Cloud Computing

About Cloud Computing

Cloud computing provides IT resources on demand such as computing power, storage and databases through internet with a pay as you go pricing. Rather than buying and maintaining physical data centres and servers, cloud computing makes it possible to store them over the internet and it can be accessed whenever needed on pay as you go basis via cloud providers such as Amazon Web Services, Windows Azure, etc. Organization of every sizes are using cloud for various purposes such as data backup and recovery, virtual desktop, email, software testing, big data analytics and web applications. For example: companies that run financial services are using cloud to detect frauds and prevention and video game companies are using cloud to provide online games to every player all over the world.

Even though it sounds like cloud computing is from this generation, it roots back to the 1950s. During the 1950s, complex mainframe computers were used to process data by organizations which were very huge and expensive. So, a theory of sharing computing time among many users was created by the computer scientist known as John McCarthy (Ecpi, 2021). As the technology evolved, in 1969, a technology which was known as ARPANET (Advanced Research Project Agency Network) was developed with the help of a computer scientist called J.C.R. Licklider. It enabled users to interconnect with each other and access data using computer from anywhere in the world which is known today as cloud computing. As the cloud gained popularity, at late 1990s, Salesforce became the popular example of using cloud computing successfully (Foote, 2017). In 2006, amazon launched an Amazon Web Services which provides online services to their clients. As time marched on, several other cloud services were launched such as Google Docs Services, IBM SmartCloud, ICloud, etc.

The key features of cloud computing are as follows:

• Resources pooling:

It means providing services to multiple customers from the same resources. Different physical and virtual resources are assigned according to the demands of customers.

• On-Demand Self-Service:

It enables users to monitor server, computing capabilities and allocated network storage.

• Easy Maintenance:

Cloud computing servers are maintained easily. It comes up with updates which performs faster than the old version and more compatible with other devices.

• Access of Large Network:

Users can gain access or upload data into cloud from anywhere around the world through a device with internet.

• Availability:

Users can modify the capabilities of cloud according to their use. It analyses the storing capacity and enables user to buy extra storage if needed more anytime from anywhere.

• Automation:

It automatically provision cloud infrastructure, automate storage, backups, manages security and compliances, change configuration and setting and deploy code.

• Economical:

It is a small investment because the company can buy storage and sell smaller part of it to other companies which helps them to save money and only pay for maintenance which cost less. The company can re-size the resources according to their needs.

• Security:

Cloud has the best security because no one has been able to hack it till now. It creates snap of stored data which can be used to recover data when the server gets damaged. Storage service in cloud is quick and reliable which can be accessed from anywhere using the device with internet connection.

• Only pay for what you use:

User only pay for the service or spaces they have used.

• Measured Services:

It is useful for cloud provider to monitor and calculate the consumption of resources and services used by their customers and improve the infrastructure and services.

Service Models

There are three types of cloud computing services:

• SaaS

SaaS stands for Software as a Service. It is a model which is managed by the third-party venders that allows quick access to cloud-based application using a web browser, to its users. It does not need any installation or download software on the computer. Some of the example of SaaS are Dropbox, Google Workspace, Microsoft Office 365, etc.

The benefits of SaaS are:

o It eliminates cost of purchases, installing, maintenance and computing upgrades.

o Simply a user can just sign up and get fast access to cloud resources and services via web browser.

o It can be easily accessed from anywhere using any devices such as tablets and smartphones.

It is ideal for small companies because it does not need any installation and maintenances. It is useful for communication, transferring the contents and scheduling the meetings. The downside of using SaaS is:

o It can be a problem if the SaaS application is not designed to integrate with existing application and services.

o Data might not be transferrable without paying more cost.

o Some data might be traded to the backend data centre of application to perform some functions. So, transferring company’s data into public cloud-based services may not be secure.

o It provides minimal customization capabilities. User might be limited to specific services offered by the vendor.

o Since it is provided by third-party vendor, it lacks control of updates, data and governance.

o Application may not be able to serve new features in future as it comes in one standardized form.

o Vendor controls and manages the SaaS services, so the users have to depend on them. Any unplanned maintenance and cyber-attacks can disturb in the performance of the SaaS application.

• PaaS

Platform as a Service (PaaS) delivers framework to developers so that they can build and create applications. All the servers, networking and storage are managed by the service providers and the developers maintains the management of the application. Like SaaS, instead of providing software it delivers platform to create software. This platform is delivered through web so that the developer can build the software without worrying about operating system, storage, updates or infrastructure

The benefit of PaaS are as follows:

o Resources are scalable as per the needs and demand of the business.

o Many users can access it through the same development application.

o It provides various services to develop, test and deploy applications.

o It can integrate databases and web services.

o Applications can be customized by developers without worry about the software.

o The amount of coding needed is reduced.

