Cloud Computing


Syllabus : XII Sc (C++)


Cloud Computing : Characteristics, layers- client, Application, platform and infrastructure, Deployment models-Private cloud, Public cloud, Community cloud and hybrid cloud, Issues- Privacy, Compliance, Security, Sustainability and abuse. 163

Introduction to cloud computing

The two words in the phrase cloud computing have the following interpretations:

  • Cloud: As a noun, this is a metaphor for the Internet, and as an adjective it means pertaining to the Internet This usage derives from the cloud symbols that represent the Internet on diagrams.
  • Computing: Any ITactivity carried out:
    • When using “a local server or a personal computer” which implies that the IT resources are under the exclusive control of the user.
    • To “store, manage, and process data” which implies that the data is private to the user, in the sense that it is determined by them, even if it is accessible by others.

This means that cloud computing is a type of Internet-based computing, and it consists of every situation where the use of IT resources by an entity, including a person or an organisation, has all of the following characteristics:

Access to the resources is:

    • Controlled by the entity, and restricted by them to their authorised users.
    • Delivered via the Internet to all of these users.
  • The resources are:
    • Hosted by a service provider on behalf of the entity.
    • Dedicated to their exclusive use.
  • Data processed by the resources is:
    • Private to the entity and its associates.
    • Entered or collected by them, or automatically produced for them.

Depending on the context, cloud computing can mean:

  • Access to and use of the resources.
  • The hosting and delivery service that provides this access.
  • A model for enabling such access and delivery.
  • The hosted resources or services themselves.
  • The computing execution carried out by the services.
  • Technology used for the provision of the services.

Typical versus essential characteristics  : As well as the above essential features, there are several other characteristics that are typical of some types of cloud computing.

Consumption features

The cloud-computing consumption model represents characteristics, such as payment, resource-sharing, scaling and access methods, that typically apply only to some examples of cloud computing, because they are optional alternatives rather than being necessary features. For example, no payment method can be an essential characteristic of cloud computing, because there are some free services, and because each different payment method is only typical of certain types of commercial service.

Internet versus network accessibility :There are several deployment models that make cloud computing available on the Internet in a variety of public or private computer systems. Besides these, there are also IT systems that have some of the same typical characteristics and advantages as cloud computing, but that, for security reasons, are accessible only via a private network, rather than the Internet. These have been described as “cloud computing-like” but, because of the shared features, they are sometimes included as part of cloud computing itself.


Cloud services

As a hosting service, cloud computing is also known as cloud hosting, or as a cloud service.

Cloud systems

The hosted resources are known as cloud resources or cloud systems, and these include cloud software and cloud infrastructure.

Cloud software includes cloud applications, cloud databases and cloud platforms.

Cloud infrastructure includes cloud storage, cloud servers and cloud networks.

Cloud roles

The consumption and provision of cloud computing involves the following roles

  • Cloud consumer: Any person or organisation that arranges for the delivery of a cloud service, either for themselves, or for their individual users. In commercial cases, this is the customer that enters into a contract and pays for the service.
  • Cloud provider: A cloud-system host that delivers cloud services to cloud consumers.
  • Cloud auditor: An independent assessor that vets cloud services on behalf of potential consumers, for example to check security and privacy arrangements.
  • Cloud broker: A relationship manager and negotiator that connects a cloud consumer with a single cloud provider, or that aggregates services from more than one provider to satisfy the full range of a consumer’s needs.
  • Cloud carrier: An intermediary that connects consumers with the provider’s cloud systems, such as an ISP that provides Internet access and connectivity.

Cloud tenants

The cloud consumers serviced by the same cloud provider are known as tenants of the provider’s cloud systems, which are said to be multi-tenanted if they have many consumers, and single-tenanted if they have only one consumer

The tenants are the entities that contract for the services, rather than their individual users. Such an entity can be an organisation with many employees, so cloud systems can have a single tenant but many users.

In the cloud

Cloud computing happens in the cloud, and:

  • Cloud systems are said to be hosted or located in the cloud.
  • Cloud consumers are said to operate in the cloud.
  • When an organisation converts its IT management to cloud computing, it is said to move into the cloud.

Cloud of clouds

When used as a noun, the term cloud is a metaphor for the Internet, but it is also applied to the cloud systems hosted by a cloud provider, and these might be described, for example, as a public cloud.

The term cloud of clouds is used for the aggregate of the clouds hosted by several providers that co-operate in delivering cloud services

The Intercloud

The term Intercloud is used for all cloud systems, after an analogy with the word Internet, meaning inter-networks.

This is not the same as all websites on the Internet, because there are many that are excluded from cloud computing.

Cloud balancing and bursting

Cloud balancing is the day-to-day use by a consumer of more than one cloud provider for load balancing, and cloud bursting is the automatic overflow of demand to a different cloud provider only at peak times.

Cloud spanning

Cloud spanning is the use of more than one cloud service to run different components of an application.

Cloud clients

A client computer, or simply a client, is an end-user access point to a computer system, and the term came to prominence with client-server computing.

The term cloud client is an application of this concept to cloud computing, and so it is an end-user access point to a cloud system. These include PCs, notebooks, tablets and mobile phones, and the access may be through a web browser or a program interface running on the client.

They are used only to access cloud systems, and they aren’t part of cloud computing themselves.

Cloud datacentres

A datacentre is a facility that houses server computers. For example, a small or medium-sized organisation may place all its servers in one datacentre, and a large organisation may need to place them in several datacentres.

Cloud systems are hosted in a cloud datacentre

Cloud operating systems


A cloud operating system for a cloud client, such as Chrome O/S and Cloud, is a combination of a simple O/S and a web browser that enables a user device with minimal processor and memory resources to access cloud services.


