Upload
vbakshi1
View
252
Download
0
Embed Size (px)
Citation preview
8/2/2019 varun bakshi_cloud project.pdf
1/49
Cloud Computing and Business
Submitted By:-
Varun Bakshi
(501004069)
MBA-2nd
Year
Submitted To:-
Er.Amit K.Bhardwaj
Asst. Prof. LMTSOM
Thapar Univ.,Patiala
8/2/2019 varun bakshi_cloud project.pdf
2/49
1
Contents
Introduction To Cloud Computing ........................................................................................................... 2
Three cloud service models ........................................................................................................................ 6
Cloud deployment models: ......................................................................................................................... 7
CLOUD ENVIRONMENT ROLES ...................................................................................................................... 8
SPECIFIC CHARACTERISTICS / CAPABILITIES OF CLOUDS .............................................................................. 9
Cloud Computing in Larger Businesses ....................................................................................................... 15
Cloud Computing in Small Business ............................................................................................................ 17
Benefits of Cloud Computing ...................................................................................................................... 18
Some Findings -- Cloud Computing ............................................................................................................. 20
TCSs Service Offerings in Cloud Computing ............................................................................................... 25
CLOUD COMPUTING IN HEALTHCARE INDUSTRY .................................................................................... 30
Cloud technology from Microsoft ............................................................................................................... 32
Cloud ERP .................................................................................................................................................... 35
Ramco OnDemand ERP ......................................................................................................................... 35
Business case for cloud computing ............................................................................................................. 38
Threats to Cloud Computing ....................................................................................................................... 40
How Integrated, Web-Based Software Makes Business More Efficient ..................................................... 44
Business Benefits Of Cloud Computing ....................................................................................................... 46
REFERENCES & SOURCES......................................................................................................................... 47
8/2/2019 varun bakshi_cloud project.pdf
3/49
2
Introduction To Cloud Computing
The boom in cloud computing over the past few years has led to a situation that is common to
many innovations and new technologies: many have heard of it, but far fewer actually
understand what it is and, more importantly, how it can benefit them. In an attempt to gain a
competitive edge, businesses are increasingly looking for new and innovative ways to cut costs
while maximising value especially now, during a global economic downturn. They recognize
that they need to grow, but are simultaneously under pressure to save money. This has forced the
realisation that new ideas and methods may produce better results than the tried and tested
formulas of yesteryear. It is the growing acceptance of innovative technologies that has seen
cloud computing become the biggest buzzword in IT.
However, before an organisation decides to make the jump to the cloud, it is important to
understand what, why, how and from whom. Not all cloud computing providers are the same.
The range and quality of services on offer varies tremendously. The increased degree of
connectivity and the increasing amount of data has led many providers and in particular data
centres to employ larger infrastructures with dynamic load and access balancing.
By distributing and replicating data across servers on demand, resource utilisation has been
significantly improved. Similarly web server hosts replicate images of relevant customers who
requested a certain degree of accessibility across multiple servers and route requests according to
traffic load. However, it was only when Amazon published these internal resources and their
management mechanisms for use by customers that the term cloud was publicly associated
with such elastic infrastructuresespecially with on demand access to IT resources in mind. In
the meantime, many providers have rebranded their infrastructures to clouds, even though this
had little consequences on the way they provided their capabilities.
Cloud computing is an Internet-based way of working where users access applications through a
web browser rather than hosting software locally on their own PC. The applications can be very
simple, such as web-based email, through to more complex business software such as web-based
accounting.
8/2/2019 varun bakshi_cloud project.pdf
4/49
3
a 'cloud' is an elastic execution environment of resources involving multiple
stakeholders and providing a metered service at multiple granularities for a
specified level of quality (of service).
Cloud computing as a delivery model for IT services is defined by the National Institute of
Standards and Technology (NIST) as a model for enabling convenient, on -demand network
access to a shared pool of configurable computing resources (e.g. networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction
8/2/2019 varun bakshi_cloud project.pdf
5/49
4
NIST specify five characteristics of cloud computing:
a. On-demand self-service involves customers using a web site or similar control panel interface
to provision computing resources such as additional computers, network bandwidth or user emailaccounts, without requiring human interaction between customers and the vendor.
b. Broad network access enables customers to access computing resources over networks such
as the Internet from a broad range of computing devices such as laptops and smartphones.
c. Resource pooling involves vendors using shared computing resources to provide cloud
services to multiple customers. Virtualisation and multi-tenancy mechanisms are typically used
to both segregate and protect each customer and their data from other customers, and to make it
appear to customers that they are the only user of a shared computer or software application.
d. Rapid elasticity enables the fast and automatic increase and decrease to the amount of
available computer processing, storage and network bandwidth as required by customer demand.
e. Pay-per-use measured service involves customers only paying for the computing resources
that they actually use, and being able to monitor their usage. This is analogous to household use
of utilities such as electricity
Cloud computing can be visualised as a pyramid consisting of three sections:
Cloud Application
This is the apex of the cloud pyramid, where applications are run and interacted with via a web
browser, hosted desktop or remote client. A hallmark of commercial cloud computing
applications is that users never need to purchase expensive software licenses themselves. Instead,
the cost is incorporated into the subscription fee. A cloud application eliminates the need to
install and run the application on the customer's own computer, thus removing the burden of
software maintenance, ongoing operation and support.
8/2/2019 varun bakshi_cloud project.pdf
6/49
5
Cloud Platform
The middle layer of the cloud pyramid, which provides a computing platform or framework as a
service. A cloud computing platform dynamically provisions, configures, reconfigures and de-
provisions servers as needed to cope with increases or decreases in demand. This in reality is a
distributed computing model, where many services pull together to deliver an application or
infrastructure request.
Cloud Infrastructure
The foundation of the cloud pyramid is the delivery of IT infrastructure through virtualisation.
Virtualisation allows the splitting of a single physical piece of hardware into independent, self
governed environments, which can be scaled in terms of CPU, RAM, Disk and other elements.
The infrastructure includes servers, networks and other hardware appliances delivered as either
Infrastructure Web Services, farms or "cloud centres". These are then interlinked with others
for resilience and additional capacity
8/2/2019 varun bakshi_cloud project.pdf
7/49
6
Three cloud service models
Infrastructure as a Service (IaaS) involves the vendor providing physical computer
hardware including CPU processing, memory, data storage and network connectivity. The
vendor may share their hardware among multiple customers referred to as multiple tenants
using virtualisation software. IaaS enables customers to run operating systems and software
applications of their choice. Typically the vendor controls and maintains the physical computer
hardware. Typically the customer controls and maintains the operating systems and software
applications. Example IaaS vendor services include Amazon Elastic Compute Cloud (EC2),
GoGrid and Rackspace Cloud.
Platform as a Service (PaaS)involves the vendor providing Infrastructure as a Service plus
operating systems and server applications such as web servers. PaaS enables customers to use the
vendors cloud infrastructure to deploy web applications and other software developed by the
customer using programming languages supported by the vendor. Typically the vendor controls
and maintains the physical computer hardware, operating systems and server applications.
Typically the customer only controls and maintains the software applications developed by the
customer. Example PaaS vendor services include Google App Engine, Force.com, Amazon Web
Services Elastic Beanstalk, and the Microsoft Windows Azure platform.
Software as a Service (SaaS)involves the vendor using their cloud infrastructure and cloud
platforms to provide customers with software applications. Example applications include email
and an environment for users to collaboratively develop and share files such as documents and
spreadsheets. These end user applications are typically accessed by users via a web browser,
eliminating the need for the user to install or maintain additional software. Typically the vendorcontrols and maintains the physical computer hardware, operating systems and software
applications. Typically the customer only controls and maintains limited application
configuration settings specific to users such as creating email address distribution lists. .
