Demystifying the Cloud – Drawing the Lines between Technologies and Concepts

BACHELORARBEIT
Herr
Kevin Arnot
Demystifying the Cloud – Drawing
the Lines between Technologies
and Concepts
2013

Faculty of Media
BACHELOR THESIS
Demystifying the Cloud – Drawing
the Lines between Technologies
and Concepts
author:
Mr. Kevin Arnot
course of studies:
Business Management
seminar group:
BM10w2-B
first examiner:
Herr Prof. MBA Horst Müller
second examiner:
Jenifer Bush, Capgemini US LLC, Marketing
Director
submission:
Mittweida, 23rd
July 2013
Einreichung:
Mittweida, 23.Juli 2013

Fakultät: Medien
BACHELORARBEIT
Die Enthüllung der Cloud –
Abgrenzungen von Technologien
und Konzepten
Autor/in:
Herr Kevin Arnot
Studiengang:
Business Management
Seminargruppe:
BM10w2-B
Erstprüfer:
Herr Prof. MBA Horst Müller
Zweitprüfer:
Jenifer Bush, Capgemini US LLC, Marketing
Director
Einreichung:
Mittweida, 23.Juli 2013

Bibliographic Notes
Arnot, Kevin:
Demystifying the Cloud – Drawing the Lines between Technologies and Concepts
66 Pages, Hochschule Mittweida, University of Applied Sciences,
Faculty of Media, Bachelor Thesis, 2013
Abstract
In recent years the term Cloud has become popular in the world of technology. It is
used to describe many different Information Technology offerings, but people are
adapting this word without truly understanding it. “Demystifying the Cloud – Drawing
the Lines between Technologies and Concepts” by Kevin Arnot takes a look at many
levels of the Cloud and gives a comprehensive overview of the technologies and ideas
that make it a paradigm shift. The author analyzes the term methodically by leveraging
appropriate information from the Internet as well as from experts. An important mile-
stone in understanding the Cloud accurately is differentiating between its components.
These include: underlying technologies, the three Cloud Service Models (SaaS, IaaS
and PaaS) and how it is deployed, publically or privately. The result is to understand
that a Cloud can be composed in different ways and therefore serves exactly the needs
of its users. Furthermore, the author describes challenges that individuals and busi-
nesses have to deal with equally and reviews possible solutions. Cloud technology will
continue to evolve; however, the future business value of the term “Cloud” will depend
on how companies continue using or misusing it.

Table of contents V
Table of contents
Table of contents........................................................................................................ V
Table of abbreviations ............................................................................................. VII
Table of figures ......................................................................................................... IX
List of tables.............................................................................................................. XI
1 Introduction......................................................................................................... 1
2 Defining the Cloud .............................................................................................. 3
2.1 History of the Cloud.................................................................................... 3
2.2 Definitions on the Internet .......................................................................... 6
2.3 Definitions by providers and thought leaders.............................................. 7
2.4 Definition by the National Institute of Standards and Technology............... 9
2.5 Summary of definitions..............................................................................11
3 Technologies and Terminology.........................................................................12
4 Cloud Service Components...............................................................................20
4.1 Cloud Service Models ...............................................................................20
4.1.1 Infrastructure as a Service (IaaS).............................................20
4.1.2 Platform as a Service (PaaS)...................................................21
4.1.3 Software as a Service (SaaS) ..................................................22
4.2 Cloud Deployment Models ........................................................................24
4.2.1 Public Cloud.............................................................................25
4.2.2 Private Cloud ...........................................................................26
4.2.3 Community Cloud ....................................................................27
4.2.4 Hybrid Cloud ............................................................................30
5 Challenges..........................................................................................................33
5.1 Traditional Hosting versus Cloud Hosting..................................................33
5.1.1 Traditional Hosting ...................................................................34
5.1.2 Cloud Hosting ..........................................................................35
5.2 Comparing “real” and “fake” Cloud Software Solution ...............................37
5.3 Businesses and Consumers......................................................................41
5.4 The Consumer Cloud Trap........................................................................45
5.5 Cloud Security...........................................................................................47
6 Questionable Features.......................................................................................54

Table of contents VI
6.1 The “Green” Cloud ....................................................................................54
6.2 The Cloud’s Effect on IT Management ......................................................55
7 A simple example: Charlie’s Chocolates..........................................................58
7.1 Finances ...................................................................................................61
7.2 SuccessFactors Financial Example...........................................................62
8 Outlook and Conclusion....................................................................................65
Bibliography ............................................................................................................. XII
Appendix.................................................................................................................XXII
1. Call with Matt Mansfield – President of Matt About Business, LLC
Eigenständigkeitserklärung ................................................................................ XXIV

Table of abbreviations VII
Table of abbreviations
Abbreviation Explanation
24/7/365 24 hours a day, 7 days a week, 365 days a year
AD&D Application Development and Deployment
API Application Programming Interface
ASP Application Service Provider
AWS Amazon Web Services
CAGR Compound Annual Growth Rate
CapEx Capital Expenses
CIO Chief Information Officer
CTO Chief Technology Officer
IaaS Infrastructure as a Service
IT Information Technology
LLC Limited Liability Company
NIST National Institute of Standards and Technology
NYSE New York Stock Exchange
OpEx Operational Expenses
OS Operating System
PaaS Platform as a Service
ROI Return On Investment
SaaS Software as a Service

Table of abbreviations VIII
SLA Service Level Agreement
SMB(s) Small and Medium-sized Business(es)

Table of figures IX
Table of figures
Figure 1: From the Briefcase to the Cloud (Own Design cf.
http://www.gutewerbung.net/wp-content/uploads/2013/04/Don1.jpg, 2013).................. 2
Figure 2: Floppy Disk (Microsoft, 2013)........................................................................ 3
Figure 3: A History of The Cloud (Own Design cf. Matt Mansfield,
http://www.youtube.com/watch?v=9LVWnS_Cz4M&list=WLB4449357EB4C58CF,
2013)............................................................................................................................ 4
Figure 4: Gartner’s Properties for Providers and Customers (Own Design, see Footnote
19)................................................................................................................................ 8
Figure 5: Cloud Enabled Devices (Icciev.com, 2013) ..................................................11
Figure 6: Client Interactions (Own Deisgn cf.
http://www.pcmag.com/encyclopedia/term/37856/api).................................................13
Figure 7: Rackspace API Advertisement (http://javascriptweekly.com/archive/136.html,
2013)...........................................................................................................................14
Figure 8: Virtualization (Own Design, 2013) ................................................................16
Figure 9: Coke Chase Advertisement 2013 (Adweek.com, 2013)................................18
Figure 10: Cloud Model Examples (Own Design cf. http://www.jansipke.nl/top-cloud-
computing-providers/, 2013)........................................................................................20
Figure 11: The Three Layers of Cloud Computing (Own Design, 2013).......................22
Figure 12: Cloud Service Model‘s Access, Control, Location and Cost (Own Design cf.
http://technet.microsoft.com/en-us/magazine/hh509051.aspx, 2013) ..........................24
Figure 13: Cloud Service‘s Access, Control and Ownership (Own Design cf.
http://blogs.gartner.com/thomas_bittman/2009/04/08/the-spectrum-of-private-to-public-
cloud-services/, 2013) .................................................................................................26
Figure 14: In-House Data Center (Own Design cf. http://www.datamation.com/cloud-
computing/what-is-private-cloud.html, 2013) ...............................................................27
Figure 15: Complete Overview of Cloud Service Models (Own Design cf.
http://technet.microsoft.com/en-us/magazine/hh509051.aspx, 2013) ..........................30
Figure 16: Cloud Tool Box (http://ants.etse.urv.es/web/, 2013) ...................................31
Figure 17: Enterprises and Clouds (Own Design cf. http://rob-
livingstone.com/2013/04/public-private-community-and-hybrid-cloud-explained/, 2013)
....................................................................................................................................32
Figure 18: Traditional Hosting Model (Own Design cf.
http://blog.gogrid.com/2013/04/23/how-to-create-an-auto-scaling-web-application-on-
gogrid-part-1-theory/, 2013).........................................................................................35
Figure 19: Cloud Hosting Model (Own Design cf.
http://blog.gogrid.com/2013/04/23/how-to-create-an-auto-scaling-web-application-on-
gogrid-part-1-theory/, 2013).........................................................................................36
Figure 20: Application Service Provider (Own Design, 2013) ......................................38
Figure 21: Cloud Application Provider (Own Design cf.
http://www.teamwox.com/en/groupware/articles/60/saas-online-collaboration-system,
2013)...........................................................................................................................39
Figure 22: App versus Browser Usage (Khalaf, 2013).................................................42
Figure 23: Interaction Between Companies and their Customers (Own Design cf.
http://www.youtube.com/watch?v=cQeCnj3Gy6c, 2013) .............................................43
Figure 24: Influence of being connected......................................................................44

Table of figures X
Figure 25: Cloud Dangers (Own Design, 2013 ............................................................46
Figure 26: VMware‘s Equation of Trust (Own Design cf. Footnote 118).......................51
Figure 27: Skill Requirements for Cloud Services (Own Design cf.
http://mscisyaminimishra.files.wordpress.com/2012/10/cloudcomp.pdf, 2013) ............56
Figure 28: Cost Structure of an On-Premise Human Resource Information Solution...63
Figure 29: Cost Structure of a Cloud-based Human Resource Information Solution....63

List of tables XI
List of tables
Table 1: Cloud Services Compared.............................................................................23
Table 2: Comparing Private and Public Cloud .............................................................29
Table 3: HostingModels Compared .............................................................................36
Table 4: Different Characteristics between Hosted Applications and SaaS ................39
Table 5: US Usage of Major Cloud Media Services.....................................................45
Table 6: Google Brands Overview (Google, 2013) ......................................................45
Table 7: Significant Concerns with Cloud Computing ..................................................47
Table 8: Main Security Questions................................................................................49
Table 9: Chances versus Risks ...................................................................................53
Table 10: Cost Structure of an On-Premise Human Resource Information Solution
...................................................................................... Error! Bookmark not defined.
Table 11: Cost Structure of a Cloud-based Human Resource Information Solution
...................................................................................... Error! Bookmark not defined.
Table 12: Typical Costs for a 10,000 Employee Company ..........................................64

