Professional Documents
Culture Documents
Cloud Computing –
Still a Long Way to Go
About the Author Abstract/Executive summary
The global recession has taught the IT world to strike the economical balance by
optimizing their hardware, software, tools, hosting environment and services to
render highly acceptable, dynamic, speedy and flexible support to the business to
help them sustain, survive in one of the most difficult economic situations and still
continue to create competitive advantages in market place.
Sunil Tadwalkar is electrical engineering graduate, Although in global recession the IT organization’s primary objective is to keep the
working as practice Head in Mahindra Satyam in lights on, it is not stopping them to look at other innovative approaches of using
corporate solution group. Sunil has over 11 years of
process automation, virtualization and cloud-computing to leverage from best
experience in different capacities primarily in the
areas of Program and Projects Management, Focused available technology to address the highly dynamic, and volatile business needs.
Initiatives, Global Business Delivery, Quality and IT Such innovative approaches are meant for reducing the Total Cost of Ownership
Consulting, service offerings, resource management,
mentoring and training. He is certified PMP, CQA, (TCO) as well as cost of operation and maintenance (OPEX) of IT functions drastically
ITIL, CMM, CMMi, PCMM, ISO9001, Tick-IT auditor. in a break through manner. As a result business dynamism, cost and technology is
driving the next generation of IT services to be delivered.
The world is becoming service centric and each of the IT component such as
application, tool, storage, server purchased by the enterprise will need to
demonstrate its value against the business dollar spent on each of them. Just in
time service with lightening speed accompanied with enormous amount of elasticity
is what business is expecting from IT to deliver from now onwards.
With such a wonderful means of delivery without asking upfront any investment,
it would not be surprising if there are big game plans already under way by Cloud
Vendors to make cloud computing environment viable for every piece of technology,
application, tool and hosting environment in an integrated and secured manner.
The biggest Unique Selling Point (USP) of cloud computing is traded on the basis
of its ability to quickly respond to demand spikes and host new business application
faster without the need of internal IT department. The mind share of IT world is
towards separating applications and services from the underlying infrastructure so
that IT departments can be more flexible in supporting the business
Inside the Issue: Abstract/Executive summary ..1 Introduction ..2 What is cloud computing? ..4 Cloud computing models ..5 Cloud
representation as per need of organization ..6 Virtualization and cloud computing ..8 Compliance and Regulations
on cloud computing ..9 Deploying cloud ..10 The IT players in Cloud computing ..12 Adoption of cloud ..13 How
to get prepared for cloud computing services ..14 The cost of cloud computing services ..17 Some deployment
stories ..18 What the IT world is gaining ..19 What are the existing and future challenges? ..21 Steps towards
meeting the challenges ..22 In summary ..24 References ..25
White Paper
Cloud computing offers huge revenue potential as a sky line business at a time
when traditional wire line business is shrinking. Although for some aggressive IT
organizations (such as BT) use of cloud computing services is at concluding stage of
their pilot, for rest of the IT firms it is at the stage of starting of pilot or in the
middle of running pilot. It is forecasted that in the next two years more than 16% of
IT professionals in U.S., U.K., Germany, and Japan will plan to invest in cloud
computing, according to a survey conducted by Harris Interactive and sponsored
by Microsoft. It is also expected that around 10 to 30 % of the IT budget meant for
building application and services to support the business will provide considerations
for cloud computing environment.
Technology and business work hand in hand for each other in many ways and both
provide advantages and disadvantages to each other. Cloud computing is changing
the way business is done by offering scalability, flexibility, speed of operation along
with positive impact on CAPEX and OPEX. On the flip side since it encourages
open standard like internet it makes the cloud customers difficult to exercise control
with their cloud vendors. Moreover conformance to regulatory compliance and
security standard, Data privacy, confidentiality and security are few questionable
issues yet to get addressed.
