Cloud Computing For Business

Unit 1
The Evolution of Cloud Computing
Cloud computing is a process that entails accessing of services, including, storage, applications and
servers through the Internet, making use of another company's remote services for a fee. This
enables a company to store and access data or programs virtually, i.e. in a cloud, rather than on local
hard drives or servers.

Cloud computing has its roots as far back in 1950s when mainframe computers came into existence.
At that time, several users accessed the central computer via dummy terminals. The only task these
dummy terminals could perform was to enable users access the mainframe computer. The prohibitive
costs of this mainframe devices did not make them economically feasible for organizations to buy
them. That was the time when the idea of provision of shared access to a single computer occurred to
the companies to save costs.

In 1970s, IBM came out with an operating system (OS) named VM. This allowed for simultaneous
operation of more than one OS. Guest Operating Systems could be run on every VM, with their own
memory and other infrastructure, making it possible to share these resources. This caused the
concept of virtualization in computing to gain popularity.

The 1990s witnessed telecom operators begin offering virtualized private network connections, whose
quality of service was as good as those of point-to-point (dedicated) services at a lesser cost. This
paved way for telecom companies' to offer many users shared access to a single physical
infrastructure.

The other catalysts were grid computing, which allowed major issues to be addressed via parallel
computing; utility computing facilitated computing resources to be offered as a metered service and
SaaS allowed subscriptions, which were network-based, to applications. Cloud computing, therefore,
owes its emergence to all these factors.

The three prominent types of cloud computing for businesses are Software-as-a-Service (SaaS),
which requires a company to subscribe to it and access services over the Internet; Infrastructure-as-
a-Service (IaaS) is a solution where large cloud computing companies deliver virtual infrastructure;
and Platform-as-a-Service (PaaS) gives the company the freedom to make its own custom
applications that will be used by all its entire workforce.

Clouds are of four types: public, private, community, and hybrid. Through public cloud, a provider can
offer services, including storage and application, to anybody via the Internet. They can be provided
freely or charged on a pay-per-usage method.

Public cloud services are easier to install and less expensive, as costs for application, hardware and
bandwidth are borne by the provider. They are scalable, and the users avail only those services that
they use.

A private cloud is referred to as also internal cloud or corporate cloud, and it called so as it offers a
proprietary computing architecture through which hosted services can be provided to a restricted
number of users protected by a firewall. A private cloud is used by businesses that want to wield
more control over their data.

As far as the community cloud is concerned, it is a resource shared by more than one organization
whose cloud needs are similar.

A combination of two or more clouds is a hybrid cloud. Here, the clouds used are a combination of
private, public, or community.

Cloud computing is now being adopted by mobile phone users too, although there are limitations,
such as storage capacity, life of battery and restricted processing power.

Some of the most popular cloud applications globally are Amazon Web Services (AWS), Google
Compute Engine, Rackspace, Salesforce.com, IBM Cloud Managed Services, among others. Cloud
services have made it possible for small and medium businesses (SMBs) to be on par with large
companies.

Mobile cloud computing is being harnessed by bringing into existence a new infrastructure, which is
made possible by getting together mobile devices and cloud computing. This infrastructure allows the
cloud to execute massive tasks and store huge data, as processing of data and its storage do not
take place within mobile devices, but only beyond them. Mobile computing is getting a fillip as
customers are wanting to use their companies' applications and websites wherever they are.

The emergence of 4G, Worldwide Interoperability for Microwave Access (Wimax), among others, is
also scaling up the connectivity of mobile devices. In addition, new technologies for mobile, such as,
CSS3, Hypertext Markup Language (HTML5) hypervisor for mobile devices, Web 4.0, etc. will only
power the adoption of mobile cloud computing.

The main benefits of using cloud computing by companies are that they need not buy any
infrastructure, thus lowering their maintenance costs. They can do away with the services used when
their business demands have been met. It also gives firms comfort that they have huge resources at
beck and call if they suddenly acquire a major project.

On the other hand, transferring their data to cloud makes businesses share their data security
responsibility with the provider of cloud services. This means that the consumer of cloud services
reposes lot of trust on the provider of those services. Cloud consumers control on the services used
is lesser than on on-premise IT resources.

