Cloud computing is all the rage.

"It's become the phrase du jour," says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition. As a metaphor for the Internet, "the cloud" is a familiar cliché, but when combined with "computing," the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is "in the cloud," including conventional outsourcing. Cloud computing comes into focus only when you think about what IT always needs: a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel, or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT's existing capabilities. Cloud computing is at an early stage, with a motley crew of providers large and small delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Yes, utility-style infrastructure providers are part of the mix, but so are SaaS (software as a service) providers such as Salesforce.com. Today, for the most part, IT must plug into cloudbased services individually, but cloud computing aggregators and integrators are already emerging. InfoWorld talked to dozens of vendors, analysts, and IT customers to tease out the various components of cloud computing. Based on those discussions, here's a rough breakdown of what cloud computing is all about: 1. SaaS This type of cloud computing delivers a single application through the browser to thousands of customers using a multitenant architecture. On the customer side, it means no upfront investment in servers or software licensing; on the provider side, with just one app to maintain, costs are low compared to conventional hosting. Salesforce.com is by far the best-known example among enterprise applications, but SaaS is also common for HR apps and has even worked its way up the food chain to ERP, with players such as Workday. And who could have predicted the sudden rise of SaaS "desktop" applications, such as Google Apps and Zoho Office? 2. Utility computing The idea is not new, but this form of cloud computing is getting new life from Amazon.com, Sun, IBM, and others who now offer storage and virtual servers that IT can access on demand. Early enterprise adopters mainly use utility computing for supplemental, non-mission-critical needs, but one day, they may replace parts of the datacenter. Other providers offer solutions that help IT create virtual datacenters from commodity servers, such as 3Tera's AppLogic and Cohesive Flexible Technologies' Elastic Server on Demand. Liquid Computing's LiquidQ offers similar capabilities, enabling IT to stitch together memory, I/O, storage, and computational capacity as a virtualized resource pool available over the network.

Well-known examples include Rearden Commerce and Ariba. They're most common in trading environments. which mainly concerns itself with serving SaaS providers. such as a virus scanning service for e-mail or an application monitoring service (which Mercury. ADP payroll processing. such as those offered by CenterBeam or Everdream.3. cloud-based mashup platforms abound.such as Strike Iron and Xignite -. Platform as a service Another SaaS variation. with such cloud-based interconnection seldom in evidence. such as expense management systems that allow users to order travel or secretarial services from a common platform that then coordinates the service delivery and pricing within the specifications set by the user. Web service providers offer APIs that enable developers to exploit functionality over the Internet. Way ahead of its time. cloud computing might be more accurately described as "sky computing. Prime examples include Salesforce. CapeClear. among others. recently acquired by Google. as do such cloudbased anti-spam services as Postini. SaaS provider Workday recently acquired another player in this space. On the other hand. Internet integration The integration of cloud-based services is in its early days. as virtualization and SOA permeate the enterprise. scalable infrastructure should eventually make every enterprise a node in the cloud. and Verizon fall into this category. OpSource.com. an ESB (enterprise service bus) provider that was edging toward b-to-b integration. MSP (managed service providers) One of the oldest forms of cloud computing. this cloud computing service offers a service hub that users interact with. Postal Service. 7. Like Legos. Coghead and the new Google App Engine. They range from providers offering discrete business services -.com's Force.to the full range of APIs offered by Google Maps. You build your own applications that run on the provider's infrastructure and are delivered to your users via the Internet from the provider's servers. the idea of loosely coupled services running on an agile. but you do get predictability and pre-integration. 6. 5. and even conventional credit card processing services. Managed security services delivered by SecureWorks." with many isolated clouds of services which IT customers must plug into individually. 4. provides). a managed service is basically an application exposed to IT rather than to end-users.S. so you don't get complete freedom. Grand Central -which wanted to be a universal "bus in the cloud" to connect SaaS providers and provide integrated solutions to customers -. these services are constrained by the vendor's design and capabilities. which employs in-the-cloud integration technology from a little startup called Boomi. recently introduced the OpSource Services Bus. Service commerce platforms A hybrid of SaaS and MSP. Other offerings include desktop management services. IBM. this form of cloud computing delivers development environments as a service.flamed out in 2005. the U. rather than delivering full-blown applications. Today. Think of it as an automated service bureau. such as Yahoo Pipes or Dapper.net. Bloomberg. It's a long-running trend with a far- . For extremely lightweight development. Web services in the cloud Closely related to SaaS.

