of services, such as storage, databases,
networking, and software, which can be customized to meet the specific needs of an organization.
3. Cost-effectiveness: XaaS solutions can be more cost-effective than traditional on-premises solutions, as
organizations only pay for the services.
Disadvantages of XaaS:
BTCOE702 CLOUD COMPUTING

1. Dependence on the provider: Users are dependent on the XaaS provider for the availability, scalability,
and reliability of the service, which can be a risk if the provider experiences outages or other issues.
2. Limited flexibility: XaaS solutions may not be able to accommodate certain types of workloads or
applications, which can limit the value of the solution for certain organizations.
3. Limited integration: XaaS solutions may not be able to integrate with existing systems and data sources,
which can limit the value of the solution for certain organizations.
Function as a Service :
FaaS is a type of cloud computing service. It provides a platform for its users or customers to develop,
compute, run and deploy the code or entire application as functions. It allows the user to entirely develop the
code and update it at any time without worrying about the maintenance of the underlying infrastructure. The
developed code can be executed with response to the specific event. It is also as same as PaaS.
FaaS is an event-driven execution model. It is implemented in the serverless container. When the application
is developed completely, the user will now trigger the event to execute the code. Now, the triggered event
makes response and activates the servers to execute it. The servers are nothing but the Linux servers or any
other servers which is managed by the vendor completely. Customer does not have clue about any servers
which is why they do not need to maintain the server hence it is serverless architecture.
Both PaaS and FaaS are providing the same functionality but there is still some differentiation in terms of
Scalability and Cost.
FaaS, provides auto-scaling up and scaling down depending upon the demand. PaaS also provides scalability
but here users have to configure the scaling parameter depending upon the demand.
In FaaS, users only have to pay for the number of execution time happened. In PaaS, users have to pay for
the amount based on pay-as-you-go price regardless of how much or less they use.
Advantages of FaaS :
● Highly Scalable: Auto scaling is done by the provider depending upon the demand.
● Cost-Effective: Pay only for the number of events executed.
● Code Simplification: FaaS allows the users to upload the entire application all at once. It allows you to
write code for independent functions or similar to those functions.
● Maintenance of code is enough and no need to worry about the servers.
● Functions can be written in any programming language.
● Less control over the system.
The various companies providing Function as a Service are Amazon Web Services – Firecracker, Google –
Kubernetes, Oracle – Fn, Apache OpenWhisk – IBM, OpenFaaS,
Disadvantages of FaaS :
1. Cold start latency: Since FaaS functions are event-triggered, the first request to a new function may
experience increased latency as the function container is created and initialized.
2. Limited control over infrastructure: FaaS providers typically manage the underlying infrastructure and
take care of maintenance and updates, but this can also mean that users have less control over the
environment and may not be able to make certain customizations.
3. Security concerns: Users are responsible for securing their own data and applications, which can be a
significant undertaking.
4. Limited scalability: FaaS functions may not be able to handle high traffic or large number of requests.

1. IAAS: Infrastructure As A Service (IAAS) is means of delivering computing infrastructure as on-demand

services. It is one of the three fundamental cloud service models. The user purchases servers, software data
center space, or network equipment and rent those resources through a fully outsourced, on-demand service
model. It allows dynamic scaling and the resources are distributed as a service. It generally includes
multiple-user on a single piece of hardware.
It totally depends upon the customer to choose its resources wisely and as per need. Also, it provides billing
management too.
BTCOE702 CLOUD COMPUTING

2. PAAS: Platform As A Service (PAAS) is a cloud delivery model for applications composed of services
managed by a third party. It provides elastic scaling of your application which allows developers to build
applications and services over the internet and the deployment models include public, private and hybrid.
Basically, it is a service where a third-party provider provides both software and hardware tools to the cloud
computing. The tools which are provided are used by developers. PAAS is also known as Application PAAS.
It helps us to organize and maintain useful applications and services. It has a well-equipped management
system and is less expensive compared to IAAS.
3. SAAS: Software As A Service (SAAS) allows users to run existing online applications and it is a model
software that is deployed as a hosting service and is accessed over Output Rephrased/Re-written Text the
internet or software delivery model during which software and its associated data are hosted centrally and
accessed using their client, usually an online browser over the web. SAAS services are used for the
development and deployment of modern applications.
It allows software and its functions to be accessed from anywhere with good internet connection device and a
browser. An application is hosted centrally and also provides access to multiple users across various
locations via the internet.
Difference between IAAS, PAAS and SAAS :
Basis Of IAAS PAAS SAAS

Infrastructure as a
Platform as a service. Software as a service.
Stands for service.