Cloud Security Threats

Biggest threats to Cloud Computing:

 Data breaches
 Weak identity, credential and access management
 Insecure interfaces and APIs
 System and application vulnerability
 Account hijacking
 Malicious insiders
 Advanced persistent threats
 Data loss
 Insufficient due diligence
 Abuse and nefarious use of cloud services
 Denial of service
 Shared technology issues

1. Data Breaches
The data breach at Target, resulting in the loss of personal and credit card information of up to
110 million individuals, was one of a series of startling thefts that took place during the normal
processing and storage of data. "Cloud computing introduces significant new avenues of
attack," said the CSA report authors. The absolute security of hypervisor operation and virtual
machine operations is still to be proved. Indeed, critics question whether such absolute
security can exist. The report's writers said there's lab evidence -- though none known in the
wild -- that breaches via hypervisors and virtual machines may occur eventually.
2. Data Loss
A data breach is the result of a malicious and probably intrusive action. Data loss may occur
when a disk drive dies without its owner having created a backup. It occurs when the owner of
encrypted data loses the key that unlocks it.

"For both consumers and businesses, the prospect of permanently losing one's data is
terrifying," the report acknowledged. There are many techniques to prevent data loss. They
occur anyway.

3. Account Or Service Traffic Hijacking

Account hijacking sounds too elementary to be a concern in the cloud, but CSA says it is a
problem. Phishing, exploitation of software vulnerabilities such as buffer overflow attacks, and
loss of passwords and credentials can all lead to the loss of control over a user account. An
intruder with control over a user account can eavesdrop on transactions, manipulate data,
provide false and business-damaging responses to customers, and redirect customers to a
competitor's site or inappropriate sites.

If your account in the cloud is hijacked, it can be used as a base by an attacker to use the
power of your reputation to enhance himself at your expense. The CSA said Amazon.com's
wireless retail site experienced a cross-site scripting attack in April 2010 that allowed the
attackers to hijack customer credentials as they came to the site. In 2009, it said, "numerous
Amazon systems were hijacked to run Zeus botnet nodes." The report doesn't detail what the
nodes did, but they were known in 2007 for putting malware on the US Department of
Transportation website and in 2009 for putting malware on NASA's and the Bank of America's
sites. The compromised EC2 nodes were detected by security firm Prevx, which notified
Amazon and they were promptly shutdown.

If credentials are stolen, the wrong party has access to an individual's accounts and systems.
A service hijacking lets an intruder into critical areas of a deployed service with the possibility
of "compromising the confidentiality, integrity, and availability" of those services, the report
said.

4. 4. Insecure APIs
The cloud era has brought about the contradiction of trying to make services available to
millions while limiting any damage all these largely anonymous users might do to the service.
The answer has been a public facing application programming interface, or API, that defines
 how a third party connects an application to the service and providing verification that the third
party producing the application is who he says he is.

Leading web developers, including ones from Twitter and Google, collaborated on specifying
OAuth, an open authorization service for web services that controls third party access. OAuth
became an Internet Engineering Task Force standard in 2010 and Version 2.0 is used for at
least some services by

Cloud computing services are categorized into three types.

1) Infrastructure as a Service (IaaS): This service provides the infrastructure like Servers, Operating
Systems, Virtual Machines, Networks, and Storage etc on rent basis.

Eg: Amazon Web Service, Microsoft Azure

2) Platform as a Service (PaaS): This service is used in developing, testing and maintaining of
software. PaaS is same as IaaS but also provides the additional tools like DBMS, BI services etc.

Eg: Apprenda, Red Hat OpenShift

3) Software as a Service (SaaS): This service makes the users connect to the applications through
Internet on a subscription basis.

Eg: Google Applications, Salesforce

Below mentioned are the top Cloud Computing Companies

 Amazon Web Services

 Microsoft Azure
 Google Cloud Platform
 Adobe
 VMware
 IBM Cloud
 Rackspace
 Red Hat
 Salesforce
 Oracle Cloud
 SAP
 Verizon Cloud
 Navisite
 Dropbox
 Egnyte

#1) Amazon Web Service (AWS)

  AWS is the safest and protected platform of cloud service which offers a wide set of infrastructure
services like database storage, computing power, networking etc.
 Using this AWS one can host the static websites.
 By using such services, users are able to build complicated applications that are trustworthy, scalable
and flexible.
 One can have the hands-on experience of AWS for free.

