Cloud Computing Service Models - Coursework Example

Full Paper Cloud Computing Service Models The applications that are characterized as a service on the operating system of hardware or software is represented as cloud computing. The data center of companies consist of applications that are operated on web services, these applications includes cloud computing. Similarly, the term ‘SaaS’ represents those services that are delivered on the Internet. The vendors now a days, are using the term ‘PaaS’ i.e. (Platform as a service) ‘PaaS’ and ‘IaaS’ i.e. (Infrastructure as a service). These terms are used to exhibits the services and products for the customers. Unfortunately, due to extreme dissimilarity these terms that are used by the vendors are not recognized in international market (Armbrust, Stoica et al. 2010). In order to understand the concept and definition of Cloud Computing we need to focus on the three models described by The Commerce Department’s National Institute of Standards and Technology (NIST) (Bento & Aggarwal, 2013): The ‘IaaS’ service of cloud computing contains of provisioning fundamental computing assets. The software applications that are operated over cloud frame work can be easily retrieved via ‘SaaS’ service of cloud computing. The ‘PaaS’ service of cloud computing allows the users to access the applications in order to deploy or develop any program or programming language. Moreover, the vendor also provides the supporting tools for the users. The Cloud consists of basic elements related to the data center software and hardware. The utility computing refers to the services made available by the cloud. In addition, cloud also provides services to the public as well. On the other hand, the remote services are only made available for the related business organizations only and are not reachable to public. Therefore, cloud computing is considered as the amalgamation of the two i.e. utility computing and ‘SaaS’ (ARMBRUST et al., 2010). The three concepts of Cloud Computing services are mentioned below: Platform as a service: in the ‘PaaS’ is a cloud computing service concept there are three other elements are present such as, platform, software, and infrastructure. a software or any other application can only be accessed by the organizations if it is implemented via vendor’s infrastructure or third party platform. Infrastructure as a service: in the ‘IaaS’ the three elements are same as present in the platform as a service. The services can only be given by the organization if the software is implemented by the cloud computing platform or other vendor. Software as a service: this service as provided by the cloud computing also based on those three elements that are described before (Wilshusen 2011). The Organizations should operate the services if they are provided by the sellers. These services must be provided in the form of applications and can be accessed via Internet. In addition, the elements are subjected as the vendor’s property (Wilshusen 2011). The implementation of cloud computing models is illustrated in figure 1.1. Figure 1.1 (Retreived from :Wilshusen, G. C. (2011). INFORMATION SECURITY: Additional guidance needed to address cloud computing concerns. GAO Reports, , 1.) There are four service models for cloud computing, as shown in Fig 1.2. Figure 1.2 (Retreived from :Wilshusen, G. C. (2011). INFORMATION SECURITY: Additional guidance needed to address cloud computing concerns. GAO Reports, , 1.) The organization needs to choose an appropriate cloud services model and should be directly proportional to the business requirements, as it may not be the same for every organization. Initially, the service model that is introduced by cloud computing is named as the ‘Private Cloud’. In any organization a private cloud is considered as an asset of the organization and it includes platforms, infrastructure and software (Wilshusen 2011). The community Cloud is the second service model launched by cloud computing. The community cloud is available for a number of organizations that deals in same business and have similar users. The cloud that is available for several business organizations or public use is called as ‘Public Cloud’. This is the third type of service model related to cloud computing. The last service model is named as, ‘Hybrid cloud’. This service model is considered to provide service to more than two organizations that have similar type of business. Conversely, the different type of clouds has identical methodology and exclusive technology that helps to interactive with each other (Wilshusen 2011). Problem Solution Infrastructure as a service (IaaS) does not require the management of application and hardware related to network area storage (NAS). Likewise, this service model allows the users to manage and maintain infrastructure, applications and hardware. Moreover, the most tempting option is the cost. Hypothetically, an example can be given of an information security officer trying to approve a business case for a cloud based tool security incident event management (SIEM) (Wu, Shen et al. 2011). The cost for taking an employee on board, hardware cost, software cost, licensing cost, maintenance cost is waved off and the organization can see a healthy savings on Infrastructure and application and total cost of ownership (TCO). Thus, taking approvals on cloud based solution is relatively very easy, as it ensures high availability of infrastructure and applications hosted on it. Apart from the business as usual (BAU), this service model also saves significant costs on disaster recovery sites. Likewise, the requirements for creating a hot site are eliminated due to cloud services. In a disaster situation, where a core banking application of a financial institution needs to instantly resume services, the hot site requires a fully functional replicated infrastructure and a separate team for activating and making a switch over from the primary site to the disaster recovery site. Moreover, disaster recovery procedures also need to be followed along with data restoration activities. Apart from all these cost savings and high availability of services, there are some negative aspects