buy custom Cloud Computing essay

buy custom Cloud Computing essay 1. Differentiate between Infrastructure as a Service, Platform as a Service and Software as a Service. According to Armbrust et al. (2010), the services that can be delivered through cloud computing are divided into Platform as a Service, Software as a Service, and Infrastructure as a Service. Software as a Service is the most widely used and user-friendly form of cloud computing as, in most cases, it can be accessed directly from the browser without a need to install or download applications. Vendors that provide Software as a Service can manage everything, from apps and O/S, to virtualization and networking. The example of Software as a Service is Gmail. Platform as a Services provides computational resources via a platform, allowing the developers to build a framework over this platform. Thus, they do not need to purchase additional layers of software and hardware. Unlike Software as a Service, with Platform as a Services, some aspects such as applications and data have to be managed by users, not by providers. Platform as a Services offers a wide range of benefits to the companies that look to increase the efficiency of their network performance and interactivity of a large personnel. The example of Platform as a Services is Apprenda that providers services for .NET and Java software development. Infrastructure as a Service provides computer infrastructure, storage, and networking. Thus, companies do not need to buy software and servers. Instead, users can pay for the services according to how many resources they use, which is similar to a rental fee. Out of all the three cloud computing services, Compared to SaaS and PaaS, with Infrastructure as a Service users are responsible for managing the most: apps, data, runtime, and O/S. 2. The authors claim: Developers with innovative ideas for new Internet services no longer require the large capital outlays in hardware to deploy their service or the human expense to operate it. Discuss the statement, pointing out whether and why you agree or disagree with the proposition. The companies do need to be worried about overprovisioning that tends to waste costly resources. In addition, they are not concerned about underprovisioning, which makes them miss potential clients and revenues. Cloud computing eliminates the capital expenses transforming them into operational expenses. It is beneficial when demand for a service is not constant for all times. Thus, a company can pay for using resources, leading to savings. Organizations that have the need for massive analytic tasks can use cloud computing to perform computations faster as using 1,000 machines for one hour is cost associative to using one machine for 1,000 hours. Such elasticity of resources without overpaying for large scale is a unique possibility for that has never been available in the history of IT before the companies (Armbrust et al., 2010). 3. Discuss the cloud computing economics, i.e. why cloud computing is an economic choice for companies of any size. Cloud computing is an economic choice due to pay as you go principle, as stated by Armbrust et al. (2010). Services obtained through cloud computing can be distributed unevenly. For example, a company can use 100 server-hours at one day and not use the service on the next one, and pay for 100. Thus, even if the services are more expensive than purchasing and maintaining ones own server over the same amount of time, Armbrust et al. (2010) argue that the expenses are compensated by such economic benefits as elasticity and transference of risk of over-provisioning and under-provisioning. Elasticity refers to the ability to change resources at a small scale, such as one machine at a time, and with a lead-time of minutes. In order to establish ones own servers, it can take weeks to order and install new equipment, so it must be purchased in advance. However, service providers cannot always make precise predictions. Therefore, the capacity is either overestimated or underestimated. Both cases lead to loss of revenuues, but while the overprovisioning can be easily estimated, the underprovisioning is more problematic to calculate. However, it can be more serious. Not only does a company lose potential profit, the rejected users may never come back (Armbrust et al., 2010). Cloud computing offer many benefits for companies of different sizes and their IT budget. Cloud services allow startup companies to quickly deploy into a rented infrastructure provided by a cloud vendor without having to buy loads of machines, hire operating personnel, and construct a data center. Small and middle-sized companies can use cloud computing services to instantaneously use the benefits of top-class infrastructure without having to obtain, install, and manage it. Large companies are less eager to use cloud services since they are being cautious. However, many of them use it to test the services with some non-mission critical application. 4. See table 2 for the article, on the main obstacles for cloud computing growth. Discuss each of the ten arguments presented in the article. 