Example SaaS vendor services include Salesforce.com Customer Relationship Management
(CRM), Google Docs and Google Gmail.
8/2/2019 varun bakshi_cloud project.pdf
8/49
7
Cloud deployment models:
Public cloudinvolves an organisation using a vendors cloud infrastructure which is shared via
the Internet with many other organisations and other members of the public. This model has
maximum potential cost efficiencies due to economies of scale. However, this model has a
variety of inherent security risks that need to be considered.
Private cloud involves an organisations exclusive use of cloud infrastructure and services
located at the organisations premises or offsite, and managed by the organisation or a vendor.
Compared to the public cloud model, the private cloud model has reduced potential cost
efficiencies. If the private cloud is properly implemented and operated, it has reduced potentialsecurity concerns. A well architected private cloud properly managed by a vendor provides many
of the benefits of a public cloud, but with increased control over security. A managed private
cloud may enable enterprise customers to more easily negotiate suitable contracts with the
vendor, instead of being forced to accept the generic contracts designed for the consumer mass
market that are offered by some public cloud vendors.
Community cloudinvolves a private cloud that is shared by several organisations with similar
security requirements and a need to store or process data of similar sensitivity. This model
attempts to obtain most of the security benefits of a private cloud, and most of the economic
benefits of a public cloud. An example community cloud is the sharing of a private cloud by
several agencies of the same government.
Hybrid cloud involves a combination of cloud models. An example is using commodity
resources from a public cloud such as web servers to display non-sensitive data, which interacts
with sensitive data stored or processed in a private cloud.
8/2/2019 varun bakshi_cloud project.pdf
9/49
8
CLOUD ENVIRONMENT ROLES
In cloud environments, individual roles can be identified similar to the typical role distribution in
Service Oriented Architectures and in particular in (business oriented) Virtual Organisations. Asthe roles relate strongly to the individual business models it is imperative to have a clear
definition of the types of roles involved in order to ensure common understanding.
(Cloud) Providers offer clouds to the customer either via dedicated APIs (PaaS), virtual
machines and / or direct access to the resources (IaaS). Note that hosts of cloud enhanced
services (SaaS) are typically referred to as Service Providers, though there may be ambiguity
between the terms Service Provider and Cloud Provider.
(Cloud) Resellers or Aggregators aggregate cloud platforms from cloud providers to either
provide a larger resource infrastructure to their customers or to provide enhanced features .This
relates to community clouds in so far as the cloud aggregators may expose a single interface to a
merged cloud infrastructure. They will match the economic benefits of global cloud
infrastructures with the understanding of local customer needs by providing highly customized,
enhanced offerings to local companies (especially SMEs) and world-class applications in
important European industry sectors. Similar to the software and consulting industry, the creation
of European cloud partner ecosystems will provide significant economic opportunities in the
application domainfirst, by mapping emerging industry requests into innovative solutions and
second by utilizing these innovative solutions by European companies in the global marketplace.
(Cloud) Adopters or (Software / Services) Vendors enhance their own services and capabilities
by exploiting cloud platforms from cloud providers or cloud resellers. This enables them to e.g.
provide services that scale to dynamic demandsin particular new business entries who cannot
estimate the uptake / demand of their services as yet .The cloud enhanced services thus
effectively become software as a service.
(Cloud) Consumers or Users make direct use of the cloud capabilities as opposed to cloudresellers and cloud adopters, however, not to improve the services and capabilities they offer, but
to make use of the direct results, i.e. either to execute complex computations or to host a flexible
data set. Note that this involves in particular larger enterprises which outsource their inhouse
infrastructure to reduce cost and efforts.
8/2/2019 varun bakshi_cloud project.pdf
10/49
9
SPECIFIC CHARACTERISTICS / CAPABILITIES OF CLOUDS
Since clouds do not refer to a specific technology, but to a general provisioning paradigm with
enhanced capabilities, it is mandatory to elaborate on these aspects. There is currently a strongtendency to regard clouds as just a new name for an old idea, which is mostly due to a
confusion between the cloud concepts and the strongly related P/I/SaaS paradigms but also
due to the fact that similar aspects have already been addressed without the dedicated term
cloud associated with it. This section specifies the concrete capabilities associated with clouds
that are considered essential (required in any cloud environment) and relevant (ideally supported,
but may be restricted to specific use cases). We can thereby distinguish non-functional,
economic and technological capabilities addressed, respectively to be addressed by cloud
systems. Non-functional aspects represent qualities or properties of a system, rather than specific
technological requirements. Implicitly, they can be realized in multiple fashions and interpreted
in different ways which typically leads to strong compatibility and interoperability issues
between individual providers as they pursue their own approaches to realize their respective
requirements, which strongly differ between providers. Non-functional aspects are one of the key
reasons why clouds differ so strongly in their interpretation.
Economic considerations are one of the key reasons to introduce cloud systems in a business
environment in the first instance. The particular interest typically lies in the reduction of cost and
effort through outsourcing and / or automation of essential resource management. As has been
noted in the first section, relevant aspects thereby to consider relate to the cut-off between loss of
control and reduction of effort. With respect to hosting private clouds, the gain through cost
reduction has to be carefully balanced with the increased effort to build and run such a system.
Obviously, technological challenges implicitly arise from the non-functional and economical
aspects, when trying to realize them. As opposed to these aspects, technological challengestypically imply a specific realizationeven though there may be no standard approach as yet and
deviations may hence arise. In addition to these implicit challenges, one can identify additional
technological aspects to be addressed by cloud system, partially as a pre-condition to realize
some of the high level features, but partially also as they directly relate to specific characteristics
of cloud systems.
8/2/2019 varun bakshi_cloud project.pdf
11/49
10
NON-FUNCTIONAL ASPECTS
The most important non-functional aspects are:
Elasticity is an essential core feature of cloud systems and circumscribes the capability of the
underlying infrastructure to adapt to changing, potentially non-functional requirements, for
example amount and size of data supported by an application, number of concurrent users etc.
One can distinguish between horizontal and vertical scalability, whereby horizontal scalability
refers to the amount of instances to satisfy e.g. changing amount of requests, and vertical
scalability refers to the size of the instances themselves and thus implicit to the amount of
resources required to maintain the size. Cloud scalability involves both (rapid) up- and down-
scaling.
Elasticity goes one step further, tough, and does also allow the dynamic integration and
extraction of physical resources to the infrastructure. Whilst from the application perspective,
this is identical to scaling, from the middleware management perspective this poses additional
requirements, in particular regarding reliability. In general, it is assumed that changes in the
resource infrastructure are announced first to the middleware manager, but with large scale
systems it is vital that such changes can be maintained automatically.
Reliability is essential for all cloud systemsin order to support todays data centre-type
applications in a cloud, reliability is considered one of the main features to exploit cloud
capabilities.Reliability denotes the capability to ensure constant operation of the system without
disruption, i.e.no loss of data, no code reset during execution etc. Reliability is typically achieved
through redundant resource utilisation. Interestingly, many of the reliability aspects move from a
hardware to a software-based solution. (Redundancy in the file systems vs. RAID controllers,
stateless front end servers vs. UPS, etc.).
Quality of Servicesupport is a relevant capability that is essential in many use cases where
specific requirements have to be met by the outsourced services and / or resources. In business
cases, basic QoS metrics like response time, throughput etc. must be guaranteed at least, so as to
ensure that the quality guarantees of the cloud user are met.