Introduction 1
1 Introduction
Over the last 40 years the way people have shared and carried information has
changed rapidly, going from paper, floppy disks, CDs, USB drives to storing data on
the Cloud (see Figure 1). Today we are connected to the Internet 24 hours a day 7
days a week (24/7) having access to all our information, data and sharing everything
on social media platforms. This has also changed the way we do business and engage
customers and business partners. The perpetual connection allows businesses to be
agile and proactive or reactive to market events. Taking care of customers and part-
ners through so many channels is very time consuming and requires a company’s full
attention. Cloud technology is said to be a milestone in making it easier to concentrate
on your core business and is supposed to bring a company many benefits to making
their business more successful.
Firstly this young topic deserves a lot of attention, because global players in the indus-
try like Amazon, Salesforce.com, Google, Microsoft and Apple have been working on
their solutions for years and are spiking the interest of all companies that are looking to
lower their operational costs. Secondly the Cloud does not only enable big business to
fully take advantage of their capabilities, but it is also valuable to smaller businesses
and startups, which can save money on their IT infrastructure. Furthermore it offers
opportunities for people without a technology background to succeed with their ideas
through using simple interfaces that they can operate without an IT professional. Last
but not least there are the common users, who use Cloud Services to access their mu-
sic and data from anywhere in the world. It’s an emerging technology that is far from
reaching its fullest potential.
The author, Kevin Arnot, Marketing, Brand and Media Student at University of
Mittweida recognizes these changes and the trend around the word “Cloud”. His thesis,
“Demystifying the Cloud – Drawing the Lines between Technologies and Concepts”
takes a look at many topics connected to the Cloud and focuses on why it is so hard for
many to understand what Cloud computing really means. It is designed to give a high
level insight of the Cloud. Clearly this topic is unclear or “cloudy” and there’s a need to
learn more without using complicated terms and expressions. The key goal of this the-
sis is to give the reader a simple explanation of the Cloud and confidence to participate
in conversations about it. This is achieved by catchy examples and simple terms, which
make it easier to understand the Cloud’s technical background. In addition tables and
figures are vital to this topic to be able to visualize the processes.

Introduction 2
It will look into giving the Cloud a face by exploring its origin and the evolution of the
Internet.1
Next step will be to investigate the technical background and what kinds of
Cloud services are offered. After taking a closer look at the benefits and disadvantages
of this new technology, this thesis will give insight on why companies should consider
investigating this new technology to stay on top of their game. Additionally a down to
earth example of a simple company that adapts to the Cloud will clarify how this solu-
tion can change the way a business person operates and thinks about their business.
Finally the conclusions will show if the Cloud is going to stay or if it is going to be suc-
ceeded by something else?
Figure 1: From the Briefcase to the Cloud (Own Design cf. http://www.gutewerbung.net/wp-
content/uploads/2013/04/Don1.jpg, 2013)
1
(Hurwitz, Bloor, & Kaufman, 2010)

Defining the Cloud 3
2 Defining the Cloud
A lot of people are talking about the Cloud, but for most it is a really weird concept, that
they have not grasped or understood yet. To make it easier to understand this topic to
its fullest extent, it is fundamental to know the origin of the technologies and steps that
were needed for the Cloud to become what it is today. Matt Mansfield is a recognized
expert in online business, president of Matt About Business, LLC and has devoted
most his life to working in the Cloud.2
He is a published author and has been featured
on sites such as the American Express OPEN Forum, the SCORE Small Business
Blog and Pitney Bowes’ pbSmart™ Essentials blog as well as many others. His blog
covers small businesses topics and helps entrepreneurs understand the power of tak-
ing their business online.3
On his YouTube Channel he explains how the internet de-
veloped from different kinds of networks into what it is today.4
2.1 History of the Cloud
The Flowchart “The History of the Cloud”, as shown in Figure 3 illustrates the following
passage and gives a step by step overview of the development of the Cloud. The
Name Cloud Computing was inspired by the cloud symbol that is often used to repre-
sent the Internet in flowcharts and diagrams.5
Back in the 80’s in the early ages of computers, if
two employees wanted to share something from
their computers with each other, they had to put the
information on a floppy disk (see Figure 2) and
walk it over to the person sitting across the office.
That wasn’t very convenient, so IT came up with
the Local Area Network (LAN) (Figure 3 #1). This
kind of network connected all the computers within
an office through servers and data bases (Figure 3
2
(Mansfield, http://www.youtube.com/, 2011)
3
(Mansfield, http://www.mattaboutbusiness.com/about, 2013)
4
(Youtube.com, 2013)
5
(Rouse, http://searchcloudstorage.techtarget.com/definition/, 2010)
Figure 2: Floppy Disk (Microsoft, 2013)

#2), where information was stored and of which reports could be run of. Through this
people were able to share information with each other much faster and easier.
Figure 3: A History of The Cloud (Own Design cf. Matt Mansfield,
http://www.youtube.com/watch?v=9LVWnS_Cz4M&list=WLB4449357EB4C58CF, 2013)
Soon this raised another issue. In the situation when a company had more than one
location e.g. one in San Francisco and the other in New York (Figure 3 #3), with anoth-
er server and data base and these two offices wanted to look at each other’s data ba-
ses it was not possible. Therefore the Wide Area Network (WAN) (Figure 3 #4) was
created. These networks were connected by lines provided by the telephone and cable
companies and they are the same lines the internet runs over today (Figure 3 #5).
Since this technology working behind the WAN is unknown to most, IT people drew a
cloud in the middle of two networks (Figure 3 #6). It was just important to know that the
data was delivered correctly from one location to another. An employee sent his infor-
mation “out there” and the Cloud was making sure, that no matter what it made it to its
destination. The guaranty that the information makes it back and forth correctly was
called routing (Figure 3 #7). Thus the Cloud is really just a part of technology that
makes sure that we have enough space to send each other information and also to
route information back and forth.
Often people talk about storing data and doing things in the Cloud, like using software.
That is a sort of subset of the Cloud. Before Cloud services each company had soft-

ware that ran on all the computers and servers (Figure 3 #2). It cost money and time to
keep that software up to date and everything up and running. Eventually vendors had
the idea of putting up servers, with data bases and connecting them to the Cloud
(Figure 3 #8). For a small monthly fee other companies could get through and store
their data on the vendor’s server and use the data base (Figure 3 #9). This was a revo-
lutionary idea, since it meant that a company didn’t need their own server or data base
anymore (Figure 3 #10). It just used the one provided by the vendor, saving the com-
pany money on updates, maintenance and electricity.
Another thing that vendors started doing was putting up servers with data bases that
actually had software on it (Figure 3 #11). These servers could run all kinds of software
e.g. accounting software, project management software, collaboration software etc.
These companies are called Software as a Service (SaaS) vendors. Again for a month-
ly fee they would provide a company access to their servers and data bases as well as
its functionality. This meant a company did not have to have all of this software in-
stalled on their servers or computers. Also every time the software was updated or new
functionalities were added, the vendor handled it. Upgrades did not longer have to be
installed manually on every single computer in a company. Thus Software as a Service
became functionality out in the Cloud. The storage you got from a vendor was called
Infrastructure as a Service or short IaaS (Figure 3 #8). This vendor basically gave you
a building to put all your data in, except that building was electronic. Essentially the
Cloud is the pipes and the routing so the information gets back and forth, provided to
you by phone and cable companies and really the internet and when people talk about
what they are doing out on the web, they are referring to Software as a Service.6
Defining the Cloud can be a difficult task, because everyone you ask will tell you some-
thing different. CIOs will emphasize the business benefits, whereas CTOs will talk
about the technical possibilities and common users will name the Cloud providers they
are using. Each of these viewpoints is valuable in creating a cohesive picture and has
to be considered to define the Cloud clearly. Let us take a closer look at the terminolo-
gy. The initial situation is that the word is being used in a very loosely and unspecific
way which causes confusion when talking about this subject. When people talk about
the Cloud they usually mean they are using applications that are hosted on it. Cloud is
an extensive and generic expression like “government”, which is made up of many dif-
6
(Mansfield, http://www.youtube.com/, 2011)

ferent people, departments and organizations. Another analogy would be “religion”,
which includes all of the different gods, cults and communities in the world7
. Same can
be said about the Cloud which also is made up of many different layers and compo-
nents. Matt Mansfield even says that “the Cloud can’t be defined in a single statement
and that it is a bundle of definitions.”8
Furthermore a dynamic topic like this is shaped
not only by the major companies that offer these services and their brands, but also by
industry thought leaders and technology experts. The best resource for researching
this new and dynamic topic is the Internet, of course. Printed literature carries some
fundamental definitions and explanations, but can’t compete with the constantly chang-
ing flow of information on the Internet.
2.2 Definitions on the Internet
There are thousands of definitions of the Cloud. The following four definitions seem to
capture the core elements effectively. Wikipedia, the free, web-based encyclopedia
says:
“Cloud computing is the use of computing resources (hardware and software) which
are available in a remote location and accessible over a network (typically the Internet).
The name comes from the common use of a cloud-shaped symbol as an abstraction
for the complex infrastructure it contains in system diagrams. Cloud computing entrusts
remote services with a user's data, software and computation.”9
Cloud Distribution, a firm in the United Kingdom that specializes in distributing next
generation security and networking solutions defines Cloud computing as:
“The convergence of three major trends: Virtualization, where applications are
separated from infrastructure. Utility computing where server capacity is accessed
across a grid as a variably price shared service. Software as a service is where
applications are available on demand on a subscription basis.”10
7
(Mansfield, Thoughts on the Cloud, 2013)
8
9
(Wikipedia.org, 2013)
10
(Cloud Distribution, 2010)