The example of PaaS providers are AWS Elastic Beanstalk and Google App Engine. The limitation and concern about PaaS are as follows:

o Clients may not be able to utilise services with specific hosting policies.

o Integration with existing services and infrastructure may be an issue when not each components of legacy IT system is built for cloud.

o If migration policies are not provisioned by the vendor, the business might be affected while switching to alternative PaaS options.

o PaaS solutions may not be the optimized language and framework of choice.

o Due to operational limitation, customized cloud operation with automated workflow may not be able to operate in PaaS solution.

• laaS

It stands for Infrastructure as a Service. It provides cloud infrastructure such as servers, operating system, networking and storage via visualization technology. Instead of buying and installing hardware on their premises, it enables its user to purchase resources according to their needs and demand. The cloud server is provided to the companies through an API or dashboard that gives complete control to their clients over entire infrastructure. It provides data centre without having to manage and maintain it. The IaaS client can access the server and storage through the virtual data centre in the cloud. They are also responsible for managing features such as runtime, application, middleware, OSes and data which differentiate it from SaaS and PaaS. However, some of the aspects such as storage, virtualization, networking, server and hard drives are managed by the IaaS provider.

The benefits of IaaS are as follows:

o Resources are scalable as per the needs and demand of the business.

o It has flexibility.

o Clients holds the complete control over their infrastructure.

o Multiple users can access through same hardware.

o Cost depends on the consumption.

o Easy for automating servers, storage and networking.

The example of IaaS service provider is Amazon Web Services (AWS), Google Compute Engine and Microsoft Azure. It is suitable for small as well as large companies. Small companies can save the cost on buying hardware and software. Large companies can gain complete control over their infrastructure and buy only what they need or consume. Some of the concerns of IaaS are as follows:

o As the clients control their infrastructure, security threats can be obtained from virtual machines or host.

o The infrastructure may not be able to provide controls to secure the legacy applications.

Extra training required to manage the infrastructure.

Introduction to Server Virtualization

Server virtualization is a distribution of a physical servers into multiple virtual servers by the means of a software application. Each virtual server runs its own operating system and applications. This concept is not new as computer scientists have been making virtual machines on supercomputers for decades. It is still developing, and several companies are using server virtualization for their businesses. The key benefits for using this concept are as follows:

• A multiple operating system can be operated and managed on single physical server at once which means it saves spaces and less money on servers.

• Fewer physical servers help to cut down power consumption too.

• Can run applications in one virtual server without having an impact on others. It is useful for software testing.

• If one serve fails, then another server that runs the same application can take its place.

• It is useful for companies for transition from old to new processes without any failures by creating a virtual version of the hardware.

• It enables to migrate virtual server from one physical machine to another if the processors are from the same manufacturer.

The three types of server virtualization are as follows:

• Full Virtualization

It uses a software known as hypervisor. It is a layer between a guest operating system and hardware that pulls the resources from the physical server and allocate them to virtual environment. It keeps each virtual server unaware of the other virtual server running on the same physical machine and independent. Each guest server runs on its own operating system. For example, one guest server can run on Linux and another one on Windows. The limitation and concern of using full virtualization is it can slow down applications and impact the server performance.

• Para-Virtualization

In this virtualization, the guest operating system needs to be modified using driver so that it knows it is running in virtualized environment on top of a hypervisor. It makes explicit call to the hypervisor known as hypercall. The hypervisor sends the request to the host operating system and with the help of Instruction Set Architecture (ISA), host operating system communicates with physical server and pull the resources and send it back to hypervisor. The hypervisor sends it back as a return hypercall to the guest operating system. All the guest servers are aware of each other. The whole system works as a combined unit. As the guest operating system directly communicates with hypervisor, the overall performance is increased. The physical server is fully utilized in this virtualization. The only concern about using paravirtualization is that it cannot operate without modifying the guest operating system.

• OS-Level Virtualization

Unlike full and para virtualization, hypervisor is not used in this concept. The virtualization capability is part of host operating system which executes all the task of a hypervisor. Each virtual server runs independently. It performs faster and efficient if all the administrator’s physical severs runs all on same operating system. The main limitation of this virtualization is all the guest servers cannot have mixed and matched operating system; it must have the same operating system.

The best virtualization depends on the network administrator needs. If the administrator needs to run all the same operating system in the physical servers then OS-Level virtualization is the best as it performs faster and efficient than other approach. However, if the administrator’s physical server is running on various different operating system then para-virtualization will be the best approach, but more companies use full virtualization because only few companies offer para virtualization software. In the coming future, para virtualization may replace full virtualization as the interest is growing for the para virtualization.

Virtual machines vs Bare metal servers

Security Issues

The key security issues associated with cloud computing are as follows:

• Misconfiguration

According to cybersecurity firm Trend Micro, cloud misconfiguration is the number one cause of cloud security issues (cited in Fadilpasic, 2020). It occurs when the cloud assets are setup incorrectly, often leaving them defenceless to malicious activity such as e-skimming, ransomware and data exfiltration. Such attacks can be prevented by implementing secure configuration such as CIS Benchmarks that provides the best practice security guidance for technologies including operating system, servers and cloud containers. Various type of challenges is faced by businesses when migrating to public IaaS cloud environment such as complex and undetected internet connectivity that are configured incorrectly. This can be solved by implementing Automated IaaS Assessment that fully protects cloud assets and maintains shared responsibility across multiple cloud services through continuous monitoring.

