varun bakshi_cloud project.pdf

8/2/2019 varun bakshi_cloud project.pdf

1/49

Cloud Computing and Business

Submitted By:-

Varun Bakshi

(501004069)

MBA-2nd

Year

Submitted To:-

Er.Amit K.Bhardwaj

Asst. Prof. LMTSOM

Thapar Univ.,Patiala


2/49

1

Contents

Introduction To Cloud Computing ........................................................................................................... 2

Three cloud service models ........................................................................................................................ 6

Cloud deployment models: ......................................................................................................................... 7

CLOUD ENVIRONMENT ROLES ...................................................................................................................... 8

SPECIFIC CHARACTERISTICS / CAPABILITIES OF CLOUDS .............................................................................. 9

Cloud Computing in Larger Businesses ....................................................................................................... 15

Cloud Computing in Small Business ............................................................................................................ 17

Benefits of Cloud Computing ...................................................................................................................... 18

Some Findings -- Cloud Computing ............................................................................................................. 20

TCSs Service Offerings in Cloud Computing ............................................................................................... 25

CLOUD COMPUTING IN HEALTHCARE INDUSTRY .................................................................................... 30

Cloud technology from Microsoft ............................................................................................................... 32

Cloud ERP .................................................................................................................................................... 35

Ramco OnDemand ERP ......................................................................................................................... 35

Business case for cloud computing ............................................................................................................. 38

Threats to Cloud Computing ....................................................................................................................... 40

How Integrated, Web-Based Software Makes Business More Efficient ..................................................... 44

Business Benefits Of Cloud Computing ....................................................................................................... 46

REFERENCES & SOURCES......................................................................................................................... 47


3/49

2

Introduction To Cloud Computing

The boom in cloud computing over the past few years has led to a situation that is common to

many innovations and new technologies: many have heard of it, but far fewer actually

understand what it is and, more importantly, how it can benefit them. In an attempt to gain a

competitive edge, businesses are increasingly looking for new and innovative ways to cut costs

while maximising value especially now, during a global economic downturn. They recognize

that they need to grow, but are simultaneously under pressure to save money. This has forced the

realisation that new ideas and methods may produce better results than the tried and tested

formulas of yesteryear. It is the growing acceptance of innovative technologies that has seen

cloud computing become the biggest buzzword in IT.

However, before an organisation decides to make the jump to the cloud, it is important to

understand what, why, how and from whom. Not all cloud computing providers are the same.

The range and quality of services on offer varies tremendously. The increased degree of

connectivity and the increasing amount of data has led many providers and in particular data

centres to employ larger infrastructures with dynamic load and access balancing.

By distributing and replicating data across servers on demand, resource utilisation has been

significantly improved. Similarly web server hosts replicate images of relevant customers who

requested a certain degree of accessibility across multiple servers and route requests according to

traffic load. However, it was only when Amazon published these internal resources and their

management mechanisms for use by customers that the term cloud was publicly associated

with such elastic infrastructuresespecially with on demand access to IT resources in mind. In

the meantime, many providers have rebranded their infrastructures to clouds, even though this

had little consequences on the way they provided their capabilities.

Cloud computing is an Internet-based way of working where users access applications through a

web browser rather than hosting software locally on their own PC. The applications can be very

simple, such as web-based email, through to more complex business software such as web-based

accounting.


4/49

3

a 'cloud' is an elastic execution environment of resources involving multiple

stakeholders and providing a metered service at multiple granularities for a

specified level of quality (of service).

Cloud computing as a delivery model for IT services is defined by the National Institute of

Standards and Technology (NIST) as a model for enabling convenient, on -demand network

access to a shared pool of configurable computing resources (e.g. networks, servers, storage,

applications, and services) that can be rapidly provisioned and released with minimal

management effort or service provider interaction


5/49

4

NIST specify five characteristics of cloud computing:

a. On-demand self-service involves customers using a web site or similar control panel interface

to provision computing resources such as additional computers, network bandwidth or user emailaccounts, without requiring human interaction between customers and the vendor.

b. Broad network access enables customers to access computing resources over networks such

as the Internet from a broad range of computing devices such as laptops and smartphones.

c. Resource pooling involves vendors using shared computing resources to provide cloud

services to multiple customers. Virtualisation and multi-tenancy mechanisms are typically used

to both segregate and protect each customer and their data from other customers, and to make it

appear to customers that they are the only user of a shared computer or software application.

d. Rapid elasticity enables the fast and automatic increase and decrease to the amount of

available computer processing, storage and network bandwidth as required by customer demand.

e. Pay-per-use measured service involves customers only paying for the computing resources

that they actually use, and being able to monitor their usage. This is analogous to household use

of utilities such as electricity

Cloud computing can be visualised as a pyramid consisting of three sections:

Cloud Application

This is the apex of the cloud pyramid, where applications are run and interacted with via a web

browser, hosted desktop or remote client. A hallmark of commercial cloud computing

applications is that users never need to purchase expensive software licenses themselves. Instead,

the cost is incorporated into the subscription fee. A cloud application eliminates the need to

install and run the application on the customer's own computer, thus removing the burden of

software maintenance, ongoing operation and support.


6/49

5

Cloud Platform

The middle layer of the cloud pyramid, which provides a computing platform or framework as a

service. A cloud computing platform dynamically provisions, configures, reconfigures and de-

provisions servers as needed to cope with increases or decreases in demand. This in reality is a

distributed computing model, where many services pull together to deliver an application or

infrastructure request.

Cloud Infrastructure

The foundation of the cloud pyramid is the delivery of IT infrastructure through virtualisation.

Virtualisation allows the splitting of a single physical piece of hardware into independent, self

governed environments, which can be scaled in terms of CPU, RAM, Disk and other elements.

The infrastructure includes servers, networks and other hardware appliances delivered as either

Infrastructure Web Services, farms or "cloud centres". These are then interlinked with others

for resilience and additional capacity


7/49

6

Three cloud service models

Infrastructure as a Service (IaaS) involves the vendor providing physical computer

hardware including CPU processing, memory, data storage and network connectivity. The

vendor may share their hardware among multiple customers referred to as multiple tenants

using virtualisation software. IaaS enables customers to run operating systems and software

applications of their choice. Typically the vendor controls and maintains the physical computer

hardware. Typically the customer controls and maintains the operating systems and software

applications. Example IaaS vendor services include Amazon Elastic Compute Cloud (EC2),

GoGrid and Rackspace Cloud.

Platform as a Service (PaaS)involves the vendor providing Infrastructure as a Service plus

operating systems and server applications such as web servers. PaaS enables customers to use the

vendors cloud infrastructure to deploy web applications and other software developed by the

customer using programming languages supported by the vendor. Typically the vendor controls

and maintains the physical computer hardware, operating systems and server applications.

Typically the customer only controls and maintains the software applications developed by the

customer. Example PaaS vendor services include Google App Engine, Force.com, Amazon Web

Services Elastic Beanstalk, and the Microsoft Windows Azure platform.

Software as a Service (SaaS)involves the vendor using their cloud infrastructure and cloud

platforms to provide customers with software applications. Example applications include email

and an environment for users to collaboratively develop and share files such as documents and

spreadsheets. These end user applications are typically accessed by users via a web browser,

eliminating the need for the user to install or maintain additional software. Typically the vendorcontrols and maintains the physical computer hardware, operating systems and software

applications. Typically the customer only controls and maintains limited application

configuration settings specific to users such as creating email address distribution lists. .