1. Business Continuity and Service Availability Users expect high availability from services similar to those of the popular services such as Google Search. However, it is sometimes difficult to achieve. The problem lies in the viability of results from entrusting the management of a cloud computing service to a single vendor. The service provider may share software and accounting systems, so in case of any problem, the user risks to lose all the data. Another threat is that a company can even go out of business. Thus, the best way to manage it is to use multiple providers. 2. Data Lock-In Often, customers cannot easily get their data from one provider to run on a new one. One way to solve that problem is to make a single standard of the APIs so that a Software as a Service developer could provide across different providers. Therefore, the problem with one company would not make it lose all the data. Buy custom Cloud Computing essay buy custom Cloud Computing essay Cloud computing is a concept that has at its core a single element: on demand, computing services are delivered over the internet from a remote location, rather than through a desktop, a mobile device, laptop or even on an organizations servers. This implies that computing will become location and device independent, meaning that where information is housed or where processing is taking place will increasingly cease to matter. In a nutshell, computing tasks and information will be available any time from any device, provided there is access the internet (Michael, 2010). The diagram above shows the arms of cloud computing. Use of Cloud Computing In Business For individuals and organizations alike, the cloud concept is increasingly being viewed as an infinite, and not as a finite resource. In the same way, people use and pay for electricity as their energy needs change, is the same way computing has taken an on-demand, scalable form, an additional computation capacity, network bandwidth and storage can be added as needed (Michael, 2010). The current paradigm shift in the evolution of computing only means one thing: the advent of cloud computing is changing both our work and our personal lives. Benefits of Cloud Computing In Business The Creation of New Generation of Products and Services This is among the most important benefits of cloud computing. The economics of cloud computing is allowing firms to create products that were either hard or are relatively less expensive than the competition. Businesses are in a position to incorporate the economic advantage of cloud computing in their product formulations once they have experienced their success, especially if it works for their competitors (Michael, 2010). New business models and business ideas that require prohibitive amounts of computing power or scale or those that were hard to implement due to existing technical limitations and effectiveness, can now be realized with ease (Charles, 2010). Cloud computing has also allowed businesses to improve their storage, processing power and technological innovations that were not possible before. Cloud computing is making these opportunities unusually accessible. Companies traditionally outsourced their IT services some years ago. Unlike this traditional outsourcing of IT, cloud computing provides agility and control unmatched by traditional outsource for the most part. Cloud computing is making it easier for companies to switch than changing IT outsourcers (Nikolov, 2011). The awareness of the greater internet has reached a new leverage. Most companies are using cloud computing to access and interact with the online world in many ways, and it helps them in he employment of social tools, non-relational databases and a host of other technologies in their new cloud. The benefits of these applications are serving companies well by allowing them to acquire the skills and perspectives necessary to compete effectively in the 21st century. Easy Storage and Maintenance The responsibility of storing, maintaining and processing information is outside the company. The company therefore does not handle any glitches or malfunctions, meaning that the business does not need to participate in such problems. Improving Internal Communication Businesses are using cloud-computing solution in improving their internal communications. With in-house software, the storage of data may need one or more computers, and often requires manual entry and tedious communication efforts. This increases miscommunication error. However, with a web-based software solution, all the company executives and other staff interact with the same interface that reflects the same information. Everyone therefore views the same information which ensures consistency and improves internal communications to a great extent (Charles, 2010). Access to Accurate, Real-Time Information Businesses can access accurate and current information via cloud computing solutions. Web-based solutions focused on customer relationship management, which are used to track, store and monitor all the trends of individual customers and more significantly, it is accomplished in real time (Michael, 2010). This means that any employee is in a position to retrieve data on-demand and compile an accurate report reflecting the most current information. Understanding the Customer Since the current and accurate information is easily accessible to sales and marketing departments, they can analyze this information and look for opportunities for growth by using sales strategies that are specifically formulated to meet specific needs and interests of different customers (Charles, 2010). Improving Customer Relationship Management Customer