IAAS is used by network PAAS is used by SAAS is used by the end

Uses architects. developers. user.

PAAS gives access to run

IAAS gives access to the
resources like virtual
machines and virtual
storage.
Access
time environment to
SAAS gives access to the
deployment and
end user.
development tools for
application.

It is a service model that
provides virtualized
computing resources over
the internet.
Model
It is a cloud computing
It is a service model in
model that delivers tools
cloud computing that hosts
that are used for the
software to make it
development of
available to clients.
applications.

There is no requirement
It requires technical Some knowledge is about technicalities
Technical knowledge. required for the basic setup. company handles
understanding. everything.

It is popular among It is popular among

It is popular among
developers who focus on consumers and companies,
developers and
the development of apps such as file sharing, email,
researchers.
Popularity and scripts. and networking.

Percentage rise It has around a 12% It has around 32% It has about a 27 % rise in
BTCOE702 CLOUD COMPUTING

Basis Of IAAS PAAS SAAS

increment. increment. the cloud computing model.

Used by the skilled Used by mid-level

Used among the users of
developer to develop developers to build
entertainment.
Usage unique applications. applications.

Amazon Web Services, Facebook, and Google MS Office web, Facebook

Cloud services. sun, vCloud Express. search engine. and Google Apps.

Enterprise AWS virtual private

Microsoft Azure. IBM cloud analysis.
services. cloud.

Outsourced
Salesforce Force.com, Gigaspaces. AWS, Terremark
cloud services.

Operating System,
Runtime, Middleware, Data of the application Nothing
User Controls and Application data

It is highly scalable to suit It is highly scalable to suit

It is highly scalable and
the different businesses the small, mid and
flexible.
Others according to resources. enterprise level business

Advantages of IaaS
● The resources can be deployed by the provider to a customer’s environment at any given time.
● Its ability to offer the users to scale the business based on their requirements.
● The provider has various options when deploying resources including virtual machines, applications,
storage, and networks.
● It has the potential to handle an immense number of users.
● It is easy to expand and saves a lot of money. Companies can afford the huge costs associated with the
implementation of advanced technologies.
● Cloud provides the architecture.
● Enhanced scalability and quite flexible.
● Dynamic workloads are supported.
Disadvantages of IaaS
● Security issues are there.
● Service and Network delays are quite a issue in IaaS.
Advantages of PaaS –
● Programmers need not worry about what specific database or language the application has been
programmed in.
● It offers developers the to build applications without the overhead of the underlying operating system or
infrastructure.
● Provides the freedom to developers to focus on the application’s design while the platform takes care of
the language and the database.
● It is flexible and portable.
● It is quite affordable.
● It manages application development phases in the cloud very efficiently.
BTCOE702 CLOUD COMPUTING

Disadvantages of PaaS
● Data is not secure and is at big risk.
● As data is stored both in local storage and cloud, there are high chances of data mismatch while
integrating the data.
Advantages of SaaS
● It is a cloud computing service category providing a wide range of hosted capabilities and services. These
can be used to build and deploy web-based software applications.
● It provides a lower cost of ownership than on-premises software. The reason is it does not require the
purchase or installation of hardware or licenses.
● It can be easily accessed through a browser along a thin client.
● No cost is required for initial setup.
● Low maintenance costs.
● Installation time is less, so time is managed properly.
Disadvantages of SaaS
● Low performance.
● It has limited customization options.
● It has security and data concerns.

Cloud cost model

Introduction to Cloud Cost Models

The cloud cost models are dynamic. The demand drives the value-based model, and supply drives the
cost-based model.

This will discuss cloud cost models such as consumption-based, retail-based, expenditure-based,
advertising-based, market-based, online-based models, etc. We will also discuss various cloud cost
components and several strategies for cloud cost management.

Cloud Cost Models

Cloud cost models are dynamic given the erratic nature of supply and demand. These are auction-based,
time-based, or cost-based, depending on various factors. There are three cloud pricing strategies:
 BTCOE702 CLOUD COMPUTING

value-based, fact-based, and market-based. Value-based costs are driven by demand, cost-based costs are
driven by supply, and an equilibrium of supply and demand drives the market-based cloud model.

In cloud cost models, demand drives the value-based model, and supply drives the cost-based model;
however, the market-based cloud model is driven by a balance of both market interests. Many individuals are
unaware of the numerous unique pricing structures available for cloud computing. It is essential to
comprehend these models so that you may select one and determine how you will be charged under each one.