#2) Microsoft Azure

 Microsoft Azure is used for deploying, designing and managing the applications through a worldwide
network.
 Previously Microsoft Azure was known as Windows Azure.
 This Cloud computing service supports various operating systems, databases, tools, programming
languages and frameworks etc.
 Free trial version of Microsoft Azure is available for 30 days.

#3) Google Cloud Platform

 Google Cloud Platform uses the resources such as computers, virtual machines, hard disks etc located
at Google data centers.
 Google Cloud Platform is an integrated storage used by developers and enterprises for live data.
 Apart from the free trial, this service is available at various flexible payment plans based on Pay-As-
You-Go (PAYG).

#4) Adobe

 Adobe offers many products that provide cloud services. Few among them are Adobe Creative Cloud,
Adobe Experience Cloud and Adobe Document Cloud etc.
 Adobe Creative Cloud service is a SaaS, that offers its users to access the tools offered by Adobe like
editing the videos, photography, graphic designing etc.
 Adobe Experience Cloud offers its users to access a broad set of solutions for advertising, building
campaigns and gaining intelligence on business.
 Adobe Document Cloud is a complete solution for digital documentation.
#5) VMware

 VMware is a universal leader in virtualization and Cloud Infrastructure.

 VMware’s cloud computing is exclusive and helps in reducing the IT intricacy, lower the expenses,
provides flexible agile services etc.
 VMware vCloud Air is a safe and protected public cloud platform that offers networking, storage,
disaster recovery and computing etc.
 VMware’s Cloud solutions facilitate to maximize your organization’s profits of cloud computing by
combining the services, technologies, guidance needed to operate and manage the staff etc.

#6) IBM Cloud

 IBM Cloud offers Iaas, PaaS, and SaaS through all the available cloud delivery models.
 Using IBM Cloud one can have the freedom to select and unite your desired tools, data models and
delivery models in designing/creating your next-generation services or applications.
 IBM Cloud is used to build pioneering way outs that can gain value for your businesses and industry.
 With IBM Bluemix Cloud platform one can incorporate highly performing cloud communications and
services into your IT environment.

#7) Rackspace

 Rackspace Cloud offers a set of cloud computing services like hosting web applications, Cloud Files,
Cloud Block Storage, Cloud Backup, Databases and Cloud Servers etc.
 Rackspace Cloud Block Storage uses a combination of solid-state drives and hard drives to deliver high
performance.
 Rackspace Cloud Backup uses compression and encryption techniques and provides file-level backups
with low cost.
 Customers using Rackspace Cloud services are charged based on their usage.

#8) Red Hat

 Red Hat is an Open Cloud technology used by IT organizations to deliver agile and flexible solutions.
 Using Red Hat Cloud we can modernize the apps, update and manage them from a single place and
integrate all the desired parts into a single solution.
 Red Hat Cloud Infrastructure helps us to build and manage an open cum private cloud at low cost.
  Red Hat Open Shift is an open and hybrid service used by developers to develop, deploy, host and
delivers the applications quickly.

#9) Salesforce

 Salesforce Cloud Computing offers all the applications required by the businesses like CRM, ERP,
customer service, sales, mobile applications, and marketing etc.
 Salesforce cloud computing comprises multiple cloud services like Sales Cloud, Service Cloud,
Marketing Cloud etc.
 Salesforce Sales Cloud helps in managing the customer’s contact information, automating the business
processes etc.
 Salesforce Service Cloud helps to support the customers anywhere at any time.

#10) Oracle Cloud

 Oracle Cloud is available as SaaS, PaaS, and IaaS. Oracle Cloud helps the companies in transforming
their business quickness and reducing the IT Complexity.
 Oracle Cloud SaaS provides a complete data-driven and secure cloud environment.
 Oracle Cloud PaaS helps IT Enterprises and Independent developers to develop, connect, secure and
share data across the applications.
 Oracle Cloud IaaS is a broad set of subscription based and integrated services that help to run any kind
of workload of an Enterprise.

#11) SAP

 SAP Cloud Platform is an enterprise service with wide-ranging services required for application
development.
 SAP is considered as the best cloud provider as it has the powerful business networks, cloud
collaboration, and advanced IT security.
 SAP has a universal foundation named SAP HANA for all its cloud-services.
 SAP Cloud Platform is modernizing the working style of enterprises on iPhone and iPad.

