Course Paper: Cloud Computing
Rian Booyer
CISS 445 – Programming Languages
COURSE PAPER: CLOUD COMPUTING
In this paper I will be discussing cloud computing, more specifically several aspects of it; what it is with a basic definition, types of cloud computing, specific service types that are in relation to cloud computing, discussing a few of the most common providers and finally some mentions of security in cloud computing.
What is Cloud Computing?
What is cloud computing? Well according to Eric Knorr of Infoworld.com cloud computing consists of two parts the first part deals with how a company or organization can contract out to a provider who provides computing time for workloads of data and the processing of this data is performed over the internet. Secondly Eric states that the Cloud Service Provider provides these resources on demand for companies and organizations that can be scaled to meet the specific needs of those organizations or corporations on an as needed basis. The Cloud Service Provider (CSP) does this through a very advanced provisioning of their own infrastructure through offering different types of service levels that can either be rented out, provided on a subscription base, or paid on a per resource value scale (Knorr, 2018).
In one way you can think about why a company would want to do this but, in a way, this helps companies, especially smaller companies on different levels. The company or organization may not have the technical expertise to develop their own systems for example or may not have enough of a budget to implement the complicated infrastructure such as servers, network, and personnel needed to run the system the company needs to put in place just to make money. Some providers of cloud computing services also specialize in one way or another to provide specific types of services to their customers from basic server infrastructure to complete software package solutions.
Types of Cloud Computing Deployment
There are three main ways to deploy cloud computing: Public, Private, and Hybrid type systems. Each type has its own merit for use and reasons behind the choice of a system. When a company is considering a choice between the different types they need to think long and hard about what the requirements are of the total solution for the company and which deployment strategy will fit their specific requirements.
Public Cloud
In a public cloud system, a Cloud Service Provider (CSP) owns the servers and infrastructure and charges a fee for an organization to use its resources. The use of a purely public cloud can vary from fully online software packages provided to an organization to something as simple as data storage. Often the services provided are a mixture of many types and ranges of resources and applications and can even be migrated to the cloud from older local sources to new cloud-based applications or solutions (Laudon, 20170117, p. 190) (“Types of Cloud Computing”, 2018).
Let me give an example, Company Y decides that their plan to implement a new corporate IT solution is too expensive to implement since they are a multi-national corporation that has users based around the world that need to be able to access the solutions resources from multiple locations on mobile devices. The implementation of the solution may require extensive and expensive infrastructure implementation and even more expensive security controls. Company Y may be able to use a completely public cloud-based solution for their business not only to reduce the costs of implementation but also the implementation of security and management controls that would be needed could primarily be handled by the Cloud Service Provider.
Private Cloud
A private cloud system is like a public system, but it is completely owned by the building organization and all the security, management, and support for the system is handled by that corporation. Private cloud systems can either resemble a public cloud system where the resources are dynamic in allocation or they can resemble a more traditional solution where all the resources are completely dedicated for a single task. One huge benefit of this type of cloud deployment strategy is the ability to retain full control not only of your data but also how the system handles the needed computations and the infrastructure. A large downfall would be the upfront cost of the system and the costs to maintain the system while also being completely responsible for system failures and data breaches to the system (Laudon, 20170117, p. 190) (“Types of Cloud Computing”, 2018).
Let’s say Company Y decides that their data is so sensitive that they need to keep a lid on how the data is handled, they need to design and code custom software to handle said data, but they also need control over how the data is provided to the different parts of the company without the risk of outside interference while still providing access to their company software to their employee’s and others that need access to it over the internet (or intranet depending on the setup). They would have to not only invest in datacenter servers to handle the storage of the data to application servers to provide access to the specific portions of the software (presentation, analysis, database access, etc.) but also implement management and security controls to prevent data breaches, loss of data. All this would cost a pretty penny against their corporate budget and would have to be reflected in the cost analysis and risk analysis of their system development life cycle (as opposed to the software development life cycle).
Hybrid Cloud
Hybrid clouds combine parts of the Private and Public cloud deployment. The deployment can vary but one type I have studied in the past is how a company can pay for the software on a cloud computing platform but keep the data that is used stored on in house servers. This way they can make sure that the data is secure or as secure as they can get in today’s day and age. Hybrid clouds allow you to mix and match what you want to keep in house and what you wish to be provided by a Cloud Service Provider (CSP). According to Amazon’s AWS site many organizations use this to extend the capabilities of their existing systems without the cost of the needed infrastructure required for the expansion (“Types of Cloud Computing”, 2018). Laudon in his textbook Management information systems mentions that many organizations will use their internal systems for the most critical core activities while using the cloud systems for “less-critical systems or for additional processing capacity during peak business periods” (Laudon, 2017, pg. 190). To explain this, we can go to another example.