Cloud Cost Components

The three primary factors listed below decide how much cloud computing services cost:

● Compute: Most cloud service providers offer various compute instance types, each with a different set of
CPU and memory capabilities and, occasionally, specialized hardware like fast networking or graphics
acceleration. The customer pays depending on how many, what kind, and how long each instance is used.
● Networking: Most cloud services charge clients based on the amount of data transported into, out of, or
both into the cloud service. There can be additional fees for virtualized network services such as static IP
addresses, load balancers, and gateways.
● Storage: Storage as a service is provided by cloud providers. Customers that use elastic storage services
pay per GB-month of actual storage used. Customers pay for a complete storage volume for managed
storage services, such as managed discs attached to compute instances, regardless of how much storage is
used up on the volume.

Cloud Costs v/s Traditional Infrastructure

The three major types of expenses that are usually involved in establishing and sustaining on-premises
infrastructure are:

● Capital Cost: Includes Server software, hardware, and licensing, as well as storage environments,
network infrastructure, and backup systems
● Operational Cost: support for server and network infrastructure, storage warranties, data center
amenities, current system administration personnel costs, and IT employee training and turnover are all
included.
● Indirect Business Cost: Includes planned and unplanned downtime.

List of Models

Consumption-Based Pricing Model

You only pay for the services you utilize in this arrangement, which is typical of Infrastructure as a Service.
In these models, you merely make up for the number of resources you use, such as storage space, CPU time,
and network traffic.

Performance Based Pricing Model

It is a strategy in which the dealer is paid following the execution of a cloud service or model. It is connected
to the customer’s business outcome, determined by precise execution measurements. Applications of the
current approach include telecom services like mobile apps, multi-party video chats, and satellite
connectivity.

Subscription-Based Pricing Model

BTCOE702 CLOUD COMPUTING

It is a strategy in which the dealer is paid for the actual execution of a cloud service or model. It is connected
to the customer’s business outcome, determined by precise execution measurements. Applications of the
current approach include telecom services like mobile apps, multi-party video chats, and satellite
connectivity.

Auction and Online-Based Pricing Model

The model decides on the price. Asuncion Monahan claims that an auction is a market tool that operates
under specified norms to determine who will receive at least one thing and at what cost. Without forward and
backward handling steps, it is transparent and generally faster.

Advertising Based Pricing Model

In a pricing structure based on advertising, the service is free or inexpensive but still includes advertising. As
a result, the customer receives service at a significant discount or for free, and the provider receives the
majority of their revenue from ads.

Market-Based Pricing Model

According to an hour of CPU time, there is a market price for a service in this model. Over time, the market
price changes depending on supply and demand. You can start using it right now and pay the current price to
use the service. Alternately, you can offer to use the service for less money; if the market price equals your
offer price, your assignment will be carried out, and you will be paid that amount.

Customer Value-Based Pricing Model

It establishes a cost for a consumer from an emotional standpoint while concentrating on the client’s value
delivery. This model can be divided into four categories: hedonic, psychological, feature-based, and
perceived-based models. These models’ creation is influenced by sociology, psychology, psychology, and
economics.

Retail Based Pricing Model

It depends on a select group of customers who make purchases in physical stores or other retail sites. The
business-to-consumer model is affected. Discriminatory, promotional, product mixing and discount &
allowances pricing are its four subcategories of the cost model.

Expenditure-Based Pricing Model

Utilizing the application for a central component as a unit of charge, a cost is decided upon. Cost models
come in three different flavors: percentage, goal return, and cost-plus model.

Cloud Cost Management Strategies

Businesses can maximize their return on investment in cloud technology, improve productivity, and
understand and centrally control the costs related to cloud technology through cloud cost management (also
known as cloud cost optimization).

Let us look at the strategies below to improve cloud cost management:

BTCOE702 CLOUD COMPUTING

Budget Control: Budgets for cloud services must be established by businesses, and teams must be made
aware of them and prevented from going over the allocated amount for a given project.

Right Sizing: Another strategy is making sure that compute instances, storage volumes, and other services
are provisioned at the level that the company truly needs. It frequently happens that cloud resources are
deployed but not completely used.

AutoScaling: According to application demand, dynamically scale resources up and down to ensure you
only pay for additional cloud resources during peak usage.

Scheduling: Numerous cloud services can be scheduled to shut down when not in use because they are not
always required. Services used by a team situated in the US, for instance, might be suspended outside of US
business hours.