The term "moving to cloud" also refers to an organization moving away from a traditional CAPEX model (buy the dedicated hardware and depreciate it over a period of time) to the OPEX model (use a shared cloud infrastructure and pay as one uses it). But among big metatrends. Such virtual servers do not physically exist and can therefore be moved around and scaled up (or down) on the fly without affecting the end user . rather likCloud computing relies on sharing of resources to achieve coherence and economies of scale. and enables IT to more rapidly adjust resources to meet fluctuating and unpredictable business demand. The cloud also focuses on maximizing the effectiveness of the shared resources. is required for a variety of functions. For example. This can work for allocating resources to users. air conditioning. cloud computing is the hardest one to argue with in the long term. platform as a service (PaaS).[56] such as Strategy-as-a-Service. and means the ability to run a program or application on many connected computers at the same time. simulated by software running on one or more real machines.[1] In science. Cloud resources are usually not only shared by multiple users but are also dynamically reallocated per demand. a cloud computer facility that serves European users during European business hours with a specific application (e.out horizon..[3] Proponents also claim that cloud computing allows enterprises to get their applications up and running faster. Collaboration-as-a- . rackspace. Service models Cloud computing providers offer their services according to several fundamental models:[2][55] infrastructure as a service (IaaS). similar to a utility (like the electricity grid) over a network. email) may reallocate the same resources to serve North American users during North America's business hours with a different application (e.arguably. with improved manageability and less maintenance. and software as a service (SaaS) where IaaS is the most basic and each higher model abstracts from the details of the lower models.[2] At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. cloud computing is a synonym for distributed computing over a network.g. Proponents claim that cloud computing allows companies to avoid upfront infrastructure costs. ---------------------------------------\\ Cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. The phrase also more commonly refers to network-based services.. and focus on projects that differentiate their businesses instead of infrastructure. Other key components in anything as a service (XaaS) are described in a comprehensive taxonomy model published in 2009.g. This approach should maximize the use of computing powers thus reducing environmental damage as well since less power. and are in fact served up by virtual hardware. etc. a web server). which appear to be provided by real server hardware.

Cloud communications and cloud telephony. load balancers. To deploy their applications. cloud users install operating-system images and their application software on the cloud infrastructure. IP addresses.[57] Infrastructure as a service (IaaS) See also: Category:Cloud infrastructure In the most basic cloud-service model. and software bundles. virtual local area networks (VLANs).[58] IaaS-cloud providers supply these resources on-demand from their large pools installed in data centers. recognized service categories of a telecommunication-centric cloud ecosystem. raw (block) and filebased storage.Service. Business Process-as-a-Service. (A hypervisor. rather than replacing local computing infrastructure. replace local telecommunications infrastructure with Voice over IP and other offsite Internet services. providers of IaaS offer computers – physical or (more often) virtual machines – and other resources. Database-as-a-Service. In this model. Cloud providers typically bill IaaS services on a utility computing basis[citation needed]: cost reflects the amount of resources allocated and consumed. . etc. In 2012. such as Hyper-V or Xen or KVM or VMware ESX/ESXi. customers can use either the Internet or carrier clouds (dedicated virtual private networks).) IaaS clouds often offer additional resources such as a virtual-machine disk image library. the cloud user patches and maintains the operating systems and the application software. For wide-area connectivity. Pools of hypervisors within the cloud operational support-system can support large numbers of virtual machines and the ability to scale services up and down according to customers' varying requirements. firewalls. network as a service (NaaS) and communication as a service (CaaS) were officially included by ITU (International Telecommunication Union) as part of the basic cloud computing models. runs the virtual machines as guests.