8/2/2019 varun bakshi_cloud project.pdf
12/49
11
Agility and adaptability are essential features of cloud systems that strongly relate to the
elastic capabilities. It includes on-time reaction to changes in the amount of requests and size of
resources, but also adaptation to changes in the environmental conditions that e.g. require
different types of resources, different quality or different routes, etc. Implicitly, agility and
adaptability require resources (or at least their management) to be autonomic and have to enable
them to provide self-capabilities.
Availability of servicesand data is an essential capability of cloud systems and was actually
one of the core aspects to give rise to clouds in the first instance. It lies in the ability to introduce
redundancy for services and data so failures can be masked transparently. Fault tolerance also
requires the ability to introduce new redundancy (e.g. previously failed or fresh nodes) in an
online manner non-intrusively (without a significant performance penalty). With increasing
concurrent access, availability is particularly achieved through replication of data /services and
distributing them across different resources to achieve load-balancing. This can be regarded as
the original essence of scalability in cloud systems.
ECONOMIC ASPECTS
In order to allow for economic considerations, cloud systems should help in realising the
following aspects:
Cost reduction is one of the first concerns to build up a cloud system that can adapt to
changing consumer behaviour and reduce cost for infrastructure maintenance and acquisition.
Scalability and Pay per Use are essential aspects of this issue. Notably, setting up a cloud system
typically entails additional costsbe it by adapting the business logic to the cloud host specific
interfaces or by enhancing the local infrastructure to be cloud-ready.
Pay per use The capability to build up cost according to the actual consumption of resources is
a relevant feature of cloud systems. Pay per use strongly relates to quality of service support,
where specific requirements to be met by the system and hence to be paid for can be specified.
One of the key economic drivers for the current level of interest in cloud computing is the
structural change in this domain. By moving from the usual capital upfront investment model to
8/2/2019 varun bakshi_cloud project.pdf
13/49
12
an operational expense, cloud computing promises to enable especially SMEs and entrepreneurs
to accelerate the development and adoption of innovative solutions.
Improved timeto market is essential in particular for small to medium enterprises that want to
sell their services quickly and easily with little delays caused by acquiring and setting up the
infrastructure,in particular in a scope compatible and competitive with larger industries. Larger
enterprises need to be able to publish new capabilities with little overhead to remain competitive.
Clouds can support this by providing infrastructures, potentially dedicated to specific use cases
that take over essential capabilities to support easy provisioning and thus reduce time to market.
Return of investment (ROI) is essential for all investors and cannot always be guaranteed in
fact some cloud systems currently fail this aspect. Employing a cloud system must ensure that
the cost and effort vested into it is outweighed by its benefits to be commercially viable this
may entail direct (e.g. more customers) and indirect (e.g. benefits from advertisements) ROI.
Outsourcing resources versus increasing the local infrastructure and employing (private) cloud
technologies need therefore to be outweighed and critical cut-off points identified.
Going Green is relevant not only to reduce additional costs of energy consumption, but also
to reduce the carbon footprint. Whilst carbon emission by individual machines can be quite wellestimated, this information is actually taken little into consideration when scaling systems up.
Clouds principally allow reducing the consumption of unused resources (down-scaling). In
addition, up-scaling should be carefully balanced not only with cost, but also carbon emission
issues. Note that beyond software stack aspects, plenty of Green IT issues are subject to
development on the hardware level.
8/2/2019 varun bakshi_cloud project.pdf
14/49
13
TECHNOLOGICAL ASPECTS
The main technological challenges that can be identified and that are commonly associated with
cloud systems are:
Virtualisation is an essential technological characteristic of clouds which hides the
technological complexity from the user and enables enhanced flexibility (through aggregation,
routing and translation). More concretely, virtualisation supports the following features:
Ease of use: through hiding the complexity of the infrastructure (including management,
configuration etc.) virtualisation can make it easier for the user to develop new applications, as
well as reduces the overhead for controlling the system. Infrastructure independency: in
principle, virtualisation allows for higher interoperability by making the code platform
independent.
Flexibility and Adaptability: by exposing a virtual execution environment, the underlying
infrastructure can change more flexible according to different conditions and requirements
(assigning more resources, etc.).
Location independence: services can be accessed independent of the physical location of the
user and the resource.Multi-tenancy is a highly essential issue in cloud systems, where the location of code and / or
data is principally unknown and the same resource may be assigned to multiple users (potentially
at the same time). This affects infrastructure resources as well as data / applications / services
that are hosted on shared resources but need to be made available in multiple isolated instances.
Classically, all information is maintained in separate databases or tables, yet in more complicated
cases information may be concurrently altered, even though maintained for isolated tenants.
Multitenancy implies a lot of potential issues, ranging from data protection to legislator issues.
Security, Privacy and Compliance is obviously essential in all systems dealing with potentially
sensitive data and code.
8/2/2019 varun bakshi_cloud project.pdf
15/49
14
Data Management is an essential aspect in particular for storage clouds, where data is flexibly
distributed across multiple resources. Implicitly, data consistency needs to be maintained over a
wide distribution of replicated data sources. At the same time, the system always needs to be
aware of the data location (when replicating across data centres) taking latencies and particularly
workload into consideration. As size of data may change at any time, data management addresses
both horizontal and vertical aspects of scalability. Another crucial aspect of data management is
the provided consistency guarantees (eventual vs. strong consistency, transactional isolation vs.
no isolation, atomic operations over individual data items vs. multiple data times etc.).
APIs and / or Programming Enhancements are essential to exploit the cloud features: common
programming models require that the developer takes care of the scalability and autonomic
capabilities him- / herself, whilst a cloud environment provides the features in a fashion that
allows the user to leave such management to the system.
Metering of any kind of resource and service consumption is essential in order to offer elastic
pricing, charging and billing. It is therefore a pre-condition for the elasticity of clouds.
Tools are generally necessary to support development, adaptation and usage of cloud services.
8/2/2019 varun bakshi_cloud project.pdf
16/49
15
Cloud Computing in Larger Businesses
Major companies are increasingly seeking Cloud computing and exploring the development of
private Clouds. While obviously mindful of potential pitfalls, anecdotal evidence suggests thatmany would embrace Cloud computing solutions for data storage and retrieval they could trust.
It is fair to say that the Task Force discussed a wide range of large business responses to the
emergence of Cloud computing. The rapid development of a wide range of Cloud service
providers within Australia certainly implies an escalating demand from both public and private
sector users. While some large businesses are moving quickly into the use of Cloud computing,
others -- including some of the banks -- are proceeding cautiously at this stage. This is partly a
response to the unsettled nature of the market for Cloud computing (including the absence of
widely adopted standards), combined with concerns about the potential reputational risks which
could arise if something goes wrong with client data in the Cloud. Indeed, several of the major
banks have recently been calling for more work on the establishment of Cloud computing
standards to ensure that they are able to retain control of any outsourced IT. This is particularly
related to the question of vendor lock-in.
Banks operate in a complex regulatory framework regarding their handling of customer data,
with the various privacy acts being a major consideration. However, such legislation does not
pose the primary barrier - the wider question of customer trust remains the stumbling block.
Customers have to trust their financial institution, which in turn should not expose their
customers to unnecessary risk. The scope of bank services is far wider than merely financial
transactions however, and customer relationship management is an area thought amenable to
Cloud computing. It was noted that the Australian Prudential Regulation Authority (APRA) has
been counseling caution in the adoption of Cloud computing.