Baker Security & Networks are a premier provider of Information Security Solutions,
Cloud Computing and Managed Network Services and declare that:
“It is a simpler and more sufficient way of buying and using technology. […] Cloud
computing is another way of saying the services you need are delivered through the
internet”11
The online magazine, PCmag.com provides an encyclopedia for technical expressions
and terms. The definition found there states that the Cloud consists of:
„Hardware and software services from a provider on the Internet (the "Cloud"). Cloud
computing comprises "software as a service" (SaaS), "infrastructure as a service"
(IaaS) and "platform as a service" (PaaS)[...].“12
2.3 Definitions by providers and thought leaders
Judith Hurwitz is a technology strategist and thought leader. She is the president of
Hurwitz & Associates, a business technology strategy firm that helps companies gain
business benefits from their technology investments. Robin Bloor, a partner with the
same company, has been an IT consultant and technology analyst for almost 20 years.
Marcia Kaufman, a founding partner of Hurwitz & Associates, has 20 years of experi-
ence in business strategy, industry research, Service Oriented Architecture (SOA), and
information management.13
They are the authors of “Cloud Computing for Dummies” a
book that covers many basic topics on Cloud Computing. They say the Cloud “is the
next step in the evolution of the Internet.”14
This statement is backed up by many other
white papers and introductions to the Cloud. It is important to keep in mind that major
players like Amazon and salesforce.com have a strong influence on the market and
therefore on the definition of the Cloud. They, too have to explain their solutions to cus-
tomers starting with a Cloud definition. In “Intel’s Vision of the Ongoing Shift to Cloud
Computing” it is described as: “rather than a revolution, cloud computing is an im-
portant transition, a paradigm shift in IT delivery” and furthermore that it “offers the po-
11
(Networks, 2011)
12
(PCMag.com, 2013)
13
14

tential for a transformation in the design, development, and deployment of next-
generation technologies.”15
IBM has a slightly different view and says that “Cloud com-
puting is a flexible and cost-effective delivery platform for providing IT services over the
Internet.”16
Amazon Web Services adds that “with cloud computing, organizations can
consume shared computing and storage resources rather than building, operating, and
improving infrastructure on their own.”17
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and
advisory company. They deliver the technology-related insight necessary for their cli-
ents to make the right decisions.18
Their official definition of cloud computing is that is
“a style of computing where scalable and elastic IT-enabled capabilities are delivered
as a service to customers using Internet technologies.” They also describe five defining
attributes of cloud computing: service-based, scalable and elastic, shared, metered by
use and uses Internet technologies. A key to Cloud computing is a blurred boundary
between the customer and the provider. Graphically, that looks like this:19
Figure 4: Gartner’s Properties for Providers and Customers (Own Design, see Footnote 19)
The Cloud represents the Internet, or more specifically a way of looking at application
development and deployment from a network point of view. This means the applica-
15
(Intel, 2010)
16
(Duijvestijn, et al., 2010)
17
(Varia & Mathew, 2013)
18
(Gartner, 2013)
19
(Bittman, 2009)

tions use the Internet as an “operating system”. To enable such an environment takes
a new way of thinking about the underlying infrastructure. This infrastructure is unified
through Application Programming Interfaces (APIs), distributed on a global level
and fault tolerant as well as scalable and elastic.20
Marc Benioff has a unique way of
looking at the definition of Cloud that is not to be underestimated.
“He is chairman and CEO of salesforce.com. He founded the company in 1999 with a
vision to create an on-demand information management service that would replace
traditional enterprise software technology. Benioff is now regarded as one of the
pioneers of cloud computing and has been instrumental in driving businesses to
transform by embracing social and mobile cloud technologies to connect with
customers, partners and employees in new ways.”21
In an interview he shares his thoughts about the Cloud and moreover how it plays into
the future of communication. For him the Cloud is just one part of four major trends that
are changing our world.
a. Consumerization of IT means that the consumer model has changed and every-
body today is using user-optimized computers and devices to access technology.
b. Cloud computing is the third wave of computing moving and storing your data to a
network of billions of computers that the consumer controls via any device. It is be-
coming a mainstream capability and it is altering the way companies are operating.
c. Mobile has now surpassed web-based browsing as the dominant way to get infor-
mation. This trend also includes all the Applications that are being designed for
these mobile devices.
d. Social platforms are the number one reason for being online and just being on the
Internet has become secondary.
2.4 Definition by the National Institute of Standards
and Technology
Last but not least it is important to define the Cloud by a standardized method to en-
sure that there is a common ground for this technology. “The NIST is a non-regulatory
20
(Cohen, 2010)
21
(Salesforce.com, 2013)

federal agency within the U.S. Department of Commerce. NIST's mission is to promote
U.S. innovation and industrial competitiveness by advancing measurement science,
standards, and technology in ways that enhance economic security and improve our
quality of life.”22
It is a very important organization for utility companies in the U.S. for
industry standards and regulations. This agency has also published a paper on Cloud
computing and defined five essential characteristics as follows:
On-Demand Self-Service. A consumer can unilaterally provision computing capabili-
ties, such as server time and network storage, as needed automatically without requir-
ing human interaction with each service provider.
Broad Network Access. Capabilities are available over the network and accessed
through standard mechanisms that promote use by heterogeneous thin or thick client
platforms (e.g., mobile phones, tablets, laptops, and workstations).
Resource Pooling. The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, with different physical and virtual resources
dynamically assigned and reassigned according to consumer demand. There is a
sense of location independence in that the customer generally has no control or
knowledge over the exact location of the provided resources but may be able to specify
location at a higher level of abstraction (e.g., country, state, or datacenter). Examples
of resources include storage, processing, memory, and network bandwidth.
Rapid Elasticity. Capabilities can be elastically provisioned and released, in some
cases automatically, to scale rapidly outward and inward commensurate with demand.
To the consumer, the capabilities available for provisioning often appear to be unlimited
and can be appropriated in any quantity at any time.
Measured Service. Cloud systems automatically control and optimize resource use by
leveraging a metering capability1 at some level of abstraction appropriate to the type of
service (e.g., storage, processing, bandwidth, and active user accounts). Resource
usage can be monitored, controlled, and reported, providing transparency for both the
provider and consumer of the utilized service.23
22
(NIST, 2013)
23
(Mell & Grance, 2011)

2.5 Summary of definitions
It is clear that the Cloud is a catch-all for many things and it is true that it cannot be
defined in a single statement. For the author there is a lot that plays into shaping the
Cloud. These requirements are equally important and cannot exist without each other.
They support and depend on each other in order to form the Cloud. First, the Cloud is
an evolutionary step within the Internet, a paradigm shift in IT design, delivery and de-
ployment. The second requirement is that alongside with Consumerization, Mobile and
Social, it plays a major role in changing how we interact with technology. Thirdly, hard-
ware, software and data are no longer hosted on-premise, but outsourced to a vendor
which provides the platforms, apps and storage. These are accessed over a network,
commonly the Internet, through devices such as desktops, laptops; tablets or smart
phones (see Figure 5). And finally it is standardized by five characteristics provided by
NIST: On-demand self-service, broad network access, resource pooling, rapid elastici-
ty, measured service.
Figure 5: Cloud Enabled Devices (Icciev.com, 2013)

Technologies and Terminology 12
3 Technologies and Terminology
This chapter is designed to take a look inside the Cloud and the features that make it
so different from any other technology advancement to date. The Cloud is often re-
ferred to as: Utility Computing, Software as a service (SaaS) or Platform as a Service
(PaaS). Understanding different service models, their attributes as well as the expres-
sions are crucial to really get inside the Cloud.
Cloud Services are used by many of us on a daily basis without us even knowing. It
refers to the actual service that a common user or business is consuming. The most
common examples for a home user are web-based email services such as Gmail,
Hotmail or Yahoo. A businesses’ software developer can use the service of the Google
Apps Engine to develop new applications in a Cloud environment.
Utility Computing is only another expression for the idea behind Cloud Services. Just
like using electricity or water it should be just as easy for businesses to use computing
power on-demand. An Internet connected device should be all an individual needs to
access professionally managed infrastructure, storage and applications.
Cloud Computing refers to the underlying infrastructure, the actual hardware and their
connection to the Internet that makes it possible to scale services exponentially and
flex resources rapidly in response to variable supply and demand.24
Software Applications, Applications or Apps are used as a term contrary to system
software e.g. Windows, Mac Operating System or Linux. […] “The difference between
software and application is very much like the difference between a rectangle (soft-
ware) and a square (application); all applications are software, but not all software are
applications.”25
“Both System software and application software interacts with the com-
puter hardware. However, the system software operates the computer’s hardware and
provides a platform for running the application software. The application software on
the other hand helps the user to perform single or multiple tasks.”26
Examples include
enterprise and accounting software, office suites, graphics, and media players. Many
24
25
(Differncebetween.com, 2013)
26
(Reference.com, 2013)

application programs deal principally with documents. Creating software for a Cloud
environment means that applications can be designed and deployed faster. Oftentimes,
this is a company’s main objective.
Clients
In the real world, businesses have clients. In the computer world, servers have clients.
The "client-server" architecture is common in both local and wide area networks. For
example, if an office has a server that stores the company's database on it, the other
computers in the office that can access the database are "clients" of the server. On a
larger scale, when you access your e-mail from a mail server on the Internet, your
computer acts as the client that connects to the mail server. The term "client software"
is used to refer to the software that acts as the interface between the client computer
and the server. For example, if you use Microsoft Outlook to check your e-mail, Outlook
is your "e-mail client software" that allows you to send and receive messages from the
server.27
Cloud Clients are all devices such as desktop computers, laptops, tablets and smart
phones that are connected to a network (mostly the Internet) and can therefore be
used to access Cloud Services. The user “talks” to his or her devices through the
commands, menus and buttons on the User Interface (see Figure 6).
Figure 6: Client Interactions (Own Deisgn cf. http://www.pcmag.com/encyclopedia/term/37856/api)
27
(Techterms.com, 2013)