[59] Software as a service (SaaS) Main article: Software as a service In the business model using software as a service (SaaS). This enables the business to reallocate IT operations costs away from hardware/software spending and personnel expenses. with applications hosted centrally. In the SaaS model. SaaS providers generally price applications using a subscription fee. towards meeting other goals. test environment as a service. updates can be released without the need for users to install new software. users are provided access to application software and databases. Cloud applications are different from other applications in their scalability—which can be achieved by cloning tasks onto multiple virtual machines at run-time to meet changing work demand. This eliminates the need to install and run the application on the cloud user's own computers. any machine serves more than one cloud user organization. communication as a service. programming language execution environment. The latter has also been proposed by an architecture aiming to facilitate realtime in cloud environments.[62] Proponents claim SaaS allows a business the potential to reduce IT operational costs by outsourcing hardware and software maintenance and support to the cloud provider. Application developers can develop and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software layers. To accommodate a large number of cloud users. there could be . who sees only a single access point. With some PaaS offers like Windows Azure. One drawback of SaaS is that the users' data are stored on the cloud provider's server. the underlying computer and storage resources scale automatically to match application demand so that the cloud user does not have to allocate resources manually. Cloud providers manage the infrastructure and platforms that run the applications. It is common to refer to special types of cloud-based application software with a similar naming convention: desktop as a service. The pricing model for SaaS applications is typically a monthly or yearly flat fee per user. Cloud users do not manage the cloud infrastructure and platform where the application runs. In addition. which simplifies maintenance and support. typically including operating system.Platform as a service (PaaS) Main article: Platform as a service See also: Category:Cloud platforms In the PaaS models. business process as a service. and web server.[61] so price is scalable and adjustable if users are added or removed at any point. This process is transparent to the cloud user. cloud providers install and operate application software in the cloud and cloud users access the software from cloud clients.[60] Load balancers distribute the work over the set of virtual machines. database. SaaS is sometimes referred to as "on-demand software" and is usually priced on a pay-per-use basis. As a result. that is. cloud providers deliver a '''computing platform'''. cloud applications can be multitenant.

however. For this reason. . build. and requires the organization to reevaluate decisions about existing resources. and bandwidth on demand. They have a significant physical footprint. resulting in additional capital expenditures.[63] NaaS involves the optimization of resource allocations by considering network and computing resources as a unified whole. (Discuss) Proposed since February 2013. users are increasingly adopting intelligent thirdparty key management systems to help secure their data.[74] Self-run data centers are generally capital intensive. security consideration may be substantially different for services (applications. When done right. These assets have to be refreshed periodically. and manage them" and thus do not benefit from less hands-on management. storage. Microsoft and Google own and operate the infrastructure and offer access only via Internet (direct connectivity is not offered). it can improve business. but every step in the project raises security issues that must be addressed to prevent serious vulnerabilities.[65][66] Deployment models Private cloud Private cloud is cloud infrastructure operated solely for a single organization. Technically there may be little or no difference between public and private cloud architecture.[2] Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment. They have attracted criticism because users "still have to buy.[63] NaaS concept materialization also includes the provision of a virtual network service by the owners of the network infrastructure to a third party (VNP – VNO). and environmental controls. hardware.[76][77] Public cloud A cloud is called a "public cloud" when the services are rendered over a network that is open for public use. whether managed internally or by a third-party and hosted internally or externally. Generally.[75] essentially "[lacking] the economic model that makes cloud computing such an intriguing concept". and other resources) that are made available by a service provider for a public audience and when communication is effected over a non-trusted network.unauthorized access to the data. public cloud service providers like Amazon AWS.[64] Traditional NaaS services include flexible and extended VPN. Network as a service (NaaS) Main article: Network as a service A category of cloud services where the capability provided to the cloud service user is to use network/transport connectivity services and/or inter-cloud network connectivity services.[32] It has been suggested that Public cloud be merged into this article. requiring allocations of space.