relationship management is crucial to any business success in todays market place. Since sales and marketing departments strategies can be tailored to meet the specific needs of customers, and since these customers are given the opportunity to personalize their purchasing exchanges with the firm, the customer relationship is entire improved. When administrative work is cut, the resources that would have otherwise been used to keep information current manually can be used elsewhere, like carrying out market research. Better Business Tracking Top executive, partners and company heads are using cloud computing to carefully monitor the profitability of the business with more up-to-the-minute information (Michael, 2010). The ultimate goal of adopting cloud computing both in business and governments is cutting costs. Costs are cut in the data entry, IT departments, marketing research and customer call centers. Uses of Cloud Computing By the Government Cloud computing offers attractive advantages to the public sector by delivering infrastructure, software and services required in its operations. One of the most advantageous cloud computing opportunities for the public is the ability to share ICT resources among different agencies. Although governments have tried hard to provide the framework for shared services, these efforts have not always been rewarded. Governments have particularly found cloud computing important, since it offers an easier and less burdensome pathway for the efficient and effective management of public information (Nikolov, 2011). Governments also benefit from cloud computing through decreased maintenance or upgrades of IT resources. This allows improved resource utilization, flexibility, elasticity and efficiencies. Governments are also realizing improved economies of scale as well as improved collaboration capabilities (Nikolov, 2011). Cloud computing has also contributed to improved disaster recovery capabilities, since the public can access information more easily. Cloud computing is also green friendly, and has contributed to the achievement of reduced environmental degradation. Traditional computing required that each work station is installed with software that functions independently of other work stations. The software must be legally licensed to that station, and its maintenance had to be independent. This requires cost, time and energy since organizations have had to hire IT personnel to ensure the maintenance and proper functioning of each stations software. With the advent of cloud computing, the software is web based and one only requires internet access and a web browser. Organizations and governments have been relieved of many IT duties, and thus, costs, that would have otherwise been handled in the house. Cloud computing is changing the way organizations access and use ICT products and services. Instead of owning and managing ICT products and services or using the traditionally outsourced IT services, organizations and are finding it easier to employ cloud computing services since they can meet their ICT services using a flexible, on-demand and rapidly scalable system that does not require ownership on their part or dedicated resources on the cloud services provider. Buy custom Cloud Computing essay buy custom Cloud Computing essay Cloud computing has transformed the delivery and management of IT services. As a utility, cloud-computing solutions reduce IT expenses for individuals, agencies and businesses. It moves data and computing from the traditional portable devices and desktops to large data centers. With this revolution, the demand for cloud computing can be expected to grow exponentially (Hartig, 2009). However, as this technology develops, so do threats and vulnerabilities that affect many users. These vulnerabilities and threats may result to illegal access of critical or confidential data. With the innovation of cloud computing, users do not have to purchase hardware, software and storage devices. A provider through servers and networks can provide these services. Organizations should be aware of these threats and vulnerabilities as they embrace this technology in order to protect their users from crime. Abuse and Suspicious Use of Cloud Users receive various types of services from cloud providers, such as bandwidth and storage capacity. Some service providers provide their users with a free trial period that gives hackers and malicious users an opportunity to access the cloud with nefarious intentions. Spammers and other criminals take advantage of the simple procedures, relatively anonymous access and convenient registration to access the cloud and launch malicious attacks (Hicks, 2009a). Some of the impacts of their attacks include cracking passwords, decoding and building rainbow tables. Hackers and cybercriminals also take advantage of the fact that cloud service providers have limited fraud detection capabilities to launch dynamic attack points, conduct malicious data hosting and execute botnet commands. For example, some hackers use flash files and other content rich applications that allow them to install malware by utilizing users browsers (Spitzner, 2011) To lessen this threat, service providers need to establish stricter initial registration and validation processes. Credit card fraud monitoring and coordination efforts should be enhanced, as well as stepping up introspection of customer network