Unlike a traditional server O/S, such as Windows NT and Unix, which manages the resources of a single server computer, a cloud operating system for a cloud datacentre manages all the servers in the entire datacentre, which are possibly in distributed locations.


Cloud software is also known as cloudware, and it includes cloud:

  • Applications
  • Databases
  • Platforms
  • Datacentre operating systems.

Cloud operations

Cloud operations are IT operations that provide, support or develop cloud systems, or that manage cloud datacentres.

Cloud operations use cloud engineering, which is the application of systems engineering and software engineering to the design of cloud systems, and cloud architecture, which is the structure of these systems, in terms of their components and the way they interact with each other and with external systems.

Cloud washing

Cloud washing is “the purposeful and sometimes deceptive attempt by a vendor to rebrand an old product or service by associating the buzzword cloud with it”.


Cloud computing has been described as a “model for enabling” particular types of access to and delivery of IT services.

Service models

There are three main cloud-computing service models, and these represent the three types of computing generally required by consumers: software applications (SaaS) to process their data, platforms (PaaS) to develop applications, and infrastructure (IaaS) to run software and store data.

Software as a Service

Software in the cloud

Software as a Service (SaaS) provides software that is specific to its consumer’s end-user requirements, including traditional applications, such as accounting, and email. This is the largest group of cloud services, and it provides a very wide range of software.

The host manages the software, and the infrastructure that runs this software and that stores data. It may use its own infrastructure, which is then said to be in-house or on-premise, or it may use another cloud provider for this infrastructure.

The consumers do not control the software, beyond the usual configuration settings, or the infrastructure, beyond changing the resources they use, such as the amount of disk space required for their data.

For the usual security reasons that apply when managing a data centre, such as to mitigate against the risk of an infrastructure outage, the host will regularly backup all data, across all tenants, but consumers can also backup their own data in their own disk space.

SaaS may be accessible from a variety of cloud clients.

Desktop as a Service

Desktop as a Service (DaaS) is the hosting of a desktop PC software environment, including office-productivity applications, such as word processing, by a SaaS provider.  This is done so that only a thin client, with perhaps just a web browser, need be used to access all the required software, and this can be financially advantageous for the consumer. Also, it simplifies deployment and administration of the PC environment.

DaaS is also known as a cloud desktop or desktop in the cloud.

Database as a Service

Database as a Service (DbaaS) is the hosting of database software by a SaaS provider.

These are known as cloud databases.

Identity as a Service

Identity as a Service (IDaaS) is the hosting of identity-management software by a SaaS provider.

Platform as a Service

Development platforms in the cloud

Platform as a Service (PaaS) consists of software-development and deployment platforms, known as cloud platforms, located in the cloud.

With this type of service, the host provides a complete software-development and run-time environment, including programming languages and related infrastructure, so that the consumers can either create their own software on this platform, or deploy software that was developed elsewhere, but that needs this same environment to run.

The infrastructure can include a database and identity-management, or access-control, software.

SaaS development platforms

A form of PaaS that can be hosted by SaaS providers consists of their development environment being made available for cloud consumption by third-party developers, so that the applications for their main consumers can be enhanced.One advantage of this approach is that the third-party developers have access to the user data that is stored and processed by the main application.

Also, in some cases, consumers can use the development platform to customise the application for themselves.

SaaS versus PaaS

Software development is itself performed using software, so PaaS and SaaS are related, but PaaS involves software used specifically for development, and all related activities, such as testing and deployment.

Also, with SaaS, the application is controlled by the host, whether developed by the host or by a third party, but with PaaS, the consumer controls which applications are created or deployed on the provider’s infrastructure.

Infrastructure as a Service

Hardware in the cloud

Infrastructure as a Service (IaaS) consists of hardware infrastructure that is located in the cloud. It includes cloud storage, cloud servers and cloud networks, and is also known as Hardware as a Service (HaaS). The infrastructure can be used to run software or simply to store data.

The consumers can be end-users, developers or other cloud providers. For example, SaaS providers can use IaaS providers to run their applications or to store their consumers’ data.

Application agnostic

IaaS is application and platform agnostic, which means that any software can be deployed on the infrastructure by the consumers, including different operating systems, applications or development platforms. On the other hand, with SaaS, only the provided application can be used by the tenants, and with PaaS, only applications that run on the provided platform can be used.

The servers may run a hypervisor, in which case they can run several different operating systems at the same time, and any application that runs on these operating systems.

Storage as a Service

Cloud storage is also known as Storage as a Service (SaaS).

Network as a Service

Cloud networks are also known as Network as a Service (NaaS)

Deployment models

There are several cloud-computing deployment models, and these represent different types of exclusive and non-exclusive clouds provided to consumers or groups of consumers.

Public cloud

Public clouds are cloud systems that are made available to any member of a non-exclusive group, such as the general public, or all organisations in a specific industry. Because there are many consumers, these are multi-tenanted clouds. They are owned by cloud providers, and are off-premise for all consumers.

The cloud is public only in the sense that, potentially, any person or organisation that requires the provided services can become a consumer, and a public cloud may not necessarily be of universal interest. For example, a SaaS public cloud might provide an accounting system that is useful only to certain types of small business.

Private cloud

Private clouds are cloud systems that are accessible only by a single consumer, or by an exclusive group, such as all the business units in a single organisation. They are generally single-tenanted, but they can be multi-tenanted if the individual group members act as separate consumers. They may be owned by a cloud provider and be located off-premise, or they may be operated by the consumer and be located on-premise. In the latter case, they can also be known as internal clouds or corporate clouds.

These clouds are usually private because of the need for system and data security, and, for this reason, they will usually be behind a firewall that restricts access to a limited set of client devices.

