Business implementation and Security Concerns of Cloud Computing

Qaid Johar Abbasi Sodawala, Rahul Telang, (MCA II Year) & Prof. Sham S. Malgikar, Asst Professor JSPMs Jayawant Institute of Computer Application, Tathawade, Pune. Mail: shammalgikar@gmail.com,quaidjohar.sodawala@gmail.com

Abstract: Cloud computing is boasted as the next big thing in enterprise IT. The corporate data centers and on premise software will not shed their light soon but "the clouds" will have growing impact on enterprise IT and business activities in many small and large organizations. The paper attempts to explore the corporate implementation of cloud computing and in how many ways it can be done. Also a very concerning issues regarding cloud computing security are discussed. ------------------------------------------------------------------------------------------------------------Introduction:

Few years back when internet was just

born, business activities moved at very slow pace. Now in twenty first century the pace of business is much quicker and it continues to increase as the constant stream of new technologies make their way to stimulate business processes. Cloud as a metaphor for "internet" is a combination of various servers and networks which is under veil to provide services like computation, software, data access and storage to end user hiding its actual physical location and configuration of the system that delivers the service. Cloud

computing can be understood as more of a service rather than a product.

What is cloud computing?

Cloud

computing

is

an

emerging

computing model by which users can gain access to their applications from anywhere, through any connected device. A usercentric interface makes the cloud infrastructure supporting the applications transparent to users. The applications reside in massively scalable data centers where computational resources can be dynamically provisioned and shared to

achieve signicant scalability. A strong service management platform is build, so that management costs of adding more IT resources to the cloud can be signicantly lower than those associated with alternate infrastructures.

Why cloud:
1. Scalability: Servers can easily grow or shrink as per demand 2. Cost:
It helps keep the cost down for both the users and website owners. Also for the users, they can access it from any computer and still have the file they need. For the owners, they do not need to reproduce the software and ship it out. They just rent the server space.

resources are optimally leveraged to provide innovative services over the Web, and servers are provisioned in accordance with the logical needs of the service using advanced, automated tools. The cloud then enables the service creators, program administrators and others to use these services via a Web-based interface that abstracts away the complexity of the underlying dynamic infrastructure. The infrastructure management methodology enables IT organizations to manage large numbers of highly virtualized resources as a single large resource. It also allows IT organizations to massively increase their data center resources without signicantly increasing the number of people traditionally required to maintain that increase. For organizations currently using traditional infrastructures, a cloud will enable users to consume IT resources in the data center in ways that were never available before. Companies that employ traditional data center management practices know that making IT resources available to an end user can be timeintensive. It involves many steps, such as procuring hardware; nding raised oor space and sufficient power and cooling; allocating administrators to install operating systems, middleware and software; provisioning the network; and securing the environment. Most companies nd that this process can take upwards of two to three months. Those IT organizations that are reprovisioning existing hardware resources

3. Instant: The scalability can be achieved instantly. Its like controlling light brightness by regulator. 4. Mobility: User can access their data anywhere.

Business value of cloud computing:

Cloud

computing is both a business

delivery model and an infrastructure management methodology. The business delivery model provides a user experience by which hardware, software and network

nd that it still takes several weeks to accomplish. A cloud dramatically alleviates this problem by implementing automation, business workow and resource abstraction that allows a user to browse a catalog of IT services, add them to a shopping cart and submit the order. After an administrator approves the order, the cloud does the rest. This process reduces the time required to make those resources available to the customer from months to minutes.

distinguish between grid computing and cloud computing. In the 1990s, the concept of virtualization was expanded beyond virtual servers to higher levels of abstractionthe virtual platform, including storage and network resources. Utility computing offered clusters as virtual platforms for computing with a metered business model. More recently software as a service (SaaS) has raised the level of virtualization to the application, with a business model of charging not by the resources consumed but by the value of the application to subscribers. The concept of cloud computing has evolved from the concepts of grid, utility and SaaS. It is an emerging model through which users can gain access to their applications from anywhere, at any time, through their connected devices.