Application Program(ming) Interface or API is simply the “language” in which the
application “talks” to the operating system (OS). The API allows programmers to use
predefined functions to interact with the operating system, instead of writing them from
scratch. All computer operating systems, such as Windows and the Mac OS, provide
an application program interface for programmers. While the API makes the program-
mer's job easier, it also benefits the end user, since it ensures all programs using the
same API will have a similar user interface. This makes it easier for users to learn new
programs.28
As the “language” between an operation system and an application, APIs also play a
major role in Cloud computing. The Cloud connects many different systems, platforms
and therefore many languages. The current challenge is to realize “cross-cloud com-
patibility“29
so cloud environments can seamlessly communicate and function with each
other (see Figure 7). This is not yet the case since major Cloud players like AWS,
VMware and Google are trying to force their “API language” and also their intellectual
property as a standard onto the market.30
Figure 7: Rackspace API Advertisement (http://javascriptweekly.com/archive/136.html, 2013)
28
29
(Kleyman, 2012)
30
(Linthicum, 2012)

Multi-Tenancy is an architecture in which a large pool of users (or tenants) share the
same underlying resources such as applications and/or computer resources, even
though they only have access to their own data. Customizing the app is often limited to
the color of the user interface or business rules, but the actual application code cannot
be changed or customized. Offering a single solution to multiple businesses spreads
the costs of software development and maintenance over thousands of customers.
Therefore Cloud Services can achieve high cost efficiencies and deliver low costs. This
is one of the reason that Cloud computing is becoming more and more popular with
businesses.
Virtualization is one of the centerpieces of the paradigm shift in IT and also in the
Cloud. It is a technology that imitates computer hardware in software. Therefore more
“imitated computers” can run on a single physical server (see Figure 8). For a long time
each application vendor wanted an isolated server dedicated to its application or task,
to minimize interference with other programs. For each new app another server was
put up, that was only using 5 –15%31
of its capacity.32
This is known as server sprawl.
Virtualization changes that, by encapsulating each operating system and the software
and turning it into a virtual machine (VM). A virtualization layer presents a generic
hardware to each virtual machine, which means that a server is no longer limited to one
operating system. All the virtual machines can run side by side, each using a piece of
the computing resources. This also means that backups, storage and migration are
drastically simplified, because these encapsulated VMs are no longer bound to any
hardware, but only the virtual layer. The bottom line is that a business’ return on in-
vestment is greater, because it has to buy fewer physical servers to run its applications.
The company VMware (NYSE:VMW) currently has the lion share of the market and is
“[…] the global leader in virtualization and cloud infrastructure […]”. With more than
500,000 customers and 55,000 partners, VMware solutions help organizations of all
sizes lower costs, increase business agility and ensure freedom of choice.33
31
(Vizioncore, 2010)
32
(VMware, 2013)
33
(VMware, 2013)

Figure 8: Virtualization (Own Design, 2013)
Automation is just the starting point of taking full advantage of Cloud computing. It is
“smart software” that takes human repeatable tasks and puts them into an automated,
static workflow (automated task). Procedures that are carried out “electronically without
requiring human intervention”34
are more efficient and less expensive. This improve-
ment frees IT staff to actually devote their time to overlook and manage the deployment
of applications and projects. Automation can also stand alone and be used to simplify
single repetitive and repeatable tasks, but it plays a more important role as the founda-
tion for IT Orchestration.35
Orchestration metaphorically speaking is the “glue” that puts together automated
tasks into a sensible order. The key is to execute many tasks as quickly as possible
and if possible even at the same time. This is only doable if the task that is occurring
does not depend on the outcome of another task. For example you had multiple arms
to get ready in the morning. You could shower, wash your hair, brush your teeth and
shave at the same time, but the task of drying off could only happen after all that. The
goal is squeezing down as many tasks down vertically↨ to get more things done the
same time, horizontally↔. 36
34
(Rouse, http://searchcloudprovider.techtarget.com/definition/, 2011)
35
(Stephenson & Sawyer, 2012)
36
(Stephenson & Sawyer, 2012)

Furthermore, Cloud orchestration is the “magic word” that makes Cloud computing ac-
tually useful and delivers true value to a business. Many different, automated workflows
are strung together, i.e., orchestrated, into a value chain that delivers a business bene-
fit.37
Orchestration software brings both traditional hardware and virtualized servers
together to instantly manage, automate and streamline the entire capacity and server
requirements.38
In a Cloud environment interconnecting processes run across hetero-
geneous systems in multiple locations. Processes and transactions have to cross mul-
tiple organizations, systems and firewalls.39
In essence, the ultimate goal is delivering
services faster.
Scalability is the ability of hardware or applications to meet growing workloads and
meet business needs. This capability allows computer equipment and software pro-
grams to grow over time, rather than needing to be replaced.40
In other words servers,
storage, networking bandwidth and apps can be “expanded” or “upgraded”. Scalability
means planning resources within a business, e.g., an application provider, and the
gradual process of budgeting/anticipating, buying and expanding IT infrastructure. On
the application side it means that the apps need to be designed to adapt to support an
increasing amount of data or a growing number of users.41
For example, if you’re a
business leader and you have 500 users who will be using a particular set of software
applications that you want to put in the Cloud, you know that you will need to have a
specific level of capacity if all 500 users are logged on at the same time.42
Elasticity means that a user can have as much or as little of a service as they want at
any given time; and the service is fully managed by the provider.43
It does not neces-
sarily focus on how many users can be supported, but how fast and sufficient can a
platform adapt to support them in real-time. Speed and performance are the key. How
fast can a company provision a new virtual machine, how well does that VM perform
once deployed, and how much will it cost the company are what matters most.44
Elas-
37
(Williamson, 2012)
38
(Flexiant, 2013)
39
(Rousse M. , 2012)
40
41
42
(Guy Fardone, 2012)
43
44
(Cohen, 2010)

ticity is strongly related to applications that run on the Cloud. That means a company’s
platform on which the app is running needs to be able to handle sudden, unexpected
and massive workloads. This could be because of a viral marketing video or breaking
news that makes users visit a website or use an app. A Super Bowl Ad Campaign
draws thousands of users to a single website and still has to perform perfectly for each
visitor, e.g., Coca Cola’s “Coke Chase 2013” (see Figure 9).
Figure 9: Coke Chase Advertisement 2013 (Adweek.com, 2013)

In essence, Scalability has a great meaning within a company and is needed to guar-
antee steady growth, whereas Elasticity is more linked to satisfying users needs as
they occur. Scalability is much more specific and gradual than Elasticity, and it is very
controlled by the company and its cloud services provider in conjunction with its IT de-
partment.45
In relation to the Cloud these terms should be used very carefully and nev-
er be interchanged.
As shown above there is way more technology to the Cloud that meets the eye. All
these ideas and terms combined give the Cloud its power.
45
(Guy Fardone, 2012)

Cloud Service Components 20
4 Cloud Service Components
4.1 Cloud Service Models
Cloud Services are generally divided into three categories: Infrastructure as a Service
(IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). These three
layers are built on each other and enable hardware and software to be delivered as a
service (see Figure 10). Cloud providers will use the term Cloud generically, no matter
what service layer they are offering. In practice Cloud suppliers often provide additional
services to a layer and so the lines between all three services become blurry.46
4.1.1 Infrastructure as a Service (IaaS)
Infrastructure as a Service is the lowest of all three layers and provides the physical
environment, the “hardware building blocks” of computers. It delivers abstracted com-
pute components such as servers, networking, storage, and data center space for a
46
(Czarnecki, 2012)
Figure 10: Cloud Model Examples (Own Design cf. http://www.jansipke.nl/top-cloud-computing-
providers/, 2013)

compute foundation. It may also include the delivery of operating systems and virtual-
ization technology to manage these resources.47
Infrastructure as a Service offers the
highest level of customization because IaaS customers are only purchasing virtual ma-
chines that are connected to the underlying hardware. This means they can run any
kind of operating system and/or application they want on top of it and they have access
to as many or little physical hardware on demand. To ensure that these resources are
available all the time most contracts between a Cloud provider and a customer will in-
volve a service level agreement (SLA). This contract may include specifications about:
 Percentage of the time services will be available
 Number of users that can be served simultaneously
 Schedule for notification in advance of network changes that may affect users
 Help desk response time for various classes of problems
 Dial-in access availability
 Usage statistics that will be provided48
The most common example for IaaS is Amazon’s Elastic Compute Cloud or generally
known as EC2. It provides virtual machine resources that are scalable through a Web
services interface and paid for by the hour.49
Amazon's additional services include
Simple Storage Service (S3), a cloud storage service for backup and content down-
loads, Simple Queue Service (SQS) for message store and forwarding and CloudFront,
a comprehensive content delivery network with datacenters around the world.50
4.1.2 Platform as a Service (PaaS)
Platform as a Service is the middle layer and provides more than just infrastructure. It
includes the hardware, operating system, database and other necessary software for
the execution of applications.51
PaaS vendors offer a variety of software and product
development tools, which are used by developers to create, test, distribute and man-
age applications in the Cloud. PaaS can be seen as the middleman between IaaS and
SaaS. Firstly, it has to be able to dynamically communicate with the infrastructure and
47
48
(Rousse M. , 2008)
49
50
(PCMag.com, 2013)
51
(PCMag.com, 2013)