• Insecure Interfaces/APIs

According to study from Imperva, over two-thirds of companies expose APIs to the public so that business partners and external developers can access the software platforms. The study also indicated that the typical organization manages an average of 363 APIs and 61% of organizations reported that their business strategy relies on API integration (cited in Davis, 2020). As many organizations depends on APIs, cyber criminals have found ways to force malicious attacks:

o Exploitation of Inadequate Authentication: Sometimes developers create API without authentication and as a result these interfaces are open to everyone and anyone can use it to access business systems and data.

o Profiting from Increased Use of Open-Source Software: Many developers include open-source software into their code to save some time which leaves many applications open to supply chain attacks. For example, a developer can download components from Docker hubs that are unsuspectingly infected with cryptocurrency mining code.

To prevent these attacks, the following best practices should be implemented:

o APIs must be designed with authentication, encryption, access control and activity monitoring in mind.

o Developers should only implement standard API frameworks that are designed with security in mind.

o There are security issues even with comprehensive policies for cloud API design. Organizations must invest in solutions that offers complete visibility so that security teams can identify security risk quickly.

• Insufficient Identity, Credential and Access management

Insufficient password, failure to use multiple factor authentication and lack of automated rotation of cryptographic keys, certificate and passwords can lead an attacker to gain access to data and damages to businesses and end users. It is still one of the top security issues in cloud computing. Once the company’s data is breached, it can have a huge impact on their reputation and trust of their customers which might decrease their market value and huge financial loss. It can be prevented by implementing multiple-factor authentication and most importantly educating end users about security beast practices, credential protection and cyber-attacks. Role based access must be implemented to access applications and files.

• Lack of Cloud Security Architecture and Strategy

Companies migrating their information technology to the cloud environment without considering the nuances of IT operations in the cloud generates a high risk for their businesses. It will result in companies having less visibility and less control over their data and infrastructure. Without proper security architecture and strategy, there will be more possibility of misconfiguration. To gain more visibility into cloud infrastructure, the business can use Cloud Security Access Broker (CSAB) or cloud-aware technology. It is extremely important for businesses to monitor heir cloud environment so that they can prevent misconfiguration or any other security threats.

Bibliography

1. ConceptDraw, 2021. Cloud Computing Architecture Diagrams. [online] Available at: <https://www.conceptdraw.com/How-To-Guide/cloud-computing-architecture-diagrams> [Accessed 28 January 2021].

2. Davis, R., 2020. Insecure API Cloud Computing: The Causes & Solutions. [Blog] Available at: <https://www.extrahop.co.uk/company/blog/2020/insecure-apis-cloud-computing-cause-solutions/> [Accessed 25 January 2021].

3. Ecpi.edu. 2021. A Brief History Of Cloud Computing. [online] Available at: <https://www.ecpi.edu/blog/a-brief-history-of-cloud-computing> [Accessed 15 January 2021].

4. Fadilpasic, S., 2020. Misconfiguration The Number One Risk To Cloud Environments. [online] ITProPortal. Available at: <https://www.itproportal.com/news/misconfiguration-the-number-one-risk-to-cloud-environments/> [Accessed 25 January 2021].

5. Foote, K., 2017. A Brief History Of Cloud Computing - DATAVERSITY. [online] DATAVERSITY. Available at: <https://www.dataversity.net/brief-history-cloud-computing/> [Accessed 15 January 2021].

6. Medium. 2018. PushFYI: Cloud Computing Services. [online] Available at: <https://medium.com/@pushfyi/pushfyi-cloud-computing-services-19d5050e07fa> [Accessed 28 January 2021].

7. Saraswat, A., 2020. Demystifying- AWS Instance Tenancy. [Blog] Cloud, Infrastructure and Security, Available at: <https://www.infosysblogs.com/cloud/2020/01/aws_instance_tenancy.html> [Accessed 24 January 2021].

8. Shaw, S., 2011. SQL Server Virtualization Overview (Part 1 of 5). [online] Mssqltips.com. Available at: <https://www.mssqltips.com/sqlservertip/2416/sql-server-virtualization-overview-part-1-of-5/> [Accessed 28 January 2021].

9. Strickland, J., 2021. How Server Virtualization Works. [online] HowStuffWorks. Available at: <https://computer.howstuffworks.com/server-virtualization.htm> [Accessed 22 January 2021].

10. Watts, S. and Raza, M., 2019. Saas Vs Paas Vs Iaas: What’S The Difference & How To Choose. [online] BMC Blogs. Available at: <https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-how-to-choose/> [Accessed 22 January 2021].