Example SaaS vendor services include Salesforce.com Customer Relationship Management

(CRM), Google Docs and Google Gmail.


8/49

7

Cloud deployment models:

Public cloudinvolves an organisation using a vendors cloud infrastructure which is shared via

the Internet with many other organisations and other members of the public. This model has

maximum potential cost efficiencies due to economies of scale. However, this model has a

variety of inherent security risks that need to be considered.

Private cloud involves an organisations exclusive use of cloud infrastructure and services

located at the organisations premises or offsite, and managed by the organisation or a vendor.

Compared to the public cloud model, the private cloud model has reduced potential cost

efficiencies. If the private cloud is properly implemented and operated, it has reduced potentialsecurity concerns. A well architected private cloud properly managed by a vendor provides many

of the benefits of a public cloud, but with increased control over security. A managed private

cloud may enable enterprise customers to more easily negotiate suitable contracts with the

vendor, instead of being forced to accept the generic contracts designed for the consumer mass

market that are offered by some public cloud vendors.

Community cloudinvolves a private cloud that is shared by several organisations with similar

security requirements and a need to store or process data of similar sensitivity. This model

attempts to obtain most of the security benefits of a private cloud, and most of the economic

benefits of a public cloud. An example community cloud is the sharing of a private cloud by

several agencies of the same government.

Hybrid cloud involves a combination of cloud models. An example is using commodity

resources from a public cloud such as web servers to display non-sensitive data, which interacts

with sensitive data stored or processed in a private cloud.


9/49

8

CLOUD ENVIRONMENT ROLES

In cloud environments, individual roles can be identified similar to the typical role distribution in

Service Oriented Architectures and in particular in (business oriented) Virtual Organisations. Asthe roles relate strongly to the individual business models it is imperative to have a clear

definition of the types of roles involved in order to ensure common understanding.

(Cloud) Providers offer clouds to the customer either via dedicated APIs (PaaS), virtual

machines and / or direct access to the resources (IaaS). Note that hosts of cloud enhanced

services (SaaS) are typically referred to as Service Providers, though there may be ambiguity

between the terms Service Provider and Cloud Provider.

(Cloud) Resellers or Aggregators aggregate cloud platforms from cloud providers to either

provide a larger resource infrastructure to their customers or to provide enhanced features .This

relates to community clouds in so far as the cloud aggregators may expose a single interface to a

merged cloud infrastructure. They will match the economic benefits of global cloud

infrastructures with the understanding of local customer needs by providing highly customized,

enhanced offerings to local companies (especially SMEs) and world-class applications in

important European industry sectors. Similar to the software and consulting industry, the creation

of European cloud partner ecosystems will provide significant economic opportunities in the

application domainfirst, by mapping emerging industry requests into innovative solutions and

second by utilizing these innovative solutions by European companies in the global marketplace.

(Cloud) Adopters or (Software / Services) Vendors enhance their own services and capabilities

by exploiting cloud platforms from cloud providers or cloud resellers. This enables them to e.g.

provide services that scale to dynamic demandsin particular new business entries who cannot

estimate the uptake / demand of their services as yet .The cloud enhanced services thus

effectively become software as a service.

(Cloud) Consumers or Users make direct use of the cloud capabilities as opposed to cloudresellers and cloud adopters, however, not to improve the services and capabilities they offer, but

to make use of the direct results, i.e. either to execute complex computations or to host a flexible

data set. Note that this involves in particular larger enterprises which outsource their inhouse

infrastructure to reduce cost and efforts.


10/49

9

SPECIFIC CHARACTERISTICS / CAPABILITIES OF CLOUDS

Since clouds do not refer to a specific technology, but to a general provisioning paradigm with

enhanced capabilities, it is mandatory to elaborate on these aspects. There is currently a strongtendency to regard clouds as just a new name for an old idea, which is mostly due to a

confusion between the cloud concepts and the strongly related P/I/SaaS paradigms but also

due to the fact that similar aspects have already been addressed without the dedicated term

cloud associated with it. This section specifies the concrete capabilities associated with clouds

that are considered essential (required in any cloud environment) and relevant (ideally supported,

but may be restricted to specific use cases). We can thereby distinguish non-functional,

economic and technological capabilities addressed, respectively to be addressed by cloud

systems. Non-functional aspects represent qualities or properties of a system, rather than specific

technological requirements. Implicitly, they can be realized in multiple fashions and interpreted

in different ways which typically leads to strong compatibility and interoperability issues

between individual providers as they pursue their own approaches to realize their respective

requirements, which strongly differ between providers. Non-functional aspects are one of the key

reasons why clouds differ so strongly in their interpretation.

Economic considerations are one of the key reasons to introduce cloud systems in a business

environment in the first instance. The particular interest typically lies in the reduction of cost and

effort through outsourcing and / or automation of essential resource management. As has been

noted in the first section, relevant aspects thereby to consider relate to the cut-off between loss of

control and reduction of effort. With respect to hosting private clouds, the gain through cost

reduction has to be carefully balanced with the increased effort to build and run such a system.

Obviously, technological challenges implicitly arise from the non-functional and economical

aspects, when trying to realize them. As opposed to these aspects, technological challengestypically imply a specific realizationeven though there may be no standard approach as yet and

deviations may hence arise. In addition to these implicit challenges, one can identify additional

technological aspects to be addressed by cloud system, partially as a pre-condition to realize

some of the high level features, but partially also as they directly relate to specific characteristics

of cloud systems.


11/49

10

NON-FUNCTIONAL ASPECTS

The most important non-functional aspects are:

Elasticity is an essential core feature of cloud systems and circumscribes the capability of the

underlying infrastructure to adapt to changing, potentially non-functional requirements, for

example amount and size of data supported by an application, number of concurrent users etc.

One can distinguish between horizontal and vertical scalability, whereby horizontal scalability

refers to the amount of instances to satisfy e.g. changing amount of requests, and vertical

scalability refers to the size of the instances themselves and thus implicit to the amount of

resources required to maintain the size. Cloud scalability involves both (rapid) up- and down-

scaling.

Elasticity goes one step further, tough, and does also allow the dynamic integration and

extraction of physical resources to the infrastructure. Whilst from the application perspective,

this is identical to scaling, from the middleware management perspective this poses additional

requirements, in particular regarding reliability. In general, it is assumed that changes in the

resource infrastructure are announced first to the middleware manager, but with large scale

systems it is vital that such changes can be maintained automatically.

Reliability is essential for all cloud systemsin order to support todays data centre-type

applications in a cloud, reliability is considered one of the main features to exploit cloud

capabilities.Reliability denotes the capability to ensure constant operation of the system without

disruption, i.e.no loss of data, no code reset during execution etc. Reliability is typically achieved

through redundant resource utilisation. Interestingly, many of the reliability aspects move from a

hardware to a software-based solution. (Redundancy in the file systems vs. RAID controllers,

stateless front end servers vs. UPS, etc.).

Quality of Servicesupport is a relevant capability that is essential in many use cases where

specific requirements have to be met by the outsourced services and / or resources. In business

cases, basic QoS metrics like response time, throughput etc. must be guaranteed at least, so as to

ensure that the quality guarantees of the cloud user are met.


