Cloud Computing

Definition
A cloud is a pool of virtualized computer resources. A cloud can: Host a variety of different workloads, including batch-style back-end jobs and interactive, user-facing applications Allow workloads to be deployed and scaled-out quickly through the rapid provisioning of Virtual machines or physical machines Support redundant, self-recovering, highly scalable programming models that allow Workloads to recover from many unavoidable hardware/software failures Monitor resource use in real time to enable rebalancing of allocations when Cloud computing environments needed support grid computing by quickly providing physical and virtual Servers on which the grid applications can run

An Example of Cloud which is Going to be Future of Computing

History
Started with the words of: John McCarthy
If computers of the kind I have advocated become the computers of the future, then computing may someday be organized as a public utility just as the telephone system is a public utility... The computer utility could become the basis of a new and important industry. John McCarthy, speaking at the MIT Centennial in 196

The Cloud is a metaphor for the Internet, derived from its common depiction in network diagrams (or more generally components which are managed by others) as a cloud outline. The underlying concept dates back to 1960 when John McCarthy opined that "computation may someday be organized as a public utility" (indeed it shares characteristics with service bureaus which date back to the 1960s) and the term The Cloud was already in commercial use around the turn of the 21st century. Cloud computing solutions had started to appear on the market, though most of the focus at this time was on Software as a service. 2007 saw increased activity, including Google, IBM and a number of universities embarking on a large scale cloud computing research project, around the time the term started gaining popularity in the mainstream press. It was a hot topic by mid-2008 and numerous cloud computing events had been scheduled.
Continue

Utility Computing is the packaging of computing resources, such as computation, storage and services, as a metered service similar to a traditional public utility (such as electricity, water, natural gas, or telephone network). This model has the advantage of a low or no initial cost to acquire computer resources; instead, computational resources are essentially rented - turning what was previously a need to purchase products (hardware, software and network bandwidth) into a service. Grid computing is applying the resources of many computers in a network to a single problem at the same time - usually to a scientific or technical problem that requires a great number of computer processing cycles or access to large amounts of data. It is related to Distributing process.

How Cloud Computing Works

Cloud Computing is Made of two words i.e. Cloud + Computing, Where Cloud means grid of computers serving as a service-oriented architecture Computing means the activity of using and improving computer technology, computer hardware and software The cloud consists of layers mostly the back-end layers and the front-end or userend layers. The front-end layers are the ones you see and interact with. When you access your email on G-mail for example, you are using software running on the frontend of a cloud. The back-end consists of the hardware and the software architecture that fuels the interface you see on the front end

Front End

Network Infrastructure

Back End

 Benefits
Cloud computing aims to apply the power of that of Supercomputers measured in the tens of trillions of computations per second to problems like 1. Analyzing risk in financial portfolios

2.

Delivering personalized medical information

3. Even powering immersive computer games, in a way that users can tap through the Web. It does that by networking large groups of servers that often use low-cost consumer PC technology, with specialized connections to spread data-processing chores across them.

An Example why to go for Cloud Computing

Let's say you're an executive at a large corporation. Your particular responsibilities include making sure that all of your employees have the right hardware and software they need to do their jobs. Buying computers for everyone isn't enough -- you also have to purchase software or software licenses to give employees the tools they require. Whenever you have a new hire, you have to buy more software or make sure your current software license allows another user.

There may be an alternative for executives like you. Instead of installing a suite of software for each computer, you'd only have to load one application. That application would allow workers to log into a Web-based service which hosts all the programs the user would need for his or her job. Remote machines owned by another company would run everything from e-mail to word processing to complex data analysis programs. It's called cloud computing, and it could change the entire computer industry.

An Example

WHAT IS DRIVING CLOUD COMPUTING?

Cloud Driven By

Customer perspective

Vendor perspective

In one word: economics Faster, simpler, cheaper to use cloud computation. No upfront capital required for servers and storage No ongoing for operational expenses for running datacenter. Application can be run from anywhere.

Easier for application vendors to reach new customers. Lowest cost way of delivering and supporting applications. Ability to use commodity server and storage hardware. Ability to drive down data center operational cots. Types of services*

Types of Services
Three Service are

Infrastructure-as-a-Service (IaaS)

Platform-as-a-Service (PaaS)

Software-as-a-Service (SaaS)

Infrastructure-as-a-Service(IaaS)

like Amazon Web Services provides virtual servers with unique IP addresses and blocks of storage on demand. Customers benefit from an API from which they can control their servers. Because customers can pay for exactly the amount of service they use, like for electricity or water, this service is also called utility computing

Platform-as-a-Service(PaaS) is a set of software and development tools hosted on the provider's servers. Developers can create applications using the provider's APIs. Google Apps is one of the most famous Platform-as-a-Service providers. Developers should take notice that there aren't any interoperability standards (yet), so some providers may not allow you to take your application and put it on another platform.

Software-as-a-Service (SaaS) is the broadest market. In this case the provider allows the customer only to use its applications. The software interacts with the user through a user interface. These applications can be anything from web based email, to applications like Twitter or Last.fm.