Detecting Unused resources: It is simple to build and then forget resources such as compute instances,
storage volumes, load balancers, snapshots, and many others. To cut expenses, businesses need to be able to
search their cloud deployment for idle resources and delete them.

Smartly applying discounts: Spot instances and other discounted pricing models can drastically reduce
cloud expenses, but they must be handled properly. You may determine which of your applications and
workloads is best suited for discounted price models by using tools like Cloud Analyzer from Spot by
NetApp.

works. We have also discussed various cloud cost components and several strategies for cloud cost
management.

What is a Cloud Computing Stack?

Cloud computing can be described as a stack that is formed by layers, similar to a cake. Those layers will be
built using cloud computing services, servers, and components, which can leverage several different clouds
forming a single application stack. The network stability and scalability of the stack will determine its
resilience and high availability.
BTCOE702 CLOUD COMPUTING

Let’s get more familiar with the types of cloud stack components and concepts that are common in the cloud
world.

Software as a Service

Software as a Service is providing a piece of technology (usually a software) that can be consumed as a
service — for example, GitHub source control. You could choose to host and manage Git source control
on-premises, or you could use GitHub's hosted source control.

One of the new variations of “Software as a Service” is “Data as a Service.”

Data as a Service

Data as a Service combines a few software services to form a data platform.

MongoDB Atlas is a data platform with different services to provide a single holistic solution for your data
requirements. This type can power the different stack layers focusing on data processing/storing and
visualization.

Platform as a Service

Platform as a Service provides several well-integrated software products/technologies to form solutions that
power application development and maintenance.

Heroku and Google App engine are examples of Platform as a Service. These host and integrate your code to
other coupled services.

Atlas App Services cloud services form a similar concept to Platform as a Service where you host your cloud
functions and application content as a service.

Infrastructure as a Service

Infrastructure as a Service is currently one of the low-level services you can expect from a cloud computing
provider. Essentially, it provides servers, network, and virtual resources to run the compute and cloud storage
power you need.
BTCOE702 CLOUD COMPUTING

An example for this type is an AWS EC2 offering, where you deploy your servers/network and security
policies managed by the AWS cloud API.

MongoDB consumes IaaS when providing you with its MongoDB Atlas clusters, for example.

To visualize the hierarchy of these types, we can view the following image:

In some cases, users will choose one of the cloud computing types for the entire application stack. However,
in other cases, they might use any of the types to form the application stack, which is common in the
microservices world.

The green squares in the diagram represent cloud services that form the application stack. The security layer
must expand across the communication and activity of all the components, validating and securing the
network to trusted parties.
BTCOE702 CLOUD COMPUTING

MongoDB Atlas and Cloud Computing Stacks

MongoDB Atlas, MongoDB’s Data as a Service, offers capabilities in all the cloud computing stack layers,
providing one holistic solution to the end user.

Atlas App Services, MongoDB’s mobile database, and Application Development Services are part of the
Atlas platform, boosting the MongoDB Cloud Stack.

Let's look at the available options.

Data Layer — MongoDB Atlas clusters and MongoDB data lakes storage

● Compute — MongoDB drivers (running from virtual hosts) and/or Atlas App Services cloud
functions, triggers, third-party services, etc.
● Benefits of Cloud Hosting:
●
BTCOE702 CLOUD COMPUTING

There are various advantages of cloud computing, and some of them are
1) Cost Savings
Suppose users are worried about the cost associated with switching to cloud computing
infrastructure. It’s not only just you. The initial expense of adopting a cloud-based solutions concerns
20% of companies. However, those who are attempting to balance the benefits and drawbacks of
using the cloud need to consider more than just the initial cost; they also need to take ROI into
account.
2) Security
When it comes to implementing a cloud based solution, many companies are concerned about
security. After all, how can you be sure that files, programs, and other data are protected if they are
not housed securely onsite? What stops a cybercriminal from doing the same thing if you can access
your data remotely? Well, actually, quite a bit.
One of the responsibilities of a cloud based solutions is to monitor security properly. This is
substantially more effective than a standard internal system. where a company must divide its
resources among a variety of IT issues, security being only one of them.
3) Rapid Deployment and High Speed
Software development’s agility and speed have changed as a result of the quick creation of new cloud
computing platforms. Developers may quickly test new concepts and create application architecture
without being constrained by on-site hardware.
4) Scalability
Distinct businesses have different IT requirements; a huge company with more than 1000 employees
won’t have the same needs as a start-up. Implementing the cloud computing platform is a fantastic
solution since it enables companies to scale up, or down their IT departments fast and efficiently.
5) Backup and Restore Data
Data storage on the cloud based solutions is not limited by available space, which is beneficial for
backup and restores operations. End-user data evolve and must be tracked for regulations or
compliance requirements. Older software versions can be saved for later stages if a rollback or
recovery is required.