traffic. Another area requiring rigorous monitoring is the public blacklists for the service providers network blocks. This will assist in protecting the integrity of clients data, some of which could be sensitive (Backhouse Dhillon, 2000). Insecure Interfaces and Application Programming Interfaces Cloud customers are able to interact and manage cloud services through interfaces and APIs. Service providers need to secure their service models because they play an important role in the orchestration, provisioning, and management and monitoring of the processes of running the cloud. Customers on the other hand, must be aware of the security risks associated with the use, implementation and management as well as monitoring of the cloud services (Schreiber, 2004). The security of these service models affects the security and availability of cloud services, and therefore, they should include features of authentication, access controls, encryption and monitoring of activities. A weak set of APIs and interfaces results to a variety of security issues, including malicious or unidentified access, API dependencies, inflexible access controls, reusable tokens/passwords, limited monitoring/logging capabilities, anonymous access, clear text transmission and/or authentication of content and improper authorizations. These security issues affect the confidentiality, integrity, availability and accountability of a data in the cloud. The security model of cloud providers interfaces should be analyzed to ensure they are effective. Service providers should implement strong authentication processes and access controls and in concert with encryption transmission. They should also be aware and understand the chain associated with the API (Flavio Roberto, 2010). Malicious Insiders Advanced persistent threats are some of the threats facing cloud computing in this era. Insider attacks are becoming a common occurrence in this technology and are orchestrated by employees at the provider or users site (Anderson Rainie, 2010). A malicious insider can access cryptographic keys and files as well as passwords that can allow them to participate in information theft, damage and fraud. Insiders can also by-pass or bend of security control and engage in other acts of security breaches, and hence, compromise the security controls established to safeguard information systems from attacks against integrity, confidentiality and availability of IT systems, networks and the data in the cloud. The problem of insider attacks has been on the rise especially due to lack of transparency in the processes and procedures of providing cloud services (Underwood, 2012). This means that a provider may not reveal how access is granted to employees and how their access is monitored and how reporting and policy compliance is analyzed. Additionally, customers may not understand the hiring practices of their service providers that could make room for an adversary, hackers or other cyber-criminals to steal confidential information or even take control of the cloud. The level of access granted could be an avenue for accessing confidential data or taking control of the cloud services with little or no risk of detection. Malicious insider attacks pose a great threat to the brand reputation and productivity as well as the financial well-being of an organization (Underwood, 2012). The overall premise behind insider attack is the use of much unsophisticated methods of tricking or coercing users into doing something they would normally not do. For example, an insider may send a phishing email to a user who ends up downloading a malicious code onto their computer or whichever device they are using. According to Spitzner (2011), one hundred percent of all successful compromises are a result of an insider assisting the attacke r. It is imperative that organizations implement policies to mitigate the threat of an insider taking part in an advanced persistent threat. Separation of duties is an important concept in the internal controls, though sometimes difficult and costly to implement. This objectiveis achieved by allocating tasks and associate privileges to multiple people for a specific security process. Separation of duties in the IT organization is fundamental and its the mandate of firms to apply it for regulatory purposes (Backhouse Dhillon, 2000). As a result, IT organizations should lay more emphasis on separation of duties in all their functions, especially security. Separation of duties achieves two objectives in relation to security. First, it prevents conflict of interest, wrongful acts, errors, fraud and abuse that occur in case of conflict of interest (Backhouse Dhillion, 2000). The other very important objective is the detection of control failures including information theft, security breaches and by-pass or bending of security controls. Virtualized Technology Due to the cloud virtualization, service providers reside their users applications on virtual machines based on shared infrastructure. The virtual machines are not designed to accommodate a multitenant architecture and are based on the physical hardware of the cloud provider (Karthick et. al., 2011). Overlooked flaws in technology have enabled guest operating systems to obtain unauthorized levels of control and influence on the platform. In order to maintain the security of the users, service providers are isolating their VMs to prevent