12/49

11

Agility and adaptability are essential features of cloud systems that strongly relate to the

elastic capabilities. It includes on-time reaction to changes in the amount of requests and size of

resources, but also adaptation to changes in the environmental conditions that e.g. require

different types of resources, different quality or different routes, etc. Implicitly, agility and

adaptability require resources (or at least their management) to be autonomic and have to enable

them to provide self-capabilities.

Availability of servicesand data is an essential capability of cloud systems and was actually

one of the core aspects to give rise to clouds in the first instance. It lies in the ability to introduce

redundancy for services and data so failures can be masked transparently. Fault tolerance also

requires the ability to introduce new redundancy (e.g. previously failed or fresh nodes) in an

online manner non-intrusively (without a significant performance penalty). With increasing

concurrent access, availability is particularly achieved through replication of data /services and

distributing them across different resources to achieve load-balancing. This can be regarded as

the original essence of scalability in cloud systems.

ECONOMIC ASPECTS

In order to allow for economic considerations, cloud systems should help in realising the

following aspects:

Cost reduction is one of the first concerns to build up a cloud system that can adapt to

changing consumer behaviour and reduce cost for infrastructure maintenance and acquisition.

Scalability and Pay per Use are essential aspects of this issue. Notably, setting up a cloud system

typically entails additional costsbe it by adapting the business logic to the cloud host specific

interfaces or by enhancing the local infrastructure to be cloud-ready.

Pay per use The capability to build up cost according to the actual consumption of resources is

a relevant feature of cloud systems. Pay per use strongly relates to quality of service support,

where specific requirements to be met by the system and hence to be paid for can be specified.

One of the key economic drivers for the current level of interest in cloud computing is the

structural change in this domain. By moving from the usual capital upfront investment model to


13/49

12

an operational expense, cloud computing promises to enable especially SMEs and entrepreneurs

to accelerate the development and adoption of innovative solutions.

Improved timeto market is essential in particular for small to medium enterprises that want to

sell their services quickly and easily with little delays caused by acquiring and setting up the

infrastructure,in particular in a scope compatible and competitive with larger industries. Larger

enterprises need to be able to publish new capabilities with little overhead to remain competitive.

Clouds can support this by providing infrastructures, potentially dedicated to specific use cases

that take over essential capabilities to support easy provisioning and thus reduce time to market.

Return of investment (ROI) is essential for all investors and cannot always be guaranteed in

fact some cloud systems currently fail this aspect. Employing a cloud system must ensure that

the cost and effort vested into it is outweighed by its benefits to be commercially viable this

may entail direct (e.g. more customers) and indirect (e.g. benefits from advertisements) ROI.

Outsourcing resources versus increasing the local infrastructure and employing (private) cloud

technologies need therefore to be outweighed and critical cut-off points identified.

Going Green is relevant not only to reduce additional costs of energy consumption, but also

to reduce the carbon footprint. Whilst carbon emission by individual machines can be quite wellestimated, this information is actually taken little into consideration when scaling systems up.

Clouds principally allow reducing the consumption of unused resources (down-scaling). In

addition, up-scaling should be carefully balanced not only with cost, but also carbon emission

issues. Note that beyond software stack aspects, plenty of Green IT issues are subject to

development on the hardware level.


14/49

13

TECHNOLOGICAL ASPECTS

The main technological challenges that can be identified and that are commonly associated with

cloud systems are:

Virtualisation is an essential technological characteristic of clouds which hides the

technological complexity from the user and enables enhanced flexibility (through aggregation,

routing and translation). More concretely, virtualisation supports the following features:

Ease of use: through hiding the complexity of the infrastructure (including management,

configuration etc.) virtualisation can make it easier for the user to develop new applications, as

well as reduces the overhead for controlling the system. Infrastructure independency: in

principle, virtualisation allows for higher interoperability by making the code platform

independent.

Flexibility and Adaptability: by exposing a virtual execution environment, the underlying

infrastructure can change more flexible according to different conditions and requirements

(assigning more resources, etc.).

Location independence: services can be accessed independent of the physical location of the

user and the resource.Multi-tenancy is a highly essential issue in cloud systems, where the location of code and / or

data is principally unknown and the same resource may be assigned to multiple users (potentially

at the same time). This affects infrastructure resources as well as data / applications / services

that are hosted on shared resources but need to be made available in multiple isolated instances.

Classically, all information is maintained in separate databases or tables, yet in more complicated

cases information may be concurrently altered, even though maintained for isolated tenants.

Multitenancy implies a lot of potential issues, ranging from data protection to legislator issues.

Security, Privacy and Compliance is obviously essential in all systems dealing with potentially

sensitive data and code.


15/49

14

Data Management is an essential aspect in particular for storage clouds, where data is flexibly

distributed across multiple resources. Implicitly, data consistency needs to be maintained over a

wide distribution of replicated data sources. At the same time, the system always needs to be

aware of the data location (when replicating across data centres) taking latencies and particularly

workload into consideration. As size of data may change at any time, data management addresses

both horizontal and vertical aspects of scalability. Another crucial aspect of data management is

the provided consistency guarantees (eventual vs. strong consistency, transactional isolation vs.

no isolation, atomic operations over individual data items vs. multiple data times etc.).

APIs and / or Programming Enhancements are essential to exploit the cloud features: common

programming models require that the developer takes care of the scalability and autonomic

capabilities him- / herself, whilst a cloud environment provides the features in a fashion that

allows the user to leave such management to the system.

Metering of any kind of resource and service consumption is essential in order to offer elastic

pricing, charging and billing. It is therefore a pre-condition for the elasticity of clouds.

Tools are generally necessary to support development, adaptation and usage of cloud services.


16/49

15

Cloud Computing in Larger Businesses

Major companies are increasingly seeking Cloud computing and exploring the development of

private Clouds. While obviously mindful of potential pitfalls, anecdotal evidence suggests thatmany would embrace Cloud computing solutions for data storage and retrieval they could trust.

It is fair to say that the Task Force discussed a wide range of large business responses to the

emergence of Cloud computing. The rapid development of a wide range of Cloud service

providers within Australia certainly implies an escalating demand from both public and private

sector users. While some large businesses are moving quickly into the use of Cloud computing,

others -- including some of the banks -- are proceeding cautiously at this stage. This is partly a

response to the unsettled nature of the market for Cloud computing (including the absence of

widely adopted standards), combined with concerns about the potential reputational risks which

could arise if something goes wrong with client data in the Cloud. Indeed, several of the major

banks have recently been calling for more work on the establishment of Cloud computing

standards to ensure that they are able to retain control of any outsourced IT. This is particularly

related to the question of vendor lock-in.

Banks operate in a complex regulatory framework regarding their handling of customer data,

with the various privacy acts being a major consideration. However, such legislation does not

pose the primary barrier - the wider question of customer trust remains the stumbling block.

Customers have to trust their financial institution, which in turn should not expose their

customers to unnecessary risk. The scope of bank services is far wider than merely financial

transactions however, and customer relationship management is an area thought amenable to

Cloud computing. It was noted that the Australian Prudential Regulation Authority (APRA) has

been counseling caution in the adoption of Cloud computing.