request the resources needed. This happens through the Application Programming
Interfaces (APIs) mentioned above. Its next purpose is to interact with the application
level (SaaS) and provide applications with the recourses they need, depending on their
load.
This level can be seen as the laboratory in which developers create new applications
specifically for the Cloud. It is important to keep in mind those different operating sys-
tems have different languages and the apps have to be written in that language. De-
velopers will make their decision on which platform to choose based on:
 Their company’s native programming language
 Compatible with other Cloud solutions, so they have the possibility to change pro-
viders and have portability
 If the language is an open source or a closed source
Examples for Platform as a Service include Google App Engine, Force.com and Win-
dows Azure.
4.1.3 Software as a Service (SaaS)
Software as a Service is basically the icing on the
cake (see Figure 11) and it provides fully serviced
software running on fully serviced infrastructure. It is
accessed over the Internet, so that the software no
longer has to be installed on a C-drive. The SaaS
provider is responsible for developing the software as
well as the configurations, back-ups, bug fixes and
hosting. The software is accessed through a browser
and needs little to no setup. Users can get engaged
with the software just through signing up (self-service)
and it is instantly delivered on demand. Depending on
the target group the software is free, upgradable to a
premium version for a subscription fee or the applica-
tion is paid for by advertisement.
There are SaaS solutions for common users and also
for businesses. Business services are available for
example for Payroll (ADP), ERP (WebEx), CRM (Salesforce.com) or document man-
agement systems. Personal usage includes email systems (Gmail), picture sharing
(Picasa, Flickr), video sharing (YouTube) and Social Networks like Facebook, Twitter
and LinkedIn. In a Cloud environment many applications do not stand alone but are
Figure 11: The Three Layers of Cloud
Computing (Own Design, 2013)

connected to each other. Social media has been one of the major reasons for users
wanting their application to be interconnected.52
This connection enables a level of cus-
tomization for their needs and personalizes the service. The perfect example for this is
a Facebook site. Recognizing your likes, shared linked etc. it will create suggestions
what a user might also like. Your recent visit to Amazon to shop for shoes will be used
to personalize your advertisements.
Table 1: Cloud Services Compared53
53
http://technet.microsoft.com/en-us/magazine/hh509051.aspx
Type Consumer Service
Provider
Service Level
Coverage
Customization
SaaS End user Finished
application
Application uptime
Application per-
formance
Minimal to no
customization
Capabilities dic-
tated by market
or provider
PaaS Application owner Runtime envi-
ronment for ap-
plication code
Cloud storage
Other Cloud
services such
as integration
Environment
availability
Environment per-
formance
No application
coverage
High degree of
customization
available within
constrains of the
service offered
Many applica-
tions will need to
be rewritten
IaaS Application own-
er or IT provider
OS
Middleware and
application
Virtual server
Cloud storage
Virtual server
availability
Time to provision
No platform or
application cover-
age
Minimal con-
straints on appli-
cations installed
on standardized
virtual OS builds

4.2 Cloud Deployment Models
There are three different, basic ways in how the Cloud is delivered. A Public Cloud can
be accessed by anyone who signs up for it, whereas a Private Cloud can only be ac-
cessed through proprietary network.54
Also there is a so called Hybrid Cloud that com-
bines features of the Private and Public Cloud.55
All three differ from each other in the
way where the infrastructure is located, who is providing the service, who can access
the service and how the service is paid for (see Figure 12). Each model has different
features that may appeal to some but not to others. These aspects are important to
bear in mind, when analyzing the pros and cons of each solution.
Figure 12: Cloud Service Model‘s Access, Control, Location and Cost (Own Design cf.
http://technet.microsoft.com/en-us/magazine/hh509051.aspx, 2013)
54
55
(Oracle Cloud Computing White Paper, 2010)

4.2.1 Public Cloud
Within Public Cloud computing (see Figure 12 and Figure 13) resources are shared
among multiple tenants (see Multi-Tenancy). The physical infrastructure is hosted and
managed at service providers’ site. Computing, storage and applications are available
to every individual, company or organization that signs up for this service. Nevertheless
each organization’s data and application usage is logically segregated so only author-
ized users are allowed access.56
Sharing computing resources generates the types of
economies of scale that can be used to reduce costs.57
However the consumer has no
control or visibility over where the Cloud services are being hosted.
For common users and small and medium size businesses the Private Cloud can be
the perfect start to get into Cloud computing. There are several advantages to this
model that especially appeal to businesses with low capital. The overarching benefits
are simplicity and efficiency, because the service is accessed via the Internet and de-
livered by a Cloud provider. Not having to purchase, install and configure physical
hardware58
, results in low upfront costs and a fast set-up. A company also benefits from
the Cloud providers’ economics of scale, saving on energy costs (e.g. cooling systems)
and fewer IT staff. Also the company only pays for what it needs which also adds to
reducing costs. A Public Cloud solution may also help save time dealing with IT prob-
lems. The technology behind the Cloud (e.g. virtualization and automation) reduces
server downtime and speeds up configurations. Moreover maintenance of the physical
hardware is not required. The last advantage is that a company is not bound by long-
time contracts. After a monthly or yearly subscription there is no obligation to continue
the service.59
Of course there are also some downsides to this model as well. One of the main disad-
vantages is the perceived weaker security. Even though most Public Cloud providers
have excellent security, entrusting sensitive personal information with a third-party is a
liability. Additionally there is a lack of control over where exactly the data is stored. The
fact that the service is delivered over the Internet means that the company might suffer
from slow speed. This depends on the connection it has set up with their Internet pro-
56
(Aerohive Networks Inc., 2013)
57
(Gartner IT Glossary, 2013)
58
(Oracle Cloud Computing White Paper, 2010)
59

vider and the performance of the Cloud providers’ data center. The last disadvantage
might be the lack of investment. Renting the service from a Cloud provider is a great
method to save on upfront investments, but it also means that there is only little capital
gained. Having items residing in-house such as servers and network equipment can
pay off in the long run as assets and tax advantages.60
Overall using a Public Cloud
means having faith and trust in the Cloud providers’ expertise and professionalism, as
you would in your own IT staff.
Figure 13: Cloud Service‘s Access, Control and Ownership (Own Design cf.
http://blogs.gartner.com/thomas_bittman/2009/04/08/the-spectrum-of-private-to-public-cloud-services/,
2013)
4.2.2 Private Cloud
Generally resources are dedicated strictly to one business and accessed by only a lim-
ited amount of people behind a firewall (see Figure 13).61
A Private Cloud or Enterprise
Cloud may be managed by the organization or a third party and may exist on premise
or off premise.62
A Private Cloud has two scenarios, hosted and in-house.
A hosted Private Clouds’ infrastructure is set up, operated and managed at the provid-
er’s site (see Figure 14). In this case, consumers merely have access to a dedicated
part of the Cloud through a Virtual Private Network (VPN), but have no control over the
physical infrastructure. When a customer chooses to use Public Cloud resources to
create their Private Cloud, the result is called a Virtual Private Cloud.63
(see Figure 14)
60
61
(Rouse, http://searchcloudprovider.techtarget.com/definition/, 2011)
62
(Loeffler, 2013)
63

An in-house Private Clouds’ infrastructure is set up at the company’s location and op-
erated and managed by a provider.64
In this case the company is its own provider and
consumer. It also has full control over the physical servers and infrastructure (also see
Figure 15). The requirement for this to work is that a company must have an existing
data center to build a Cloud computing environment and take advantage of its technol-
ogies, such as virtualization and automation. Alternatively it has to build a completely
new in-house data center. Obviously both cases also require an upfront investment.65
Ideally, a Private Cloud allows businesses significant cost savings over legacy hard-
ware-based deployments. It also enables far greater flexibility, and – in contrast to a
public cloud – much greater security and privacy.66
Concluding Private Cloud compu-
ting can at first seem to contradict the overall definition of the Cloud, but really it is just
the name for the “Next Generation Data Center” (Figure 14).
Figure 14: In-House Data Center (Own Design cf. http://www.datamation.com/cloud-computing/what-is-
private-cloud.html, 2013)
4.2.3 Community Cloud
This model of Cloud computing is sort of a subset of a Private Cloud (see Figure 12). A
Community Clouds’ infrastructure is shared by a group of companies with same
65
(Maquire, 2013)
66
(Maquire, 2013)

concerns, e.g., compliance, governance and policies. This might be several credit
institutes using the same Cloud infrastructure. It may also serve a company with
several divisions that do different things e.g. finances, marketing and consulting. It can
be seen as a gated community in which the participating organizations are benefiting
from multi-tenancy and pay-as-you-go billing, while having more privacy, security and
policy compliance. The Community Cloud can be either on-premises or off-premises,
and can be governed by the participating organizations or by a third-party service
provider.67
Motivations to go with a Private Cloud solution are various. An obvious choice is when
a companies business is its data and applications. Another reason could be that
company is part of an industry that has to be in compliance with strict security and
privacy policies, e.g., hospitals. A company also could be big enough to run a Next
Generation Cloud Data Center efficiently and effectively on their own. Last but not least
a Private Cloud might be the only option a business has because of geographical
reasons. In some countries the data residing in a Public Cloud also has to be in the
local country where the users are.68
The first main advantage for a Public Cloud is the
level of control it can offer. If a company chooses an in-house solution, the hardware is
monitored and maintained on-site, giving a complete oversight of the data.69
Being in
control also means that a company can ensure its own level of data security. In
addition a Private Cloud can provide higher performance, because it is deployed inside
the firewall on an organization's intranet, meaning that transfer rates are dramatically
increased versus using the Internet. 70
Finally, a company can customize their
hardware and software to what ever level needed.
Naturally there are downsides to this solution as well. The first one being that Private
Cloud services are in general more expensive than public ones because they require
both hardware and maintenance personnel.71
As mentioned above, building a new data
center or using legacy hardware to Cloud compute can cause high up-front
investments and admistration costs. Additional costs originate from providing the
adequate power, cooling and general maintanance. The host organization also runs the
67
68
69
70
71

risk of data loss due to physical damage of the unit, i.e., fire, power surge, water
damage.72
The most significant critique of a Private Cloud might be that is not truly
“infinite” like the Public Cloud. There will always be a capacity ceiling, because of “the
limitaions of the physical hardware.”73
If a company wants to expand their Cloud it will
have to purchase, install and configure more hardware to meet business requirements.
In a nutshell a company owns a Private Cloud and the benefits that go with it, but it
also pays extra for that privilege (see Table 2: Comparing Private and Public Cloud).
Table 2: Comparing Private and Public Cloud
Attribute Private Cloud Public Cloud
Simplicity More complicated Simple
Efficiency Lower Higher
Up-front cost High Low
Energy costs High Low
Economics of scale No Yes
Pay As You Go Model Yes Yes
Total costs High Low
Maintenance Yes No
Time savings No Yes
Availability High Lower
Scalability Limited Unlimited
Location of data center In-House Outsourced
Location of data In-House At Vendor’s Site
Security Very High High
Control over Hardware Yes No
72
73