one malicious VM from affecting the others under the same provider. In order to provide virtual memory as well as schedule CPU caches policies to VMs, VMs are managed by hypervisor. In addition, since the hypervisor is the main way of managing a virtualized cloud platform, hackers are targeting it in order to gain access to VMs and physical hardware because it resides in between the two (Siani, 2009). This means that an attack on hypervisor can damage both the VMs and hardware. Service providers should employ strong isolation to ensure that VMs are not able to access or affect the operations of other users running under the same cloud service provider. Moreover, service providers should implement the best practices for configuration and monitor the environment for unauthorized activity. The authentication and access operations should be strengthened in addition to enforcing procedures for patching and vulnerability remediation. Vulnerability scanning and configuration audits should also be promoted. Data Loss or Leakage Data loss refers to compromised data that may include deletion or alteration of records without first making a backup of the original content which can be intentional or unintentional (Farell, 2008). It can also occur in the course of unlinking part of a record from the larger context, unauthorized access of confidential data and loss of an encoding key. Data loss and leakage can result from various issues including: operational failures; inconsistent use of encryption keys; authorization and audit controls; political issues; disposal challenges; insufficient authentication; inconsistent software keys; persistence and remanence challenges; risk of association; disaster recovery and unreliable data storage (Tim et.al., 2009). Unreliable data storage occurs when data is stored on unreliable media that will be impossible to recover if data is lost. Inconsistent use of encryption keys will lead to both loss of the data and unauthorized access of the data by illegal users, resulting to de struction of sensitive and confidential information. An example of data loss is the case of twitter hacks. Twitter online hackers accessed accounts and numerous sensitive corporate documents housed in Googles online web office service Google Docs were stolen. The security of twitter data was not efficient enough, since the entire company data was only a single password crack away from discovery. This shows the effect of a data leakage on a brand, its reputation and the trust of partners, employees and users. Loss of core intellectual property has noncompliance and legal consequences beside the competitive and financial implications involved (Farell, 2008). Cloud providers need to specify backup strategies and generate strong key generation, management, storage and destruction practices. The integrity of data in transit should be protected and such data should be encrypted if possible (Flavio Roberto, 2010). API access should be strongly controlled, while providers should be expected to wipe persistent media before releasing it into the pool. Account or Service Hijacking Account or service hijacking occurs when hackers gain unauthorized access and control users accounts usually by using stolen credentials. Such attacks include fraud, phishing and exploitation of software vulnerabilities. Attackers can use stolen credentials and spy on users sensitive activities, return falsified information, redirect information to illegitimate sites, manipulate data and hence compromise the integrity, confidentiality and availability of the cloud computing services (George, 2011). Attackers are using users accounts as a new base to leverage cloud service providers reputation by launching constant attacks. Monitoring should be proactive to detect unauthorized activity and prohibit users and services from sharing credentials. Clients should also understand the security policies of cloud providers. Unknown Risk Profile With the innovation of cloud computing, organizations are less involved with acquiring and/or maintain hardware and software. However, users need to understand software versions, code updates, intrusion attempts and other security practices (Hicks, 2009a). While these features and their functionality may be well advertised when adopting cloud-computing services, the details of compliance to the internal security procedures, patching, auditing, logging and configuration hardening may not be clear. Users need clarification about how and where their data and related logs are stored since an unknown risk profile may include serious threats. Infrastructural details should be partially or fully disclosed, as well as should the logs and data. Cloud Computing Vulnerabilities Several significant vulnerabilities exist that organizations should consider beforee they start to use cloud computing services as described below. Session Riding and Hijacking Session hijacking refers to the use of a valid session to obtain unauthorized access to the information in a computer system or theft of a user authentication cookie used in accessing a remote server. The cookie is also used in web application technologies weaknesses in the web application structure and is easily accessible to hackers, giving them an opportunity to carry out a wide variety of malicious activities (Brohi Bamiah, 2011). Session riding refers to hackers sending commands to web applications on