Key Related Technologies To Cloud Computing

Published Date: 02 Nov 2017

Cloud Computing is a concept created for an enabling access to delivery of computing as a service through ubiquitous, convenient and on-demand network service access, rapidly purveyed with minimal management effort (Mell and Grance 2011). It is practically an evolutionary engine of cost reduction and getting more done on smaller devices irrespective of location provided there is availability of internet. Cloud computing has leverage over traditional computing model through its automation, scalability, virtualisation and access to a shared pool of configurable computing resources such as networks, servers, storage, applications, and services (Mell and Grance 2011).

Cloud computing concepts are attributed to the contribution of McCarthy. Experts attribute the concept to John McCarthy, an American computer scientist who introduced the public utility concept of computation (computer weekly). This is envisaged to reduce the cost of the usability of computing applications and a proactive development of new interactive applications improved through the introduction of timesharing. Timesharing is a concept of allocation of computing application among many users using multi-tasking and multiprogramming approach which provides a technological shift in the history of computing, allowing a large number of users to interact concurrently with a single computer using thin clients (Stanford University).

INTRODUCTION

Cloud computing is basically the separation of the functioning units of Hardware and Software providing a web based system on demand for scalability, easy accessibility and functionality (Sales force 2012). The vast nature of Cloud Computing resulted into the advent of many definitions from practitioners in commercial and academic sphere. The prominent as a service models in cloud computing are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

The basic concepts in all the definitions are automation, scalability and virtualisation. These key concepts have resulted in the popularity of cloud computing with a prediction of an annual spending up to $100 billion on the service among Small and Medium Enterprises (SMEs) by 2014, according to a research by American Megatrend Incorporation (AMI) partners. Similarly, Gartner survey on cloud market revenue worth for 2009, 2010 is USD 58.6Billion and USD 68Billion respectively. There is a growth projection of USD 148Billion by 2014. The bulk of SMEs cloud spending so far, has been on Customer Relationship Management (CRM), payroll, accounting, financial and web conferencing application (CRN 2011). A considerable focus has been shifted from the traditional models of building servers which has a high cost of service maintenance to the adoption of cloud computing with increased efficiency and cost reduction strategy for greater agility.

Salesforce.com is one of the first milestone arrivals of cloud computing in 1999 with a pioneering concept of enterprise applications services through a website. The services firm paved the way for application delivery over the internet (Sales force 2012). This followed with Amazon Web Services (AWS) which provided cloud based services such as computation, storage and Infrastructure in 2002 through models such as Amazon Simple Storage Service (Amazon S3) and Amazon Elastic Compute Cloud (Amazon EC2). Amazon EC2 has several other capabilities such as reduced time for obtaining and booting new server instance with the ability to pay only for capacity used (Amazon Corp 2006). Multinational technology giants including Microsoft and Google have followed suit with the introduction of applications with increased virtualisation and universal software interoperability.

A major perceived threat to this innovation is security with emphasis on data privacy, network phishing, and firewall intrusion. However, the transforming ability of cloud computing in the information technology domain and the accruable enormous benefits are recognised with an imminent projection of rampart growth.

A basic inferring approach is adopted in this study thereby making users appreciate the inherent security challenges focused on service delivery models. This study will give a peripheral understanding of related technologies, Cloud computing concepts, Cloud architecture (environmental, service models and deployment models) and the security challenges which is a major source of concern for organisations.

KEY RELATED TECHNOLOGIES TO CLOUD COMPUTING, INNOVATION AND IMPACT

Cloud computing is not in isolation but an offshoot of the advancement of several technologies in various sectors of computing. An example of these categories as illustrated by Voorsluys, et al (2011) are; Hardware (Virtualisation, Multi-core Chips), Internet technologies (Web Services, Service Oriented Architecture), Distributed Computing (Clusters, Grids) and System Management (autonomic computing, data center automation). There convergence is attributed to the advent of Cloud Computing as shown in the diagram below.