There are IT systems that have some of the same characteristics and advantages as cloud computing, but that are accessible only through a private LAN or WAN, rather than the Internet. These have been described as “cloud computing-like” but, because of the shared features, they are sometimes included as part of cloud computing itself.

Virtual private cloud

When a service provider uses a public-cloud system to create a private cloud, the result is known as a virtual private cloud.

Community cloud

Community clouds are cloud systems that are available only to a specific group of related entities that share a common purpose, such as mission, security requirements, policy or compliance considerations, and that therefore need the same type of hosting. These are multi-tenanted clouds that may be managed by the community or by a third party, and they may be off-premise for all the consumers, or on-premise for one of the consumers.

Unlike a private cloud, the community of consumers isn’t narrowly exclusive. However, they are not truly public clouds, because entities outside the community that could benefit from the service, may not be able to become consumers.

Hybrid cloud

A hybrid cloud is a composition of two or more public, private and community clouds, that are used on a day-to-day basis or for cloud bursting.

Becoming part of such a cloud can be attractive to the providers, because it results in a larger pool of resources that can be made available to their consumers, so that variations in demand can be managed more flexibly. Also, for consumers, it may be that some of their data must be in a private cloud, for security and privacy reasons, but it may be more economical to keep some other, perhaps less sensitive, data in a public cloud, because the cost of these is generally lower.

A hybrid cloud is also a cloud of clouds, but the difference with the latter is that it can contain only one type of cloud deployment, rather than a mixture of public and private clouds, as with a hybrid.

Vertical cloud

A vertical cloud is a public cloud optimised for a specific, vertical industry.

Consumption model

There are several features of cloud computing that affect consumers in terms of their day-to-day use of the services, or the way they contract for the services, or their reasons for choosing one service over another, and these have been called the consumption model.

Some of them have been described as essential, but it has also been observed that “no single feature is proposed by all definitions”, and they have been discussed using terms such as alternatives, options, generally, recurrent ideas or typically, to indicate that they don’t necessarily apply to all cloud services.

Payment and pricing

Free services

There are cloud services that are entirely free, and some that are offered on a freemium basis.

Commercial services

Where payment is made, typically it is on the basis of consumption in a given time period, such as per concurrent user per month for SaaS, or per unit of storage per month for IaaS.

Charging by usage can be by any of the following methods:

  • Utility: Consumers pay only for what they use – so called because it is similar to the pricing of services from electricity utilities.
  • Subscription: Consumers pay for a fixed amount of resource whether they use it or not, which is similar to some contracts for cable TV or mobile telecommunications.
  • A combination of these, where consumers pay a subscription to consume up to a certain amount, and then as a utility for resources consumed above that amount.


In some cases, cloud systems can be wholly owned by the consumer.

Measured service

Payment on the basis of consumption requires a measured service and a metering capability, but even free services may need to be metered if they apply only up to some level of resource.

Resource pooling

Multi-tenant hosting involves pooled resources that are shared among the several tenants. This can be a consumer advantage, because sharing the resources may lead to lower costs for each tenant.

However, resource pooling doesn’t apply to a private cloud with only one tenant, because this type of resource sharing applies only between different tenants, rather than among a tenant’s individual users. Sharing resources among users applies to any server or datacentre, whether it is part of cloud computing or not.

Scaling and provisioning

Scaling means reconfiguring resources to change their size. Scaling in means to release resources, and scaling out means to acquire more resources. Systems that can easily scale in or out are said to be elastic. Provisioning refers to the mechanisms used to provide and release resources, and hence to manage scaling. Agile provisioning allows the size of resources to be changed very easily, for example without the lengthy decision-making and budgetary process required when purchasing IT equipment for delivery on-premise. Elastic resources and agile provisioning are important for flexible and cost-effective management of variations in user demand.

The following terms are used to describe the various scaling and provisioning features that are available with some cloud services:

  • On-demand self service: Scaling that can be performed by the consumer, rather than by the host.
  • Dynamic scaling: Scaling that can be done via software, so that it can happen automatically, and possibly in a way that is invisible to the consumer.
  • Infinite scaling: There is no effective limit to the amount of resource that the consumer can have, although it is always actually finite at any one time.
  • Rapid provisioning: Provisioning that can be immediate, rather than waiting for the cloud provider to respond to a request for resources.

There is some disagreement as to whether agile provisioning is a defining characteristic of cloud computing. This is partly because the history of IT shows that flexible scaling and provisioning was available prior to the cloud era, and so it is more a feature of IT in general, rather than just cloud systems in particular. However, because large public clouds can have very many tenants, their datacentres can be much more massive than previously known, and so they can give the appearance of unlimited scalability.



Access to cloud services is via the Internet, and this leads to the possibility of consumers having broad access, which means the ability to use the services from multiple types of cloud client, including desktop, portable and hand-held devices, or from many different locations.

To achieve access from many different clients, it is necessary for the websites to be made compatible with hand-held devices as well as PCs, for example because of the different screen sizes and the different mechanics of scrolling within large web pages.

Access can be from any location where an Internet connection is available, either from a fixed PC, for example in an office or Internet café, or from anywhere that mobile telephone access is available, for example using a USB modem attached to a notebook.

However, a private cloud may only allow access from certain sources, for example if it is behind a firewall.


In IT, something is transparent to users if they do not need to understand or be aware of it. For example, with cloud computing, consumers can have transparent access, which means that the users of a service need not be aware of who provides the service or where the host is located.

However, for legal and regulatory requirements regarding the security of data, and the laws that might apply to breaches of service levels, a consumer may need to have their hosting provided by a known organisation in a specific location.


All cloud services have a dedicated-resource aspect, with consumer-controlled access to these resources by authorised users, via a secure-access method, such as a login ID. Also, the resources process data that is private to the consumer and their associates, which means that it is entered or created by them, although it may be accessible by others, including the general public.