behalf of users by tricking the targeted user. Hackers send an email to the user or coerce him to visit a specially crafted website. Session riding executes online transactions, deletes user data, and sends spam to an intranet through the internet. Other outcomes of session riding are changes to the system and network configurations as well as opening the firewall (Tim et. al., 2009). Additionally, web technologies and refinement evolve new ways of compromising data, provide access to otherwise secure networks and pose threats to the smooth running of online business. Virtual Machine Escape Cloud computing servers make use of the same web applications, OS and enterprise as localized VMs and physical servers. The probability of a malware or hacker to remotely exploit vulnerabilities in these systems and applications is a great threat to virtualized cloud computing environments (Hartig, 2009). Locating multiple VMs jointly increases the attack surface and the risk of compromise from VM to VM. Security systems should be capable of detecting intrusion and malicious activity at VM level, regardless of where the VM is located within the virtualized cloud environment. VM escape is a significant vulnerability that enables guest-level VM to attack the host VM. An attacker runs a code on a VM allowing an OS to run within it to break out and interact with the hypervisor (Schreiber, 2004). This enables an attacker to access the host OS and all other VMs running on that particular host. The complexity of Hypervisors and VMs may increase the threat to attack surface that weakens security, such as check pointing, migration of VMs and paging. Reliability and Availability of Service Another significant cloud computing vulnerability is reliability and availability. In the event of glitches in infrastructure such as failure to cloud storage, data may be inaccessible or even lost (Flavio Roberto, 2010). With more services being developed on top of cloud, computing infrastructures, a failure or outage can create a domino effect by interrupting many internets based applications and services. This raises questions such as what forms of settlement exist for stakeholders in cases of failures, what is the responsibility of cloud providers and what procedures should be put in place to overcome these issues. Insecure Cryptography Organizations have come up with algorithms and cryptographic mechanisms as means to secure their data. However, attackers have discovered means to decode these security mechanisms and hack them. This is so because it is common for crucial flaws to exist in the implementation of cryptographic algorithms, which can change strong encryption into weak encryption that is vulnerable to attack (Spitzner, 2011). Although VMs provide more flexible and efficient set-up than traditional servers in cloud providers data centers, they still lack enough access to generate random numbers required to properly encrypt a data, and this becomes a big problem. How do computers generate truly random numbers that cannot be replicated or guessed? In PCs, mouse movements and key strokes are monitored by an OS to gather bits of a data that is collected in an entropy pool (Underwood, 2012). In servers with neither a mouse nor a keyboard, random numbers are pulled from the movements of the computers hard drive. According to Schreiber (2004), the random numbers gathered from the movements of VMs internal clock is not enough to generate strong encryption keys. Data Protection and Portability Services are offered on contractual bases between a client and the provider. However, it is not clear what happens when the contract is terminated and the client does not want to continue. Is the clients sensitive data going to be deleted or is it going to be misused by the provider. The other issue is what would happen to the services and the clients data if the provider were to go out of business for any reason. Data portability therefore becomes a main weakness in cloud computing (Karthick et. al., 2011) Vendor Lock In New business models and immature service providers has raised the risk of business failure. Lock-in makes a client unable to deal with another provider without a good amount of switching costs due to dependence on one provider for products and services. Before the process of selecting a provider, clients need to be sure of their potential provider (Hartig, 2009). Clients may also remain locked in to one provider due to lack of standards. They do not have the freedom to migrate easily from one provider to another because of the heterogeneous policies and standards set by each provider. Cloud computing is dependent on the internet technology where users access services via the web browser. With internet outage, critical clients systems and operations such as healthcare that are supposed to run 24 hours cannot be accessed, and the outcome could be disastrous. Cloud computing is flexible, multi-shared and scalable with a high capacity that gives business an innovative shape. However, these benefits are reduced by the vulnerabilities and threats that face the cloud. Significant contributions are required to ensure the safety of this technology and its development (Siani, 2009). In-depth security mechanisms and policies need to be designed to counter these threats and vulnerabilities and ensure the security of users and maintain their trust. Buy custom Cloud Computing essay