Fig 1.0 Convergence leading to the advent of Cloud ComputingC:\Users\JOSHUA\Documents\CLoud computing Diag 001.jpg

A brief overview of four convergences is outlined below;

WEB SERVICE

Web service emergence created a platform for web based communities’ facilitating user participation and collaboration (Rhoton, 2010). It is basically the merging together of various applications built on ubiquitous technologies such as Hypertext Transfer Protocol (HTTP), Extensible Markup Language (XML), with the provision of a common mechanism for service delivery making them ideal for service oriented architecture on different messaging product platform. This enables an internal application to be made available over the internet (Voorsluys, et al. 2011).

GRID COMPUTING

Grid Computing is equipped with the ability of aggregation of distributed resources and transparently solve problems through a computation that is highly parallel Voorsluys, et al. (2011). They are usually confined to domains of solving scientific problems that require high computer processing or large data access (Rhoton, 2010). The significant aspect of grid realisation is the building of standard web based protocols into a unit generally managed as a single virtual system. The wide coverage of almost all categories of informational problems and the opaque (invisible to users) nature of cloud computing makes it distinct to grid computing.

AUTONOMIC COMPUTING

The quest of reducing human involvement in the complexities of computing systems but rather increasing systems efficiency requiring only high level guidance from humans motivated the research in autonomic computing (IBM Corp). This concept of autonomic computing inspires software technologies for the automation of data centres for service level management of running applications, automation of virtual machine provisioning and efficient disaster recovery (VMware 2012).

HARDWARE VIRTUALISATION

Hardware virtualisation is an attempt of overcoming operational issues of data center building and maintenance. This allows the operation of multiple software stacks and operating systems on a single physical platform. A virtual machine platform interface mediated access is available for each guest operating systems stacked on a Virtual Machine Monitor (VMM) called Hypervisor linked to a physical hardware as stated by Uhilig et al., in (VMware 2012).

Fig 3.0: Virtualisation of Hardware for utilisation by N virtual machines (Source: Voorsluys, et al 2011)

CLOUD ARCHITECTURE

Cloud Computing is captured under three (3) main features using the National Institute of Standards and Technology Special Publication 800-145 (Mell, and Grance, 2011). They are:

Environment Characteristics

Service Models

Deployment Models.

ENVIRONMENT CHARACTERISTICS

National Institute of Standard and Technology (NIST) categorised the environment embodied with the implementation of Cloud Computing under five characteristics namely;

On demand Self Service

Broad Network Access

Resource Pooling

Rapid Elasticity

Measured service

4.1.1 On demand Self Service

A computing service provided automatically without the need for human intervention or consultation.

Broad Network Access

Availability of unrestricted access through multiple platforms such as mobile phones, tablet, workstation either through thin or thick client.

Resource Pooling

A central shared resource is available for all users on demand using multi-tenancy or virtualisation model, where resources are assigned and reassigned. The attendant impact is the availability of the computing resources to consumers.

Rapid Elasticity

Rapid elasticity implies the service is provided with the illusion of unlimited availability of resources on demand. This is scalable and appropriated any time.

Measured service

Services rendered are measured at a level of abstraction, appropriated with metering capability based on the usage of subscription (bandwidth, storage, active users) which are monitored, controlled and reported. It is usually charged-per-use or pay-per-use.

CLOUD…AS A SERVICE MODEL

There are many Cloud service models that are adopted in organisation depending on the service need. Meanwhile, all these service models can be grouped under three key hierarchy layers. This is arranged in the dependent nature of the various service models as shown below;

Software as a Service (SaaS) known as Application Cloud

Platform as a Service(PaaS) known as Platform Cloudhttp://www.tatvasoft.com/blog/images/application-development-cloud-server-model.jpg

Infrastructure as a Service (IaaS) known as Infrastructure Cloud

Fig 4.0: Cloud model Hierarchy (Source: tatvasoft.com)

Fig 4.1: Cloud Service Models (Voorsluys, et al 2011)

4.2.1 Software as a Service (SaaS)

SaaS provides the capability of on-demand service delivery through the abstraction layer to the consumer where software is licensed and deployed across the physical layer. Multiple consumers’ access is gained through thin clients. It is an optimised service which lowers the cost of software maintenance and upgrade but with limited access to application configuration settings.