Legal advice offered to one major banking concern regarding the possible use of Cloud
computing focused on privacy considerations and the US Governments Patriot Act, and allowed
for a range of options including asking customers to opt-in to the scheme. The failure of any
Cloud-based arrangements could risk the reputation of the company and questions of
confidentiality, reliability and security remain. Domestically-based Clouds are considered more
8/2/2019 varun bakshi_cloud project.pdf
17/49
16
secure than international Clouds, but service providers must build trust with their banking
clients, just as banks must earn the trust of their customers regarding the handling of their
financial assets.
Unfortunately, contracts with Cloud providers have proved difficult to negotiate with insufficient
protections for privacy, data backups and data segregation offered by vendors. The business
model of Cloud service providers tends not to intersect with the more conservative framework
that banks must adhere to. Vendors tend to offer a promise of 'best endeavours' to maintain
services, rather than actually guaranteeing the continuity and security of provision demanded of
them. Pitfalls experienced with other much-hyped revolutions in computing and the internet have
underlined this tendency towards caution. The use of IT outsourcing raised similar
considerations, for instance, and many problems were encountered with its deployment. The co-
location of data in Cloud computing solutions also poses new challenges and creates the
perception of new risk asymmetries.
8/2/2019 varun bakshi_cloud project.pdf
18/49
17
Cloud Computing in Small Business
Small business will embrace Cloud computing to reap the cost savings promised by vendors, but
in many instances may be ill prepared to do so in an informed and considered fashion.
Government could therefore play a useful role in raising awareness and educating the small
business community about the possibilities of Cloud computing, as well as its possible risks.
The potential of Cloud computing to solve a firms specific problems could be demonstrated
through the generation of practical scenarios which could also examine issues which might arise
regarding privacy and security. Public seminars, workshops and concept exercises might also
prove useful in helping small and medium enterprises understand Cloud technology. Cloud
computing can offer a much wider set of solutions than simply aggregated data services. It
facilitates new ways of collaborating and working and can drive increases in productivity as well
as saving costs. It allows information and communications capacity to be bought as needed,
offering flexibility and innovation to businesses which wish to free themselves of expensive and
cumbersome in-house IT solutions. Cloud developments could also encourage employment by
reducing IT start-up costs for small businesses.
Secondary brokerage is a growing market, with infrastructure aggregators becoming a major
factor in the market. Cloud computing allows identities to be obscured online to an even greater
degree than before, with small organisations able to appear much larger than they are, and vice
versa. This has obvious risks as well as potential for small players to penetrate larger markets.
8/2/2019 varun bakshi_cloud project.pdf
19/49
18
Benefits of Cloud Computing
Depending upon the implementation, Cloud computing promises compelling efficiency, cost and
scaling advantages delivering:
Lower upfront costs: When introducing a new application, the cost of hardware and of software
licenses are currently a major concern, but Cloud services allow the subscriber to pay the
provider for usage alone, avoiding the need for up-front expenditure and allowing costs to be
spread over time and managed more closely.
Reduced financial risk: If a Cloud-based application proves unsuccessful for whatever reason,
or its use within the business is for a limited time, it can be discontinued without the retention of
useless infrastructure. The user also avoids the financial risk of technological obsolescence.
Faster time to market (agility): It typically takes several months to achieve successful
implementation of a traditional application, but Cloud applications can be deployed and scaled
within days or hours.
No capital expense: Cloud computing allows the user to pay for ICT as a service when
consumed, turning capital expenses into operating (variable) costs.
Lower operational expense: Given economies of scale, high levels of automation and self-
service, Cloud providers can usually offer ICT services at a significantly lower cost than
individual organisations can deliver themselves.
Clear ICT value for businesses: ICT has always struggled to demonstrate its value tobusinesses, and there has been a seemingly constant disconnect between ICT spending and the
perception of value it delivers. Cloud computing provides a direct connection between ICT
spending and valuesimilar to domestic spending on phone bills or electricity.
8/2/2019 varun bakshi_cloud project.pdf
20/49
19
Innovation: Cloud computing can offer an almost infinite ICT sandpit for experimentation
and innovation at low risk, low operating cost and with no capital expenditure. Experiments in
the Cloud can be rapidly scaled up or abandoned depending on how they turn out.
Access to expanded expertise: Given their economies of scale, Cloud providers can afford to
offer more specialised services and deeper expertise in advanced security techniques, application
performance optimization, tailored user support and business continuity services than many in
house ICT departments.
Sustainability: Most providers of Cloud services are facing pressure from consumers and
governments to utilise facilities that consume less energy. There is a growing trend towards
locating large data centres in locations where renewable energy is available.
Continuous enhancements: Instead of facing occasional, disruptive and costly upgrades of ICT,
the Cloud can deliver incremental improvements and enhancements on a continuous basis.
Decreased downtime and delays (improved resilience): Since Cloud workloads can be spread
across many facilities, and even across different Clouds, redundant applications can be used to
avoid downtime. In addition, data distribution strategies can help address disaster recovery and
business continuity issues. Larger Cloud providers can also afford to build hardened facilities
with reserve power supplies and cooling equipment.
Standardisation: Over time, the use of Cloud services is likely to drive standardisation among
users which in turn facilitates the simplification and alignment of business processes, yielding
further savings and enabling the scaling of processes within an enterprise.
8/2/2019 varun bakshi_cloud project.pdf
21/49
20
Some Findings -- Cloud Computing
Preferred channels for cloud services
Source: EY surveyCloud adoption in India, 2010
The stated preference of enterprises to buy cloud IaaS services from IT service providers or data
center service providers could mean that the cloud computing idea becomes central to these
service providers portfolios. Equipment vendors should recognize and respond to this
possibility.
For data center providers, cloud IaaS services may prove to be a more profitable source of
revenue as compared to their existing service/product mix. IT service providers looking to
leverage the cloud IaaS opportunity should form alliances with third-party data center service
providers or invest in building their own infrastructure.
Data center service providers and IT system integrators also need to play a pivotal role in
bringing the ecosystem together to demonstrate commitment to security, service-level
agreement (SLA) adherence and complete support at every layer of the cloud
service model.
8/2/2019 varun bakshi_cloud project.pdf
22/49
21
Scalability,Capacity and speed are key benefits of cloud.
MNC responses to our survey support the evolution model from traditional IT infrastructure
provisioning to cloud-based infrastructure services, As shown in above figure 76% of MNCs
surveyed rated scalability of capacity and matching capacity to fluctuating demand as the most
beneficial attributes of cloud services. Speed of access to such services came in a close third, but
all of the major benefits of cloud computing were recognised by the MNC respondents as such.
The benefits of cloud in industry-specific contexts were also recognised by our respondents.
Finance and insurance firms emphasized scalability of capacity (44%) and improved employee
productivity (50%), unsurprising in an industry with such highly valuable employee 'capital'.
Retail sector respondents cited scalability and matching capacity to demand (both ranked as
major benefits by 50% of respondents) as key draws to cloud - again, unsurprising in a sector
with such dramatic peaks and troughs in month-to-month and even day-to-day transactions
8/2/2019 varun bakshi_cloud project.pdf
23/49
22
Barriers- An Industry View
Across all vertical sectors, 78% of companies rated security and 85% of companies rated data
governance significant or major barriers to adoption. Clearly, any cloud-based service provider,
or cloud service, must address security first. However, they should also be concerned that so
many companies see loss of control, SLAs and potential difficulty in evaluating performance of
prospective suppliers all as significant barriers, even if they are not the most important.
If MNCs are consistent in bringing traditional concerns and requirements on managed ICT into
cloud services, they also appear consistent within their business sectors, as the next figure shows.
Banks and insurance companies overwhelmingly rated security their highest concern (75%).