[2] Hybrid cloud Hybrid cloud is a composition of two or more clouds (private. Inc. Another example of hybrid cloud is one where IT organizations use public cloud computing resources to meet temporary capacity needs that can not be met by the private cloud. community or public) that remain unique entities but are bound together.Community cloud Community cloud shares infrastructure between several organizations from a specific community with common concerns (security. It allows one to extend either the capacity or the capability of a cloud service. during spikes in processing demands. and use cloud resources from public or private clouds. public and community cloud services. Hybrid cloud architecture requires both on-premises resources and off-site (remote) server-based cloud infrastructure. public.[79] This capability enables hybrid clouds to employ cloud bursting for scaling across clouds. integration or customization with another cloud service.). from different service providers. by aggregation. A primary advantage of cloud bursting and a hybrid cloud model is that an organization only pays for extra compute resources when they are needed. The costs are spread over fewer users than a public cloud (but more than a private cloud). This example of hybrid cloud extends the capabilities of the enterprise to deliver a specific business service through the addition of externally available public cloud services. an organization may store sensitive client data in house on a private cloud application.[2] Gartner. offering the benefits of multiple deployment models. compliance.[78] A hybrid cloud service crosses isolation and provider boundaries so that it can’t be simply put in one category of private. etc.[81] By utilizing "hybrid cloud" architecture. Varied use cases for hybrid cloud composition exist. For example. or community cloud service. jurisdiction. companies and individuals are able to obtain degrees of fault tolerance combined with locally immediate usability without dependency on internet connectivity.[80] Cloud bursting enables data centers to create an in-house IT infrastructure that supports average workloads.defines a hybrid cloud service as a cloud computing service that is composed of some combination of private. whether managed internally or by a third-party and hosted internally or externally. so only some of the cost savings potential of cloud computing are realized. Distributed cloud .[2] Cloud bursting is an application deployment model in which an application runs in a private cloud or data center and "bursts" to a public cloud when the demand for computing capacity increases. but interconnect that application to a billing application provided on a public cloud as a software service.

In June 2011. The preventative control will safeguard vulnerabilities of the system.[2] Oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Cloud Security Controls Cloud security architecture is effective only if the correct defensive implementations are in place.[1] highlighting the young nature of the technology. In Sept 2011." Each segment serves a different purpose and offers different products for businesses and individuals around the world. the corrective controls take action as an attack is occurring. [[[[ Cloud computing is broken down into three segments: "application" "storage" and "connectivity. [5] The security management addresses these issues with security controls. an Aberdeen Group study found that disciplined companies achieved on average an 68% increase in their IT expense because cloud computing and only a 10% reduction in data center power costs. these controls do not reduce the actual vulnerability of a system. while still connected to a single network or hub service. Unlike the preventative controls. Detective Controls . the preventative controls are in place to cover the attack and reduce the damage and violation to the system's security. If an attack were to occur.Cloud computing can also be provided by a distributed set of machines that are running at different locations. Preventative Controls These controls upgrade the strength of the system by managing the vulnerabilities. they can usually be found in one of the following categories:[6] Deterrent Controls These controls are set in place to prevent any purposeful attack on a cloud system. These controls are put in place to safeguard any weaknesses in the system and reduce the effect of an attack. Examples of this include distributed computing platforms such as BOINC and Folding@Home. Corrective Controls Corrective controls are used to reduce the effect of an attack. An efficient cloud security architecture should recognize the issues that will arise with security management. Much like a warning sign on a fence or a property. While there are many types of controls behind a cloud security architecture. a study conducted by V1 found that 91% of senior IT professionals actually don't know what cloud computing is and two-thirds of senior finance professionals are clear by the concept.