There are many organisations that supply cloud services, and there is a very wide range of such services.

Application software

A range of cloud applications is available, including common small-business applications, such as accounting, and medium-to-large organisation line-of-business or mission-critical applications, such as CRM and ERP.

These applications are:

The authorised users of the hosted software include the consumer’s staff, and possibly the staff of their associates, such as customers and suppliers. The private data includes confidential information entered by the users, such as financial-transaction amounts, but there could also be a publicly-accessible aspect, such as a shopping-cart feature that can be used by visitors to a retail organisation’s website.

Third-party application providers

ASPs may host software that they have developed themselves, or software developed by others.

Some market-leading software systems, such as SAP and Sharepoint, are available from third-party ASPs.


Database as a Service (DbaaS) hosts cloud databases, and “virtually all major database platforms are available in the cloud”, including Amazon SimpleDB and Amazon Relational Database Service.

The private data for these services consists of the records stored in the database.

DbaaS is part of Software as a Service.


Email computing involves two aspects:

  • Composing, reading and organising emails.
  • Sending and receiving them via the Internet.

The first of these can be done on a user-device, such as a PC, in which case it is not part of cloud computing, or it can be done at the website of an ISP, in which case it is part of cloud computing. The second aspect is part of cloud computing in both cases.

For PC-based email, composing and reading emails, and organising them in folders, is done with software running on a PC, and all of the permanent storage, such as for the inbox, sent and other folders, and address books, is allocated on the PC. This is not cloud computing, because the email software and storage are not accessed via the Internet, but directly on the PC, even though the send and receive software is hosted by an ISP. The latter software is part of cloud computing, and the private data for this computing consists of the received and sent emails stored, perhaps temporarily, by the ISP prior to being retrieved for reading on the PC, or sent via the Internet.

For web-based email, or webmail, such as Gmail, the data is stored for the consumer in disk space allocated by the service provider, and emails are composed, read and organised using software hosted by the provider at their site. The private data for this computing includes all emails, folders and address books. Webmail is part of Software as a Service.

In both cases, a PC, or other user device, is a cloud client used to access the services.

Office-productivity software

Office-productivity software, such as Google Docs, is available as a cloud service. The private data for this software consists of the user’s created artefacts, such as word-processor documents and spreadsheet models, which are stored and managed on the provider’s infrastructure.

This is part of Software as a Service.

Software production

Development environments

There are cloud services, such as the Azure Services Platform, that provide software-development environments. These are part of Platform as a Service, which is one of the cloud-computing service models.

The private data for these services consists of all development information, which would be accessible only by the consumers and their authorised users, including any third-party developers.

Customer support

There are cloud services, such as Get Satisfaction, that provide self-help and developer support for the customers of a software company. This support is obtained and entered at a website that hosts and sells the company’s products.

This is a service for the software company, and the private data includes the domain names of the websites for which support is required.

Storage services

Disk storage space can be rented from some cloud providers, and consumers of these services can upload software or data, for example by using the service for backup of client-device information. The private data would consist of the uploaded material.

The infrastructure is:

Co-operation and communication

There are cloud services that use the remote connectivity features of the Internet to support distributed co-operative activities, such as systems support, project work or voice and video communication.

Examples of such services include:

  • Screen-sharing systems, such as LogMeIn and Mikogo, that can be used for remote support or co-operation on projects among geographically distributed participants.
  • Teleconferencing systems, such as Skype.

For these systems, client software needs to be installed on a user device, and this isn’t part of cloud computing, but there is also central storage of a user’s identity, so that they can connect with others. This storage and the associated connectivity software are part of cloud computing.

The private data for this service includes the consumer’s identity.


Creation and hosting

There are cloud services that provide website creation and hosting.

The private data for the consumers of these services includes the website’s content, and the dedicated resources would include a CMS, so that they can manage the website, and possibly a CRM, so that they can manage customers and purchases.


There are cloud services for website operators, that allow visitors to a website to provide feedback to these operators, and that allow the operators to analyse this feedback.

The private data includes the consumer’s domain names for which feedback is required.

Visitor statistics

There are cloud services, such as Google Analytics, that provide website visitor statistics to the operators, and that provide analysis of these statistics.

These are consumed by website operators, and the private data includes the consumer’s domain names for which statistics are required.


There are cloud services, such as PayPal, that allow website visitors to pay for anything purchased at the site.

These are consumed by website operators, and the private data includes information on the consumer’s connected bank accounts, so that transfers of accumulated payment amounts can be made.

Personal examples

Cloud storage

Anyone with Internet access can rent cloud storage and upload their personal data, for backup or sharing purposes. This is known as a personal cloud, and it is part of Infrastructure as a Service.

For example, with photos in the cloud, a family can share them with members and friends that are in distributed locations, in a way that couldn’t happen with data on their PCs. The private data consists of the uploaded information, and the authorised users consist of all those given access to this information.

Potentially, this type of service could have the largest group of tenants across all providers, because any member of the general public with a device that can access the Internet can become a consumer, if only to backup data.

Internet TV

Internet TV, also known as cloud TV, is a cloud service.

The private data for the consumers of these services includes their multicast address.

Online banking

Online banking is an example of SaaS for the bank’s customers, and the private data for each consumer includes their bank account transaction information.

Besides desktop and portable computers, the cloud clients used to access this service include ATMs, online or mobile wallets, and point-of-sale terminals.

Social media and networking

Media and networking sites, such as Facebook and LinkedIn, are part of cloud computing.

The private data for the consumers includes uploaded information, and this is accessible by the authorised network consisting of their friends or colleagues.

Synced data

Different client devices owned by the same consumer can have their data synchronised, or synced, via the cloud, so that each device can access the data produced by all the other devices. This is done by automatically backing up the data of each client using cloud infrastructure.