8/2/2019 varun bakshi_cloud project.pdf
24/49
23
Perceived Benefits of Implementing cloud IaaS Services
8/2/2019 varun bakshi_cloud project.pdf
25/49
24
Other industry-specific findings include the following:
Related issues of data governance and loss of control were the next most important issues for
financial services companies, with 50% or more of them citing these as major barriers.
Data governance was the major concern for the energy & utilities and retail & wholesale
industries, where businesses are built on efficient management of huge volumes of customer
records (billing, accounts and sales data).
Similarly manufacturing, which includes a number of significant pharmaceuticals companies,
was most concerned about data governance, and in fact gave it equal rating to security.
Characteristically, professional services companies, including media, worried most about SLAs,
perhaps showing just how much contracts and commercial metrics are in their blood.
8/2/2019 varun bakshi_cloud project.pdf
26/49
25
TCSs Service Offerings in Cloud Computing
Despite the challenges that exist today around Cloud Computing, TCS believes that Cloud
Computing will become an increasingly viable option for enterprise IT. TCS proposes a range of
services to customers, beginning with an advisory role in helping customers identify
opportunities for leveraging Cloud Computing to enabling new business models. As a part of the
services, TCS will address key questions which its enterprise customers have been asking, and
will provide unique solutions through its TM TCS COIN -based Cloud initiative Each service
offering needs special competencies. Helping customers define a to-be strategy, devise a
timeline, and a business case to move to the Cloud requires not just domain expertise but
experience in end-to-end business transformation. Migrating Applications to the Cloud requires
proven migration methodologies and toolsets which can rapidly cloud-enable applications. Fresh
development of applications for the Cloud and in the Cloud requires a deep understanding of
all the 3 Cloud delivery models - SaaS/PaaS/IaaS as well as tools for rapid application
development and deployment in the Cloud.Cloud management services presuppose an
Application Driven Infrastructure Management approach, among other things.
TCS has been providing a mature IT-as-a-Service component as a part of its Small and Medium
Business (SMB) offering, which has built a completely new business model and which leverages
the mindset and technologies of the Cloud.
TCS Cloud Taxonomy
With a lot of information available on Cloud Computing, it is imperative to build a taxonomy
which forms the basis for common understanding and focus. TCS has extensively studied this
area, and the following taxonomy reflects TCSs insights on Cloud Computing. There are other
taxonomies available such as the OpenCrowd Cloud Taxonomy. All these views will be the basis
for the standardization efforts that have just started across the industry.
8/2/2019 varun bakshi_cloud project.pdf
27/49
26
The Cloud Taxonomy consists of four layers, eight sub-layers, and a variety of areas to address.
Though layers and sublayers are static, TCS foresees that the areas to address will be a growing
list. The growing list is denoted by ellipsis in the following figure:-
8/2/2019 varun bakshi_cloud project.pdf
28/49
27
Service Offerings in the Cloud
Cloud Advisory Services
Cloud Migration Services
Cloud Development Services
Cloud Management Services
Cloud Strategic Services
Based on the 4.0 Cloud Services layer in the TCS Cloud Taxonomy, TCS will provide the
following five service offerings:
Cloud Advisory Services
For Cloud, TCS will help customers define to-be state strategy. The strategy will Honor
business and application constraints and requirements Identify appropriate target state for each
application Address issues of interoperability, investment protection and lock-in TCSs
integrated consulting and IT services capabilities bring continuity and consistency to customers
strategic programs.
TCS will address a comprehensive set of questions on the what (strategy), when (timelines),
and why (business case)
Cloud Migration Services
The typical entry point for the customers to the Cloud will be migration of their existing
applications to the Cloud,initially as a proof-of-concept and later in production.
In addition to the Cloud, TCS has extensive capabilities on application migration with
automation assets and agility of building/enhancing tools for customer or engagement specific
purposes. TCS has executed vast migration projects in which it has handled large engagements,
wide variety of technologies, implemented tool-based approach and end-to-end solution
including architecture definition, testing and performance engineering, which will also apply to
the migration engagements in Cloud.
8/2/2019 varun bakshi_cloud project.pdf
29/49
28
Cloud Development Services
Application development will be a key activity for organizations that want to use Cloud
Computing. TCS classifies the development as follows:
For the CloudAn application will be built to run in the Cloud.
In the CloudApplication development will use platforms and environments that run in the
Cloud.
TCS has built tools and platforms to support rapid application development and deployment, and
they are being enhanced to support a Cloud model.
TCS InstantApps empowers business analysts to create Web based applications using its
WYSIWYG designer. It has built in features to move applications from the Dev environment to
the production environment, if the application is also available in the same Cloud. Dev 2.0 Do It
Yourself paradigm enables the customers to build simple applications and use it by themselves
without TCS being involved. InstantApps will be available as a cloudenabled PaaS.
TCS Model-Driven Development (MDD) toolset (TCS MasterCraft ) provides an integrated
environment along with a product or application development lifecycle. This significantly reuses
code to speed up the new application development, legacy system integration, and/or making
enhancements. With a variety of Cloud platforms available, standardization efforts are still inprogress while vendor lock-in could become an issue with the usage of vendor-specific APIs.
Besides, there is a need to define programming models, right abstractions, development, design,
deployment and evolution architectures for data-intensive business applications in the
TM Cloud. TCS will enhance MasterCraft to support application development for the Cloud.
Cloud Management Services
Though customers are aware of the Infrastructure Management Services, they want to know how
this is adapted to manage a Cloud infrastructure.
TCS NetAsthra will be enhanced to provide a single window view of the health of the entire
federated virtual private cloud. This is a reporting tool and a real time dashboard that can be
8/2/2019 varun bakshi_cloud project.pdf
30/49
29
seamlessly integrated with leading industry ESM tools such as BMC Patrol, CA Unicenter, and
HP Openview, and other monitoring solutions.
Cloud Strategic Services
While migration, development, and management of applications on a Cloud infrastructure can be
considered as an adaptation of existing tools and methodologies of conventional applications, a
new offering is emerging in the Cloud arena, which provides tremendous opportunities to the
vendors and service providers in providing innovative business models and applications in the
Cloud. There are opportunities around innovative licensing and payment terms, which will
enable almost any kind of application to be made available in the Cloud.
TCS Small and Medium Business (SMB) Offering
IT-as-a-Service is the TCS way of serving SMBs. In the IT-as-a-Service model, we deliver
on-demand business capability with an integrated suite of hardware, network and software
solutions. This also includes the required business, technical and consulting services for SMBs.
The services are provided in a build-as-you-grow, pay-as-you use model through a
combination of on premise and shared services hosted platforms. Through this, TCS provides a
One Stop Shop for all SMB needs and removes the pain of running a highly complex internal
IT departments and dealing with a large number of local vendors. We also understand SMBs
constraints with IT related budget and hence provide a build as you grow model, which gives
the subscriber flexibility in IT investment. The pay-as-you-use option provides SMBs the
choice of scaling up, when their business grows. This gives them comfort of low capital
investment.
8/2/2019 varun bakshi_cloud project.pdf
31/49
30
CLOUD COMPUTING IN HEALTHCARE INDUSTRY
A high upfront cost has been the main deterrent to health care IT adoption, as India has
traditionally always been a cost-sensitive market. However, this trend is gradually changing.
The three key pain points for health care service providers are:
High initial costs
The need for human resources to maintain and service systems in-house
Accessibility of data 24/7
A good cloud computing provider can resolve such challenges as it can deliver reliable 24/7 data
access at reasonable costs. This is the best solution for the Indian health care system, since it
reduces upfront investments in software and hardware. However, the concept of cloud computing
is yet to prove its worth in health care, with just a few early adopters of this technology with an
established presence in this area.