Legal advice offered to one major banking concern regarding the possible use of Cloud

computing focused on privacy considerations and the US Governments Patriot Act, and allowed

for a range of options including asking customers to opt-in to the scheme. The failure of any

Cloud-based arrangements could risk the reputation of the company and questions of

confidentiality, reliability and security remain. Domestically-based Clouds are considered more


17/49

16

secure than international Clouds, but service providers must build trust with their banking

clients, just as banks must earn the trust of their customers regarding the handling of their

financial assets.

Unfortunately, contracts with Cloud providers have proved difficult to negotiate with insufficient

protections for privacy, data backups and data segregation offered by vendors. The business

model of Cloud service providers tends not to intersect with the more conservative framework

that banks must adhere to. Vendors tend to offer a promise of 'best endeavours' to maintain

services, rather than actually guaranteeing the continuity and security of provision demanded of

them. Pitfalls experienced with other much-hyped revolutions in computing and the internet have

underlined this tendency towards caution. The use of IT outsourcing raised similar

considerations, for instance, and many problems were encountered with its deployment. The co-

location of data in Cloud computing solutions also poses new challenges and creates the

perception of new risk asymmetries.


18/49

17

Cloud Computing in Small Business

Small business will embrace Cloud computing to reap the cost savings promised by vendors, but

in many instances may be ill prepared to do so in an informed and considered fashion.

Government could therefore play a useful role in raising awareness and educating the small

business community about the possibilities of Cloud computing, as well as its possible risks.

The potential of Cloud computing to solve a firms specific problems could be demonstrated

through the generation of practical scenarios which could also examine issues which might arise

regarding privacy and security. Public seminars, workshops and concept exercises might also

prove useful in helping small and medium enterprises understand Cloud technology. Cloud

computing can offer a much wider set of solutions than simply aggregated data services. It

facilitates new ways of collaborating and working and can drive increases in productivity as well

as saving costs. It allows information and communications capacity to be bought as needed,

offering flexibility and innovation to businesses which wish to free themselves of expensive and

cumbersome in-house IT solutions. Cloud developments could also encourage employment by

reducing IT start-up costs for small businesses.

Secondary brokerage is a growing market, with infrastructure aggregators becoming a major

factor in the market. Cloud computing allows identities to be obscured online to an even greater

degree than before, with small organisations able to appear much larger than they are, and vice

versa. This has obvious risks as well as potential for small players to penetrate larger markets.


19/49

18

Benefits of Cloud Computing

Depending upon the implementation, Cloud computing promises compelling efficiency, cost and

scaling advantages delivering:

Lower upfront costs: When introducing a new application, the cost of hardware and of software

licenses are currently a major concern, but Cloud services allow the subscriber to pay the

provider for usage alone, avoiding the need for up-front expenditure and allowing costs to be

spread over time and managed more closely.

Reduced financial risk: If a Cloud-based application proves unsuccessful for whatever reason,

or its use within the business is for a limited time, it can be discontinued without the retention of

useless infrastructure. The user also avoids the financial risk of technological obsolescence.

Faster time to market (agility): It typically takes several months to achieve successful

implementation of a traditional application, but Cloud applications can be deployed and scaled

within days or hours.

No capital expense: Cloud computing allows the user to pay for ICT as a service when

consumed, turning capital expenses into operating (variable) costs.

Lower operational expense: Given economies of scale, high levels of automation and self-

service, Cloud providers can usually offer ICT services at a significantly lower cost than

individual organisations can deliver themselves.

Clear ICT value for businesses: ICT has always struggled to demonstrate its value tobusinesses, and there has been a seemingly constant disconnect between ICT spending and the

perception of value it delivers. Cloud computing provides a direct connection between ICT

spending and valuesimilar to domestic spending on phone bills or electricity.


20/49

19

Innovation: Cloud computing can offer an almost infinite ICT sandpit for experimentation

and innovation at low risk, low operating cost and with no capital expenditure. Experiments in

the Cloud can be rapidly scaled up or abandoned depending on how they turn out.

Access to expanded expertise: Given their economies of scale, Cloud providers can afford to

offer more specialised services and deeper expertise in advanced security techniques, application

performance optimization, tailored user support and business continuity services than many in

house ICT departments.

Sustainability: Most providers of Cloud services are facing pressure from consumers and

governments to utilise facilities that consume less energy. There is a growing trend towards

locating large data centres in locations where renewable energy is available.

Continuous enhancements: Instead of facing occasional, disruptive and costly upgrades of ICT,

the Cloud can deliver incremental improvements and enhancements on a continuous basis.

Decreased downtime and delays (improved resilience): Since Cloud workloads can be spread

across many facilities, and even across different Clouds, redundant applications can be used to

avoid downtime. In addition, data distribution strategies can help address disaster recovery and

business continuity issues. Larger Cloud providers can also afford to build hardened facilities

with reserve power supplies and cooling equipment.

Standardisation: Over time, the use of Cloud services is likely to drive standardisation among

users which in turn facilitates the simplification and alignment of business processes, yielding

further savings and enabling the scaling of processes within an enterprise.


21/49

20

Some Findings -- Cloud Computing

Preferred channels for cloud services

Source: EY surveyCloud adoption in India, 2010

The stated preference of enterprises to buy cloud IaaS services from IT service providers or data

center service providers could mean that the cloud computing idea becomes central to these

service providers portfolios. Equipment vendors should recognize and respond to this

possibility.

For data center providers, cloud IaaS services may prove to be a more profitable source of

revenue as compared to their existing service/product mix. IT service providers looking to

leverage the cloud IaaS opportunity should form alliances with third-party data center service

providers or invest in building their own infrastructure.

Data center service providers and IT system integrators also need to play a pivotal role in

bringing the ecosystem together to demonstrate commitment to security, service-level

agreement (SLA) adherence and complete support at every layer of the cloud

service model.


22/49

21

Scalability,Capacity and speed are key benefits of cloud.

MNC responses to our survey support the evolution model from traditional IT infrastructure

provisioning to cloud-based infrastructure services, As shown in above figure 76% of MNCs

surveyed rated scalability of capacity and matching capacity to fluctuating demand as the most

beneficial attributes of cloud services. Speed of access to such services came in a close third, but

all of the major benefits of cloud computing were recognised by the MNC respondents as such.

The benefits of cloud in industry-specific contexts were also recognised by our respondents.

Finance and insurance firms emphasized scalability of capacity (44%) and improved employee

productivity (50%), unsurprising in an industry with such highly valuable employee 'capital'.

Retail sector respondents cited scalability and matching capacity to demand (both ranked as

major benefits by 50% of respondents) as key draws to cloud - again, unsurprising in a sector

with such dramatic peaks and troughs in month-to-month and even day-to-day transactions


23/49

22

Barriers- An Industry View

Across all vertical sectors, 78% of companies rated security and 85% of companies rated data

governance significant or major barriers to adoption. Clearly, any cloud-based service provider,

or cloud service, must address security first. However, they should also be concerned that so

many companies see loss of control, SLAs and potential difficulty in evaluating performance of

prospective suppliers all as significant barriers, even if they are not the most important.

If MNCs are consistent in bringing traditional concerns and requirements on managed ICT into

cloud services, they also appear consistent within their business sectors, as the next figure shows.

Banks and insurance companies overwhelmingly rated security their highest concern (75%).