One example of this for personal use is the iCloud,which provides cloud storage for an individual’s music downloads from the iTunes Store in such a way that they can be accessed from any of their client devices. In this case, the private data consists of the tunes that are automatically gathered for the consumer onto their cloud storage, regardless of how they are purchased.

Online retailing

There are cloud services, such as eBay, that allow individuals to sell items on the Internet.

The private data for these services includes details of the consumer’s sale items.


There are cloud services, such as WordPress, that enable individuals to create and maintain a weblog.

The consumers of these services control access by allowing only themselves to contribute blog topics and to respond to visitor comments, or by authorising others to do so.

The private data includes the:

  • Topics that are entered from time to time.
  • Comments entered by blog visitors, which can be published or suppressed by the consumer.
  • Responses of the consumer.
  • Details of who can read or contribute to the blog, which can be the general public, or an exclusive group.

Peer-to-peer file sharing

Cloud computing involves “using a network of remote servers hosted on the Internet”. These servers can be kept in a datacentre operated by a single cloud provider, but they can also be part of a distributed P2P network that shares resources via the Internet. In such a network, all participating systems are peers, which means that they are both clients and servers, and so their users are both service consumers and service providers.

For example, P2P file-sharing is part of cloud computing. At any one time, the group participating in this service consists of the users of all devices with the same file-sharing software, such as BitTorrent, that are on-line at any one time. For these participants, the service is the mutual sharing of files, and this sharing is:

  • Consumed by each participant by uploading from another participant, or downloading to another participant.
  • Provided by each participant by making available some of the files on their own device, for downloading or uploading.

For the participants, as:

  • Consumers, the:
    • Private data consists of the files on their own device that they allow to be shared.
    • Dedicated resources include their file-sharing software, which is used for the uploading and downloading of files, and to identify them as part of the network.
    • Controlled access consists of allowing the use of their client device for uploading to, or downloading from, the other participants.
  • Providers, they host on their own behalf.

Collaborative distributed computing

The Internet services that control collaborative, distributed computing, such as GIMPS and SETI@home, are part of cloud computing. This is also known as volunteer computing.

These services divide up the computation into small parts that are then distributed to the participating user devices over the Internet. After carrying out its part of the task, a device sends the results back to the cloud–based control as a contribution to the whole process.

The consumers of these services are the participants whose user devices carry out parts of the computation. The private data for each consumer consists of their registration information, including the Internet address of their device.

Deployment-model examples

There are several cloud-computing deployment models that provide public, private, community or hybrid clouds, and there are many examples of these.

Public clouds are the most ubiquitous, and they include:

Private clouds can provide similar types of software, platform and infrastructure services as public clouds, except that they are hosted for one consumer behind a firewall that restricts access to a limited set of client devices. They can be on or off-premise for the consumer.

Google Apps is available in a community cloud for Government agencies, and there is a vertical cloud for health-care.

Service-model examples

Cloud computing includes SaaS, PaaS and IaaS, and there are many examples of these.

SaaS constitutes the largest group of services, and the following are some specific examples:

PaaS comprises all software-development and run-time platforms that are available as cloud services.

IaaS examples include:


Cloud computing isn’t just the same as Internet computing, and the Intercloud doesn’t include all the websites on the Internet.

For example, the following are excluded from cloud computing:

  • Publicly accessible websites that process the same data for every visitor, such as web search engines. There is no private-data aspect for these sites.
  • All web pages that provide a calculation feature, but without managing private data, such as a financial institution’s loan-repayment calculator.
  • All sites that only provide information, rather than a computation facility.


There are many possible advantages of cloud computing, but they may not apply to all consumers.

Reduced costs

Cloud services paid for on a usage basis can be financially advantageous for a consumer when compared to the outright purchase, or long-term rental, of what would be a big-budget item.

Also, there are reduced operating costs, because a cloud consumer does not need to house, staff and maintain their own equipment.

Up-to-date software

SaaS consumers can always have the most up-to-date software, because versioning is controlled centrally by the cloud provider, and when they make a new release it is automatically available to every user.

This is particularly advantageous for cloud desktops, because deployment of new software versions can be very costly and time consuming for a large organisation with many PCs, and because it can therefore be difficult to ensure that everyone has the same version of the organisation’s PC software applications at any one time.

Improved access

Cloud computing involves using the Internet, and this can provide access from multiple locations and many different types of user device.

Sharing and co-operation

Cloud services are advantageous, when compared to PCs and local servers, for activities that require co-operation among distributed groups.

Flexible and infinite scaling

Flexible and infinite scaling can be an advantageous feature of cloud-computing services, for example to allow for a sudden increase in demand by the users. This has traditionally been a difficulty for fully owned and self-managed IT resources, where there can be, for example, one server with a given, fixed size, and where some of its capacity may be wasted when demand is low, but where it may be overloaded, resulting in slow response times, when demand is high.

Simpler capacity planning

Cloud computing moves the IT capacity-planning role from the consumer to the cloud provider, and they can be in a better position to optimise the cloud resources used by their consumers than the consumers themselves would be for their own resources.

For example, the provider may be able to supply better demand smoothing, because they can perform capacity planning over a much larger pool of resources, and for a large group of consumers, whose peak loads will probably not occur all at the same time.


Besides the advantages of cloud computing, there are also risks, at least for some consumers.

Privacy and security

Because data is stored on a cloud provider’s systems, and possibly in a location that may not be known by the consumer, there can be data-privacy and security issues.

Concerns over lack of privacy arise because providers control the data, and so consumers could perceive a risk that they may:

  • Mine the data for their own use.
  • Share it with other organisations.
  • Lock the consumer out, for example if there is a commercial dispute.
  • Lock the consumer in, so that they can’t migrate to a different provider.
  • Lose data, particularly if their backup practices are not adequate to cope with emergencies.