The most significant challenge in adopting this technology lies in the uncertainty around
whether hospitals and clinics will trust their data to be stored offsite.
Challenges for technology adoption in the Indian health care industry:
The health care delivery environment in India has distinctive challenges. Inadequate
infrastructure and a constrained health care delivery work process further intensify the
complexity.
Other challenges in integrating IT into the Indian health care system include:
Lack of standards Lack of in-house IT domain knowledge
Reluctance of medical, nursing and other staff to adjust to change
Apprehensions around technology failures (paper systems appear more reliable)
Lack of proper vendor support
8/2/2019 varun bakshi_cloud project.pdf
32/49
31
Cloud computing in the health care sector
The health care sector is now increasingly automated and highly dependent on information
technology in the daily functioning of their businesses. They use health care management and
information systems (HMIS), picture archiving and communications systems (PACS), electronic
medical/health records (EMR/EHR) and point of care systems and generate significant clinical
data. The key users of IT, apart from hospitals are also diagnostic centers, clinics or medical
centers and R&D within drug companies.
Correspondingly, these networks are complex and face constraints such as the availability of
these services in remote locations, business continuity requirements, data security and integrity.
The awareness and interest for cloud computing in the health care segment is at a nascent stage.
Currently, hospitals spend a significant portion of their budget on non core resource costs.
Cloud services extend to health care provide the promise of reduced IT costs in the face of
continued margin pressures and the critical need to generate and store large amounts of health
data or information. For the small and medium business (SMB) health care providers, cloud IaaS
services lower the barriers to market growth by minimizing technology costs and upfront
investments. For hospitals, besides keeping costs low, cloud helps in meeting compliance
requirements of maintaining EHRs.
Health care providers can use private or public cloud to:
Store pathology and other reports(x-ray, etc.)
Maintain and store patient records/billing/claimns.
Host third party or in house applications (HMIS,etc)
Connect on a community level between doctors/hospitals, diagnostics companies and
patients.
8/2/2019 varun bakshi_cloud project.pdf
33/49
32
Cloud technology from Microsoft
As one of the largest, hosted services providers in the world, Microsoft offers a solid track record
as an online solution provider. Long established in the cloud, Microsoft continues to invest
heavilyU.S.$9.5 billion per yearin research and development to help drive the technology
further.
Uptime
Microsoft guarantees 99.9 percent uptime at its data centers, which are outfitted to operate during
power outages and after natural disasters. Microsoft replicates data from its primary data centers
to secondary data centers for redundancy, without storing any data offsite
Government IT is not one size fits alland neither is the cloud. Thats why our approach to
cloud computing is developed on providing you with choices and flexibility. Government IT will
continue to run applications within its own environment while adding new applications and
services that run in the cloud. Our focus is making solutions for the real world of hybrid IT
environments by providing cost-effective software and services that support your efforts to boost
economic growth, create opportunities, and address societal challenges. And our extensive
community of partners is available to work with you to deliver innovative solutions on premises
or in the cloud.
Software and services from Microsoft
Microsoft Business Productivity Online Suite delivers a suite of services, also available as stand-
alone software, for hosted communication and collaboration. Microsoft Exchange Online
delivers your e-mail with protection, along with calendar and contacts. Microsoft SharePoint
Online creates a highly secure, central location for collaboration, content, and workflow.
Microsoft Office Communications Online provides real-time person-to-person communicationsthrough text, voice, and video. Microsoft Office Live Meeting delivers hosted Web conferencing.
For agencies that require a secure, isolated hosted environment, our enhanced Business
Productivity Online Suite meets International Traffic in Arms Regulations (ITAR), with
8/2/2019 varun bakshi_cloud project.pdf
34/49
33
fingerprint access control and data access limited to U.S. citizen personnel who have cleared
background checks.
Microsoft Exchange Hosted Services offers online tools to help your organization protect itself
from spam and malicious software, satisfy retention requirements for e-discovery and
compliance, encrypt data to preserve confidentiality, and more. Microsoft Forefront Online
Protection for Exchange helps protect e-mail from spam, viruses, phishing scams, and e-mail
policy violations.
Microsoft Dynamics CRM Online streamlines customer relationship management, and delivers
results through your browser and within your everyday productivity applications.
Microsoft Office Web Apps (coming soon) let you access documents from virtually anywhere,
and provides online access to your work and a core set of Microsoft Office functionality over theWeb.
Platform and infrastructure services from Microsoft
Azure Services Platform supports applications, data, and infrastructure in the cloud, giving you
the flexibility to run applicationsor just store code or datain the cloud, on premise, or with a
combination of both. Azure Services Platform is an on-demand operating environment for
hosting, managing, and creating application services in the cloud, making it the choice of many
Microsoft partners who are using it to build their own public and private cloud services and data
centers.
Featuring Windows Azure for running Windows applications and storing data in the cloud,
Azure Services Platform also includes Microsoft SQL Azure Database, a cloud-based, relational
database service built on Microsoft SQL Server that offers highly available, scalable, multi-
tenant database services. Software developers can use Windows Azure Tools for Microsoft
Visual Studio to create, configure, build, debug, and run Web applications and services on
Windows Azure. Windows Azure platform AppFabric, formerly known as .NET Services, makes
it simpler for them to connect cloud services and on-premise applications.
For more information, see our Windows Azure platform white papers.
8/2/2019 varun bakshi_cloud project.pdf
35/49
34
Microsoft Code-Name Dallas makes it easy to find, purchase, and manage premium data
subscriptions in the Windows Azure platform, and you can consume the data from any platform,
application, or business workflow.
Dynamic Data Center Toolkit for Enterprise is a free, partner-extensible toolkit that provides a
framework for creating virtualized IT infrastructures. IT teams can use the toolkit with Windows
Server 2008 R2 Hyper-V and Microsoft System Center Virtual Machine Manager 2008, along
with partner extensions, to plan, operate, and deliver the foundation for a private cloud.
System Center Online Desktop Manager lets you easily secure, update, monitor, configure, and
troubleshoot computers from a single Web-based consolewithout the overhead associated with
installing and maintaining an on-premise management infrastructure.
8/2/2019 varun bakshi_cloud project.pdf
36/49
35
Cloud ERP
ERP software that is deployed into a cloud environment becomes "Cloud ERP Software". Most
(if not all) Cloud environments are built using virtualization and load balancing technology that
allows applications to be deployed across multiple servers and database resources.
Ramco OnDemand ERP
Ramco OnDemand ERP is a Software as a Service (SaaS) ERP delivered on the cloud
Ramco OnDemand ERP is the right solution for all your enterprise needs, because it takes the
full power of ERP and places it on the cloud. Our ERP solution enables you to run the required
solution on the Internet. Since it is a delivery of application (ERP) via Internet, you do not
require any investment on new hardware, training, or additional IT staff. Also, you need not
worry about the maintenance & upgrades, as all these happens automatically. Moreover, Ramco
OnDemand ERP is so simple to install and can be implemented in weeks, and is definitely cost
effective. Ramco OnDemand ERP is completely modular; you can choose the functions you need
to achieve the perfect fit for your business. As the solution is available on the subscription
model, you can scale up or down as per your requirements and save costs.
Ramco OnDemand ERP is a solution from Ramco Systems, a global software solution company
in India, which has invested heavily in the state-of-the-industry service delivery, security
technologies, and certification programs
Ramco OnDemand ERP offers the following integrated features:
Enterprise Resource Planning
The ERP functionality in Ramco OnDemand ERP is designed to meet the needs of growing
companies, and is based on the traditional Ramco ERP application, an industry-leading product.