Evolution:

Cloud

computing is an important

topic. However, it is not a revolutionary new development, but an evolution that has taken place over several decades. The trend toward cloud computing started in the late 1980s with the concept of grid computing when, for the rst time, a large number of systems were applied to a single

Cloud computing Models:

Basically there are three

1. Public. 2. Private. 3. Hybrid.

types of cloud

computing models which are:

Each type of cloud computing modelpublic, private or hybrid faces different levels of IT risk. Problem, usually scientic in nature and requiring exceptionally high levels of parallel computation. its important to In the private cloud delivery model, the cloud owner does not share resources with any other

company. Private clouds are owned and operated by a single organization, delivering IT services within the constraints of their own network perimeter. In the public cloud computing model, IT activities and functions are provided as a service that can be billed on a pay-per-use or subscription basis via the Internet from external suppliers, using resources not owned by the consumer. The sharing of IT resources in a public, multitenant environment can help improve utilization rates and can reduce costs signicantly while maintaining access to high quality technology. In a public cloud, an organization rents IT resources instead of having to invest in their own physical IT infrastructure or maintain underutilized equipment to service peak loads. Instead, they can scale usage up or down, according to need, with costs directly proportional to need. Many organizations embrace both public and private cloud computing by integrating the two models into hybrid clouds. These hybrids are designed to meet specic business and technology requirements, so that activities and tasks are allocated to traditional IT, external or internal clouds, as appropriate, helping to optimize

security and privacy with a minimum investment in xed IT costs.

Cloud Service models:

In

addition

to

the

different

cloud

computing models, there are distinctions among the most common cloud service models as shown in Figure. Available to anyone with Internet access, cloud service models include:

Software as a Service (SaaS) cloud modelEnables software to be delivered from a host source over a network as opposed to installations or implementations Platform as a Service (PaaS) cloud modelEnables operating systems and middleware services to be delivered from a managed source over a network Infrastructure as a Service (IaaS) cloud modelEnables the entire infrastructure to be delivered as a service over a network, including storage, routers, virtual systems, hardware and servers.

Cloud computing and security: the grand challenge:

While

cloud

computing

models

are

attractive because of their exibility and cost effectiveness, certain challenges must be addressed in order to provide a viable option to traditional data services. First and foremost is the issue of security. The externalized aspect of outsourcing can make it harder to maintain data integrity and privacy, support data and service availability, demonstrate compliance, and secure highly available access to applications and information. In short, cloud computing can present an added level of risk. Although cloud computing can shift some control over data and operations from the client organization to its cloud provider much in the same way organizations entrust part of their IT operations to outsourcing companiesoperating a secure cloudbased IT environment is, after all, a shared responsibility. Even basic tasks, such as applying patches and conguring network security, are the responsibility of both the cloud service provider and consumer. Let us examine an example for both public and private cloud. In an IaaS model it is the cloud providers responsibility to offer a number of precongured virtual machines that constantly have to be kept updated with the latest security patches. When clients provision the virtual machines, they have to trust the

cloud provider to deliver secure systems. The clients do not have access to the hypervisor layerthe underlying operating system that manages one or more virtual machines that run on a physical machine which typically does not share the virtual network segment with any of the other hosted virtual machines to avoid networkbased intrusions. The cloud provider may also separately offer an optional virtual private network (VPN) capability so that the client can help ensure a protected network that is not directly visible for Internet-based attackers. It is the clients responsibility to maintain the patch level for all provisioned virtual machines after the initial deployment as well as a properly congured VPN to shield their valuable data and infrastructure. If a client, however, chooses to refrain from purchasing a VPN option or does not patch any of their web facing virtual machines, the machines can be vulnerable. If an organization decides to implement these mechanisms in a private cloud using their internal IT department, they will rely on their business policies to govern aspects like data condentiality, access control to applications and systems, and so on. Employees will be entrusted to handle the IT infrastructure because they are recertied against the business policies on a regular basis. In this environment organizations have to deal with the risk of unauthorized privileged user access, data loss prevention, malicious intrusions and unintentional user errors. They also have to observe and comply with internal or

regulatory guidelines. If the organization decides to implement these mechanisms in a public cloud using the cloud provider discussed in the example above, they will rely on written business agreements to govern the exact same aspects, as explained in the private cloud example. They also have to deal with the same risks and comply with the same internal or regulatory guidelines. Other aspects about cloud computing also require a major reassessment of security and risk. Inside the cloud, it is often difficult to physically locate where data is stored. Security processes that were once visible are now hidden behind layers of abstraction. This lack of visibility can create a number of security and compliance issues and may prohibit certain IT use cases to be implemented using a strictly public cloud environment. Clients need to ensure that they can select a physical location even for

a public cloud deployment, and that contracts are in place to guarantee localized data storage.

Reference:
Web reference:
http://www.ibm.com/cloud-computing/us/en/

www.wikipedia.org
http://thecloudtutorial.com/cloudtypes.html