that may become high risk areas for the organization. Likewise, there are other legal and regulatory risks as well that may directly or indirectly affect the organization objectives. If any weakness or security gaps found in the cloud vendor application or infrastructure, they can be considered as cascading risks for the organization. Likewise, the risks exposure can be high, as the cloud service provider has many clients using the same infrastructure and services (Wilshusen 2011). Moreover, internal threats always have high probability rather than attacks generated from outsiders. Similarly, the cloud services can be misused if proper access control mechanisms and background checks are not in place. Further, there will be no control over the loop hole, if discovered in one of the cloud applications. For instance, the organization will not be able to trace and isolate the threat, as the facilitator of the threat is the cloud (Wilshusen 2011). It will be extremely difficult and time consuming to track the threat, as it can be at both ends i.e. cloud service provider and organization. Similarly, the threat may also affect customer focused application resulting in delays and downtimes at front offices. Further, if a contingency plan is also based on the cloud, then the organization has nowhere to go, as both ends will be compromised. Thus, before selecting any cloud computing service provider, a review is required for ensuring controls against the three aspects i.e. Confidentiality, Integrity and Availability. Secondly, there are some concerns associated with security control implementation, rights to perform independent audits and sharing the report on control effectiveness with the clients. The solution for these issues is to enforce guidelines by the regulator and a criteria needs to be set for approving cloud service providers. As a result, the organizations can see the approved list of vendors on the regulator’s website and select any vendor meeting cost and location considerations. As shown in Fig 1.1, a typical cloud computing service is demonstrated. WAN/LAN Integration and Structured Cabling Issues As the cloud only required stable internet connectivity, CAT 5 gigabit supported cable is recommended. However, one of challenge for the organization can be the integration with the cloud service provider requirements. For instance, if a cloud service provider requires a gigabit Ethernet interface, the organization should install the same specification network device. Otherwise, there may be service outages and slow response for cloud computing services. Secondly, the storage of data will also be at the cloud service provide end, and it is in huge quantities. In a case, where a large chunk of data required by the organization for any purpose, this may take a lot of time and may not be possible to retrieve data during working hours. One other reason may also be bandwidth limitations. For local area network integration, sub-netting is required, as limited number of IP addresses are available to communicate or access the IaaS cloud service. Likewise, this may lead to a proxy server that is required for implementing local policies. Moreover, the integration will also require active directory, as all the policies are enforced on this server that is also called a domain controller. One of the issues after integration is associated with a single point of failure such as a downtime of active directory or wide area network connectivity disconnection. There is a requirement of implementing a secondary WAN connection that will become instantly active, once the primary WAN connection goes offline. Apart from these technical issues, security is a primary concern, as there are many outsiders or cyber criminals trying to get unauthorized access by utilizing the wide area or local area of the organization. For instance, internal employees can exploit default configuration setting on the network to gain restricted access. Even a minor security incident may result in a major downtime of services, an example of Amazon was held in 2008, where only a small corrupted file utilized by the Amazon online data storage servers caused a system shutdown for several hours (Newswire, 2014). In the year 2009, a twitter account had been hacked and a critical security breach had been identified of an employee. The hackers breached the security questionnaire page that is situated on the account of Google app (Newswire, 2014). In addition, another security rupture has been identified in the same year when the critical information was removed by the hackers. This incident took place on one of the famous smart phone company T-mobile. The hackers attack the exposed server that contains all the critical information regarding smartphone applications (Newswire, 2014). The team leader and cloud security professional named as, Peter Mell at the National Institute of Standards and Technology (NIST) says, the cloud computing models that are accessible to public are cloud computing models are extra exposed towards the threats. This is due to the usage of wide ranging services by the users. Hence, if a single service failure is identified, the critical data will be exposed to the hackers. Technical Specifications The Cloud computing design consists of five stages that work together as an infrastructure. In order to maintain the cloud computing characteristics and services, these five stages works together along with the data provided by the organization. The hardware must be replaced if the fault is identified as this layer is vulnerable to the attacks and cannot be fixed. The applications are responsible for the maintenance and management of faults that are present in hardware. Nevertheless, faults in hardware can be reduced if the alternate power supply is provided to the affected hardware. The five stages of Cloud Computing includes Virtualization layer that is associated with the virtual machines. The virtualization layer software uses solo hardware platform and can be connected with one or more hardware. The (IaaS) Infrastructure as a service is offered by the vendors to the users if the conventional server is virtualized via cloud computing