Company X is an automotive company that produces motorcycles and their production and design sections use different data and different processing needs on their in-house system. Sometimes that system lags at specific times of the day and during their peak sales periods of the year. By implementing a hybrid system, they can shift part of their work to a Cloud Service Provider (CSP) to handle the overflow without having to invest in extra infrastructure to expand their current in-house systems. This further saves them the cost and hustle of remodeling their one-hundred-year-old building to handle the extra power, network wiring, etc.
Cloud Computing As A Service
Different Cloud Service Providers (CSP) provide different styles of services. There are three main service types that are available today: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). More companies are coming out with new ways to provide cloud computing with new business service models popping up daily.
Software as a Service – SaaS
Software as a Service is just that, software provided by a Cloud Service Provider (CSP) for a fee. The software is accessed over the internet or installed locally while the data and main processing power is done over the internet. This allows companies not only to get up and running quickly but also allows their employees to work from virtually anywhere they can be on the internet such as at home, client’s location, or even an internet cafe.
SaaS providers take on the responsibility for the entire infrastructure, security, and management of the provided solution so that the client company or organization can focus more on running their company and not about the complete development of a new solution and having to worry about hiring expensive talent to manage the infrastructure and security of their networks and data. Some companies find this as a cheap alternative since the costs are low for the initial startup while others will find this option not quite as appetizing because they must give up the control of these systems to another company that may not be as trustworthy or are reliable as they claim to be. Companies and organizations need to take their time and evaluate every provider, not only to make sure that they can provide the solution, but also examine the providers track record against data breaches but also to make sure that the company can guarantee a certain amount of availability of the system because as we all know time is money and minutes can mean millions to certain corporations (“New to SaaS? Welcome!”, 2018).
One such company that I have read about in the past that keeps cropping up in classes is SalesForce that provides customized solutions for companies and organizations on many levels. Salesforce provides cloud services by providing a modular Customer Relationship Management solution where customers can pick and choose which modules will work for them and integrate them into a single solution to fit their needs. It has its limitations though because even though it is designed to be modular this also creates the need for training your employee’s in the use of the modules and the possibility of adapting your company to the solution which can be hectic to say the least (Nath, 2018).
Platform as a service – PaaS
Platform as a service (PaaS) is a little different than software as a service (SaaS) in that PaaS gives the ability to develop your own software applications that are served by the Cloud Service Provider (CSP). The Cloud Service Provider (CSP) lets you pick the language(s) you wish to create your applications in, the development tools necessary, provides the operating system and even some runtime environments and middleware necessary. The main idea is that you can develop what you need, have a place to host it from (the platform) at a lower cost than if you had provided the infrastructure and had to program the solution yourself while retaining all the control over the developed application and its code. The provider is still responsible for the underlying hardware and software updates to the platform (“What is Platform as a Service (PaaS) Cloud Computing? | Engine Yard”, 2018) (FitzGerald, Dennis & Durcikova, 2014).
Infrastructure as a Service – IaaS
Infrastructure as a service (IaaS) really is what it sounds. IaaS focuses on providing virtual networks, computer processing, storage, servers, etc. Many IaaS providers provide full virtualization of more complicated network clusters as well as load balanced services to provide the maximum uptime possible for a corporation. The organization that is paying for this service has complete control over what hardware and software provisioning is done on these systems including the operating systems, updates, security, etc. Think of it as renting the full infrastructure needed to run your business or organization (Violino, 2017).
For example, Tom is a CIO of a corporation that has been using a mainframe system and is in the middle of planning to switch from an old mainframe computer system to a more modern system with many levels of servers to handle different jobs. Tom finds an IaaS and analyzes their offerings and finds that it could cost the company less money in the long run if they rented the infrastructure (virtual servers, infrastructure, etc.) so they don’t have to build a new wing on their corporate headquarters to house the new equipment. In addition, they can add and remove servers on demand while still having full control over the privacy of their data and maintain their talented employee’s that know what the management expects and can keep much of the corporate controls in place. With the employee’s knowledge it can help to ease the changeover from their old solution to the new solution based on the IaaS. Another benefit Tom finds is that they can also work out the bug in their new software systems and eventually if they desire they can easily migrate from an IaaS public cloud service to either a private or hybrid cloud service later depending on the company’s needs.
Who Provides These Services?