The software includes comprehensive features to manage all facets of your business. It delivers
role-based access to business application data and analytical tools. Your company can use it
across the following areas:
8/2/2019 varun bakshi_cloud project.pdf
37/49
36
Human Capital Management
Cost Planning and Control
Supply Chain Management
Discrete Production
Process Production
Tool Management
Maintenance
Customer Relationship Management
Financial Management
Service Management
Business Analytics
Ramco Business Analytics solution empowers organizations to 'Measure, Monitor and Manage'
their business goals and growth. This solution comprises the facility to conduct a simple yet
comprehensive analysis of data and processes, on a real-time basis, and this eases decision
making. With this solution, you can analyze, measure, and control organizational processes,
and this provides a framework for planning ahead.
Extension Tools
Ramco's extension tools are an integral part of Ramco OnDemand ERP. They encompass the
methodology, configuration settings, and documentation, which enable you to quickly evaluate,
implement, and deploy best business practices for both industry-specific and general activities.
These tools include the Extension Development Kit (EDK), which is pivotal in the effective
functioning of a successful ERP application.
Ramco EDK allows organizations to build their own unique set of extended features to theirexisting functionalities. Ramco's EDK does this, without modifying the base product source
code. As a result, migration to the next version is not compromised. Ramco EDK is also useful
for making in-house changes after the solution goes live.
8/2/2019 varun bakshi_cloud project.pdf
38/49
37
Technology Platform
Ramco OnDemand ERP is based on Ramco VirtualWorksTM(RVW) Platform.
The Ramco VirtualWorksTMis a new breed of enterprise software, which allows organizations
to assemble global-class applications rather than engineer them.
Data Security at Ramco
8/2/2019 varun bakshi_cloud project.pdf
39/49
38
Business case for cloud computing
The promise of cloud computing is real. It has the potential to reshape the role that IT plays
within an organization to the same extent that the Internet has changed communications and
commerce.
Efficiency and cost control.
Companies depend on being able to provide consistent, reliable access to internal applications,external websites, and customer portals. In a traditional computing environment, this creates the
need to build and maintain redundant systems, which can be expensive and difficult to manage.
In cloud computing, this function is moved to the cloud, where service providers can leverage
economies of scale to provide a highly reliable platform with greater cost and management
efficiency.
For many organizations, the most appealing feature of cloud computing is the flexible capacity it
offers. Access to large amounts of scalable computing power gives organizations the freedom to
adjust capacity up and down with the natural cycles of business. Resources can be added, turned
off, or reassigned whenever necessary. The cloud eliminates the need for over-provisioning
and the unnecessary hardware, software, maintenance, and electricity costs it incurs.
Better business support.
The advantages of cloud computing are especially clear when looked at from a business
perspective. By reducing the time and effort required to launch new applications, cloud
computing helps IT become more responsive to the pace and dynamic nature of business.
For IT, deploying a new business application is a major undertaking. Without sufficient time to
assemble the necessary resources (human and financial), IT becomes a bottleneck to projects that
could benefit the business. Applications supported by the cloud dont require the deployment of
a large infrastructure at the customers location, which dramatically reduces the upfront
8/2/2019 varun bakshi_cloud project.pdf
40/49
39
commitment of resources. New applications can be approved and deployed more quickly,
making it easier to satisfy the needs of business managers throughout the organization.
Better financial management.
With cloud computing, the financials are dramatically altered. Cloud computing eliminates the
need for large capital outlays to launch new applications, moving the decision out of the
investment realm and into the operational.
Transitioning from a capital expense model to an operational expense model reduces financial
risk to monthly increments and provides a higher degree of flexibility to manage expenses over
time. If the market slows, organizations arent locked into expenses their budgets can no longer
support. If applications produce disappointing results, an enterprise can walk away or pursue a
different direction without having to abandon an expensive on-premises infrastructure.
Stronger IT focus.
Cloud computing creates an opportunity for IT departments to change their focus from deploying
and supporting applications to managing the services that those applications provide. By
transferring the responsibility for monitoring and maintenance activities to a third party, the ITdepartment can focus more on high-value activities that align with and support the business goals
of the enterprise.
Instead of being primarily reactive and operations-focused, the chief information officer (CIO)
can function more as a technology strategist, working with business units to understand their
business needs and advising them on how best to use technology to accomplish their objectives.
8/2/2019 varun bakshi_cloud project.pdf
41/49
40
Threats to Cloud Computing
Abuse and Nefarious Use of Cloud Computing
Cloud Computing represents one of the most significant shifts in information technology many
of us are likely to see in our lifetimes. Reaching the point where computing functions as a utility
has great potential, promising innovations we cannot yet imagine.
Customers are both excited and nervous at the prospects of Cloud Computing. They are excited
by the opportunities to reduce capital costs. They are excited for a chance to divest themselves of
infrastructure management, and focus on core competencies. Most of all, they are excited by the
agility offered by the on-demand provisioning of computing and the ability to align information
technology with business strategies and needs more readily. However, customers are also very
concerned about the risks of Cloud Computing if not properly secured, and the loss of direct
control over systems for which they are nonetheless accountable.
Examples
IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for
Microsoft Office and Adobe PDF exploits. Additionally, botnets have used IaaS servers for
command and control functions. Spam continues to be a problemas a defensive measure,
entire blocks of IaaS network addresses have been publicly blacklist.
Insecure Interfaces and APIs
Cloud Computing providers expose a set of software interfaces or APIs that customers use to
manage and interact with cloud services. Provisioning, management, orchestration, and
monitoring are all performed using these interfaces. The security and availability of general
8/2/2019 varun bakshi_cloud project.pdf
42/49
41
cloud services is dependent upon the security of these basic APIs. From authentication and
access control to encryption and activity monitoring, these interfaces must be designed to protect
against both accidental and malicious attempts to circumvent policy. Furthermore, organizations
and third parties often build upon these interfaces to offer value-added services to their
customers. This introduces the complexity of the new layered API; it also increases risk,
as organizations may be required to relinquish their credentials to third parties in order to enable
their agency.
Examples
Anonymous access and/or reusable tokens or passwords, clear-text authentication or
transmission of content, inflexible access controls or improper authorizations, limited monitoring
and logging capabilities,unknown service or API dependencies.
Malicious Insiders
The threat of a malicious insider is well-known to most organizations. This threat is amplified for
consumers of cloud services by the convergence of IT services and customers under a single
management domain, combined with a general lack of transparency into provider process and
procedure. For example, a provider may not reveal how it grants employees access to physicaland virtual assets, how it monitors these employees, or how it analyzes and reports on policy
compliance. To complicate matters, there is often little or no visibility into the hiring standards
and practices for cloud employees. This kind of situation clearly creates an attractive opportunity
for an adversary ranging from the hobbyist hacker, to organized crime, to corporate
espionage, or even nation-state sponsored intrusion. The level of access granted could enable
such an adversary to harvest confidential data or gain complete control over the cloud services
with little or no risk of detection.
Impact:- The impact that malicious insiders can have on an organization is considerable, given
their level of access and ability to infiltrate organizations and assets. Brand damage, financial
impact, and productivity losses are just some of the ways a malicious insider can affect an
operation. As organizations adopt cloud services, the human element takes on an even more
8/2/2019 varun bakshi_cloud project.pdf
43/49
42
profound importance. It is critical therefore that consumers of cloud services understand what
providers are doing to detect and defend against the malicious insider threat.
Shared Technology Issues
IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the
underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not
designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a
virtualization hypervisor mediates access between guest operating systems and the physical
compute resources. Still, even hypervisors have exhibited flaws that have enabled guest
operating systems to gain inappropriate levels of control or influence on the underlying platform.