technique. The five stages of Cloud Computing also include Citrix, Microsoft VMware. In order to manage the services related to Virtualization the IaaS perform as a layer by defining the mechanism of the cloud computing technology. Furthermore, the templates can be created and erased easily with the help of API. The cost saving policy is introduced to the vendors by the management of API. In addition, in the administration of API, IaaS provides storage facility service to the vendors. For example, storage service is provided to the Amazon by the IaaS for the users. The PaaS layer provides the facility to the IaaS layer and helps by removing the particular virtual mechanism. Likewise, the availability of API is made to the developers for application development on the cloud infrastructure. The cloud-computing is growing its business and transferring its services from vendor to public. The growth in the cloud computing technology is a good sign in the field of information technology. But on the other hand, it is providing new opportunities for the cyber attackers, hackers, malwares and viruses. The cloud computing services are at greater risk of these attacks and threats. The hackers’ attacks on the services and applications that are provided by cloud computing resulting in data theft, hijacking data centers and service failure. The ‘SaaS’ is widely provided by the ‘Google apps’ and it was at the greater security risk. The latest report issued by the cyber forensics pointed out the location of these cyber-attacks and mentioned China as the center point of these threats. The two major functions of Cloud Computing are data protection and data storage. In addition, vendor also provides resource utilization for the cloud computing. The data can be stored inside the organization in order to provide security to the data related to cloud. Furthermore, in the United State the Sarbanes-Oxley Act (SOX) and in the European Union data Protection directives are the major vendor organizations that provides compliance related to the application and data of Cloud Computing. Feasibility Study and Operation Plan The cloud computing Infrastructure as a Service (IaaS) model is a recommended and feasible option. The infrastructure will not only save the hardware cost but it will also save the tocal cost of ownership. Likewise, the hardware savings will include a hardware cost that is always significant because not only the hardware is acquired, a maintenance contract is also mandatory that includes additional cost. Moreover, service level agreements are also a part of this acquisition. There is a high probability that the agreements have oversight issues that may be exposed later on i.e. when there is a service disruption and the vendor fails to provide the required service on time. Apart from these maintenance agreements that are renewable on per annum basis, there is a significant licensing cost involved for these products. For instance, there is a license cost on every user or on every IP address. Further, the organization needs a highly experience technical staff for managing the infrastructure that may not limited to huge data that needs to be managed at the primary as well as on the secondary site. The configurations on network devices must comply with the security best practices otherwise; there is always a chance of an intruder to exploit the gaps. Moreover, succession plans needs to be carried out for shortage of resources and a backup for a critical must be present all the time. The only investment for the organization is to pay for the cloud computing services and a non-disclosure agreement needs to be effective in terms of securing critical data that will utilize the IaaS. Moreover, the bandwidth cost will also need to be fulfilled by the organization. However, an additional cost of keeping a backup link is also with the organization. A router is also required that will connect the two interfaces i.e. the organizations network interface and the cloud computing interface. A recommendation would be to implement encryption or implement a Multi Packet Layer Switching link that will provide end to end encryption. In addition, one more risk an organization has to accept i.e. the risk of infrastructure compromise at the cloud service provider end. Conclusion We have discussed different cloud computing service models in detail and recommended only one service model that will provide significant cost savings and a better return on IT investments. As IT is still considered a cost center in certain organizations, this will ease the pressure in many aspects. We have thoroughly discussed the structured cabling, WAN integration and LAN integration issues. They are all focused on how to configure the cloud services with the organization’s enterprise network. In addition, the focus on security is also given, as it is one of the primary concerns of cloud computing. The technical specifications further discussed about the selected cloud computing service model i.e. Infrastructure as a Service (IaaS). The feasibility study and operations plan discussed all the benefits along with the cost that is involved in this service model. The decision is now with the organizations to adopt this service model, as all the associated risks and benefits are identified. A cost benefit analysis exercise will certainly provide a better insights, as it will definitely outweighs the benefits and return on investment (ROI) that an organization is getting by implementing cloud computing. References Newswire, P. (2014). Text analytics market by applications (enterprise, web-based and software, data analysis, search-based, others), users (SMBs, enterprises) & deployment model (cloud, on-premise) - market forecasts and analysis (2014-2019). PR Newswire US, Newswire, P. (2014). The big data market: 2014 - 2020 - opportunities, challenges, strategies, industry verticals and forecasts. PR Newswire US, Bento, A. M., & Aggarwal, A. (2013). Cloud computing service and deployment models: Layers and management Business Science Reference. Wilshusen, G. C. (2011). INFORMATION SECURITY: Additional guidance needed to address cloud computing concerns. GAO Reports, , 1. Read More