Cloud computing is changing Gartner predicts the market for cloud products and services will move from US$46.4
billion last year to US$150.1 billion in 2013. Also according to an October 2008
the way business is done by report from IDC, customer spending on IT cloud services (business applications,
offering scalability, flexibility, application development/deployment, system infrastructure software, storage and
speed of operation along with servers) will grow almost threefold by 2012, to $42 billion. IDC said the growth of
cloud services "is being driven by the ease and speed with which users can opt with
positive impact on CAPEX and
better economic benefits especially in current economic condition." Gartner expects
OPEX. a 21.3% revenue increase in 2009 to $56.3 billion, and Merrill Lynch forecasting a
$160 billion market by the close of 2011. A new study commissioned by Avanade
shows a 320% increase over the past nine months in respondents reporting that
they are testing or planning to implement cloud computing. Each firm uses different
definitions behind cloud computing, which helps explain the wide variances in
market sizing estimates.
The white paper elaborates on concept of cloud, types, and forms of deploying
services, early adopted, cloud vendors, and tips on selecting vendors. Finally it
touches on existing and future challenges.
Introduction
In last few years ,business spectrum and consumer pattern all over the globe has
turnout to be highly demanding in nature with the recent addition of new challenges
such as recession, economic meltdown etc. The survival of business is weighed on
its ability to change rapidly along with business climate. CIOs and CEOs have been
asked to get in to the habit of doing more with fewer resources by challenging their
efficiencies, and productivity. They are also compelled to serve every new business
requirement with innovation and idea which is never been implemented by any of
their competitors. The IT functions which are amalgamated with business have
started facing herculean task to manage with decreased trend in capital and operating
cost along with demonstrable value, although there is steep increase in demand for
new business processes to support.
2
White Paper
The mantra of doing more and more with less resource has transpired technology
experts to reinvent the wheel to deliver IT applications to the business. There's a
shift away from building and owning IT assets to purchasing services as a way to
reduce costs. Virtualization and cloud computing have been the new IT landscape
which offers fundamentally faster, scalable and more cost-effective alternative to
on-premises application development , deployment and servicing solutions which
you can virtually avail from any location all over the globe.
Virtualization allows the There are some outstanding issues and challenges which cloud computing
technology needs to address in next 5 years and they are relating to security and
sharing of infrastructure to privacy of business data in remote 3rd party location, dreaded concerns about
improve utilization rates; platform lock-in, worries about reliability/performance, transfer of data to third
service automation and party, regulation etc. Cloud vendors are already addressing them on top priority
and as the industry matures the solutions will be available to plug in those loop
change management tools
holes
ensure IT processes are run in
Cloud computing doesn't just have technology aspects but profound business aspects.
a standardized way; and
It's a new model for delivering and consuming IT more efficiently, in turn reducing
non-differentiating business CAPEX and OPEX by making use of economies of scale. Many of the technologies
services like email, payroll, to enable cloud computing are maturing. Virtualization allows the sharing of
development and test are infrastructure to improve utilization rates; service automation and change
management tools ensure IT processes are run in a standardized way; and non-
being standardized and differentiating business services like email, payroll, development and test are being
outsourced. standardized and outsourced.
Any web-based tools and collaboration tools can be effectively hosted in the cloud.
Visualization services over the Internet of complex data correlations can also be
done in the cloud.SOA is a good way of preparing applications for delivery in the
cloud. Cloud drives companies to accept standardization. One can look at IT
landscape; what is not managed efficiently and what isn't providing a strategic
service to the business, then develop a transformation plan for these services to
move to the cloud. If you standardize the business processes and every new
application by moving to cloud then the cost reduction will follow.
Research and analysis firm Gartner has released the Hype Cycle report for 2009,
which evaluates the maturity of 1,650 technologies and trends in 79 technologies.
The report which covers new areas this year defines that the Cloud computing is
the latest growing trend in the IT industry, stating it as 'super-hyped'
Google Inc., Microsoft, Yahoo Inc. and a handful of other vendors will invest about
$5 billion this year to build out the infrastructure to sell IT through the "cloud,"
according to Gartner Inc. by 2009.
White Paper
don’t have to worry about up For others cloud computing is, “A mode of delivering services on a scalable and
gradation of your hardware, virtualized infrastructure using Internet technologies." It hosts customer’s business
application in scalable platform and bill it as per usage or consumption. It’s a way
software, tools or hosting of delivering business value by speeding –up efficiency and productivity
environment for that matter.