24/49

23

Perceived Benefits of Implementing cloud IaaS Services


25/49

24

Other industry-specific findings include the following:

Related issues of data governance and loss of control were the next most important issues for

financial services companies, with 50% or more of them citing these as major barriers.

Data governance was the major concern for the energy & utilities and retail & wholesale

industries, where businesses are built on efficient management of huge volumes of customer

records (billing, accounts and sales data).

Similarly manufacturing, which includes a number of significant pharmaceuticals companies,

was most concerned about data governance, and in fact gave it equal rating to security.

Characteristically, professional services companies, including media, worried most about SLAs,

perhaps showing just how much contracts and commercial metrics are in their blood.


26/49

25

TCSs Service Offerings in Cloud Computing

Despite the challenges that exist today around Cloud Computing, TCS believes that Cloud

Computing will become an increasingly viable option for enterprise IT. TCS proposes a range of

services to customers, beginning with an advisory role in helping customers identify

opportunities for leveraging Cloud Computing to enabling new business models. As a part of the

services, TCS will address key questions which its enterprise customers have been asking, and

will provide unique solutions through its TM TCS COIN -based Cloud initiative Each service

offering needs special competencies. Helping customers define a to-be strategy, devise a

timeline, and a business case to move to the Cloud requires not just domain expertise but

experience in end-to-end business transformation. Migrating Applications to the Cloud requires

proven migration methodologies and toolsets which can rapidly cloud-enable applications. Fresh

development of applications for the Cloud and in the Cloud requires a deep understanding of

all the 3 Cloud delivery models - SaaS/PaaS/IaaS as well as tools for rapid application

development and deployment in the Cloud.Cloud management services presuppose an

Application Driven Infrastructure Management approach, among other things.

TCS has been providing a mature IT-as-a-Service component as a part of its Small and Medium

Business (SMB) offering, which has built a completely new business model and which leverages

the mindset and technologies of the Cloud.

TCS Cloud Taxonomy

With a lot of information available on Cloud Computing, it is imperative to build a taxonomy

which forms the basis for common understanding and focus. TCS has extensively studied this

area, and the following taxonomy reflects TCSs insights on Cloud Computing. There are other

taxonomies available such as the OpenCrowd Cloud Taxonomy. All these views will be the basis

for the standardization efforts that have just started across the industry.


27/49

26

The Cloud Taxonomy consists of four layers, eight sub-layers, and a variety of areas to address.

Though layers and sublayers are static, TCS foresees that the areas to address will be a growing

list. The growing list is denoted by ellipsis in the following figure:-


28/49

27

Service Offerings in the Cloud

Cloud Advisory Services

Cloud Migration Services

Cloud Development Services

Cloud Management Services

Cloud Strategic Services

Based on the 4.0 Cloud Services layer in the TCS Cloud Taxonomy, TCS will provide the

following five service offerings:

Cloud Advisory Services

For Cloud, TCS will help customers define to-be state strategy. The strategy will Honor

business and application constraints and requirements Identify appropriate target state for each

application Address issues of interoperability, investment protection and lock-in TCSs

integrated consulting and IT services capabilities bring continuity and consistency to customers

strategic programs.

TCS will address a comprehensive set of questions on the what (strategy), when (timelines),

and why (business case)

Cloud Migration Services

The typical entry point for the customers to the Cloud will be migration of their existing

applications to the Cloud,initially as a proof-of-concept and later in production.

In addition to the Cloud, TCS has extensive capabilities on application migration with

automation assets and agility of building/enhancing tools for customer or engagement specific

purposes. TCS has executed vast migration projects in which it has handled large engagements,

wide variety of technologies, implemented tool-based approach and end-to-end solution

including architecture definition, testing and performance engineering, which will also apply to

the migration engagements in Cloud.


29/49

28

Cloud Development Services

Application development will be a key activity for organizations that want to use Cloud

Computing. TCS classifies the development as follows:

For the CloudAn application will be built to run in the Cloud.

In the CloudApplication development will use platforms and environments that run in the

Cloud.

TCS has built tools and platforms to support rapid application development and deployment, and

they are being enhanced to support a Cloud model.

TCS InstantApps empowers business analysts to create Web based applications using its

WYSIWYG designer. It has built in features to move applications from the Dev environment to

the production environment, if the application is also available in the same Cloud. Dev 2.0 Do It

Yourself paradigm enables the customers to build simple applications and use it by themselves

without TCS being involved. InstantApps will be available as a cloudenabled PaaS.

TCS Model-Driven Development (MDD) toolset (TCS MasterCraft ) provides an integrated

environment along with a product or application development lifecycle. This significantly reuses

code to speed up the new application development, legacy system integration, and/or making

enhancements. With a variety of Cloud platforms available, standardization efforts are still inprogress while vendor lock-in could become an issue with the usage of vendor-specific APIs.

Besides, there is a need to define programming models, right abstractions, development, design,

deployment and evolution architectures for data-intensive business applications in the

TM Cloud. TCS will enhance MasterCraft to support application development for the Cloud.

Cloud Management Services

Though customers are aware of the Infrastructure Management Services, they want to know how

this is adapted to manage a Cloud infrastructure.

TCS NetAsthra will be enhanced to provide a single window view of the health of the entire

federated virtual private cloud. This is a reporting tool and a real time dashboard that can be


30/49

29

seamlessly integrated with leading industry ESM tools such as BMC Patrol, CA Unicenter, and

HP Openview, and other monitoring solutions.

Cloud Strategic Services

While migration, development, and management of applications on a Cloud infrastructure can be

considered as an adaptation of existing tools and methodologies of conventional applications, a

new offering is emerging in the Cloud arena, which provides tremendous opportunities to the

vendors and service providers in providing innovative business models and applications in the

Cloud. There are opportunities around innovative licensing and payment terms, which will

enable almost any kind of application to be made available in the Cloud.

TCS Small and Medium Business (SMB) Offering

IT-as-a-Service is the TCS way of serving SMBs. In the IT-as-a-Service model, we deliver

on-demand business capability with an integrated suite of hardware, network and software

solutions. This also includes the required business, technical and consulting services for SMBs.

The services are provided in a build-as-you-grow, pay-as-you use model through a

combination of on premise and shared services hosted platforms. Through this, TCS provides a

One Stop Shop for all SMB needs and removes the pain of running a highly complex internal

IT departments and dealing with a large number of local vendors. We also understand SMBs

constraints with IT related budget and hence provide a build as you grow model, which gives

the subscriber flexibility in IT investment. The pay-as-you-use option provides SMBs the

choice of scaling up, when their business grows. This gives them comfort of low capital

investment.


31/49

30

CLOUD COMPUTING IN HEALTHCARE INDUSTRY

A high upfront cost has been the main deterrent to health care IT adoption, as India has

traditionally always been a cost-sensitive market. However, this trend is gradually changing.

The three key pain points for health care service providers are:

High initial costs

The need for human resources to maintain and service systems in-house

Accessibility of data 24/7

A good cloud computing provider can resolve such challenges as it can deliver reliable 24/7 data

access at reasonable costs. This is the best solution for the Indian health care system, since it

reduces upfront investments in software and hardware. However, the concept of cloud computing

is yet to prove its worth in health care, with just a few early adopters of this technology with an

established presence in this area.