Regulatory and customer requirements

There are some issues that may prevent the use of cloud services. For example:

  • Some organisations are required by regulations and laws to be responsible for the security and confidentiality of their customer’s data.
  • SLAs with customers and other associates may place restrictions on an organisation’s IT resource-management options.

Such issues may prevent organisations from using:

  • Third-party hosting
  • Hosting in any given location
  • A public cloud, however hosted.

Service-provider outages

Any accidental downtime, or outage, of cloud systems can affect some or all of the provider’s tenants, and so this can deprive many users of access to their IT systems. This is particularly true of large public clouds.



The concept

Telecom networks have been known as the cloud since at least the 1990s, and this was a symbolic metaphor used to represent the unseen network that delivered services invisibly. The term was also applied to large ATM networks in the early 1990s.

Cloud computing can be seen as a movement to apply the telecom cloud concept to IT.

Cloud symbols

Cloud symbols were used to represent the public telephone system on diagrams. Since this was the original basis of the Internet, through the use of dial-up modems, the cloud symbol was also adopted for the Internet, and it came into common use for this purpose in the 1990s.

New paradigm

Cloud computing has been a paradigm shift in IT acquisition and management, from outright purchase as a product, to consumption as a service. This has involved a change from dealing with technical capacity and performance specifications when choosing a supplier and a model number that can cope with projected user demand, to dealing only with economic considerations when choosing a service.

This is because visitors to an Internet website need only be concerned with the cost of using the available services, rather than with the IT infrastructure that supports the site. The technical details of this infrastructure can be left to the hosting organisation, and it is up to them to ensure that its performance and capacity specifications are adequate for the expected traffic. For these reasons, things are simpler for the users, as opposed to acquiring, sizing, housing, staffing and maintaining IT equipment for themselves.

The transition from ownership to cloud computing didn’t happen in one step, and in the history of this change there were other business models, such as outsourcing, and some related technologies, such as utility computing. However, the major shift has been from the exclusive use of a whole resource, such as a server or entire datacentre, over an extended period of time, such as several years, to consumption of a third-party operated service that may provide access to only part of a shared resource possibly contracted for on a short-term basis, such as monthly.

First uses of the term

The first uses of the term cloud computing were in the late 1990s, and in:

  • November 1996 it was coined by NetCentric, and applied as a marketing term.
  • May 1997 it was the subject of a trademark application (which was not approved).
  • October 1997 it was discussed in an academic conference, and described as a new “paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits”.
  • November 1997, the first newspaper article on the subject was published.

Widespread adoption

Whilst there were earlier services, cloud computing started to gain widespread use from 2007.

Google Docs was launched in 2006, and it went mainstream in 2007. Also in 2007, Amazon, IBM and Microsoft started calling their Internet-based offerings cloud computing.

Google Trends shows cloud computing taking off as a search term in 2007, and as a news item in 2008.

Precursor technologies

There are many technologies that were in use before cloud computing, and that are either essential for its implementation, or that have some of the same characteristics.


In IT, anything that is virtual does not exist as such, but is made to appear to exist through the use of software. Of course, this software runs on real computers that do actually exist, but the use of virtualisation techniques can make a relatively small computer appear to have a very large capacity, so that it can be shared by many concurrent activities. It has been available since the 1960s, when multi-user computers needed to provide a virtual memory to each process, so that they could share a relatively small real memory. Full virtualization of complete servers has been in use since the late 1960s.

Cloud computing uses virtualisation to implement independent virtual servers, with their own storage and software. For example, one of these, or even a network of them, can be made available to each of the many tenants of a public cloud, using a much smaller collection of real servers, or possibly only one server. This sharing of one server, or a small number, among very many virtual servers that each support their own tenants is one reason that cloud computing is advantageous, because there are economies of scale. It also enables flexible scaling and agile provisioning, since another virtual server can be made available instantly, because it can be done automatically, without necessarily purchasing any more equipment.


Timesharing, which originated in the 1960s, and which became a prominent computing model in the 1970s, involved sharing the resources of a mainframe computer among many concurrent users.

In the 1960s and 1970s, companies began to operate service bureaus that provided timesharing access for a fee.

Client-server computing

The client-server model of computing, which originated in the 1970s, is a type of distributed computing that separates out the:

  • Access points, called clients, which are used by only one person at a time, and which are therefore not shared.
  • Central servers, which supply applications and data, and which are shared among several clients that can access them at any one time.

All cloud-computing service-model examples are a development of client-server computing, and cloud datacentres contain one or more servers that are accessed via separate cloud clients. This is in contrast to P2P networks, in which all participating devices are both clients and servers, and there are some examples of these that are also part of cloud computing.

Utility computing

One typical characteristic of cloud computing is consumption as a utility, with payment only for what is used. This is similar to utility computing, which was available from the 1980s.

Originally, utility computing was not necessarily Internet accessible, and it may have involved very centralised, on-premise resources. However, later it was combined with the client-server model and then networks, and became more distributed. Later still, when combined with the Internet, it evolved into cloud computing.

The computer pioneer John McCarthy predicted in 1961 that computing would one day be delivered as a public utility.

Cluster computing

Cluster computing, which originated in the 1960s, is the use of a network of servers that are co-ordinated to achieve a common goal. It includes grid computing, which originated in the 1990s, and server farms. For example, a large organisation may provide its email service using a server farm consisting of several computers each of which deals with email addresses beginning with a few letters of the alphabet, such as one for all addresses beginning with “a”, “b” or “c”, and another for addresses beginning with “d”, “e” or “f”, and so on through the alphabet.