Attribute Private Cloud Public Cloud
Customization Level High Low
Management High Lower
Limitations Yes No
Disaster recovery Maybe Yes
Figure 15: Complete Overview of Cloud Service Models (Own Design cf. http://technet.microsoft.com/en-
us/magazine/hh509051.aspx, 2013)
4.2.4 Hybrid Cloud
The last Cloud model is meant to combine the benefits of Public Clouds, such as
scalability and cost-effectiveness with the security and control of Private Clouds. Also
called Hybrid IT.74
In this It environment a company provides and manages some re-
sources in-house and has others provided externally. This model offers an attractive
option for companies that have to be in compliance with their privacy policies, but also
74
(Rousse M. , http://searchcloudcomputing.techtarget.com/definition/, 2011)

Figure 16: Cloud Tool Box
(http://ants.etse.urv.es/web/, 2013)
have to be flexible to handle sudden workloads. The overall goal is to manage different
parts of a business in the most efficient environment (appropriate infrastructure).
The Hybrid Cloud is the ideal way to effectively meet the needs of various parts of a
business.75
This means that modern businesses can choose where they want to store
different kinds of data. Mission-critical information, such as customer data and applica-
tions can be managed on-premise in a Private Cloud. On the other hand the Private
Cloud can be used as a tool to outsource less sensitive information or as a test envi-
ronment for new applications. As long as there is no intellectual property, or revenue
sources at risk and topics are being discussed, information can be handled on a Public
Cloud. Furthermore expanding or contracting workloads due to seasonal changes or
marketing campaigns can be handled easier. Capacity for certain projects can be add-
ed or removed just as quickly. In this case, moving virtual machines from a private
cloud to a public cloud to accommodate increased traffic referred to as Cloud-
bursting.76
Moving data from one Cloud into another creates several issues such as
integrating internal and external infrastructures and providing common interfaces
across applications. Moving data can also create issues around security, latency and
geography, meaning where the data is stored.
In spite of all the technical difficulties and opera-
tional challenges there is another approach to the
Hybrid Cloud. As mentioned in the section, “De-
fining the Cloud,” Judith Hurwitz is president and
CEO of Hurwitz & Associates, Inc., a strategy
consulting and research firm focused on distribut-
ed computing technologies. She is a pioneer in
anticipating technology innovation and adoption,
such as the emerging market for cloud computing
and is also the author of “Cloud Computing for
Dummies”.77
In an interview she says that Cloud approaches “won’t be black or white,
but a combination of these”78
described as the Hybrid Cloud above. In the end it might
not be about moving things around from a Private to a Public Cloud, but having multiple
75
(Apexcloud, 2012)
76
(PCMag.com, 2013)
77
(Hurwitz.com, 2013)
78
(Youtube.com, 2013)

resources that cater to a business need. It is having a Cloud Dashboard or Cloud Tool-
set (see Figure 16) from which to choose the right feature or property. Companies will
have to think about the different Cloud resources from a global, cost, geography or
application type perspective. The undeniable downside to this is that a company has to
keep track of the different environments, which makes Cloud management more com-
plex.
Comparison
Figure 17: Enterprises and Clouds (Own Design cf. http://rob-livingstone.com/2013/04/public-private-
community-and-hybrid-cloud-explained/, 2013)

Challenges 33
5 Challenges
Up until now the chapters have described many benefits that Cloud technologies ena-
ble such as cost savings. This chapter is dedicated to challenges that business and
individuals equally face with this new approach to technology. More and more vendors
are offering Cloud solutions and so the main issue will be to distinguish between “real”
Cloud solutions and “fake” ones. Once again terminology is the key and also might
have to do with the success of the Cloud offering. Also Cloud computing is becoming
mainstream without many people even noticing it and especially individuals can be
vulnerable to falling into a Cloud trap. Businesses are not spared either and will have to
be careful not to buy into “cloud-washed” solutions. Ultimately it will all come down to
evaluating security issues and what is sustainable for each business and individual.
By now it is clear that the Cloud is clearly not a one-size-fits-all proposition.79
There are
Public Clouds and Private Clouds including all their offerings such as SaaS, PaaS and
IaaS. These variations have been made to accommodate a wide range of different us-
ers80
, like businesses and individuals. There is no such thing as wrong or right, but it is
about choices that businesses and individuals have to make based on their needs. One
man’s joy can be another’s sorrow and what might be right for individuals, small and
medium size businesses, developers, or Web companies is not necessarily what suits
large enterprises and their applications. However the fact remains that the consumers
and businesses need a standard set of definitions from which to work.
5.1 Traditional Hosting versus Cloud Hosting
At first it might seem that hosting websites and business software “traditionally” and “in
the Cloud” is not so different from each other. Both options are off premise and ac-
cessed through the Internet. Most commonly the term hosting is used in connection to
websites, but in the terms of Cloud applications are much more important. As simple as
it might sound there are remarkable differences between both and how they affect
businesses.
79
(Apexcloud, 2012)
80
(Apexcloud, 2012)

Challenges 34
5.1.1 Traditional Hosting
There are two types of traditional hosting: shared and dedicated. In shared hosting, a
user or company shares a server with many other websites and customers. In dedicat-
ed hosting, a user or company owns a complete server to itself. It is essentially buying
a computer and having a hosting company manage it to ensure it stays up and running,
and connected at all times. Most small to medium scale websites use shared hosting,
because it is cost effective and requires low maintenance.81
Large scale websites use
dedicated servers as they need dedicated bandwidth and full control of the server. The
largest companies such as Amazon and Google use data centers that are essentially a
farm of dedicated servers. They use hundreds and thousands of dedicated servers
because of their bandwidth requirements.
Originally companies purchased remote IT infrastructure that was designed to handle
peak loads. It also had to have some extra space built in for unexpected spikes and
fault tolerance (n+1).82
The problem was that a company had to keep purchasing serv-
ers as the traffic of their website or usage of their applications grew. Normally busi-
nesses’ high loads only occur during business hours or on weekends and evenings.
Alternatively, peak loads may occur seasonally, monthly, annually, or be tied to a pro-
motion or special event.83
However every time the servers are not busy capacity is
wasted, but a company was still paying for them to be there. In addition to that there
are more drawbacks if a company was not using dedicated hosting. Sharing servers
(storage and bandwidth) with other websites meant that if traffic to other websites host-
ed on the same server went up, a companies’ site slowed down.
A general graph for the usage of a maximum of 12 servers (see Figure 18) shows how
little time of day, week or year the full capacity of the servers is used. The assumption
is that the infrastructure is powered by physical servers and the peak load is estimated
to consume 12 servers. Because these are physical servers, their quantity does not
change over time and consequently often sits underutilized compared to the load. This
model displays the inefficiency of traditional hosting, because there are large gaps
81
(Exelanz.com, 2012)
82
(Pankonin, 2013)
83
(Pankonin, 2013)

Challenges 35
where the demand on the application is far less than the bought-and-paid-for capacity,
so resources are basically wasted.84
Figure 18: Traditional Hosting Model (Own Design cf. http://blog.gogrid.com/2013/04/23/how-to-create-an-
auto-scaling-web-application-on-gogrid-part-1-theory/, 2013)
5.1.2 Cloud Hosting
Cloud hosting is based on the technologies behind Cloud computing. It allows unlimited
virtual machines to run on multiple servers that are connected to each other, creating
one system. Automated systems keep providing servers to make sure that applications
and websites are running smoothly. This seamless scalability frees companies from
buying physical servers that are underutilized most of the time. Automation also makes
sure that all systems are always up to date. Mirroring information across several serv-
ers also makes it less likely to lose that information, if one server fails or crashes. Also
companies merely pay for whatever capacity their websites or applications are using or
they pay a monthly or yearly subscription fee. Cloud hosting gives companies the pos-
sibility to always make changes to their requirements, e.g., bandwidth and storage
space. In a Cloud environment the infrastructure can be fully utilized, because it scales
up or down to adapt to demand over time. As shown in Figure 19 it is generally possi-
84
(Pankonin, 2013)

Challenges 36
ble to scale from 3 to 15 servers as the work load increases and reduce servers once
business slows down again.
Figure 19: Cloud Hosting Model (Own Design cf. http://blog.gogrid.com/2013/04/23/how-to-create-an-auto-
scaling-web-application-on-gogrid-part-1-theory/, 2013)
Table 3: HostingModels Compared85
Traditional Hosting Cloud Hosting
Flexibility and Optimization
 Inflexible: Resources are static
and require downtime to complete
 100% dedicated resources
 No shared hardware
 All available resources are inte-
grated, providing high shared re-
source availability
 Extremely Flexible
 Available resources include Band-
width, CPU usage, and Memory
Utilization
85
Content: http://www.cloudcow.com/content/royal-rumble-traditional-hosting-vs-vps-vs-cloud-hosting