The most significant challenge in adopting this technology lies in the uncertainty around

whether hospitals and clinics will trust their data to be stored offsite.

Challenges for technology adoption in the Indian health care industry:

The health care delivery environment in India has distinctive challenges. Inadequate

infrastructure and a constrained health care delivery work process further intensify the

complexity.

Other challenges in integrating IT into the Indian health care system include:

Lack of standards Lack of in-house IT domain knowledge

Reluctance of medical, nursing and other staff to adjust to change

Apprehensions around technology failures (paper systems appear more reliable)

Lack of proper vendor support


32/49

31

Cloud computing in the health care sector

The health care sector is now increasingly automated and highly dependent on information

technology in the daily functioning of their businesses. They use health care management and

information systems (HMIS), picture archiving and communications systems (PACS), electronic

medical/health records (EMR/EHR) and point of care systems and generate significant clinical

data. The key users of IT, apart from hospitals are also diagnostic centers, clinics or medical

centers and R&D within drug companies.

Correspondingly, these networks are complex and face constraints such as the availability of

these services in remote locations, business continuity requirements, data security and integrity.

The awareness and interest for cloud computing in the health care segment is at a nascent stage.

Currently, hospitals spend a significant portion of their budget on non core resource costs.

Cloud services extend to health care provide the promise of reduced IT costs in the face of

continued margin pressures and the critical need to generate and store large amounts of health

data or information. For the small and medium business (SMB) health care providers, cloud IaaS

services lower the barriers to market growth by minimizing technology costs and upfront

investments. For hospitals, besides keeping costs low, cloud helps in meeting compliance

requirements of maintaining EHRs.

Health care providers can use private or public cloud to:

Store pathology and other reports(x-ray, etc.)

Maintain and store patient records/billing/claimns.

Host third party or in house applications (HMIS,etc)

Connect on a community level between doctors/hospitals, diagnostics companies and

patients.


33/49

32

Cloud technology from Microsoft

As one of the largest, hosted services providers in the world, Microsoft offers a solid track record

as an online solution provider. Long established in the cloud, Microsoft continues to invest

heavilyU.S.$9.5 billion per yearin research and development to help drive the technology

further.

Uptime

Microsoft guarantees 99.9 percent uptime at its data centers, which are outfitted to operate during

power outages and after natural disasters. Microsoft replicates data from its primary data centers

to secondary data centers for redundancy, without storing any data offsite

Government IT is not one size fits alland neither is the cloud. Thats why our approach to

cloud computing is developed on providing you with choices and flexibility. Government IT will

continue to run applications within its own environment while adding new applications and

services that run in the cloud. Our focus is making solutions for the real world of hybrid IT

environments by providing cost-effective software and services that support your efforts to boost

economic growth, create opportunities, and address societal challenges. And our extensive

community of partners is available to work with you to deliver innovative solutions on premises

or in the cloud.

Software and services from Microsoft

Microsoft Business Productivity Online Suite delivers a suite of services, also available as stand-

alone software, for hosted communication and collaboration. Microsoft Exchange Online

delivers your e-mail with protection, along with calendar and contacts. Microsoft SharePoint

Online creates a highly secure, central location for collaboration, content, and workflow.

Microsoft Office Communications Online provides real-time person-to-person communicationsthrough text, voice, and video. Microsoft Office Live Meeting delivers hosted Web conferencing.

For agencies that require a secure, isolated hosted environment, our enhanced Business

Productivity Online Suite meets International Traffic in Arms Regulations (ITAR), with


34/49

33

fingerprint access control and data access limited to U.S. citizen personnel who have cleared

background checks.

Microsoft Exchange Hosted Services offers online tools to help your organization protect itself

from spam and malicious software, satisfy retention requirements for e-discovery and

compliance, encrypt data to preserve confidentiality, and more. Microsoft Forefront Online

Protection for Exchange helps protect e-mail from spam, viruses, phishing scams, and e-mail

policy violations.

Microsoft Dynamics CRM Online streamlines customer relationship management, and delivers

results through your browser and within your everyday productivity applications.

Microsoft Office Web Apps (coming soon) let you access documents from virtually anywhere,

and provides online access to your work and a core set of Microsoft Office functionality over theWeb.

Platform and infrastructure services from Microsoft

Azure Services Platform supports applications, data, and infrastructure in the cloud, giving you

the flexibility to run applicationsor just store code or datain the cloud, on premise, or with a

combination of both. Azure Services Platform is an on-demand operating environment for

hosting, managing, and creating application services in the cloud, making it the choice of many

Microsoft partners who are using it to build their own public and private cloud services and data

centers.

Featuring Windows Azure for running Windows applications and storing data in the cloud,

Azure Services Platform also includes Microsoft SQL Azure Database, a cloud-based, relational

database service built on Microsoft SQL Server that offers highly available, scalable, multi-

tenant database services. Software developers can use Windows Azure Tools for Microsoft

Visual Studio to create, configure, build, debug, and run Web applications and services on

Windows Azure. Windows Azure platform AppFabric, formerly known as .NET Services, makes

it simpler for them to connect cloud services and on-premise applications.

For more information, see our Windows Azure platform white papers.


35/49

34

Microsoft Code-Name Dallas makes it easy to find, purchase, and manage premium data

subscriptions in the Windows Azure platform, and you can consume the data from any platform,

application, or business workflow.

Dynamic Data Center Toolkit for Enterprise is a free, partner-extensible toolkit that provides a

framework for creating virtualized IT infrastructures. IT teams can use the toolkit with Windows

Server 2008 R2 Hyper-V and Microsoft System Center Virtual Machine Manager 2008, along

with partner extensions, to plan, operate, and deliver the foundation for a private cloud.

System Center Online Desktop Manager lets you easily secure, update, monitor, configure, and

troubleshoot computers from a single Web-based consolewithout the overhead associated with

installing and maintaining an on-premise management infrastructure.


36/49

35

Cloud ERP

ERP software that is deployed into a cloud environment becomes "Cloud ERP Software". Most

(if not all) Cloud environments are built using virtualization and load balancing technology that

allows applications to be deployed across multiple servers and database resources.

Ramco OnDemand ERP

Ramco OnDemand ERP is a Software as a Service (SaaS) ERP delivered on the cloud

Ramco OnDemand ERP is the right solution for all your enterprise needs, because it takes the

full power of ERP and places it on the cloud. Our ERP solution enables you to run the required

solution on the Internet. Since it is a delivery of application (ERP) via Internet, you do not

require any investment on new hardware, training, or additional IT staff. Also, you need not

worry about the maintenance & upgrades, as all these happens automatically. Moreover, Ramco

OnDemand ERP is so simple to install and can be implemented in weeks, and is definitely cost

effective. Ramco OnDemand ERP is completely modular; you can choose the functions you need

to achieve the perfect fit for your business. As the solution is available on the subscription

model, you can scale up or down as per your requirements and save costs.

Ramco OnDemand ERP is a solution from Ramco Systems, a global software solution company

in India, which has invested heavily in the state-of-the-industry service delivery, security

technologies, and certification programs

Ramco OnDemand ERP offers the following integrated features:

Enterprise Resource Planning

The ERP functionality in Ramco OnDemand ERP is designed to meet the needs of growing

companies, and is based on the traditional Ramco ERP application, an industry-leading product.