Cloud computing is a computing model that lets you access shared IT resources in
service format as per your need ( hardware, software, tools and storage) over the
Internet, without having the need of buying, installing, maintaining and managing
them of your own. Eventually you don’t have to run your application on your own
platform and with your own data centre. Just subscribe it, log in, customize it and
start using. You will get billed as per the usage, that is all … you don’t have to
contact your IT department to host the application. All this will cost you dramatically
less and with greater performance. You don’t have to worry about performance
issue when business transactions goes up, it is automatically taken care of. Moreover
you don’t have to worry about up gradation of your hardware, software, tools or
hosting environment for that matter. Risk of technology obsolescence is none.
Cloud features
The cloud really touched on several concepts: interoperability, workload
redistribution, monitoring and scaling. Interoperability allows users to run the
application anywhere which is built once. Workload redistribution enables movement
of an existing process from one cloud to another in a seamless manner and relatively
quick.
Platform-as-a-Service
Platform-as-a-Service (PaaS) is one of the fast-growing service flavors of cloud
computing which offers scalable, quickly and easily deployable web platform.
Although large scale enterprises are running multiple business applications on
multiple platforms, PaaS provides them solution for running their business
application on every latest version of platform eliminating the need of buying
multiple license software’s. The players who provide such services are Akamai
(Edge Computing), Elastra and Right Scale (platform environments for Amazon’s
White Paper
EC2 infrastructure), Google (App Engine), Microsoft (Azure), Oracle (SaaS Platform).
In this case cloud will act as a functional platform model, where the user subscribes
to the use of a set of functional services, rather than to a set of hardware capabilities.
Cloud providers will make provision and move functions around their own cloud to
meet the needs of dynamic workload. Many PaaS vendors have also created their
own language to be used to link components together.
Software-as-a-Service
Cloud computing began with this service format of Software-as-a-Service (SaaS),
where complete end-user applications are deployed, managed, and delivered over
the Web. SaaS continues the cloud paradigm of low-cost, off-premise systems and
on-demand, pay-per-use models, eliminating development costs and lag time. This
gives organizations the agility to bring services to market quickly and frees them
from dependence on internal IT cycles. The speed and ease with which SaaS
applications are purchased and consumed has made this category of cloud computing
offerings the most widely-adopted today. Important cloud SaaS vendors and services
include, Adobe Web Connect, Cisco WebEx, Google Mail, Hotmail, Yahoo! Mail
(communications applications) Demand ware (e-Commerce), Net Suite (Accounting,
ERP, CRM, and e-Commerce), SAP Business by Design (HR, Finance and other ERP
applications), Workday (HR, Finance, and Payroll).
A private cloud is the transformation of the data center into a modular, service
oriented environment that makes the process of enabling users to safely procure
infrastructure, platform and software services in a self-service manner. Most current
private cloud computing environments consist of reliable, highly scalable services
that are built on virtualized servers and provided as a service via the Internet. The
services can be billed on the basis of amount of time used by a specific application
or server by a particular department within the company.
Some cloud vendors offer private cloud services as a virtual private cloud which
offers a secure, scalable tunnel so that an organization can easily extend its available
resources out into the cloud seamlessly, with little or no disruption in the network
or application network architecture. Such cloud ensures no degradation of
performance. There is some private cloud communities who can build Condominium
White Paper
clouds and condominium fiber confined to their members only, who shares the
resources to its members only to allow them to scale and use it for their close
business users.
Private cloud computing deployments can save cloud customers from 40% to 80%
on physical space, cooling and utility costs. A well-planned private cloud can double
or triple cloud customer's utilization and ROI of corporate assets.
Personal cloud
Based on the variety of computing needs the concept of cloud is further broken
down from private to personal cloud, in which developers could use a personal
cloud that would allow them to configure their local environment, develop and test
web applications in multiple ways virtually from any location and they can copy
the version on laptop to work offline when cloud services are down.
Public cloud
Public cloud is a cloud computing service available with virtually no boundaries on
CIOs are waiting for cloud
service scalability and resource tapping and is almost like internet service in terms
services to get matured, of accessibility. It carries a serious concern of security and privacy of data. CIOs
secured and SLAs to address are waiting for cloud services to get matured, secured and SLAs to address business
business and compliance and compliance commitments before they opt for public cloud. Public cloud
computing services are especially useful when you want to test application in public
commitments before they opt cloud environment. Public cloud provides economics with large scale.
for public cloud.
