UNIT II

Cloud scenarios – Benefits: Scalability, simplicity, vendors, security. Limitations – Sensitive

information - Application development – Security concerns - privacy concern with a third
party - security level of third party - security benefits Regularity issues: Government policies

Cloud Scenarios
There are three major implementations of cloud computing .How organizations are
using cloud computing is quite different at a granular level, but the uses generally fall into
one of these three solutions.
1. Compute Clouds
Compute Clouds allow access to highly scalable, inexpensive, on-demand computing
resources that run the code that they’re given. Three examples of compute clouds are :
 Amazon’s EC2
 Google App Engine
 Berkeley Open Infrastructure for Network Computing(BOINC)

Clouds Computer is the most flexible in their offerings and can be used for various
purposes; it simply depends on the application the user wants to access.
These applications are good for any size organization, but large organizations might
be at a disadvantage because these applications don’t offer the standard management,
monitoring and governance capabilities that these organizations are used to.

1 B Naresh Lecturer in B V Raju College, Department of Computer

Science
2. Cloud Storage
One of the first cloud offerings was cloud storage and it remains a popular solution.
Cloud Storage is a big world. There are already in excess of 100 vendors offering cloud
storage. This is an ideal solution if you want to maintain files off-site.

Security and cost are the top issues in this field and vary greatly, depending on the
vendor you choose.

3. Cloud Applications
Cloud Applications differ from compute clouds in that they utilize software
applications that rely on cloud infrastructure.
Cloud applications are versions of SaaS and include such things as web applications
that are delivered to users via a browser.

Some cloud applications include

• Peer-to-peer computing (like Bit Torrent and Skype)

2 B Naresh Lecturer in B V Raju College, Department of Computer

Science
• Web applications (like MySpace or YouTube)

• SaaS (like Google Apps)

• Software plus services (like Microsoft Online Services)

********************************************************
Benefits of Cloud Computing
Scalability

One of the key benefits of using cloud computing is its scalability. Cloud computing
allows your business to easily upscale or downscale your IT requirements as when required.
For example, most cloud service providers will allow you to increase your existing
resources to accommodate increased business needs or changes. This will allow you to
support your business growth without expensive changes to your existing IT systems.
Since your costs are based on consumption, you likely wouldn’t have to pay out as
much as if you had to buy the equipment.

Simplicity
Again, not having to buy and configure new equipment allows you and your IT staff
to get right to your business. The cloud solution makes it possible to get your application
started immediately, and it costs a fraction of what it would cost to implement an on-site
solution. Simplicity means you do not need an army of administrators to build and maintain
your cloud.

3 B Naresh Lecturer in B V Raju College, Department of Computer

Science
Knowledgeable Vendors or Well informed Retailers
Typically, when new technology becomes popular, there are plenty of vendors who
pop up to offer their version of that technology. This isn’t always good, because a lot of those
Vendors tend to offer less than useful technology. By contrast, the first comers to the cloud
Computing party are actually very reputable companies.
Companies like Amazon, Google, Microsoft, IBM, and Yahoo! have been good
vendors because they have offered reliable service, plenty of capacity.
Vendors Security
There are plenty of security risks when using a cloud vendor, but reputable companies
strive to keep you safe and secure.
***************************************************************************
Limitations of Cloud computing:

When we say limitations, it does not mean cloud computing should not be used
at all, but we must be aware of the situations where cloud computing might not be
great idea to relay on.

1. Sensitive Information:

‘Sensitive Data’ is defined as personal information that relates to:

 Passwords
 Financial information such as Bank account or credit or debit card or other payment
instrument details.
 Physical, psychological and mental health condition.
 Medical records and history.
 Biometric information.

The concern (fear) of storing sensitive information on the cloud, but it can’t be
understated. Once data leaves from our hands and lands in the lap of a service provider,
we’ve lost a layer of control.

Protect Data:

It doesn’t mean that we can’t maintain our data on a cloud; we just need to be safe.
The best way is to encrypt our data before we send it to a third party. Programs like PGP
(Pretty Good Privacy) or open-source TrueCrypt can encrypt the file so that only those with a
password can access it.

4 B Naresh Lecturer in B V Raju College, Department of Computer

Science
2. Don’t go with trend:

Your development team has given you a product and that product is completely
handling your situation well, even then you are planning to move the applications to cloud
just to follow the market trend or fashion then probably time to reanalyse the situation and
don’t take the decision just for the sake of taking it. There are certainly situations where
moving to cloud is advantageous but not all.

3. Integration Issues:

There are two applications your business house/development is using, one of the
applications contains the sensitive data and other one contains non-sensitive data so you
decided to move, not move the sensitive data on cloud but moved non-sensitive data on
cloud. In this case one application is installed locally and other one is on cloud. It would
create issues with security and speed.

4. Delay in response:

As the application size grows which means the data used by the application changes
and grows everyday (for example sales/production/logs data). The response coming from the
application hosted on cloud might increase and delay especially when data is needed
spontaneously.