Challenges 37
Traditional Hosting Cloud Hosting
Control, Customization and Security
 Full control over software and
hardware components
 Secured (depending on the type
of OS that the service is running
on)
 The control panels vary depend-
ing on the OS
 Full control over software with ad-
min/root access
 Also highly secure
 Server resource utilization is moni-
tored for: High availability and In-
stant Scalability
Cost
 Expensive: A dedicated server
requires significant upfront in-
vestment
 “Up-to-the-minute” type of billing
 Ideal for unpredictable traffic
 Ideal for unpredictable resource
usage
5.2 Comparing “real” and “fake” Cloud Software Solu-
tion
First, it is important to understand that this section is not about where the solution is
located (public, private, hybrid), but for which environment it was developed, to take full
advantage of the Cloud technologies. As mentioned before, Cloud technologies are
mainly a new way to design, deploy and deliver applications, so this is also the main
aspect companies are looking for. Unfortunately the problem remains that the term
Cloud does not imply how a solution was developed. Telling a “true” from “false” Cloud
solution is another story and will be one of the toughest challenges especially for busi-
nesses to face. In order to understand the difference between true and false is to know
that a simple hosted application is not a Cloud application. Where the confusion lies is
that, while you can say that all SaaS services are hosted, it is not accurate to say that
all hosted applications are SaaS.86
86
(Transera Inc., 2012)

Challenges 38
Hosted applications are off site and are typically something a business owns as an
asset, because the actual software and licenses are purchased from a Value Added
Reseller (VAR). This software is then installed on a remote server and accessed
through a VPN by a single company. Most line of business applications are still consid-
ered to be client-server-based (see Figure 20). This requires the software client to be
installed on a workstation and is accessed through a client (workstation) link such as
remote desktop, etc. The client or workstation installation is done on the hosted server
and is set up by person or profile. These software applications are not typically web
enabled and therefore require the network infrastructure needed to run the application
such as a Terminal Server. In other words it is a “product” that a hosting vendor rents
out to a company.
Figure 20: Application Service Provider (Own Design, 2013)
True Cloud applications in contrast are built to be web-enabled, which means there is
no need for a client (workstation) installation. Only a server installation is needed and
a device with an Internet connection for the end-user.87
The application is simply ac-
cessed with any device and any Internet browser (see Figure 21). They are also built
from the ground up to be multi-tenant, which means that a single instance of the soft-
ware running on a server (or a cluster of servers) supports multiple client organizations,
maintaining security and privacy by partitioning client data and configurations.88
Appli-
cations designed this way also comply with the NIST’s definition of Cloud.
87
(Phillippi, 2012)
88
(Transera Inc., 2012)

Challenges 39
Figure 21: Cloud Application Provider (Own Design cf.
http://www.teamwox.com/en/groupware/articles/60/saas-online-collaboration-system, 2013)
The table below clarifies the advantages of Cloud applications over hosted applica-
tions:
Table 4: Different Characteristics between Hosted Applications and SaaS 89
Hosted Applications
(license plus hosting
SaaS
(software as a service)
Software license Purchased and owned Rented from SaaS provider
Software location Customer selected host-
ing center
Determined by SaaS pro-
vider
Software upgrades Installed by customer Installed by SaaS provider
Backup services Managed by customer Managed by SaaS provider
Financial model Capital expense Operational expense
Deployment model Usually single tenant Usually multi-tenant
According to IDC, SaaS solutions are set to grow six times faster than all software, at a
compound annual growth rate (CAGR) of 26% through 2014.90
This only shows that
there is a big demand for Software as a Service and this is causing companies to simp-
ly jump on the band wagon to profit from this opportunity. Companies like Microsoft
(est. 1975)91
and Oracle (est. 1977)92
are old on-premise software giants that are now
89
(Djohnson, 2010)
90
(NetSuite, 2011)
91
(Microsoft, 2013)
92
(Oracle, 2013)

Challenges 40
being challenged by younger companies such as salesforce.com (est. 1999)93
, Net-
Suite (est. 1998)94
and Rackspace (est. 1998)95
that are offering true SaaS. It’s been
said that rebranding a hosted application as a cloud solution is akin to waterproofing a
truck and calling it a submarine.96
Trying to keep up many companies are rebranding,
or as NetSuite says “cloudwashing”97
their products. During the Web 2.0 Summit 2011
in San Francisco Marc Benioff, CEO of salesforce.com commented on the false Cloud
in an Interview98
, talking about his thoughts on the issue. His key message is that the
future is not proprietary software or hardware, but it is in fact real Cloud computing,
such as Facebook, eBay and Amazon. Referring to Oracle, he also says that the Cloud
does not include, buying software or hardware, upgrading and maintaining the system
or hiring IT staff to put it all together. Furthermore he admits that there are two versions
of the Cloud and that Oracle is doing the right thing for its shareholders, but if a com-
pany is looking for a new approach they should go for a real Cloud solution. This con-
cern of simply rebranding a product is also shared by Gartner, the world's leading
information technology research and advisory company:
“It is important to also differentiate SaaS from hosting or application management or
application outsourcing. Because SaaS and cloud are hot concepts in the market,
many suppliers are rebranding their hosting or application management or application
outsourcing capabilities as SaaS or are claiming their solutions are available ‘in the
cloud.’ Much relabeling of more-traditional application outsourcing approaches is
occurring. Suppliers run the risk of confusing and antagonizing buyers if they persist in
this approach. Enterprises run the risk of getting nasty shocks when the thing they
thought they were buying turns out to be something altogether different. Hosting and
application management are not synonymous with SaaS, nor do they necessarily
comply with the definition of cloud computing.”99
Charles Weaver, CEO and Co-Founder of MSPAlliance, the world’s largest industry
association (and certification body) for Managed Services and Cloud Computing pro-
93
(Salesforce.com, 2013)
94
(NetSuite, 2013)
95
(Rackspace, 2013)
96
(Agilysys, 2012)
97
(NetSuite, 2011)
98
(Youtube.com, 2011)
99
(NetSuite, 2011)

Challenges 41
fessionals100
, says that “Cloud computing is the new gold rush, and there is no short-
age of companies that will say and do anything in order to cash in on this lucrative and
growing market.”101
From a Cloud providers perspective it is clear, that they have to be
careful how they use the term Cloud. Competing companies are raising awareness to
this topic and sensitizing customers to not be fooled by the term Cloud. Concluding the
term “false Cloud” refers to solutions that are not truly “born in the Cloud” but only mod-
ified or even rebranded legacy software that are being offered as a Cloud solution. For
the time-being companies that are looking to buy real Cloud solutions have to make
sure that the solutions are native web-based.
5.3 Businesses and Consumers
From a business point of view it is not only important to understand how Cloud tech-
nologies are used internally, but what impact they can have when it comes to working
customers. Business partners, consumers and suppliers are leveraging technologies
to interact with each other and the business itself to research its products, compare
services and check consumer reviews as well as to try a trial version or a see a
demonstration. First and foremost this type of communication is happening through
various types of mobile devices such as smart phones, tablets and laptops and not on
a fixed desktop over a browser. Instead it is becoming more popular to use Apps pro-
vided by businesses. A 2013 blog report from Flurry Analytics points out that 80% of
surf time is spent on a mobile device using Apps (see Figure 22).102
100
(Mspalliance.com, 2013)
101
(Weaver, 2013)
102
(Flurry.com, 2013)

Challenges 42
Figure 22: App versus Browser Usage (Khalaf, 2013)
This statistic shows that businesses have to have a mobile strategy, when it comes to
how they present themselves to customers. First, businesses have to create Apps or
interfaces that are native to mobile devices to meet consumers’ expectations and their
way to access information. It has to be more than just a website which is accessed
over a mobile device; it has to be “touchable”. Self-presentation is one thing, but the
second important aspect is how others perceive a business and to have a way to inter-
act with multiple platforms such as social media, communities, press releases and con-
sumer forums etc. Businesses are no longer in charge of what their message is (see
Figure 23), but they have to interact with these platforms in order to push out infor-
mation and also get feedback from their consumers. This creates a lot of real time in-
formation that can help push business in the right direction. The last thing to consider is
the scalability of these Apps. This is where the Cloud provider comes into play to make
sure that a business’s App or website can handle, e.g., a successful launch of a new
product or service or overnight demand.

Challenges 43
Figure 23: Interaction Between Companies and their Customers (Own Design cf.
http://www.youtube.com/watch?v=cQeCnj3Gy6c, 2013)
From a Marketing point of view this means that technology is becoming essential to
their job. There has to be a balance of understanding between knowing markets, target
groups, product-price-placement (Marketing P’s) and the technologies that are driving
the business. As mentioned above there is a shift of how consumers access and re-
search a company’s product or service from simply a business-website to social com-
munities and other platforms. What this means is that marketers have to be able to
retrieve information from these sites to analyze what the consumers really want. In re-
turn this helps marketers understand how to change the message. Businesses have to
actively participate in creating an optimal product and service portfolio for their custom-
er. Cloud services like salesforce.com allow pulling together and managing this over-
flow of information and utilize it to help a business grow.
Consumers are undoubtedly the driver for Cloud solutions, because it is influencing
their lives in a positive way. They are an expanding collection of services that enables
consumers to connect from any-where in order to work, live, play, and learn.103
Figure
24 shows how a Personal Cloud caters to the individual user, manages the collection
and storage of information, and facilitates social collaboration and discovery. The
Cloud links seamlessly and intuitively with the personal mobile device.
103
(Cisco, 2012)

Challenges 44
Figure 24: Influence of being connected
At the 2011 Worldwide Developers Conference in San Francisco, Steve Jobs (*1955 –
†2011) introduced the iCloud104
and said that “the truth is in the Cloud”.105
This might
be right for Apple due to their strong brand (Table 5), but other companies should not
rely on the term Cloud. Ever since more and more companies have moved up and are
also offering their solution, it is more important to focus on the branding and the mes-
sage behind the offering. Brands can help businesses succeed in a hard-fought market
and also help consumers understand its products or services better.
104
(Cnet.com, 2011)
105
(Yerman, 2011)