A defense in depth strategy is recommended, and should include compute, storage, and network
security enforcement and monitoring. Strong compartmentalization should be employed to
ensure that individual customers do not impact the operations of other tenants running on the
same cloud provider. Customers should not have access to any other tenants actual or residual
data, network traffic, etc.
Examples
Joanna Rutkowskas Red and Blue Pill exploitsKortchinksys CloudBurst presentations.
Data Loss or Leakage
There are many ways to compromise data. Deletion or alteration of records without a backup of
the original content is an obvious example. Unlinking a record from a larger context may render
it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in
effective destruction. Finally, unauthorized parties must be prevented from gaining access to
sensitive data. The threat of data compromise increases in the cloud, due to the number of and
interactions between risks and challenges which are either unique to cloud, or more dangerous
because of the architectural or operational characteristics of the cloud environment.
Examples
8/2/2019 varun bakshi_cloud project.pdf
44/49
43
Insufficient authentication, authorization, and audit (AAA) controls; inconsistent use of
encryption and software keys; operational failures; persistence and remanence challenges:
disposal challenges; risk of association; jurisdiction and political issues; data center reliability;
and disaster recovery.
Account or Service Hijacking
Account or service hijacking is not new. Attack methods such as phishing, fraud, and
exploitation of software vulnerabilities still achieve results. Credentials and passwords are often
reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to the
landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities
and transactions, manipulate data, return falsified information, and redirect your clients to
illegitimate sites. Your account or service instances may become a new base for the attacker.
From here, they may leverage the power of your reputation to launch subsequent attacks
Impact
Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen
credentials, attackers can often access critical areas of deployed cloud computing services,
allowing them to compromise the confidentiality, integrity and availability of those services.
Organizations should be aware of these techniques as well as common defense in depth
protection strategies to contain the damage (and possible litigation) resulting from a breach.
Unknown Risk Profile
One of the tenets of Cloud Computing is the reduction of hardware and software ownership and
maintenance to allow companies to focus on their core business strengths. This has clear
financial and operational benefits, which must be weighed carefully against the contradictory
security concerns complicated by the fact that cloud deployments are driven by anticipated
benefits, by groups who may lose track of the security ramifications. Versions of software, code
updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all
important factors for estimating your companys security posture. Information about who is
sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection
attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can
8/2/2019 varun bakshi_cloud project.pdf
45/49
44
result in unknown exposures. It may also impair the in-depth analysis required highly controlled
or regulated operational areas.
Examples
IRS asked Amazon EC2 to perform a C&A; Amazon refused.
How Integrated, Web-Based Software Makes Business More Efficient
Cloud computing is the future of business software. Using online software to free you up to get
on with actually running your business and making informed decisions based on the information
you get. Theres a plethora of web based systems available for accounting, CRM, ecommerce
and email marketing, as well as service desk, billing and card payments.
If your business has been running for a while, then youll have a load of contacts, leads,
customers and suppliers, as well as a bookkeeping system to make sure that youre tracking
money properly. Maybe youve also got a website thats capturing new leads and sending you an
email each time. If you sell products, then you might be running a stock control system, maybe
only on Excel, but its a system nonetheless.
As the business grows, youll be taking on more s taff that will need to get to grips with the
information management systems that youre using. Getting the information out of the ownershead and into a system is a crucial step in the life of any business, and the sooner you start being
organised, then faster youll grow. Not to mention the fact that using an intuitive, powerful piece
of software means that you can spend less time on training staff and more time on selling!
If youve got different software applications for each part of your business, then its going to
take more time to get things done. Re-keying data takes time, and also opens up room for human
error. You need to know where the most up to date information is when a contact is in your
accounting system as well as your invoicing or CRM package, which one is right?
Integrated software brings all your essential tools into the same application, which means that
you can move quickly efficiently and also gives you brilliant reporting capabilities without
spending hours in spreadsheets. Having this integrated system online as a web based application
8/2/2019 varun bakshi_cloud project.pdf
46/49
45
extends this power so that you can access the same, live data as the rest of your team, from
wherever you all happen to be working.
Online CRM (Customer Relationship Management) software can be set up to create contacts
automatically from your website, sending an automated response to keep customers engaged
until you are ready to follow up. From here, they progress through various steps as you start to
narrow down deals and make sales. Sending quotes and invoices straight out by email from a
web based application is easy, and the client can approve or pay online by card. When invoices
are raised and payments made, everything happens in the same system, which means that you
can track the entire relationship from beginning to end without needing to bounce between
different pieces of software. No re-keying of data. Everything is online, accessible from home,
office or on the road, by multiple users, all at the same time.
8/2/2019 varun bakshi_cloud project.pdf
47/49
46
Business Benefits Of Cloud Computing
Low initial investment
Cloud services usually offer a low initial investment or a free trial, allowing you to try the
application and make sure that it does what you need, before you spend money. In contrast,
traditional software needs to purchased and installed on your computer before it can be assessed,
which takes time and money
Software that grows with your business
You dont need to pay for a large amount of software features that you dont need. Cloud
services tend to have several pay plans, allowing you to start with a basic package and roll out
more services as your business grows and needs more sophisticated software systems. For
example, Pearl costs as little as 10 per month (ex VAT) per user. If you need more features, you
pay more for them when you need them.
Reduce your spend on IT
Cloud Computing services are hosted by the company supplying them, so theres less need for
you to have your own servers, software and dedicated IT support staff, which reduces your
overheads, something thats very important in the current economic climate.
Flexibility in working
Cloud Services are accessed securely through a web browser giving you and your staff access to
vital business information anywhere, anytime, from any computer (MAC or PC). This makes
implementing a flexible, mobile working system much more simple.
No need to worry about backing up your data
8/2/2019 varun bakshi_cloud project.pdf
48/49
47
All the data you enter into a Cloud application will be looked after by the service provider, so
you dont need to worry about having to back-up the data on your computer in case it is lost,
damaged or stolen. Service Providers will store your data in specialist data centres, where there
is very low risk of it being damaged, and it is available for you to access whenever you need it.
REFERENCES & SOURCES
The IT Report, Winter 2011
GAP Task Force on CLOUD COMPUTING Final Report, May 2011
Wikipedia, Cloud Computing -available at
http://en.wikipedia.org/wiki/Cloud_computing
RightScale Inc. (2009), RightScale Cloud Management Features - available at
http://www.rightscale. com/products/features/May 2011, Australia
Chong, F; Carraro, G & Wolter, R (2006), Multi-Tenant Data Architecture - available at
http://msdn.microsoft.com/en-us/library/aa479086.aspx
White paper, Think Grid,2011
IDC Cloud Computing 2010 - An IDC Update, Frank Gens, Robert P Mahowald, Richard
L Villars, Sep 2009 - Doc # TB20090929, 2009
Technical aspects of Cloud computing, Lus Ferreira Pires,University of
Twente,Meeting of the NVvIR, 17 June 2010
Ranganathan V (2010), Privacy Issues with Cloud Applications,IS Channel,
Vol. 5, No. 1, pp. 16-20.
Top Threats To Cloud Computing V1.0 Prepared by the Cloud Security Alliance,
March 2010
http://en.wikipedia.org/wiki/Cloud_computinghttp://msdn.microsoft.com/en-us/library/aa479086.aspxhttp://msdn.microsoft.com/en-us/library/aa479086.aspxhttp://en.wikipedia.org/wiki/Cloud_computing8/2/2019 varun bakshi_cloud project.pdf
49/49
http://www.forrester.com/cloudsecuritywebinar
http://www.cerias.purdue.edu/site/blog/post/symposium_summary_security_in_the_clou
d_panel/