The use of multiple servers has advantages over an equivalently powerful single computer:

  • Fault tolerance: If there is an outage of one server, it may only lead to a partial degradation of service for some users, as opposed to an outage of one much larger computer, which could lead to a total degradation for all users.
  • Redundancy: Extra, standby servers can be included for failover in exceptional circumstances.
  • Load balancing: Further servers can be added at any time to cope with increased demand, without disturbing the other servers.
  • Cost: Purchasing many midrange computers can be more cost-effective than purchasing one large mainframe.

For these reasons, cloud datacentres can contain a cluster of servers, and each one of these may be able to support many virtual servers so as to allow for flexible scaling and easy provisioning.

Autonomic computing

Autonomic computing, which originated in 2001, is computing carried out by self-managed systems that can autonomously and automatically react to changing circumstances. For example, they can be self-repairing when there are outages, or they can be self-adjusting in reaction to changing demand from users.

Autonomic computing techniques are used to implement cloud computing because it is advantageous for resources to self-adjust in some circumstances. For example, cloud bursting is an application of this type of computing.

Long-term trends

Computer access

Since the adoption of computers during the 1950s, users have become more-and-more physically removed from their IT resources, and cloud computing is a further step in this trend.

Originally, users were required to visit a special room one at a time to use the computer, and one motivation for changing this situation was to enable more people to have concurrent use of computer resources.

This began with the advent of batch operating systems. With these systems, users would take their data on punched cards to the computer room, where they would be fed into the computer by a specialist computer operator, for a batch of different users all at the same time. The users would not be able to access the computer directly themselves. This was followed by multi-user operating systems, which were accessed via directly connected terminals not necessarily in the computer room, and then networks, where access to the computer would be via intermediate switching devices so that the users and the computers could be in separate places, including in different buildings.

The Internet, short for inter-networks, developed out of these networks to enable users to be in one place, and their IT resources to be in any other place in the world. Also, users could access their resources from any location with Internet access, not just a computer terminal in their office.

IT acquisition and management

There has been a long-term trend in IT acquisition and management away from outright purchase and self hosting of IT equipment, and cloud computing is part of this trend.

A major step before cloud computing was outsourcing, and the use of vendor hosting or third-party hosting, rather than self hosting. Originally, the equipment would be on the user’s premises, but with networks, the hosting could be in a different location, and then with the Internet there was even greater flexibility as to where resources could be hosted.

Resource sharing

Originally, any increase in the size of IT resources required the purchase, delivery and installation of extra hardware, which could involve a long delay. Because of this delay, resources were sometimes sized so as to cope with spikes, which meant purchasing a larger than normally required system, and so, since spikes may not occur frequently, if at all, the resources were very often under-utilised, and this was financially wasteful.

For this reason, there has been a trend in IT away from a static, fixed size of infrastructure to systems that can be shared and that can scale to cater for changing circumstances, such as extra users, more flexibly. Cloud computing is a further step in this trend.

One of the first developments was the use of virtualisation, and the advantage of this technology is the ability to provision new virtual servers easily, without purchasing new equipment. This allows new users to share the resources. Other developments included:

  • Pooling all of a large organisation’s IT resources in a data centre, rather than housing them in different departments. This made resource sharing easier.
  • Utility computing, where users have access only to part of a shared resource, and where the size of their share can be easily changed.

Cloud Computing Layers

Get StartedFree Consultation


As the cloud computing model gains in popularity it is important to understand the service layers that define it. Like the seven layer OSI model for networking, each layer of the cloud computing model exists conceptually on the foundation of the previous layers.

Within this model, there are three different service layers that are used to specify what is being provisioned, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Additionally, there are three further layers that are not provided as user services. The Hardware Layer and the Virtualization Layer are owned and operated of the cloud services provider while the Client Layer is supplied by the end users.

The Hardware Layer

The hardware layer is sometimes referred to as the server layer. It represents the physical hardware that provides actual resources that make up the cloud. Since, by definition, cloud computing users do not specify the hardware used to provide services, this is the least important layer of the cloud. Often, hardware resources are inexpensive and are not fault tolerant. Redundancy is achieved simply by utilizing multiple hardware platforms while fault tolerance is provided at other layers so that any hardware failure is not noticed by the users.

The Virtualization Layer

Often referred to as the infrastructure layer, the virtualization layer is the result of various operating systems being installed as virtual machines. Much of the scalability and flexibility of the cloud computing model is derived by the inherent ability of virtual machines to be created and deleted at will.

Infrastructure as a Service (IaaS)

The infrastructure layer builds on the virtualization layer by offering the virtual machines as a service to users. Instead of purchasing servers or even hosted services, IaaS customers can create and remove virtual machines and network them together at will. Clients are billed for infrastructure services based on what resources are consumed. This eliminates the need to procure and operate physical servers, data storage systems, or networking resources.

Platform as a Service (PaaS)

The platform layer rests on the infrastructure layer’s virtual machines. At this layer customers do not manage their virtual machines, they merely create applications within an existing API or programing language. There is no need to manage an operating system, let alone the underlying hardware and virtualization layers. Clients merely create their own programs which are hosted by the platform services they are paying for.

Software as a Service (SaaS)

Services at the software level consist of complete applications that do not require development. Such applications can be email, customer relationship management, and other office productivity applications. Enterprise services can be billed monthly or by usage, while software as service offered directly to consumers, such as email, is often provided for free.

The Client Layer

While this layer is not a cloud computing service, it is an essential part of the model. The client layer acts as the user interface to which cloud computing services are delivered. Client layer hardware can include personal computers, web browsers, mobile devices, and even telephones.


One of the beauties of the cloud computing model is the simplicity with which they are presented to the end users. At the same time, the cloud computing model actually consists of a complex series of interconnected layers. Understanding these layers is essential to any organization that wishes to utilize cloud computing services in the most efficient manner.