What is the difference between risks, threats, and challenges?

● A risk is a potential for loss of data or a weak spot.

BTCOE702 CLOUD COMPUTING

● A threat is a type of attack or adversary.

● A challenge is an organization’s hurdles in implementing practical cloud security.

Let’s consider an example: An API endpoint hosted in the cloud and exposed to the public Internet is a risk,
the attacker who tries to access sensitive data using that API is the threat (along with any specific techniques
they could try), and your organization’s challenge is effectively protecting public APIs while keeping them
available for legitimate users or customers who need them.

4 Cloud Security Risks

You cannot completely eliminate risk; you can only manage it. Knowing common risks ahead of time will
prepare you to deal with them within your environment. What are four cloud security risks?

1. Unmanaged Attack Surface

2. Human Error
3. Misconfiguration
4. Data Breach

1. Unmanaged Attack Surface

An attack surface is your environment’s total exposure. The adoption of microservices can lead to an
explosion of publicly available workload. Every workload adds to the attack surface. Without close
management, you could expose your infrastructure in ways you don’t know until an attack occurs.
No one wants that late-night call.
Attack surface can also include subtle information leaks that lead to an attack. For example, CrowdStrike’s
team of threat hunters found an attacker using sampled DNS request data gathered over public WiFi to work
out the names of S3 buckets. CrowStrike stopped the attack before the attackers did any damage, but it’s a
great illustration of risk’s ubiquitous nature. Even strong controls on the S3 buckets weren’t enough to
completely hide their existence. As long as you use the public Internet or cloud, you’re automatically
exposing an attack surface to the world.
Your business may need it to operate, but keep an eye on it.
2. Human Error
According to Gartner, through 2025, 99% of all cloud security failures will be due to some level of human
error. Human error is a constant risk when building business applications. However, hosting resources on the
public cloud magnifies the risk.
The cloud’s ease of use means that users could be using APIs you’re not aware of without proper controls
and opening up holes in your perimeter. Manage human error by building strong controls to help people
make the right decisions.
One final rule — don’t blame people for errors. Blame the process. Build processes and guardrails to help
people do the right thing. Pointing fingers doesn’t help your business become more secure.
3. Misconfiguration
Cloud settings keep growing as providers add more services over time. Many companies are using more than
one provider.
Providers have different default configurations, with each service having its distinct implementations and
nuances. Until organizations become proficient at securing their various cloud services, adversaries will
continue to exploit misconfigurations.
4. Data Breaches
A data breach occurs when sensitive information leaves your possession without your knowledge or
permission. Data is worth more to attackers than anything else, making it the goal of most attacks. Cloud
misconfiguration and lack of runtime protection can leave it wide open for thieves to steal.
BTCOE702 CLOUD COMPUTING

The impact of data breaches depends on the type of data stolen. Thieves sell personally identifiable
information (PII) and personal health information (PHI) on the dark web to those who want to steal identities
or use the information in phishing emails.
Other sensitive information, such as internal documents or emails, could be used to damage a company’s
reputation or sabotage its stock price. No matter the reason for stealing the data, breaches continue to be an
imposing threat to companies using the cloud.
How To Manage Cloud Security Risks
Follow these tips to manage risk in the cloud:

● Perform regular risk assessments to find new risks.

● Prioritize and implement security controls to mitigate the risks you’ve identified (CrowdStrike can
help).
● Document and revisit any risks you choose to accept.

4 Cloud Security Threats

A threat is an attack against your cloud assets that tries to exploit a risk. What are four common threats
faced by cloud security?