The software includes comprehensive features to manage all facets of your business. It delivers

role-based access to business application data and analytical tools. Your company can use it

across the following areas:


37/49

36

Human Capital Management

Cost Planning and Control

Supply Chain Management

Discrete Production

Process Production

Tool Management

Maintenance

Customer Relationship Management

Financial Management

Service Management

Business Analytics

Ramco Business Analytics solution empowers organizations to 'Measure, Monitor and Manage'

their business goals and growth. This solution comprises the facility to conduct a simple yet

comprehensive analysis of data and processes, on a real-time basis, and this eases decision

making. With this solution, you can analyze, measure, and control organizational processes,

and this provides a framework for planning ahead.

Extension Tools

Ramco's extension tools are an integral part of Ramco OnDemand ERP. They encompass the

methodology, configuration settings, and documentation, which enable you to quickly evaluate,

implement, and deploy best business practices for both industry-specific and general activities.

These tools include the Extension Development Kit (EDK), which is pivotal in the effective

functioning of a successful ERP application.

Ramco EDK allows organizations to build their own unique set of extended features to theirexisting functionalities. Ramco's EDK does this, without modifying the base product source

code. As a result, migration to the next version is not compromised. Ramco EDK is also useful

for making in-house changes after the solution goes live.


38/49

37

Technology Platform

Ramco OnDemand ERP is based on Ramco VirtualWorksTM(RVW) Platform.

The Ramco VirtualWorksTMis a new breed of enterprise software, which allows organizations

to assemble global-class applications rather than engineer them.

Data Security at Ramco


39/49

38

Business case for cloud computing

The promise of cloud computing is real. It has the potential to reshape the role that IT plays

within an organization to the same extent that the Internet has changed communications and

commerce.

Efficiency and cost control.

Companies depend on being able to provide consistent, reliable access to internal applications,external websites, and customer portals. In a traditional computing environment, this creates the

need to build and maintain redundant systems, which can be expensive and difficult to manage.

In cloud computing, this function is moved to the cloud, where service providers can leverage

economies of scale to provide a highly reliable platform with greater cost and management

efficiency.

For many organizations, the most appealing feature of cloud computing is the flexible capacity it

offers. Access to large amounts of scalable computing power gives organizations the freedom to

adjust capacity up and down with the natural cycles of business. Resources can be added, turned

off, or reassigned whenever necessary. The cloud eliminates the need for over-provisioning

and the unnecessary hardware, software, maintenance, and electricity costs it incurs.

Better business support.

The advantages of cloud computing are especially clear when looked at from a business

perspective. By reducing the time and effort required to launch new applications, cloud

computing helps IT become more responsive to the pace and dynamic nature of business.

For IT, deploying a new business application is a major undertaking. Without sufficient time to

assemble the necessary resources (human and financial), IT becomes a bottleneck to projects that

could benefit the business. Applications supported by the cloud dont require the deployment of

a large infrastructure at the customers location, which dramatically reduces the upfront


40/49

39

commitment of resources. New applications can be approved and deployed more quickly,

making it easier to satisfy the needs of business managers throughout the organization.

Better financial management.

With cloud computing, the financials are dramatically altered. Cloud computing eliminates the

need for large capital outlays to launch new applications, moving the decision out of the

investment realm and into the operational.

Transitioning from a capital expense model to an operational expense model reduces financial

risk to monthly increments and provides a higher degree of flexibility to manage expenses over

time. If the market slows, organizations arent locked into expenses their budgets can no longer

support. If applications produce disappointing results, an enterprise can walk away or pursue a

different direction without having to abandon an expensive on-premises infrastructure.

Stronger IT focus.

Cloud computing creates an opportunity for IT departments to change their focus from deploying

and supporting applications to managing the services that those applications provide. By

transferring the responsibility for monitoring and maintenance activities to a third party, the ITdepartment can focus more on high-value activities that align with and support the business goals

of the enterprise.

Instead of being primarily reactive and operations-focused, the chief information officer (CIO)

can function more as a technology strategist, working with business units to understand their

business needs and advising them on how best to use technology to accomplish their objectives.


41/49

40

Threats to Cloud Computing

Abuse and Nefarious Use of Cloud Computing

Cloud Computing represents one of the most significant shifts in information technology many

of us are likely to see in our lifetimes. Reaching the point where computing functions as a utility

has great potential, promising innovations we cannot yet imagine.

Customers are both excited and nervous at the prospects of Cloud Computing. They are excited

by the opportunities to reduce capital costs. They are excited for a chance to divest themselves of

infrastructure management, and focus on core competencies. Most of all, they are excited by the

agility offered by the on-demand provisioning of computing and the ability to align information

technology with business strategies and needs more readily. However, customers are also very

concerned about the risks of Cloud Computing if not properly secured, and the loss of direct

control over systems for which they are nonetheless accountable.

Examples

IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for

Microsoft Office and Adobe PDF exploits. Additionally, botnets have used IaaS servers for

command and control functions. Spam continues to be a problemas a defensive measure,

entire blocks of IaaS network addresses have been publicly blacklist.

Insecure Interfaces and APIs

Cloud Computing providers expose a set of software interfaces or APIs that customers use to

manage and interact with cloud services. Provisioning, management, orchestration, and

monitoring are all performed using these interfaces. The security and availability of general


42/49

41

cloud services is dependent upon the security of these basic APIs. From authentication and

access control to encryption and activity monitoring, these interfaces must be designed to protect

against both accidental and malicious attempts to circumvent policy. Furthermore, organizations

and third parties often build upon these interfaces to offer value-added services to their

customers. This introduces the complexity of the new layered API; it also increases risk,

as organizations may be required to relinquish their credentials to third parties in order to enable

their agency.

Examples

Anonymous access and/or reusable tokens or passwords, clear-text authentication or

transmission of content, inflexible access controls or improper authorizations, limited monitoring

and logging capabilities,unknown service or API dependencies.

Malicious Insiders

The threat of a malicious insider is well-known to most organizations. This threat is amplified for

consumers of cloud services by the convergence of IT services and customers under a single

management domain, combined with a general lack of transparency into provider process and

procedure. For example, a provider may not reveal how it grants employees access to physicaland virtual assets, how it monitors these employees, or how it analyzes and reports on policy

compliance. To complicate matters, there is often little or no visibility into the hiring standards

and practices for cloud employees. This kind of situation clearly creates an attractive opportunity

for an adversary ranging from the hobbyist hacker, to organized crime, to corporate

espionage, or even nation-state sponsored intrusion. The level of access granted could enable

such an adversary to harvest confidential data or gain complete control over the cloud services

with little or no risk of detection.

Impact:- The impact that malicious insiders can have on an organization is considerable, given

their level of access and ability to infiltrate organizations and assets. Brand damage, financial

impact, and productivity losses are just some of the ways a malicious insider can affect an

operation. As organizations adopt cloud services, the human element takes on an even more


43/49

42

profound importance. It is critical therefore that consumers of cloud services understand what

providers are doing to detect and defend against the malicious insider threat.

Shared Technology Issues

IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the

underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not

designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a

virtualization hypervisor mediates access between guest operating systems and the physical

compute resources. Still, even hypervisors have exhibited flaws that have enabled guest

operating systems to gain inappropriate levels of control or influence on the underlying platform.