Challenges 45
Table 5: US Usage of Major Cloud Media Services
5.4 The Consumer Cloud Trap
Drawing a line between businesses and individuals using Cloud computing is quite
important. Businesses evaluate their situation and have to make long term commit-
ments and investments before switching to new technologies. As mentioned above,
they have to be careful about choosing the right solution. On the other hand, most indi-
viduals will start using a Cloud solution without even knowing it by signing up with a
single provider such as Google. This can be very convenient since an individual just
has one account for many solutions. The following chart gives an overview of some
common Google offerings:
Table 6: Google Brands Overview (Google, 2013)
Use Brand Logo
Social: Contacts, Sharing and
Websites
Google+ and Blogger
Media: Videos, Pictures and
Apps
YouTube, Picasa and Google
Play
Home & Office: Data storage
and organization tools
Drive, Calendar, Gmail and
Voice

Challenges 46
Use Brand Logo
Geo: Maps, Locations and
Routes
Google Maps and Google
Earth
However this single-provider approach to the Cloud is
also a two-edged sword. Although it might seem very
nice to access information from wherever, whenever
and from any device; only relying on one source to
store and secure data can go terribly wrong. The story
of Tienlon Ho was first published on a science blog
“The Last Word On Nothing” and is a recent example
of what can happen when “the Cloud turns dark and
literally strikes you down.”
“Ho is a freelance writer in San Francisco. She uses
Gmail, Google+, and a host of other Google
consumer services. One day, she woke up and found that her Google account had
been suspended for violating the company's terms of service. She couldn't do her taxes
-- all her notes were stored in Drive. She couldn't see her calendar or contacts. She
couldn't even vent about it on her personal blog because she used Blogger. Worse,
she claims, there was no way to appeal the decision. No phone number to call. No
email address to send a complaint to. And no detailed explanation of the violation, so
she could fix it.
Eventually, she was able to get in touch with friends at Google, who filed the right
paperwork to get her account restored. But along the way, she made an alarming
discovery that everybody using consumer services should know about: Google has the
right to shut a consumer account down at any time if it thinks the user violated its terms
of use, and it bears no liability for doing so. From the company's general Terms of
Service: ‘We may suspend or stop providing our Services to you if you do not comply
with our terms or policies or if we are investigating suspected misconduct.’ That's right -
- if Google so much as suspects you of misconduct, it can suspend your account with
Figure 25: Cloud Dangers (Own
Design, 2013

Challenges 47
19%
20%
21%
26%
29%
31%
33%
46%
60%
Lack of skills
Lack of standards
Lack of control
Lack of transparancy
Vendor lock-in
Lack of interoperability with existing IT systems
Legal/compliance issues
Reliability/business continuity
Data security
no warning. Moreover, Google limits its liability to the amount paid for the service -- in
this case, nothing -- or reserves the right to restore service and call it good.”106
This shows that individuals are not by any means protected from losing their data.
Even though personal cloud computing can be very convenient and has many ad-
vantages; this issue calls for federal regulations from the government, to ensure that
the consumers are protected.107
Since the idea behind the Cloud is to deliver technolo-
gy just like a utility, it should be treated as such. An electricity or water provider cannot
just cut off customers without warning them and that should also apply to the Cloud
service.
5.5 Cloud Security
There are multiple concerns that businesses and individuals equally are confronted
with when it comes to using Cloud services. The number one topic though is undoubt-
edly the security of online-stored data (see Table 7). While individuals’ actions on this
topic are limited, there are a number of actions a business can take to help insure data
security. In addition to that there are several other issues companies must take a look
at to fully enjoy the new technologies they are purchasing. Finally, the level of security
often depends on the type of service that is being used, the provider and the user.
Table 7: Significant Concerns with Cloud Computing
106
(Rosoff, http://www.lastwordonnothing.com/2013/04/22/dumped-by-google/, 2013)
107
Cf. Weaver, 2013

Challenges 48
a) Individual Users
As previously mentioned, there is very little that individuals can do against providers’
policies, except to use different platforms, spread out and make hard copies of their
information. However security is not only about the provider. There are several threats
that are more severe than losing data due to technical failures. People are uploading
more and more personal information on social media sites and Cloud accounts which
are a direct pathway to personal lives. Data stored on the Cloud can be basically ac-
cessed through any device, which is great, but can also be a major weakness! If one of
these devices were to be lost or stolen, it can be an open invitation to criminals and
thieves. This can lead from being broken into and bank accounts being emptied to
identity theft. Many Apps such as Facebook, Twitter and Phone Locator Apps can
show criminals where people’s location is or what they are doing. These are no new
threats, but the connectivity of the Cloud as caused to rethink and improve security
issues.108
Proven solutions are to make sure to secure devices and accounts with
passwords, encrypt shared data and not to save personal information on public plat-
forms. An article from Abine Inc., a company for online security also points out that:
“The only real regulation in place to define and regulate online privacy is the Electronic
Communications Privacy Act (ECPA). Created in 1986, the document has been revised
several times, but it’s overdue for a major update. The act doesn’t contain regulations
for some of the new and major social media and communication technologies used
online—even email isn’t properly protected.“109
Making sure that individuals are protected from threats caused by the Cloud does not
only help people, but can also help companies.
b) Enterprises
Where individuals are not so lucky with policies, businesses have the advantage of
having contracts and SLAs with their providers to clarify service level conditions and
what happens in case of a security breach. Service Level Agreements (SLAs) are es-
sential for businesses that are purchasing Cloud services from a provider and the first
step to securing data. They are contracts between the provider and the user that speci-
fy the level of service expected during its term. They can specify bandwidth availability,
108
(Downey, 2013)
109
(Downey, 2013)

Challenges 49
the number of users that can be served simultaneously, help desk response time for
problem resolution (network down, machine failure, etc.) as well as attitudes and con-
sideration of the technical staff. SLAs can be very general or extremely detailed, includ-
ing the steps taken in the event of a failure. For example, if the problem persists after
30 minutes, a supervisor is notified; after one hour, the account rep is contacted, etc. 110
Enterprises usually already have security policies set up and the Cloud gives an occa-
sion to revise these policies and update them to meet new standards. IBM’s Director
for security, risk and compliance, Joe Anthony explains five essential points that have
to be evaluated in a security framework: 111
Table 8: Main Security Questions
Area Questions
People and Identity  Who are the users and what types of
roles do they have in the organization?
 Where are they trying to access data
and applications from which devices are
they accessing information? What kinds
of restrictions are necessary?
Data and Information  What is the type of data that is stored in
the Cloud environment?
 In what context is the data being used?
 What regulations are already in place by
third parties?
Application and Process  What is the integrity of an application?
 Has it been tested and approved to work
without compromising security?
110
(PCMag.com, 2013)
111
(IBM, 2013)

Challenges 50
Area Questions
Network, Server and End Point  Are traditional firewalls up-to-date?
 Intrusion-Prevention-Systems set up on
the providers and company side.
 Is the Anti-Malware up-to-date?
Physical Infrastructure  Who has physical access to the infra-
structure and is it as constrained as
possible?  badge access
With these sets of controls in place an enterprise must close loops in these areas. It is
essential to segregate data and understand what employees are doing with their au-
thorizations and that these fit the intents of the security and governance policies.
Even though data security might be the main issue for many there is another one that
is almost as immediate to businesses and that is control.112
Matt Mansfield elaborates
on this topic in his article “The Elephant in the Cloud – How Secure is Your Data?” and
questions that enterprises have to clearly understand in order to have a good Cloud
experience. First and foremost, it is important that businesses research vendors to en-
sure they are sophisticated enough to survive a challenging market. In an interview
with the author, Matt explains that due to the many different Cloud offerings that are on
the market today, his number one concern is what would happen to his data, if the
vendor went out of business, not necessarily data security.113
The numbers in Table 7
underscore his statement, which says that 46% are concerned about reliability and
business continuity, meaning data availability and accessibility. Other questions cover
issues such as:
a. Is there a backup, if the vendor’s server crashes?
b. How often does that backup happen, i.e., will a company lose an hour or a day?
c. Where is the backup stored and does the vendor have procedures to get data
loaded somewhere else in order to get systems back up and running quickly?
d. What happens to a company’s data if it chooses to move to another vendor?
And even if the company moves, does the vendor keep a copy?114
112
(Mansflied, 2011)
113
114
(Mansflied, 2011)

Challenges 51
Matt Mansfield also says that he does not really understand why people are so con-
cerned about data security in the Cloud. Bottom line is that they are still using the In-
ternet and many people use online banking to do transaction, pay bills, purchase items
or validate checks. This is quite contradictory to him, as he cannot think of anything
more valuable then people’s money and still people seem to be comfortable trusting
the Internet with such tasks.115
In reality, Cloud providers can afford higher security
levels than most businesses, because of the economics of scale they have. Reputable
Cloud providers will be able to clearly articulate specific governance, operational and
regulatory guidelines that they follow to assure the security of a company’s data. This
includes helping it to understand the policies for ID management and access control —
who is authorized to do what and when.116
It’s not about a generic security level for the
cloud; it is choosing the right security for a businesses’ cloud.117
Most of the security issues concerning Cloud computing are not new. The actual ob-
stacles businesses have to face is accepting the idea of storing and managing proprie-
tary data online. VMware illustrates how these issues can be resolved: 118
Figure 26: VMware‘s Equation of Trust (Own Design cf. Footnote 118)
115
116
(CIS - Custom Information Services, 2013)
117
(VMware, 2011)
118
(VMware, 2011)

Demystifying the Cloud – Drawing the Lines between Technologies and Concepts

Demystifying the Cloud – Drawing the Lines between Technologies and Concepts

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Demystifying the Cloud – Drawing the Lines between Technologies and Concepts

Semelhante a Demystifying the Cloud – Drawing the Lines between Technologies and Concepts (20)

Último

Último (20)

Demystifying the Cloud – Drawing the Lines between Technologies and Concepts