1. Zero-Day Exploits
2. Advanced Persistent Threats
3. Insider Threats
4. Cyberattacks

1. Zero-day Exploits
Cloud is “someone else’s computer.” But as long as you’re using computers and software, even those run in
another organization’s data center, you’ll encounter the threat of zero-day exploits.
Zero-day exploits target vulnerabilities in popular software and operating systems that the vendor hasn’t
patched. They’re dangerous because even if your cloud configuration is top-notch, an attacker can exploit
zero-day vulnerabilities to gain a foothold within the environment.
2. Advanced Persistent Threats
An advanced persistent threat (APT) is a sophisticated, sustained cyberattack in which an intruder establishes
an undetected presence in a network to steal sensitive data over a prolonged time.
APTs aren’t a quick “drive-by” attack. The attacker stays within the environment, moving from workload to
workload, searching for sensitive information to steal and sell to the highest bidder. These attacks are
dangerous because they may start using a zero-day exploit and then go undetected for months.
3. Insider Threats
An insider threat is a cybersecurity threat that comes from within the organization — usually by a current or
former employee or other person who has direct access to the company network, sensitive data and
intellectual property (IP), as well as knowledge of business processes, company policies or other information
that would help carry out such an attack.
4. Cyberattacks
A cyber attack is an attempt by cybercriminals, hackers or other digital adversaries to access a computer
network or system, usually for the purpose of altering, stealing, destroying or exposing information.
Common cyberattacks performed on companies include malware, phishing, DoS and DDoS, SQL Injections,
and IoT based attacks.
BTCOE702 CLOUD COMPUTING

Figure: Challenges of Cloud Computing

1) Privacy and Data Security

Privacy and data security are the two most concerning factors to cloud computing models. Cloud storage of
user or business data is vital and private. Encryption, security hardware, and software can solve security and
privacy problems.
Identity theft, data breaches, malware infections, and other security issues on the cloud lead to a decline in
user confidence in your applications. This can lead to a heavy loss in revenue alongside stature and
reputation. In addition, dealing with cloud computing for small businesses needs sending and receiving a
massive amount of data quickly and is vulnerable to data leaks.
“A survey by Statista revealed that data loss or leakage was cited as the main challenge with cloud
computing models by 64% of poll participants in 2021. Similarly, 62% of respondents cited data privacy as
their second biggest concern”.
2) Cost Management
Without significant investments in new hardware, a company can rapidly increase its processing capacity in
the cloud. Instead, businesses can use public carriers’ pay-as-you-go strategies to get additional
processing. Most of the all-cloud providers offer a “pay-as-you-go” model. It brings down the total cost of
the resources being used. However, defining and forecasting quantities and costs can occasionally be
challenging due to cloud computing services’ on-demand and scalable nature.
3) Multi-Cloud Environments
Companies now have more options at their disposal, so they no longer depend only on one cloud provider but
on a number of them. Nearly 84% of these organizations depend on several clouds, most of which
employ hybrid cloud strategies. The infrastructure team frequently finds this to be hindering and challenging
to manage. The process frequently ends up being extremely complicated for the IT team due to the variations
among various cloud infrastructure services providers
BTCOE702 CLOUD COMPUTING

4) Performance Challenges
Performance is a crucial factor when considering cloud-based solutions. If the cloud’s performance is
subpar, users may stop using it, and businesses may suffer. For instance, the minimum amount of latency
when loading an app or website might cause a significant decrease in the number of users. This latency may
result from ineffective load balancing, which indicates that the server cannot divide incoming traffic
effectively for the optimal user experience. Fault tolerance, which refers to the ability for operations to
continue even when one or more of the components fail, also presents difficulties.
5) Portability
Application migration from one cloud provider to another should be simple, which is another challenge for
cloud computing applications. Vendor lock-in must be avoided. Vendor lock-in must be avoided. Because
each cloud provider utilizes a separate standard language for their systems, it is currently not practicable.