Trade off between Public and private cloud
Enterprise Organizations are looking at cloud computing opportunities by doing
pilots and trials under internal and private cloud environment which is secured
and can be controlled to some extent. The start-up SMBs use public cloud since
investment is lowest. Internal and private cloud adoption will happen over the two
years while public cloud computing and internetworking between public cloud
services providers will be five to seven years of plan by then the security issues
may get addressed. Public cloud is a favorable ground for open source which is
supported by cloud vendors such as Amazon.com, LAMP, and AWS. Many of these
internal private clouds are built on open source (Linux, MySQL, Eucalyptus) etc.)
communications that are necessary for dynamic cloud applications and uncacheable
content it also improves the reliability of these communications by routing around
trouble spots, finding alternative paths that optimize connectivity.
The greatest possible application performance and scalability are achieved when
the application itself can be distributed to the edge of the cloud, close to the end
users. Application instances are automatically created in different cities and regions
based on real-time demand — something that cloud vendors such as Amazon EC2
and Google App Engine cannot do. This allows edge computing customers to enjoy
truly maintenance-free scalability in addition to unparalleled end user performance.
Edge computing is designed to work seamlessly within a hybrid cloud environment.
By deploying content-centric application components — such as site search, surveys
and contests, or page assembly — at the edge of the cloud, while running sensitive
or transaction-oriented application components at the origin infrastructure, the
application can be scaled and the end user experience can be optimized, while
The greatest possible meeting the different business requirements of each application component.
Technologies such as DNS security, IP layer protection and access control, HTTP
origin cloaking, and application request checking are also developed. By providing
additional layer of security, you can completely ‘cloak’ a Web site from the public
Internet by effectively removing the origin from the Internet accessible IP address
space, or in-cloud Web Application Firewall can identify attacks in HTTP and SSL
traffic before they get to application servers, protecting cloud services right from
the edge of the cloud.
and yes, understandable. In fact, Gartner Inc. published a report sometime back stating that security, privacy
and risk of compliance will prevent adoption of cloud computing in regulated
industries and global companies through 2012.
There are multiple bodies working in parallel to develop cloud computing, service
portability and interoperability standards across the cloud platform. Computer
scientists at NIST, in collaboration with industry and government, are producing a
special publication that covers cloud architectures, economics, security, and
deployment strategies. Some professors in universities are working on a framework
for building infrastructures that are more accessible, reliable, efficient, and yes,
understandable. A more holistic standard to cloud computing has been that of
Cloudware, Cloudware is focused on streamlining things like database integration
and replication into a cloud environment.
Hat, Savvis, Sun and VMware announced the creation of the Open Cloud Standards
Incubator (OCSI) group. The existing DMTF specifications including the Common
Information Model (CIM), Open Virtualization Format (OVF), WBEM Protocols,
member submissions and investigation of opportunities for collaboration with other
industry standards bodies
Deploying cloud
Private cloud deployment
Minimum six months of time
Constructing and deploying a private cloud specific to the organization requires
is essential to develop, pilot detailed estimation of total cost of ownership (TCO) The cost components such as
and deploy the plan and cost of lease/rental facilities space, the cost consumptions of power, IT services,
further perform the upgrades. selection and configuration of its deployment, production and test virtual servers
backup and disaster recovery, storage and third-party management tools that are
For large organizations, the crucial to support an on-demand cloud computing services model. Minimum six
changeover to a private cloud months of time is essential to develop, pilot and deploy the plan and further perform
may take a year or more. the upgrades. For large organizations, the changeover to a private cloud may take a
year or more.
Here are some specific points to be noted during private cloud deployment:
1. Prepare a comprehensive plan on which services to be sent to the private cloud,
which to keep in-house and which are safe to leave outside the relatively safe
confines of the firewall.
2. Construct a detailed blueprint of how you will manage the security aspects of
your private cloud including authorization, authentication, access controls,
isolation management, integrity and policy management and trusted virtual
domains.