Provider

Software

Service Model

Salesforce.com

CRM

Pay per use

XDrive

Storage

Subscription

Appian Anywhere

Business process management

Pay per use

Google Gmail

Email

Free

OpSource

Billing

Subscription

Table 4.0: Cloud SaaS Providers

4.2.2 Platform as a Service (PaaS)

PaaS enables users deploy acquired or consumer created applications using programming language and tools supported on the Cloud without changing the underlying Infrastructure. Some cloud providers support multiple programming languages such as Java, python, .NET as shown in the table below. PaaS has a higher abstraction level for cloud applications with control given for the deployed application and the hosting environment. PaaS is used by developers for the creation of a complete software development lifecycle management (from planning to maintenance) (Savolainen, 2012).

Provider

Target to Use

Programming Language, Frameworks

Programming Models

Persistent Option.

Azure

Enterprise applications,

Web applications

.NET

Unrestricted

Table/BLOB/queue storage, SQL Services

Amazon Elastic MapReduce

Data processing

Hive and Pirg, Cascading, Java, Ruby, Perl, Python, PHP, C++

MapReduce

Amazon S3

Force.com

Enterprise applications

Apex

Workflow, Request-based Web programming, Excel-like formula language

Own object database

Aneka

.NET enterprise applications, Web applications

.NET

Threads, Task, MapReduce

Flat files, RDBMS

AppEngine

Web applications

Python, Java

Request-based Web programming

Big Table

Table 4.1: Comparison of PaaS providers

Infrastructure as a Service (IaaS)

IaaS provides consumers access to fundamental computing services with the ability to create, manage, deploy and run applications. This access is limited to the fundamental computing services (such as storage, network and firewalls) with no control over the core infrastructure. It uses features such as the virtual machine as an underlying infrastructure for the deployment of applications. Virtualisation is the partitioning of the resources of one physical computer into various logical resources, rearranging them as virtual machine for maximise efficiency.

Provider

Geographic distribution of data centers

User Interface and APIs

Hardware capacity

Guest Operating Systems

Smallest Billing Unit

Amazon E2C

US

Europe

CLI, WS, Portal

CPU: 1_20 EC2

compute

units

Memory: 1.7-15 GB

Storage: 160-1690 GB, 1 GB – 1 TB (per ESB units)

Linux Windows

Hour

Flexiscale

UK

Web console

CPU: 1-4

Memory: 0.5-16 GB

Storage: 20-270 GB

Linux, Windows

Hour

RackSpace

US

Portal, REST, Python, PHP, Java, .NET

CPU: Quad-core

Memory: 0.25-16 GB

Storage: 10-620 GB

Linux

Hour

Table 4.2: Comparison of IaaS providers features (Voorsluys, et al 2011)

DEPLOYMENT MODELS

The deployment models of Cloud are below;

Private Cloud

Community Cloud

Public Cloud

Hybrid Cloud

Private Cloud

This is a dedicated Cloud infrastructure service where users are staffs of the same organisation. Consumer usage is restricted to specific application configuration settings but no access to the fundamental core cloud infrastructure such as servers, operating systems. It may exist on or off premises.

Community Cloud

This is a Cloud infrastructure shared by organisations but focused on a specific community (usually domain specific). It could be dedicated to a common mission such as governmental, health and security.

Public Cloud

Cloud infrastructure made available to the public usually owned by organisations selling Cloud services. This is usually located in the premises of the service provider.

Hybrid Cloud

This is a typical combination of two or more models of Cloud deployment models for application portability in the event of Cloud bursting for load balancing between Clouds.