Service level agreements in Cloud computing

A Service Level Agreement (SLA) is the bond for performance negotiated between the cloud services
provider and the client. Earlier, in cloud computing all Service Level Agreements were negotiated between a
client and the service consumer. Nowadays, with the initiation of large utility-like cloud computing
providers, most Service Level Agreements are standardized until a client becomes a large consumer of cloud
services. Service level agreements are also defined at different levels which are mentioned below:
● Customer-based SLA
● Service-based SLA
● Multilevel SLA
Few Service Level Agreements are enforceable as contracts, but mostly are agreements or contracts which
are more along the lines of an Operating Level Agreement (OLA) and may not have the restriction of law. It
is fine to have an attorney review the documents before making a major agreement to the cloud service
provider. Service Level Agreements usually specify some parameters which are mentioned below:
1. Availability of the Service (uptime)
2. Latency or the response time
3. Service components reliability
4. Each party accountability
5. Warranties
In any case, if a cloud service provider fails to meet the stated targets of minimums then the provider has to
pay the penalty to the cloud service consumer as per the agreement. So, Service Level Agreements are like
insurance policies in which the corporation has to pay as per the agreements if any casualty occurs. Microsoft
publishes the Service Level Agreements linked with the Windows Azure Platform components, which is
demonstrative of industry practice for cloud service vendors. Each individual component has its own Service
Level Agreements. Below are two major Service Level Agreements (SLA) described:
1. Windows Azure SLA – Window Azure has different SLA’s for compute and storage. For compute, there
is a guarantee that when a client deploys two or more role instances in separate fault and upgrade
domains, client’s internet facing roles will have external connectivity minimum 99.95% of the time.
Moreover, all of the role instances of the client are monitored and there is guarantee of detection 99.9%
of the time when a role instance’s process is not runs and initiates properly.
2. SQL Azure SLA – SQL Azure clients will have connectivity between the database and internet gateway
of SQL Azure. SQL Azure will handle a “Monthly Availability” of 99.9% within a month. Monthly
Availability Proportion for a particular tenant database is the ratio of the time the database was available
to customers to the total time in a month. Time is measured in some intervals of minutes in a 30-day
monthly cycle. Availability is always remunerated for a complete month. A portion of time is marked as
unavailable if the customer’s attempts to connect to a database are denied by the SQL Azure gateway.
Service Level Agreements are based on the usage model. Frequently, cloud providers charge their
pay-as-per-use resources at a premium and deploy standards Service Level Agreements only for that purpose.
Clients can also subscribe at different levels that guarantees access to a particular amount of purchased
resources. The Service Level Agreements (SLAs) attached to a subscription many times offer various terms
BTCOE702 CLOUD COMPUTING

and conditions. If client requires access to a particular level of resources, then the client need to subscribe to
a service. A usage model may not deliver that level of access under peak load condition.

SLA Lifecycle

Steps in SLA Lifecycle

1. Discover service provider: This step involves identifying a service provider that can meet the needs of
the organization and has the capability to provide the required service. This can be done through research,
requesting proposals, or reaching out to vendors.
2. Define SLA: In this step, the service level requirements are defined and agreed upon between the service
provider and the organization. This includes defining the service level objectives, metrics, and targets that
will be used to measure the performance of the service provider.
3. Establish Agreement: After the service level requirements have been defined, an agreement is
established between the organization and the service provider outlining the terms and conditions of the
service. This agreement should include the SLA, any penalties for non-compliance, and the process for
monitoring and reporting on the service level objectives.
4. Monitor SLA violation: This step involves regularly monitoring the service level objectives to ensure
that the service provider is meeting their commitments. If any violations are identified, they should be
reported and addressed in a timely manner.
5. Terminate SLA: If the service provider is unable to meet the service level objectives, or if the
organization is not satisfied with the service provided, the SLA can be terminated. This can be done
through mutual agreement or through the enforcement of penalties for non-compliance.
6. Enforce penalties for SLA Violation: If the service provider is found to be in violation of the SLA,
penalties can be imposed as outlined in the agreement. These penalties can include financial penalties,
reduced service level objectives, or termination of the agreement.
BTCOE702 CLOUD COMPUTING

Advantages of SLA

1. Improved communication: A better framework for communication between the service provider and the
client is established through SLAs, which explicitly outline the degree of service that a customer may
anticipate. This can make sure that everyone is talking about the same things when it comes to service
expectations.
2. Increased accountability: SLAs give customers a way to hold service providers accountable if their
services fall short of the agreed-upon standard. They also hold service providers responsible for
delivering a specific level of service.
3. Better alignment with business goals: SLAs make sure that the service being given is in line with the
goals of the client by laying down the performance goals and service level requirements that the service
provider must satisfy.
4. Reduced downtime: SLAs can help to limit the effects of service disruptions by creating explicit
protocols for issue management and resolution.
5. Better cost management: By specifying the level of service that the customer can anticipate and
providing a way to track and evaluate performance, SLAs can help to limit costs. Making sure the
consumer is getting the best value for their money can be made easier by doing this.

Disadvantages of SLA

1. Complexity: SLAs can be complex to create and maintain, and may require significant resources to
implement and enforce.
2. Rigidity: SLAs can be rigid and may not be flexible enough to accommodate changing business needs or
service requirements.
3. Limited service options: SLAs can limit the service options available to the customer, as the service
provider may only be able to offer the specific services outlined in the agreement.
4. Misaligned incentives: SLAs may misalign incentives between the service provider and the customer, as
the provider may focus on meeting the agreed-upon service levels rather than on providing the best
service possible.
5. Limited liability: SLAs are not legal binding contracts and often limited the liability of the service
provider in case of service failure.