White Paper
Multiple players are available to provide services; some of the key players are listed in Table-1
White Paper
Adoption of cloud
Analysts survey shows that since last one year, adoption of cloud computing is on
the rise, with 50 percent of Global 2000 companies already opting for cloud
infrastructure or are planning to do so within a year. In another survey of 104
Global 2000 companies conducted by AppLabs, 30 percent of respondents were
already using the cloud, while 20 percent said they were looking to move their
applications onto it within the next 12 months. For the group not planning to adopt
the infrastructure, 29 percent said lack of awareness deterred them from moving
their applications to the cloud. Another 21 percent each cited security concerns
and a dearth of technical expertise. Cost was a factor for 19 percent of respondents,
while 10 percent said limited services held them back from jumping on the cloud
bandwagon. Cloud computing paradigm is fast evolving "from a futuristic technology
to a commercially viable alternative".
1. Anybody with a need to make data and processing available to a large number of
users is a good candidate. Workloads or applications with unpredictable or capacity
requirements play well in the cloud computing model. Project such as a marketing
campaign are well suited for hosting.
2. Software development organizations will be among the first because they have a
vested interest in making it work. They can use a cloud-like environment for
integration with other application components. And when they want to migrating
environments to QA and onward
3. CDNs [Content Delivery Networks] service providers are most likely to adopt
cloud.
4. Utilizing the cloud for requirements management is a better use of their time.
"The important thing is we don't need to manage the back end, which is critical.
5. Application development and testing in the cloud is ideal proposition if you are
looking at cutting infrastructure cost of build and test environment that replicates
the production environment. It's the best way to use the cloud on a short-term
rental capacity basis. If you are conducting large performance tests that simulate
400,000 people hitting that application, cloud provides the cheaper way to handle
that kind of load.
White Paper
6. Autonomous applications, or ones that don't interact much with the back office,
are also a good fit for cloud computing.
2. Cloud computing may not be suitable for outsourcing large data centers, according
to a new report from McKinsey & Company
2. Realize the hidden costs: Organization should check with cloud vendors for
all hidden costs such as management, governance, and transition costs including
staff training which may flare up at the later stage and hence need to be factored
before moving to cloud services
The IT team needs to prepare 3. Assessment of IT software assets and people: While assessing the IT assets,
the questions such as, how will it affect Service-Oriented Architecture (SOA)
a program charter, Reorganize
strategy? How is disaster recovery plan impacted? What about backups and legally
IT teams according to mandated data archiving policies? What is the risk profile for using cloud
application functionality and computing services and what is the mitigation strategy? What is the potential for
engage them during platform lock-in and how can it be avoided? Shall be addressed, prioritization of
putting eligible standalone applications (e.g., sales promotion programs, emails,
deployment, migration and
HR benefits etc.) in the cloud is of prime importance and shall be thought by
testing of application on cloud business users. The IT team needs to prepare a program charter, Reorganize IT
although cloud vendors may teams according to application functionality and engage them during deployment,
be doing part of it. migration and testing of application on cloud although cloud vendors may be
doing part of it.
7. Prepare a back-out strategy: A plan for back out of cloud is essential even if it
is not given by cloud vendor so that if you get in to serious issues with cloud
vendor you should be able to continue with the business by restoring back your
systems
It is also very important for While evaluating, selecting and finalizing the cloud vendor following important
aspects should be considered
you to map out the network's
architecture completely, so Technical scrutiny:
you always have an insider's A careful analysis is essential while evaluating cloud vendors technically. Following
areas are very important to check back with cloud vendors
view of the service.
• Data related: What type of business data will be preserved, in which format and
which location? How is the data collection to be done? What will be the allowable
duration for data? What are the confidentiality and privacy norms and how the
data will be made available for compliance and regulatory requests? How data is
encrypted? Does the cloud vendor use any sub-contractors or rely on any
partnerships to process the data? Is the data backed up and if so, where are the
backups stored? What is the frequency and periodicity of data back-up? What
happens to copies of the data if the relationship is terminated or if the cloud
vendor fails? Will the cloud vendor provide archival copies of the data to the
customer? How will the cloud vendor react to legal inquiries about a customer's
data set? What types of auditing tools are available? Do the administrators have
to have access to the data? What tools are used to make sure the backup (or a
copy of it) doesn't go on a CD or thumb drive but only through an approved
system?