or provide an identity management solution of their own. It also requires application security measures be in place in the production environment. Privacy Finally. Cloud providers either integrate the customer’s identity management system into their own infrastructure. the Health Insurance Portability and Accountability Act (HIPAA).Detective controls are used to detect any attacks that may be occurring to the system. including Payment Card Industry Data Security Standard (PCI DSS). digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud. In the event of an attack. using federation or SSO technology. Many of these regulations require regular reporting and audit trails. Physical and personnel security Providers ensure that physical machines are adequately secure and that access to these machines as well as all relevant customer data is not only restricted but that access is documented. [7] Security and privacy Identity management Every enterprise will have its own identity management system to control access to information and computing resources. Availability Cloud providers assure customers that they will have regular and predictable access to their data and applications. Application security Cloud providers ensure that applications available as a service via the cloud are secure by implementing testing and acceptance procedures for outsourced or packaged application code. among others. Moreover. providers ensure that all critical data (credit card numbers. Compliances Numerous regulations pertain to the storage and use of data. the detective control will signal the preventative or corrective controls to address the issue. Cloud providers must enable their customers to comply appropriately with these regulations TOP THREATS . the Sarbanes-Oxley Act. for example) are masked and that only authorized users have access to data in its entirety.

how it monitors these employees. GPUs.g.Abuse and Nefarious Use of Cloud Computing Some providers even offer free limited trial periods.) were not designed to offer strong isolation properties for a multi-tenant architecture. as can storage on unreliable media. a virtualization hypervisor mediates access between guest operating systems and the physical compute resources  Data Loss/Leakage There are many ways to compromise data. fraud. To address this gap. From authentication and access control to encryption and activity monitoring. Unlinking a record from a larger context may render it unrecoverable. and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused. these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy  Malicious Insiders .  Insecure Application Programming Interfaces The security and availability of general cloud services is dependent upon the security of these basic APIs. Service & Traffic Hijacking Account or service hijacking is not new. Loss of an encoding key may result in effective destruction. unauthorized parties must be prevented from gaining access to sensitive data  Account. For example. Attack methods such as phishing. and other criminals have been able to conduct their activities with relative impunity. Major players . the underlying components that make up this infrastructure ( e. etc. CPU caches. spammers.  Shared Technology Vulnerabilities Often. By abusing the relative anonymity behind these registration and usage models. Deletion or alteration of records without a backup of the original content is an obvious example. which amplifies the impact of such attacks. or how it analyzes and reports on policy compliance. malicious code authors. Finally.. a provider may not reveal how it grants employees access to physical and virtual assets.

IBM has been a key player in a cloud tech called OpenStack for a long time. Rackspace runs an IaaS cloud and made a name for itself by championing OpenStack. low cost alternative for big data centers. too. Citrix makes software for clouds. free cloud operating system known as OpenStack. 5: Google was born in the cloud. 10: SoftLayer is the key to success for two big players. 3: Microsoft is staking out its own turf. VMware and a consortium of vendors who built an open source. Google made big waves in cloud computing last year by launching its own IaaS service. No. 9. too. No 4: Salesforce.No. IBM upped the stakes in a big.com has proved that enterprises really do want the cloud The name Salesforce. Salesforce. IBM and EMC are reportedly both courting cloud-computing company SoftLayer Technologies in an acquisition expected to exceed $2 billion. No. OpenStack and Citrix. No. . Microsoft has a big enterprise cloud.com is almost synonymous with cloud computing. competing with two main rivals. No. But in March. No. 6: Rackspace is leading a massive coalition for free cloud software. of course. Joyent competes with VMware. Azure. with its own cloud operating system. big way. 2: VMware going deeper into all things cloud Until this year VMware didn't offer cloud services itself. 7: IBM: All in for OpenStack. Joyent offers a powerful. It offered software called vCloud for building clouds. No. the Compute Engine. 1: Amazon. 8: Citrix Systems is taking on VMware with some success.com proved that the world wants to buy software-as-a-service. No. No.

. Amazon basically invented the IaaS market.There's no question who the most important cloud player is: Amazon.

Sign up to vote on this title
UsefulNot useful