BENEFITS OF CLOUD ADOPTION

There are numerous benefits of Cloud computing adoption for the various service models. The combinations of some of these benefits are outlined below:

Easy deployment of services on the cloud.

Reduction in the cost of infrastructure maintenance.

Availability of persistent layer which allows applications to store users data for record and recovery.

Improved manageability of IT.

Availability of service on demand, scalability, load balancing and failure tolerance.

Cloud Drivers.JPG

Fig 4.2: Cloud computing drivers (Source: Nusca, A., 2012).

CLOUD SECURITY (SECURITY CHALLENGES IN CLOUD COMPUTING)

Security has been the underlying factor in the consideration cloud services adoption. The critical nature of the security implication concerns all relevant actors such as the Cloud Providers, Cloud Consumers and Cloud Auditors. Statistics from a survey conducted by North Bridge showed 55 percent respondents expressed concern about security.

Security survey.JPG

Fig 5.0: North Bridge Venture partner survey 2012 (Source: Nusca, A., 2012)

This concern covers data privacy which has legal implications, lock-in (Accessibility of data), Isolation failure (infrastructure features), multi-tenancy, Interface management (Insecure Application Program Interface) and malicious insider. Other security concerns are: Loss of control due to outsourced enterprise security management to a third party, complexities of Service Level Agreements (SLAs) between cloud stakeholders (CSA 2011 V3.0). The centralised location of organisation’s data and resources which cuts across architecture makes it prone to attack by hackers. Meanwhile, a shared responsibility security measures which varies with the service model adopted for use. This shared responsibility has trust boundary between the Cloud provider and user unequivocally stating their responsibilities (Carstensen, Golden, and Morgenthal 2012).

Fig 5.1: Model of Cloud Security shared ResponsibilitiesCapture.JPG

SECURITY IMPLICATION OF CLOUD COMPUTING DELIVERY MODELS.

5.1.1 Infrastructure as a Service (IaaS) security issues

VM Security: The virtualised resource linkage between the Hypervisor and physical hardware has threats common to traditional physical server. The attack could be through the introduction of viruses, malware to compromise the security of the infrastructure (Al Morsy et al. 2010). The VM image repository is prone to attack even in offline mode through the injection of malicious codes. Multi tenancy of cloud service involving the sharing of network infrastructure increases the possibility of servers, IP protocols, DHCP vulnerability. The stake dependency of the service models makes the security of a layer dependent on another. The IaaS model with physical infrastructure (networks, servers), Virtualisation layer (hypervisors), and Virtualised resources (virtual networks, VMs) upon which the PaaS and SaaS model are built requires adequate security features.

Cloud management.JPG

Fig 5.2: Dependency stake of service model (Al Morsy, Grundy, and Müller,2010)

These dependencies make the other models deployed prone to security attack once the infrastructure layer is attacked. An inferring solution which might imply the introduction of independent security model for each of the model could result into a complex or an inconsistent security profile. Meanwhile a stringent unified security model will ensure a compromised infrastructure does not affect the other models.

The absence of a standard security specification for the major stakeholders (cloud provider, service provider and service consumer) according to Al Morsy, Grundy and Müller (2010) has made harmonised security features a herculean task. The various security features poses challenges of conflicting security requirements, security management and applied security properties.

5.1.2 Platform as a Service (PaaS) security issues

PaaS which is based on Service Oriented Architecture (SOA) results in inheritance of domain security issues such as Denial of Service (DOS), attack on Extensible Markup Language (XML). The shared security responsibility implies some of the cloud consumer needs to implement security measures ensuring application deployed on the platform are secured. Inadequate security level of deployed application would result to the penetration of the platform through the application. The Application Program Interface (API) intrusion affects the other models. The risk becomes prominent when service requires the submission of credentials to third party (CSA Version 1.0, 2010).