Types of Clouds

Public cloud

Community Cloud

Hybrid Cloud

Private Cloud

Cloud Storage

Inter Cloud

Continue

Public cloud Public cloud or external cloud describes cloud computing in the traditional mainstream sense, whereby resources are dynamically provisioned on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who bills on a fine-grained utility computing basis. Community Cloud A community cloud may be established where several organizations have similar requirements and seek to share infrastructure so as to realize some of the benefits of cloud computing. With the costs spread over fewer users than a public cloud (but more than a single tenant) this option is more expensive but may offer a higher level of privacy, security and/or policy compliance. Examples of community cloud include Google's "Gov Cloud Hybrid Cloud A hybrid cloud environment consisting of multiple internal and/or external providers will be typical for most enterprises". By integrating multiple cloud services users may be able to ease the transition to public cloud services
Continue

Private Cloud Private cloud and internal cloud have been described as neologisms; however the concepts themselves pre-date the term cloud by 40 years. Even within modern utility industries, hybrid models still exist despite the formation of reasonably well-functioning markets and the ability to combine multiple providers. Cloud Storage Cloud Storage is a model of networked computer data storage where data is stored on multiple virtual servers, generally hosted by third parties, rather than being hosted on dedicated servers. Hosting companies operate large data centers; and people who require their data to be hosted buy or lease storage capacity from them and use it for their storage needs. The data center operators, in the background, virtualizes the resources according to the requirements of the customer and expose them as virtual servers, which the customers can themselves manage. Physically, the resource may span across multiple servers. Inter Cloud The Intercloud is an interconnected global "cloud of clouds and an extension of the Internet "network of networks" on which it is based. The Intercloud scenario aims to address such situation, and in theory, each cloud can use the computational and storage resources of the virtualization infrastructures of other clouds.

Seven Technical Security Benefits of the Cloud

1. Centralize Date Reduced Data Leakage

Monitoring benefits
2. Incident Response / Forensics
Forensic readiness Decrease Evidence acquisition time Decrease time to access protected documents Eliminate or reduce service downtime Decrease evidence transfer time Eliminate forensic image verification time Decrease evidence acquisition time

Continue

3.

Password assurance testing

Decrease password cracking time Keep cracking activities to dedicated machines

4. Logging
Unlimited, pay per drink storage Improve log indexing and search Getting compliant with Extended logging

5. Improve the state of security software (performance)

Drive vendors to create more efficient security software

6. Secure builds
Reduce exposure through patching offline Easier to test impact of security changes Pre-hardened, change control builds 7. Security Testing Reduce cost of testing security

Issues of Cloud Computing

1. Privacy: The Cloud model has been criticized by privacy advocates for the greater ease in which
the companies hosting the Cloud services control, and thus, can monitor at will, lawfully or unlawfully, the communication and data stored between the user and the host company. Instances such as the secret NSA program, working with AT&T, and Verzon, which recorded over 10 million phone calls between American citizens

2. Compliance:

order to obtain compliance with regulations including FISMA, HIPAA and SOX in the United States, the Data Protection Directive in the EU and the credit card industry's PCI DSS, users may have to adopt community or hybrid deployment modes which are typically more expensive and may offer restricted benefits. This is how Google is able to "manage and meet additional government policy requirements beyond FISMA" and Rack space Cloud is able to claim PCI compliance. Customers in the EU contracting with Cloud Providers established outside the EU/EEA have to adhere to the EU regulations on export of personal data. 77,139,082) in the United States. The "Notice of Allowance" the company received in July 2008 was canceled in August, resulting in a formal rejection of the trademark application less than a week later . It was estimation which become True cloud computing trademark filings increased by 483% between 2008 and 2009. In 2009, 116 cloud computing trademarks were filed, and trademark analysts predict that over 500 such marks could be filed during 2010.

In

3. Legal: In March 2007, Dell applied to trademark the term "cloud computing" (U.S. Trademark

4. Open source: Open source software has provided the foundation for many cloud computing
implementations. In November 2007, the Free Software Foundation released the Affero General Public License, a version of GPLv3 intended to close a perceived legal loophole associated with free software designed to be run over a network

5. Open standards : Most cloud providers expose APIs which are typically well-documented
(often under a Creative Commons license[) but also unique to their implementation and thus not interoperable. Some vendors have adopted others' APIs and there are a number of open standards under development, including the OGF's Open Cloud Computing Interface. The Open Cloud Consortium (OCC) is working to develop consensus on early cloud computing standards and practices

6. Security: The relative security of cloud computing services is a contentious issue which may
be delaying its adoption. Some argue that customer data is more secure when managed internally, while others argue that cloud providers have a strong incentive to maintain trust and as such employ a higher level of security The Cloud Security Alliance is a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing.

7. Availability and performance : In addition to concerns about security, businesses are also
worried about acceptable levels of availability and performance of applications hosted in the cloud. There are also concerns about a cloud provider shutting down for financial or legal reasons, which has happened in a number of cases.