• Which platforms are not supported and which configurations are not possible?
• What is the scalability, redundancy and availability during staging and production
White Paper
• What virus protection is there and how regularly are vulnerability scans and
penetration tests run?
• How often their systems will be backed up? Are the back-ups encrypted? Where
are they stored
• What is the cloud vendor’s window for scheduled maintenance, when systems
may not be available? How the infrastructure and services are utilized to provide
persistent access to needed applications and data sets.
• SLA related: What are the SLAs relating to reliability, performance, response
time, security parameters, data privacy, reliability/availability and uptime, data
and infrastructure transparency? Elaborate SLAs are the most effective way to
achieve the business objectives. Does SLAs specifically addresses managerial
issues , intra cloud quality of service, allowable downtime, specific performance
levels, cost and time to recover from outages, provisions for lost data and any
security breaches, as well as backup, disaster recovery and storage. Does service-
level agreement guarantee a specific amount of uptime?
How is the customer credited
• Security service related: What security service assessments client has in place?
or compensated for an
Do the administrators have to have access to the data? What tools are used to
outage? What level of make sure the backup (or a copy of it) doesn't go on a CD or thumb drive but
redundancy is in place to only through an approved system? Ask for a description of the infrastructure,
minimize outages? What the format in which the data is held, what happens to backup tapes, and whether
or not you can have specific retention processes applied to your data.
alternative methods of access
are offered if there is an • Governance and compliance related: What governance and compliance
standards are followed and complied with. What certifications cloud vendor has
outage? obtained (such as ISO27001, BS25999, and ITIL)? Do they have a data back-up
and retention process?
• Communication and reporting related: What are the statuses reports, measures
and analysis trends generated and delivered to cloud customers? What is the
periodicity of service review? Which parameters are tracked, monitored and
reported?
• Customer references: Check out the references from similar cloud customers
from whom the cloud vendor is providing services, check with them the problem
faced and challenges during start-up and steady state position during service
period. How long the cloud vendor is providing services
• Pricing structure: What is the pricing structure? Which costs are not included
in basic services? Are charges based upon traffic, usage or storage limits? What
are the minimum and maximum limits? What are the applicable taxes, duties,
fees? Is there any type of price protection? Are there licensing fees above and
beyond the service fees?
• Retain control over the application's environment. When you opt for services
from cloud vendor. It is necessary to make sure that system is under the control
of cloud customer. Create appropriate documentation, measures, and metric and
keep records of all communication with cloud vendors along with issues,
challenges faced.
Charging system
On a small scale, charging per instance makes sense, in that you pay for the
minimum capacity you need as you go. Large cloud customers think that the pricing
models based on usage do not holds good for large businesses with heavy transaction
volumes. But if you are a startup more concerned with gradual and affordable growth,
such on demand pricing models make sense. The pay-as-you-go pricing model
allowed us to grow little by little and use incremental services without up-front
infrastructure investments.
White Paper
Business view
• The computing power and storage capabilities of cloud infrastructure are amazing
and for simple e-mail application as per Gartner if companies have to spend
between 10 to 100 $ per user per month it can come down drastically to 1 to 5 $
per user per month. Cloud in this instance is really managed hosting. The
challenge is to get enough compute capacity at a cost below what a company
could stand up in internal virtual environments themselves.
The challenge is to get • Most small and medium businesses simply don't have the time, expertise or
enough compute capacity at a money necessary to buy, deploy and manage the computing infrastructure needed
to run their solutions on their own. Cloud computing provides breather, since all
cost below what a company IT services are available on subscription basis based on your consumption pattern
could stand up in internal and you don’t have to go for buying any capital item. Services such as CPU
virtual environments cycles, bandwidth, and application logins in the cloud will be reasonably cheap
and extensively commoditized for the foreseeable future
themselves.
• Benefits for the business can be significant: faster project times to market, given
that IT is not waiting for servers to open up to start testing a new application; the
ability to tell a department that the new application it wants tested will take a
couple of days or weeks vs. months; and of course, the knowledge that you will
not have to expand your environment or even build one.