5.1.3 Software as a Service (SaaS) security issues

SaaS involve the access of services through the web platforms. Web applications hosted on cloud infrastructures that are not adequately secured compromises security on the infrastructure. The stake dependency nature of the cloud makes vulnerability on PaaS and IaaS transferred to SaaS. Prominent among the critical application vulnerability is cross site scripting, injection of malwares. Multi tenancy of data enables co-existences of different tenants’ assets which poses data security challenge. Multi tenancy and resource sharing which are characteristics of cloud computing, could result to isolation failure

Fig 5.3: Multi tenancy Threat vector Inheritance in Cloud Models (CSA guide. V.3.0)C:\Users\JOSHUA\Desktop\Threat vector inheritance.jpg

5.2 General security measures that needed to be considered in the cloud domain

A secure software development life cycle should be adequately considered adopting best practices of technologies.

The security measures should be auditable and verifiable. This will ensure data protection in transit, processing and storage.

Some of the maturity models suggested by Cloud Security Alliance (CSA V3.0, 2011) are:

Building Security in Maturity (BSIMM2)

Software Assurance Maturity Model (SAMM)

System Security Engineering Capability Maturity Model (SSE-CMM)

Adequate implementation of control policy that ensures segregation of duties

Multiple layer in dept defense thereby ensuring minimal influence of breached layer

Provisioning of adequate fail safe mechanisms ensuring data are not compromised in the advent of cloud system failure.

Adequate security needed to be introduced for placement engines. Such placement engines should incorporate cloud consumers’ security and legal requirements such as to avoid placing competitors’ services on the same server. This will avoid isolation failure.

Adequate mutual authorisation and authentication measures of security features should be implemented.

Accidental or malicious attempts to circumvent API should be reduced with the design of authentication modules, access control for encryption and monitoring of activities.

Other threats of cloud application

Threat

Definition

Security measures

Spoofing

Identity theft

Strong authentication

Tampering

Data modification on transit

Fixture of digital signature

Repudiation

Origin of transaction denial

Audit logging

Information Disclosure

Unauthorised access to information

Secure Socket Layer (SSL) Security , encryption

Privilege Elevation

Assuming the role of an entity

Stringent authorisation levels

Table 5.0: Cloud Security Alliance security guidance in cloud computing V3.0

FUTURE DIRECTIONS

A survey of 785 respondents spanning industry expert, users and vendors in 2012 by North Bridge venture partners showed 65% to 35% vendor to customer ratio (skok, 2012). There is an expectation of 6% spending growth in the level of adoption of SaaS which has 82% of present usage. According to the survey, there is a projection of 75% built applications on PaaS by 2017 (83% increment for 2012). PaaS and IaaS are expected to have significant growth to 72% and 66% in the next five years compared to the present 40% and 51% respectively (North Bridge, 2012). The big data analytic challenge and the need to incorporate flexibility with scalability will make more organisations adopt Hybrid Cloud thereby moving some of their services to public cloud integrating more technologies, vendors and ecosystem.

Future trends.JPG

Fig 6.0: Cloud computing trend (2012 – 2017) Source: Nusca, 2012

Future trend.JPG

Fig 6.1: Future trend of Cloud computing (Source: zdnet.com).

The reduction in risk ratio of 3% data sovereignty and patriot act compared to 10% in 2011 and improvement in security and compliance measures of 12% compared to 26% in 2011 will boost confidence in cloud computing adoption(Skok, 2012).

CONCLUSION

The intensified adoption of cloud computing models by organisations is an indication of the promising possibilities achievable in the clouds. The various benefits of cloud computing such as scalability, ease of deployment, agility and unlimited storage creating a less complex IT workflow makes increased adoption of the models eminent. The various capabilities of the cloud computing are being explored for a more robust implementation of additional features. This increased growth of confidence will result in the exploration of more critical applications for implementation in areas like Big Data processing, eCommerce, backup and archiving. An emerging technological trend in cloud computing will have enormous impact on business enterprise if properly harnessed and utilised. The gradual reduction in data security and confidentiality challenges with progress from deployment to implementation of productions are pointers to the possibilities of increased adoption.