A defense in depth strategy is recommended, and should include compute, storage, and network

security enforcement and monitoring. Strong compartmentalization should be employed to

ensure that individual customers do not impact the operations of other tenants running on the

same cloud provider. Customers should not have access to any other tenants actual or residual

data, network traffic, etc.

Examples

Joanna Rutkowskas Red and Blue Pill exploitsKortchinksys CloudBurst presentations.

Data Loss or Leakage

There are many ways to compromise data. Deletion or alteration of records without a backup of

the original content is an obvious example. Unlinking a record from a larger context may render

it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in

effective destruction. Finally, unauthorized parties must be prevented from gaining access to

sensitive data. The threat of data compromise increases in the cloud, due to the number of and

interactions between risks and challenges which are either unique to cloud, or more dangerous

because of the architectural or operational characteristics of the cloud environment.

Examples


44/49

43

Insufficient authentication, authorization, and audit (AAA) controls; inconsistent use of

encryption and software keys; operational failures; persistence and remanence challenges:

disposal challenges; risk of association; jurisdiction and political issues; data center reliability;

and disaster recovery.

Account or Service Hijacking

Account or service hijacking is not new. Attack methods such as phishing, fraud, and

exploitation of software vulnerabilities still achieve results. Credentials and passwords are often

reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to the

landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities

and transactions, manipulate data, return falsified information, and redirect your clients to

illegitimate sites. Your account or service instances may become a new base for the attacker.

From here, they may leverage the power of your reputation to launch subsequent attacks

Impact

Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen

credentials, attackers can often access critical areas of deployed cloud computing services,

allowing them to compromise the confidentiality, integrity and availability of those services.

Organizations should be aware of these techniques as well as common defense in depth

protection strategies to contain the damage (and possible litigation) resulting from a breach.

Unknown Risk Profile

One of the tenets of Cloud Computing is the reduction of hardware and software ownership and

maintenance to allow companies to focus on their core business strengths. This has clear

financial and operational benefits, which must be weighed carefully against the contradictory

security concerns complicated by the fact that cloud deployments are driven by anticipated

benefits, by groups who may lose track of the security ramifications. Versions of software, code

updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all

important factors for estimating your companys security posture. Information about who is

sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection

attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can


45/49

44

result in unknown exposures. It may also impair the in-depth analysis required highly controlled

or regulated operational areas.

Examples

IRS asked Amazon EC2 to perform a C&A; Amazon refused.

How Integrated, Web-Based Software Makes Business More Efficient

Cloud computing is the future of business software. Using online software to free you up to get

on with actually running your business and making informed decisions based on the information

you get. Theres a plethora of web based systems available for accounting, CRM, ecommerce

and email marketing, as well as service desk, billing and card payments.

If your business has been running for a while, then youll have a load of contacts, leads,

customers and suppliers, as well as a bookkeeping system to make sure that youre tracking

money properly. Maybe youve also got a website thats capturing new leads and sending you an

email each time. If you sell products, then you might be running a stock control system, maybe

only on Excel, but its a system nonetheless.

As the business grows, youll be taking on more s taff that will need to get to grips with the

information management systems that youre using. Getting the information out of the ownershead and into a system is a crucial step in the life of any business, and the sooner you start being

organised, then faster youll grow. Not to mention the fact that using an intuitive, powerful piece

of software means that you can spend less time on training staff and more time on selling!

If youve got different software applications for each part of your business, then its going to

take more time to get things done. Re-keying data takes time, and also opens up room for human

error. You need to know where the most up to date information is when a contact is in your

accounting system as well as your invoicing or CRM package, which one is right?

Integrated software brings all your essential tools into the same application, which means that

you can move quickly efficiently and also gives you brilliant reporting capabilities without

spending hours in spreadsheets. Having this integrated system online as a web based application


46/49

45

extends this power so that you can access the same, live data as the rest of your team, from

wherever you all happen to be working.

Online CRM (Customer Relationship Management) software can be set up to create contacts

automatically from your website, sending an automated response to keep customers engaged

until you are ready to follow up. From here, they progress through various steps as you start to

narrow down deals and make sales. Sending quotes and invoices straight out by email from a

web based application is easy, and the client can approve or pay online by card. When invoices

are raised and payments made, everything happens in the same system, which means that you

can track the entire relationship from beginning to end without needing to bounce between

different pieces of software. No re-keying of data. Everything is online, accessible from home,

office or on the road, by multiple users, all at the same time.


47/49

46

Business Benefits Of Cloud Computing

Low initial investment

Cloud services usually offer a low initial investment or a free trial, allowing you to try the

application and make sure that it does what you need, before you spend money. In contrast,

traditional software needs to purchased and installed on your computer before it can be assessed,

which takes time and money

Software that grows with your business

You dont need to pay for a large amount of software features that you dont need. Cloud

services tend to have several pay plans, allowing you to start with a basic package and roll out

more services as your business grows and needs more sophisticated software systems. For

example, Pearl costs as little as 10 per month (ex VAT) per user. If you need more features, you

pay more for them when you need them.

Reduce your spend on IT

Cloud Computing services are hosted by the company supplying them, so theres less need for

you to have your own servers, software and dedicated IT support staff, which reduces your

overheads, something thats very important in the current economic climate.

Flexibility in working

Cloud Services are accessed securely through a web browser giving you and your staff access to

vital business information anywhere, anytime, from any computer (MAC or PC). This makes

implementing a flexible, mobile working system much more simple.

No need to worry about backing up your data


48/49

47

All the data you enter into a Cloud application will be looked after by the service provider, so

you dont need to worry about having to back-up the data on your computer in case it is lost,

damaged or stolen. Service Providers will store your data in specialist data centres, where there

is very low risk of it being damaged, and it is available for you to access whenever you need it.

REFERENCES & SOURCES

The IT Report, Winter 2011

GAP Task Force on CLOUD COMPUTING Final Report, May 2011

Wikipedia, Cloud Computing -available at

http://en.wikipedia.org/wiki/Cloud_computing

RightScale Inc. (2009), RightScale Cloud Management Features - available at

http://www.rightscale. com/products/features/May 2011, Australia

Chong, F; Carraro, G & Wolter, R (2006), Multi-Tenant Data Architecture - available at

http://msdn.microsoft.com/en-us/library/aa479086.aspx

White paper, Think Grid,2011

IDC Cloud Computing 2010 - An IDC Update, Frank Gens, Robert P Mahowald, Richard

L Villars, Sep 2009 - Doc # TB20090929, 2009

Technical aspects of Cloud computing, Lus Ferreira Pires,University of

Twente,Meeting of the NVvIR, 17 June 2010

Ranganathan V (2010), Privacy Issues with Cloud Applications,IS Channel,

Vol. 5, No. 1, pp. 16-20.

Top Threats To Cloud Computing V1.0 Prepared by the Cloud Security Alliance,

March 2010
http://en.wikipedia.org/wiki/Cloud_computinghttp://msdn.microsoft.com/en-us/library/aa479086.aspxhttp://msdn.microsoft.com/en-us/library/aa479086.aspxhttp://en.wikipedia.org/wiki/Cloud_computing


49/49

http://www.forrester.com/cloudsecuritywebinar

http://www.cerias.purdue.edu/site/blog/post/symposium_summary_security_in_the_clou

d_panel/

varun bakshi_cloud project.pdf

Documents