• Since the service capacity, space, up and down scaling is all offered on the basis
of pay as per your demand the Capital expenditure (Capex) will be nullified and
will be transformed to an Operating expenditure (Opex) which will be essentially
on usage basis and can be tightly controlled
Technical View
• Shared infrastructure will provide better hardware utilization since more cloud
customers, applications, users and transactions can be realized per machine.
• With elastic scalability one can achieve fine-grained capacity and demand
planning
• Since the cloud environment has applications delivered through web browsers
which will be front end and backend will be powered by highly-scalable databases
hence it is possible to see Separation of data from apps and it can exist in separate
locations much more easily and effectively. The opportunity here is to allow the
front end apps running in the cloud to tunnel in and connect to the data of your
own private data center.
• The access to cloud applications will be feasible 24x7 through any mobile
device anywhere since internet will be available through high speed mobile
devices
1. Cloud computing in its original state is not secure .Confidentiality ,protection and preservation of customers proprietary
data coupled with need of meeting of regulatory and compliance standards are major obstacle preventing organizations to
make all out movement to cloud.
2. The other concern being mixing of sensitive data with other cloud customers due to the use of Shared Web servers and
practically every component of the OSI layers 1 through 7 is shared -- not just the application layer -- so the attack surface
can be exponentially increased. Forensics investigations and any e-discovery requests may be difficult due to the complexities
of the cloud. Security right from user authentication to transaction processing to back-end data access needs to be in place
and is of prime importance.
3. Interoperability between two clouds for sharing data and information as well as seamless Integration between various
applications is difficult to do currently.
4. Pricing model, ROI, customer centric performance based SLAs are some of the business level challenges which are not clear
to the cloud customers.
The other challenges faced by cloud customers are enclosed category wise in below Table-4
White Paper
• Independent Third party audits, logging and monitoring systems will need to be
enhanced, and incident response processes will undoubtedly. Cloud Vendor
and cloud customers may have to sit together and implement some measures
like role-based security and privileged access while embarking on cloud based
services
• The nonprofit entity like Cloud Security Alliance (CSA) is trying to promote the
use of best practices for securing cloud computing and will educate practitioners
on security aspects according to Searchsecurity.com. The CSA will address more
than fifteen areas of security issues with prime focus on governance and
operations. In parallel several organizations have also doing some research for
securing data in the cloud. Both the Cloud Computing Alliance and the Open
Cloud Manifesto have LinkedIn groups and can use some help, especially from
security professionals working in large enterprises with service provider class
networks. The cloud customers are expected to help cloud computing vendors
address security in their software delivery model. Security vendors are already
responding to the trend. VMware Inc. released APIs and next version of its OS
for cloud computing to security vendors under its VMsafe program. Symantec
Corp., McAfee Inc., Trend Micro Inc. and others are integrating security tools to
address virtualization.
White Paper
• Cloud Vendors like Google encrypts data in transit and gives admins the option
to turn on SSL. The data is spread across multiple machines, so you don't have a
single machine to attack like the typical environment; this model is more secure
than the encrypted server model. Production data is not mixed with testing data,
customer access is not mixed with developer access, and sensitive workloads are
kept separate from open or promiscuous applications. Security patches are kept
A unified approach that up to date, configurations are monitored for breaches, workarounds are applied
for zero-day threats and malware detection systems are constantly updated.
describes the Interoperability Virtual images, hard drives and backups are encrypted and password-protected.
standards and its compliance
• Some groups are working on a Private Virtual Infrastructure (PVI) in which, the
requirements may be data center is "under the control of the information owner" while the fabric is
essential. Vendors like Azure under the control of the operator (of the cloud service). The cloud vendor and
runs non-.NET technologies cloud customer are required to share certain types of security information, and
service level agreements (SLAs) along with the roles and responsibilities of all
like PHP natively and parties in the agreement. Every service in the cloud must be able to report security
developers can expose their properties, and that the properties must be cryptographically bound and signed.
services over several Future Challenge
standards, including REST and No long-term vision for cloud computing interoperability is visualized. So far the
SOAP and developers can consensus among the cloud vendors on openness and interoperability in cloud
computing is not yet well thought. A unified approach that describes the
configure applications hosted Interoperability standards and its compliance requirements may be essential.
on Azure to communicate Vendors like Azure runs non-.NET technologies like PHP natively and developers
with end users via a browser, can expose their services over several standards, including REST and SOAP and
developers can configure applications hosted on Azure to communicate with end
on-premises servers or even
users via a browser, on-premises servers or even other clouds.
other clouds.