***************************************************************************
Security Concerns:

Security is a two-sided coin in the world of cloud computing. IDC conducted a survey
of 244 IT executives about cloud services. The following figure shows, security led the pack
of cloud concerns with 74.5%.

Privacy Concerns with a Third Party:

The first and most obvious concern is for privacy considerations.ie. if another party is
housing all your data, how do you know that is safe and secure? As a starting point, assume
that anything you put on the cloud can be accessed by anyone. There are also concerns

5 B Naresh Lecturer in B V Raju College, Department of Computer

Science
because law enforcement has been better able to get at data maintained on a cloud, more so
than they are from an organization’s servers. If providers are doing their best to secure data, it
can still be hacked and then sensitive information is at the mercy of whoever broke in.

IDC’s findings show that security concerns are the number one issue facing cloud computing.

The best plan of attack is do not perform mission-critical work or work that is highly
sensitive on a cloud platform without extensive security controls managed by your
organization.

Hackers:

There are a lot of hackers can hack your data. It ranges from selling your proprietary
information to your competition to secretly encoding your storage until you pay them or they
may just delete everything to damage your business and justify the action based on their
ethical views. Your data become more prone to them as your data is saved on cloud which is
third party.

Denial of services:

In a commonly recognized worst case scenario attackers use multiple internet

connected devices each of which is running one or more than one bots to perform distributed
denial of service (DDOS) attacks.

We have to get the hackers to stop attacking your network.

A Tokyo firm had to pay 2.5 million yen after the network was brought to a halt
botnet attacks. Because the attack was so discrete, police was unable to track down the
attackers. In the world of cloud computing this is clearly a huge concern.

6 B Naresh Lecturer in B V Raju College, Department of Computer

Science
Security Benefits:

We are not trying to imply that our data is unsecure on the cloud. Service providers do
make an effort to ensure security of data. Otherwise business will dry up. Some of the
security benefits of cloud services are as follows.

1. Centralized Data: We’ve talked about the vision of data loss by being in one place.
However, there are some good security traits that come with centralizing data. Just in
practice, make your system more inherently secure.

2. Reduced Data Loss: By maintaining data on the cloud, ensuring strong access control, and
limiting employee downloading to only what they need to perform a task, cloud computing
can limit the amount of information that could potentially be lost.

3. Monitoring: If the data is maintained on a cloud, it is easier to monitor security than have
to worry about the security of numerous servers and clients.

4. Instant Swap over: If the data is compromised, while you are conducting investigation to
find the culprits (law breakers), you can instantly move the data to another machine.

5. Logging: In the cloud, logging is improved. Logging is usually thought of late in the game,
and issues develop with storage space. On a cloud, don’t need to guess how much storage
will need and will likely maintain logs from the get-go, if for no other reason than to check
your usage.

6. Secure Builds: When you develop your own network, you had to buy third-party security
software to get the level of protection you want. With a cloud solution, those tools can be
bundled in and available to you and develop your system with whatever level of security you
desire.

7. Improved Software Security: Vendors are likely to develop more efficient security
software. Since you’re charged for you CPU cycles. As such, the vendor doesn’t want to lose
your business and is going to be more inclined to develop more efficient security software.

8. Security Testing: SaaS providers don’t bill you for all of the security testing they do. It’s
shared among the cloud users. The end result is that because you are in pool with others, you
got realize lower costs for security testing.

Regulatory Issues:

Laws or regulations typically specify who within an enterprise should be held

responsible and accountable for data accuracy and security. If you are collecting and holding
data, then you must have a security position designated to ensure compliance.

In the case of cloud computing, however, regulation might be exactly what we need.

1. No Existing Regulation: Currently there is no existing regulation, but there should

be. In sept 2008, the United States government took control of Washington Mutual. It

7 B Naresh Lecturer in B V Raju College, Department of Computer

Science
 was the greatest bank failure in American history to date. Look at company like
Google, for instance.
While comparing cloud service providers to banks might seem like an apples-
to-oranges comparison, it underscores the need for regulation. While banks deal in
money, and cloud service providers deal in data, both are of immense value to
consumers and organizations alike. The fact that there was some regulation in place
prevented a run on the bank.

2. Government to the Rescue: Is it the government’s place to regulate cloud

computing?

There are two schools of thought on the issue.

First, if government can figure out a way to safeguard data-either from loss or left-any
company facing such a loss would applaud the regulation.

On the other hand, there are those who think the government should stay out of it and
let competition and market forces guide cloud computing.

There are some of the other cloud computing concerns that were reported:

 Eight percent said they’d be very concerned if a vendor used their photos and other
information in marketing campaigns.
 Sixty-eight percent said they’d be very concerned if the vendor used their personal
information to send them personalized ads.
 Sixty-three percent said they’d be very concerned if service providers kept their data
after the user deleted it.

There are also questions about whether government agencies will store their data on
the cloud. Procurement regulations will have to change for government agencies to be keen
on jumping on the cloud.

GSA (General Services Administration) is working with a vendor to develop an

application that will calculate how much energy government agencies consume.

8 B Naresh Lecturer in B V Raju College, Department of Computer

Science