Main Cloud Security Concerns in 2023

In the Cloud Security Report, organizations were asked about their major security concerns regarding cloud
environments. Despite the fact that many organizations have decided to move sensitive data and important
applications to the cloud, concerns about how they can protect it there abound.

Data Loss/Leakage

Cloud-based environments make it easy to share the data stored within them. These environments are
accessible directly from the public Internet and include the ability to share data easily with other parties via
direct email invitations or by sharing a public link to the data.

The ease of data sharing in the cloud – while a major asset and key to collaboration in the cloud – creates
serious concerns regarding data loss or leakage. In fact, 69% of organizations point to this as their greatest
cloud security concern. Data sharing using public links or setting a cloud-based repository to public makes it
BTCOE702 CLOUD COMPUTING

accessible to anyone with knowledge of the link, and tools exist specifically for searching the Internet for
these unsecured cloud deployments.

Data Privacy/Confidentiality

Data privacy and confidentiality is a major concern for many organizations. Data protection regulations like
the EU’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accessibility Act
(HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and many more mandates the
protection of customer data and impose strict penalties for security failures. Additionally, organizations have
a large amount of internal data that is essential to maintaining competitive advantage.

Placing this data on the cloud has its advantages but also has created major security concerns for 66% of
organizations. Many organizations have adopted cloud computing but lack the knowledge to ensure that they
and their employees are using it securely. As a result, sensitive data is at risk of exposure – as demonstrated
by a massive number of cloud data breaches.

Accidental Exposure of Credentials

Phishers commonly use cloud applications and environments as a pretext in their phishing attacks. With the
growing use of cloud-based email (G-Suite, Microsoft 365, etc.) and document sharing services (Google
Drive, Dropbox, OneDrive), employees have become accustomed to receiving emails with links that might
ask them to confirm their account credentials before gaining access to a particular document or website.

This makes it easy for cybercriminals to learn an employee’s credentials for cloud services. As a result,
accidental exposure of cloud credentials is a major concern for 44% of organizations since it potentially
compromises the privacy and security of their cloud-based data and other resources.

Incident Response

Many organizations have strategies in place for responding to internal cybersecurity incidents. Since the
organization owns their entire internal network infrastructure and security personnel are on-site, it is possible
to lock down the incident. Additionally, this ownership of their infrastructure means that the company likely
has the visibility necessary to identify the scope of the incident and perform the appropriate remediation
actions.

With cloud-based infrastructure, a company only has partial visibility and ownership of their infrastructure,
making traditional processes and security tools ineffective. As a result, 44% of companies are concerned
about their ability to perform incident response effectively in the cloud.

Legal and Regulatory Compliance

Data protection regulations like PCI DSS and HIPAA require organizations to demonstrate that they limit
access to the protected information (credit card data, healthcare patient records, etc.). This could require
creating a physically or logically isolated part of the organization’s network that is only accessible to
employees with a legitimate need to access this data.

When moving data protected by these and similar regulations to the cloud, achieving and demonstrating
regulatory compliance can be more difficult. With a cloud deployment, organizations only have visibility and
control into some of the layers of their infrastructure. As a result, legal and regulatory compliance is
considered a major cloud security issue by 42% of organizations and requires specialized cloud compliance
solutions.
BTCOE702 CLOUD COMPUTING

Data Sovereignty/Residence/Control

Most cloud providers have a number of geographically distributed data centers. This helps to improve the
accessibility and performance of cloud-based resources and makes it easier for CSPs to ensure that they are
capable of maintaining service level agreements in the face of business-disrupting events such as natural
disasters, power outages, etc.

Organizations storing their data in the cloud often have no idea where their data is actually stored within a
CSP’s array of data centers. This creates major concerns around data sovereignty, residence, and control for
37% of organizations. With data protection regulations such as the GDPR limiting where EU citizens data
can be sent, the use of a cloud platform with data centers outside of the approved areas could place an
organization in a state of regulatory non-compliance. Additionally, different jurisdictions have different laws
regarding access to data for law enforcement and national security, which can impact the data privacy and
security of an organization’s customers.

Protecting the Cloud

The cloud provides a number of advantages to organizations; however, it also comes with its own security
threats and concerns. Cloud-based infrastructure is very different from an on-premises data center, and
traditional security tools and strategies are not always able to secure it effectively. For more information
about leading cloud security issues and threats, download the Cloud Security Report.