Cloud computing change management
Switching over to cloud computing environment brings in lots of change
management issues with the organizations and it has to be a decision of whole
company. On one side IT department may be resistant to do certain things because
they are going to lose control, on the other hand business users may become
aggressive because they may not have to contact internal IT department to host or
change their application since it will be done by cloud vendors. The whole switchover
program will call for systematic process to effect the changes by taking all
stakeholders in to confidence.
White Paper
Migration of application and data to cloud environment will require very clear cut
policy, understanding and collaboration between senior management, business
users, IT users ,finance department and customers because everyone will have
vested interest. Every stakeholder has pros and cons in switching to cloud
environment which will have to be justified and approved by management as a
policy.
Many times decoupling business processes from software applications will call for
transformational change in the form of service-oriented architecture (SOA) and
business process management (BPM).Also re-architecture of certain applications
to take advantage of Web-oriented architectures preferred in cloud that exploit the
distributed data and distributed processing model would require development team
to restrategize and restructure the application.
In summary
The new trend in innovations The future of cloud computing
will bring in lot of maturity In today’s economy, with limited budgets and a highly dynamic market, it is critical
and reliability in cloud to be able to refocus organizations resources and check the viable options with
cloud computing which can provide expected benefits.
computing along with better
governance and security Without getting trapped in to the cloud hype cloud customers can start in
experimentation and pilot mode in public cloud with non critical applications and
models once technologies
once the security and service level assurance related issues improves ,they can
start functioning seamlessly migrate hosting environment and data centres to dedicated private cloud services.
and reliably. With drastic The market right now is really a subset of the managed hosting business - which is
improvements in WAN speed, a $9 to $10 billion a year that just continues to grow. The computing environment
the future trend will of future will always be cloudy with variety of sizes and shapes touching each other,
one can chose the right environment, tools and cloud vendor to prove that
increasingly see the front end
organization is always on 7th cloud in it computing.
of applications separated from
Widespread acceptance of virtualization environment and clouds will happen in
the backend which has stages - a couple of issues associated with data security, interoperability, separation
scalable databases. of service layer still need to get addressed. The new trend in innovations will
bring in lot of maturity and reliability in cloud computing along with better
governance and security models once technologies start functioning seamlessly
and reliably. With drastic improvements in WAN speed, the future trend will
increasingly see the front end of applications separated from the backend which
has scalable databases. This may happen more easily and effectively even by allowing
companies to host the data inside their own private data centers and simply allow
the front end apps running in the cloud to tunnel in and connect to the data. There
could be move towards development of offline component of web application in
addition to the standard online component which stores the application locally and
caches user data so that any hiccups to a Web session or connectivity outages allow
users to continue to work uninterrupted when Internet connectivity is restored,
any work and changes made offline are simply synced up with the online version
of the application.
White Paper
The cloud customers would like to continue to keep business ownership with them
and workout better trade-off with cloud vendors for service ownership. The best
way to handle cloud computing needs of future could be that organizations form an
ecosystem as a cloud community and extend the cooperation to tap the potential of
cloud environment on mutual trust.
References
1 White Paper-5 Reasons CIOs are Adopting Cloud Computing in 2009 by sales
force .com
2 White Paper-Akamai and Cloud Computing-A Perspective from the Edge of the
Cloud by Tom Leighton, co-Founder and Chief Scientist, Akamai Technologies
6 Cloud computing and application security: Issues and risks by Kevin Beaver,
7 Cloud computing defies one definition, so here are a few of the latest by Christina
Torode, Senior News Writer
9 Wipro Voice: Why Cloud Computing Is Here to Stay (Even Though No One Is
Closing Their Data Centers Just Yet) by Anand Ramakrishnan
10 The real cost of cloud computing services Christina Torode, Senior News Writer
07.08.2009