There are many companies that provide cloud services to companies and even consumers, but several stand out above all the rest. Bob Evans of Forbes Magazine in 2017 rated ten of the main companies that provide services. Among them are Microsoft who provides IaaS, PaaS, and SaaS cloud services with their Azure cloud computing platform and at that time was generating the most revenue at $16.7 billion, Amazon who also offers the three main service types with their Amazon Web Services (AWS) Platform and had revenues only slightly lower than Microsoft at the time with income at $16 billion vs Microsoft’s $16.7 billion, IBM was in third place but stood out more because their concentration on helping larger corporations convert their older traditional systems to cloud systems on IBM Cloud, Salesforce was fourth since its primary focus is in SaaS but it’s CEO is expanding past the limitations of only one of the three major service types and is trying to expand further. Other companies were listed such as SAP, Oracle, Google, ServiceNow, Workday and coming in last was VMware (Evans, 2017).
What About Security?
Security when dealing with cloud computing can be a complicated matter that many people ignore since they believe that if the computing is done somewhere else their data is safe, however, this is the farthest from the truth. Timothy Morrow a security engineer with CERT wrote a blog article on the matter for Carnegie Mellon university that spells out twelve different risks related to cloud computing. I’m only going to discuss a few of them though (Morrow, 2018).
The first risk of course is the reduced control companies and organizations give up for the convenience of cloud computing. The responsibility for many of the security policies are shifted depending on the Cloud Service Provider (CSP) and the contracted services obtained. This doesn’t mean though a company or organization shouldn’t do everything they can to keep their data safe or become complacent in the idea that the Cloud Service Provider will take care of everything they should take steps to protect themselves in case of a breach or loss of data (Morrow, 2018).
Another point that Timothy makes is that many Cloud Service Providers (CSP) provide their services on demand and with this it can be profitable for the Cloud Service Provider to allow provisioning of resources without the full approval of the company or organization knowing, Timothy refers to this as “Shadow IT” and tends to be a problem for the company or organization with the high probability that unintended software such as malware or viruses can enter the companies network or even data that is leaked or destroyed. As Timothy puts it “the organization is unable to protect resource it does not know about” (Morrow, 2018).
All of Timothies risks are important but one caught my eye and exists when multiple clients of a Content Service Provider (CSP) end up having access to each other’s data. This primarily happens when the Content Service Provider (CSP) can’t maintain the separation and when the provider uses similar software, hypervisors, etc. that may inadvertently allow clients or attackers to slip in between the veil between client domains and steal data or even have regular employee’s accidentally access data of another client inadvertently. Now Timothy states that as of the publication of his blog article that there hasn’t been a documented occurrence of this has happened, but it has been demonstrated that it is a high possibility of happening in the future (Morrow, 2018).
Conclusion
Cloud computing isn’t exactly quite new, but it is an evolving way to approach implementation of infrastructure and I’m afraid this document doesn’t give it full justice. There are many organizations around the world including the United States Government that are making their “central tenet” of modernization the movement towards cloud computing platforms (Morrow, 2018). Problems will occur as companies and organizations adopt this strategy for computing however and only time will tell how bad the problems will be. If a corporation takes a proactive approach to the protection and security of their systems they should be ok, however, many smaller companies see this approach as the next generation option so they can become complacent in the protection of their data and not implement the controls necessary to protect their data even though a breach can be costly not only on a company’s image but also on its bottom line as well.
References
Evans, B. (2017). Nov 7, 2017, 09:06am The Top 5 Cloud-Computing Vendors: #1 Microsoft, #2 Amazon, #3 IBM, #4 Salesforce, #5 SAP. Retrieved from https://www.forbes.com/sites/bobevans1/2017/11/07/the-top-5-cloud-computing-vendors-1-microsoft-2-amazon-3-ibm-4-salesforce-5-sap/#5142a83d6f2e
FitzGerald, J., Dennis, A., & Durcikova, A. (2014). Business Data Communications and Networking, 12th Edition (12th ed.). John Wiley & Sons.
Knorr, E. (2018). What is cloud computing? Everything you need to know now. Retrieved from https://www.infoworld.com/article/2683784/cloud-computing/what-is-cloud-computing.html
Morrow, T. (2018). 12 Risks, Threats, & Vulnerabilities in Moving to the Cloud. Retrieved from https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-to-the-cloud.html
Nath, T. (2018). How Salesforce CRM Works. Retrieved from https://www.investopedia.com/articles/professionals/012915/how-salesforce-crm-works.asp
New to SaaS? Welcome!. (2018). Retrieved from https://www.salesforce.com/saas/
Types of Cloud Computing. (2018). Retrieved from https://aws.amazon.com/types-of-cloud-computing/
Violino, B. (2017). What is IaaS? Cloud computing infrastructure explained. Retrieved from https://www.infoworld.com/article/3220669/iaas/what-is-iaas-the-modern-datacenter-platform.html
What is Platform as a Service (PaaS) Cloud Computing? | Engine Yard. (2018). Retrieved from https://www.engineyard.com/platform-as-a-service-cloud