8. Sustainability and sighting: Although cloud computing is often assumed to be a form of "green
computing", there is as of yet no published study to substantiate this assumption Siting the servers affects the environmental effects of cloud computing. In areas where climate favors natural cooling and renewable electricity is readily available, the environmental effects will be more moderate. Thus countries with favorable conditions, such as Finland, Sweden and Switzerland are trying to attract cloud computing data centers.

Adoption Fears
1. Security : Many IT executives make decisions based on the perceived security risk instead of
the real security risk. IT has traditionally feared the loss of control for SaaS deployments based on an assumption that if you cannot control something it must be unsecured. I recall the anxiety about the web services deployment where people got really worked up on the security of web services because the users could invoke an internal business process from outside of a firewall. The IT will have to get used to the idea of software being delivered outside from a firewall that gets meshed up with on-premise software before it reaches the end user. The intranet, extranet, and the internet boundaries have started to blur and this indeed imposes some serious security challenges such as relying on a cloud vendor for the physical and logical security of the data, authenticating users across firewalls by relying on vendor's authentication schemes etc., but assuming challenges as fears is not a smart strategy.

2. Latency : Just because something runs on a cloud it does not mean it has latency. My opinion is
quite the opposite. The cloud computing if done properly has opportunities to reduce latency based on its architectural advantages such as massively parallel processing capabilities and distributed computing. The web-based applications in early days went through the same perception issues and now people don't worry about latency while shopping at Amazon. COM or editing a document on Google docs served to them over a cloud. The cloud is going to get better and better and the IT has no strategic advantages to own and maintain the data centers. In fact the data centers are easy to shut down but the applications are not and the CIO's should take any and all opportunities that they get to move the data centers away if they can.

If Cloud Computing done Properly 3. SLA: Recent Amazon EC2 meltdown and RIM's network outage created a debate around the
availability of a highly centralized infrastructure and their SLAs. The real problem is not a bad SLA but lack of one. The IT needs a phone number that they can call in an unexpected event and have an up front estimate about the downtime to manage the expectations. May be I am simplifying it too much but this is the crux of the situation. The fear is not so much about 24x7 availability since an on-premise system hardly promises that but what bothers IT the most is inability to quantify the impact on business in an event of non-availability of a system and set and manage expectations upstream and downstream. The non-existent SLA is a real issue and I believe there is a great service innovation opportunity for ISVs and partners to help CIO's with the adoption of the cloud computing by providing a rock solid SLA and transparency into the defect resolution process.

Strategic innovation opportunities

1. Seamless infrastructure virtualization: If you have ever attempted to connect to Second
Life behind the firewall you would know that it requires punching few holes into the firewall to let certain unique transports pass through and that's not a viable option in many cases. This is an intra-infrastructure communication challenge. I am glad to see IBM's attempt to create a virtual cloud inside firewall to deploy some of the regions of the Second Life with seamless navigation in and out of the firewall. This is a great example of a single sign on that extends beyond the network and hardware virtualization to form infrastructure virtualization with seamless security.

2. Hybrid systems: The IBM example also illustrates the potential of a hybrid system that
combines an on-premise system with remote infrastructure to support seamless cloud computing. As the cloud infrastructure matures and some concerns are alleviated IT could consider pushing more and more applications on the cloud. Google App Engine for cloud computing is a good example to start creating applications on-premise that can eventually run on Google's cloud and Amazon's AMI is expanding day-by-day to allow people to push their applications on Amazon's cloud.

3. Service innovation: I see many innovation opportunities for the ISVs and partners to step in
as trusted middleman and provide services to fuel the cloud computing adoption by reaching more to the people to sell them on-premise and SaaS CRM. I Expect to see the Ecosystem around the cloud computing and SaaS vendors grows significantly in next few years.

Conclusion
In my view, there are some strong technical security arguments in favor of Cloud Computing assuming we can find ways to manage the risks. With this new paradigm come challenges and opportunities. The challenges are getting plenty of attention - Im regularly afforded the opportunity to comment on them, plus obviously I cover them on this blog. However, lets not lose sight of the potential upside. Some benefits depend on the Cloud service used and therefore do not apply across the board. For example; I see no solid forensic benefits with SaaS. Also, for space reasons, Im purposely not including the flip side to these benefits, however if you read this blog regularly you should recognize some. We believe the Cloud offers Small and Medium Businesses major potential security benefits. Frequently SMB s struggle with limited or non-existent in-house INFOSEC resources and budgets. The caveat is that the Cloud market is still very new - security offerings are somewhat foggy making selection tricky. Clearly, not all Cloud providers will offer the same security.

References
Web guild.org

http://www.webguild.org/ How stuff works.com http://communication.howstuffworks.com/ Cloud security.org http://cloudsecurity.org IBM http://www.ibm.com/developerworks/websphere/zones/hipods/ Google suggest http://www.google.com/webhp?complete=1&hl=en
Intel http://www.intel.com/itcenter/topics/cloud/index.htm