DEFINITION
“Cloud computing refers to applications and services offered over the Internet. These services are offered from data centers all over the world, which collectively are referred to as the "cloud." This metaphor represents the intangible, yet universal nature of the Internet”.
The idea of the "cloud" simplifies the many network connections and computer systems involved in online services. In fact, many network diagrams use the image of a cloud to represent the Internet. This symbolizes the Internet's broad reach, while simplifying its complexity. Any user with an Internet connection can access the cloud and the services it provides. Since these services are often connected, users can share information between multiple systems and with other users.
Applications
Examples of cloud computing include online backup services, social networking services, and personal data services such as Apple's MobileMe. Cloud computing also includes online applications, such as those offered through Microsoft Online Services. Hardware services, such as redundant servers, mirrored websites, and Internet-based clusters are also examples of cloud computing.
A simple example of cloud computing is webmail. Anyone can access their webmail from anywhere in the world simply by knowing the web address of the webmail service, there's no need to know the name of the server or an ip address or anything else. e.g. Yahoo email or Gmail etc. You don’t need a software or a server to use them. All a consumer would need is just an internet connection and you can start sending emails. The server and email management software is all on the cloud (internet) and is totally managed by the cloud service provider Yahoo, Google etc. The consumer gets to use the software alone and enjoy the benefits.
The analogy is, 'If you only need milk , would you buy a cow ?' All the users or consumers need is to get the benefits of using the software or hardware of the computer like sending emails etc. Just to get this benefit (milk) why should a consumer buy a (cow) software /hardware ?
HOW THE TECHNOLOGY WORKS?
Cloud computing is broken down into three segments: "applications," "platforms," and "infrastructure." Each segment serves a different purpose and offers different products for businesses and individuals around the world.
Applications:
- Salesforce.com (NYSE:CRM) offers customer relationship management (CRM) application services in the Software as a Service (SaaS) Industry.
· Google Inc (NASDAQ: GOOG), a global information technology leader, specializes in how people access and interact with information.
· NetSuite Inc. is a vendor of on-demand, integrated business management application suites for small and medium-sized businesses.
· Concur Technologies is a provider of business services that automate the processes involved in the management of corporate expense.
· Oracle
· SAP AG (NYSE: SAP) is the world's leading provider in business software and is the top provider in 20 of the 25 industries that it serves.
Platforms:
Many of the companies that started out providing On Demand application services have developed platform services as well. The platform segment of cloud computing refers to products that are used to deploy internet. NetSuite, Amazon, Google, and Microsoft have also developed platforms that allow users to access applications from centralized servers.
- Google (GOOG) - Apps Engine
- Amazon.com (AMZN) - EC2
- Microsoft (MSFT) - Windows Azure
- SAVVIS (SVVS) - Symphony VPDC
- Terremark Worldwide (TMRK) - The Enterprise Cloud
- Salesforce.com (CRM) - Force.com
- NetSuite (N) - Suiteflex
- Rackspace Cloud - cloudservers, cloudsites, cloudfiles
- Metrisoft - Metrisoft SaaS Platform
Infrastructure:
Below are companies that provide infrastructure services:
- Google (GOOG) - Managed hosting, development environment
- International Business Machines (IBM) - Managed hosting
- SAVVIS (SVVS) - Managed hosting & cloud computing
- Terremark Worldwide (TMRK) - Managed hosting
- Amazon.com (AMZN) - Cloud storage
- Rackspace Hosting (RAX) - Managed hosting & cloud computing
BENEFITS
In June 2009, a study conducted by VersionOne found that 41% of senior IT professionals actually don't know what cloud computing is and two-thirds of senior finance professionals are confused by the concept, highlighting the young nature of the technology. In Sept 2009, an Aberdeen Group study found that disciplined companies achieved on average an 18% reduction in their IT budget from cloud computing and a 16% reduction in data center power costs.
TOP THREATS TO CLOUD COMPUTING
Threat #1: Abuse and Nefarious Use of Cloud Computing
Criminals continue to leverage new technologies to improve their reach, avoid detection, and improve the effectiveness of their activities. Cloud Computing providers are actively being targeted, partially because their relatively weak registration systems facilitate anonymity, and providers’ fraud detection capabilities are limited.
Example:-IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for Microsoft Office and Adobe PDF exploits. Additionally, botnets have used IaaS servers for command and control functions. Spam continues to be a problem — as a defensive measure, entire blocks of IaaS network addresses have been publicly blacklist.
Threat #2: Insecure Interfaces and APIs
While most providers strive toensure security is well integrated into their service models, it is critical for consumers of those services to understand the security implications associated with the usage, management, orchestration and monitoring of cloud services. Reliance on a weak set of interfaces and APIs exposes organizations to a variety of security issues related to confidentiality, integrity, availability and accountability.
Example:- Anonymous access and/or reusable tokens or passwords, clear-text authentication or transmission of content, inflexible access controls or improper authorizations, limited monitoring and logging capabilities, unknown service or API dependencies.
Threat #3: Malicious Insiders
The impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. As organizations adopt cloud services, the human element takes on an even more profound importance. It is critical therefore that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat.
Threat #4: Shared Technology Issues
Attacks have surfaced in recent years that target the shared technology inside Cloud Computing environments. Disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalization. As a result, attackers focus on how to impact the operations of other cloud customers, and how to gain unauthorized access to data.
Threat #5: Data Loss or Leakage
Data loss or leakage can have a devastating impact on a business. Beyond the damage to one’s brand and reputation, a loss could significantly impact employee, partner, and customer morale and trust. Loss of core intellectual property could have competitive and financial implications. Worse still, depending upon the data that is lost or leaked, there might be compliance violations and legal ramifications.
Examples:-Insufficient authentication, authorization, and audit (AAA) controls; inconsistent use of encryption and software keys; operational failures; persistence and remanence challenges: disposal challenges; risk of association; jurisdiction and political issues; data center reliability; and disaster recovery.