#12) Verizon Cloud

  Verizon Cloud is built to maintain enterprise workloads with strong security and trustworthy
performance.
 With Verizon Cloud, we can choose the flexible services required for our enterprise and secure our data
in a personalized environment.
 Using Verizon Cloud, one can trim down the risk and retain the data integrity across the apps.
 Verizon Cloud helps to familiarize you to the varying business circumstances by gaining speed and
reliability.

#13) Navisite

 Navisite provides cloud services for enterprises and mid-sized businesses using sophisticated IT
technologies.
 Navisite offers a wide range of cloud service solutions like Cloud Infrastructure services, Cloud desktop
solutions, Cloud hosting services and application services etc.
 Navisite Cloud solutions facilitate its users in improving disaster recovery, reliability etc.

#14) Dropbox

 Dropbox is a refined cloud storage service used by small businesses and customers to store files or
documents virtually on remote cloud servers.
 Generally, Dropbox serves as an online or cloud personal hard drive.
 Dropbox allows its users to access any saved data or content from any device through an internet
connection.
 Dropbox is available as a desktop app, where users can download it and save the files directly in
Dropbox folder located on your desktop.

#15) Egnyte

 Egnyte provides a hybrid cloud way out that combines the cloud storage along with local storage of the
accessible infrastructure.
 Using Egnyte one can upload the file of any size and any type.
 One can customize their unique Egnyte domain to replicate their brand by implementing their personal
logo on the interface and note headers of Egnyte.
 Egnyte’s Cloud service provides an automatic syncing feature which guarantees that one can access
the inaccessible data from any internet connection.

Cloud Computing Security

Are you hesitant about adopting cloud computing services into your IT infrastructure? You are not
alone. Data security is the leading concern for IT professionals when it comes to cloud computing.
Services like Amazons EC2 are simply not equipped to address the security and privacy needs of
data-sensitive organizations.

Because public cloud services offer server instances for many clients on the same hardware, your
data can get literally “lost in the clouds” when you have very little control over where your data lives.

Private cloud computing allows for the control that most PCI and HIPAA-sensitive organizations
require over their data. When it comes to security, the importance of control over your environment
cannot be overstated, and leads most IT professionals to adopt private cloud hosting over the public
cloud.

When comparing cloud options, here are 5 security tips to consider:

 Tip #1: Know where your data lives. How can you secure your data if you don’t know where it
is? Sure, firewalls and intrusion detection and prevention can keep out most intruders, and
data encryption keeps the data safer, but how do you know where your data goes when you
terminate your service or when the cloud provider goes out of business? Being able to point to
a machine and say your data and only your data is on that machine, goes a long way in the
security of your data in the cloud. Dedicated hardware is the key that allows for cloud
computing services to pass the most stringent security guidelines.
 Tip #2: Always backup your data. One of the most overlooked aspects of cloud computing and
one of the easiest way to increase the control of your data is to make sure that whatever
happens, you have a secure backup of that data. This is more about securing your business
than your actual data but provides the same type of peace of mind. We have seen big
companies like T-Mobile lose its customers data, by not having a backup, leaving them with
nothing.
 Tip #3: Make sure your data center takes security seriously. By knowing which server and data
center your data is being stored at, you can probe them for all applicable security measures
that are in place. You can see if they are SSAE 16, SAS 70 and SOC 2 audited, and if they
have clients that are HIPAA or PCI certified. Managed services can also add a great deal of
benefit and expertise to making your applications, data, and business more resilient. Services
like managed firewalls, antivirus, and intrusion detection are offered by reputable data center
or cloud providers, and allow for increased security measures for managed servers.
 Tip #4: Get references from other clients. When in doubt, ask your cloud provider for client
references that require stringent security measures. Financial, healthcare, insurance, or
government organizations are a good start. While references don’t guarantee anything,
chances are if other companies that have similar security goals are using the provider, you
may be a good fit as well. Be sure to contact these references directly when possible to see
what these companies are using the cloud services for, and the steps they have taken to
secure their data.
 Tip #5: Test, Test, Test. Assume nothing. The only way to make sure something is secure is to
test it. It is not uncommon for highly data-sensitive organizations to hire a skilled ethical-hacker
to test their security provisions. Vulnerability scanning and assessments are just as important
inside the cloud as they are outside the cloud. Chances are that if you can find a way to get
unauthorized access to your data, someone else can as well.