Cloud Computing Applications

The applications of cloud computing are practically limitless. With the right middleware, a cloud computing system could execute all the programs a normal computer could run. Potentially, everything from generic word processing software to customized computer programs designed for a specific company could work on a cloud computing system.

Why would anyone want to rely on another computer system to run programs and store data? Here are just a few reasons:

  • Clients would be able to access their applications and data from anywhere at any time. They could access the cloud computing system using any computer linked to the Internet. Data wouldn’t be confined to a hard drive on one user’s computer or even a corporation’s internal network.
  • It could bring hardware costs down. Cloud computing systems would reduce the need for advanced hardware on the client side. You wouldn’t need to buy the fastest computer with the most memory, because the cloud system would take care of those needs for you. Instead, you could buy an inexpensive computer terminal. The terminal could include a monitor, input devices like a keyboard and mouse and just enough processing power to run the middleware necessary to connect to the cloud system. You wouldn’t need a large hard drive because you’d store all your information on a remote computer.
  • Corporations that rely on computers have to make sure they have the right software in place to achieve goals. Cloud computing systems give these organizations company-wide access to computer applications. The companies don’t have to buy a set of software or software licenses for every employee. Instead, the company could pay a metered fee to a cloud computing company.
  • Servers and digital storage devices take up space. Some companies rent physical space to store servers and databases because they don’t have it available on site. Cloud computing gives these companies the option of storing data on someone else’s hardware, removing the need for physical space on the front end.
  • Corporations might save money on IT support. Streamlined hardware would, in theory, have fewer problems than a network of heterogeneous machines and operating systems.
  • If the cloud computing system’s back end is a grid computing system, then the client could take advantage of the entire network’s processing power. Often, scientists and researchers work with calculations so complex that it would take years for individual computers to complete them. On a grid computing system, the client could send the calculation to the cloud for processing. The cloud system would tap into the processing power of all available computers on the back end, significantly speeding up the calculation.

While the benefits of cloud computing seem convincing, are there any potential problems?


Cloud computing has been called, among many different things, “platform as a service.” This specific name represents the fact that, to the user or developer, a cloud computing service looks like a “virtual system” on which applications are developed or run. Some platforms support only public cloud computing service use, others support only the creation of private clouds and a few support a mix of both.

Those who develop for, or deploy applications on, cloud computing resources both public and private may have to make a decision on which specific cloud computing platform to use. The wrong choice could negatively impact everyone involved, so it’s important to look at the choices carefully and consider short- and long-term issues in your decision.

Here are the key cloud architectures available today:

  • Amazon’s Elastic Compute Cloud, or EC2, is probably the most generalized and best-known of the cloud computing service offerings.
  • IBM Computing on Demand or Blue Cloud is a highly enterprise-focused cloud computing offering that, because it is related to and built with the same technology sold to enterprises, can cross over between public and private cloud applications.
  • Microsoft’s Azure cloud computing, based on Microsoft Vista and .NET technology, includes both cloud computing and cloud-hosted extension.

What is Cloud Computing Infrastructure?

  • While the term cloud computing has only come into popularity recently, it is used to describe a business practice that has been alive and well in the IT world for some time, especially when it comes to cloud computing infrastructure. While cloud computing sounds pretty nebulous, it is basically just a blanket term that covers any abstracted computer infrastructure managed by a third party that can host business applications which are billed based on consumption. This is radically different from the traditional method of IT resources in which a business needed to purchase all of its own hardware and software, as well as employ a team of IT professionals to keep it running and up to date. Let’s take a closer look at how cloud computing provides infrastructure solutions for businesses, especially when it comes to customer relationship management (CRM).
  • A classic example of cloud computing infrastructure comes in the example of cloud hosting. When a small business launches a successful website, it’s always thrilling to watch the visitor count climb and climb. However, the more customers visit and interact with the website and each other, the more pressure there is on the website’s server. It used to be that a website manager needed to buy or rent additional servers as quickly as possible before their visitors. If not, then the website might face diminishing returns as the site becomes bogged down by its own success and visitors quickly migrate elsewhere. This typically critical CRM problem for small to mid-sized businesses was solved by cloud hosting.
  • Cloud hosting is a type of cloud computing infrastructure in which a company or website manager purchases access to servers much like a resident pays for access to water and electricity. Just like those utilities, a user only needs to pay for the servers that they need while they need them. For instance, if a site that usually just goes through cloud hosting for one or two servers gets a sudden boost in traffic, the site manager can simply log in to his cloud hosting account and arrange for instant access to more servers. Once the traffic goes back to normal, he can adjust the requested servers so that he is just being billed for what he normally needs again. This all occurs behind the scenes of a growing website, where the increasing volume of customers and visitors notice no difference in speed or quality on the site, thanks to the flexibility that cloud computing provides.
  • This is but one example of the infrastructure as a service (IaaS) concept that is at the heart of cloud computing infrastructure. Gone are the days of every company big and small needing to purchase servers, office space, software and more just to have basic computer infrastructure. Instead, a business can get the majority of their computer infrastructure needs through utility computing that can address all of your computer hardware, networks and platforms off site. Cloud computing infrastructure is also dynamically scalable, allowing a business to make use of infrastructure resources for a wide range of capabilities. The cost of these resources is almost always both affordable and predictable, as all of the resources that are available typically have a fixed price associated with them driven by market demand.
  • Naturally, the savings garnered from cloud computing infrastructure as opposed to the traditional methods are substantial. Rather than purchasing expensive equipment, leasing space solely to store data centers and gobbling up your IT department’s man power, nearly all of your infrastructure needs can be met in one bill. With the scalability and customization available to cloud computing users, a business can pick and choose exactly what they need for their operation: no more, no less. With a solid computer infrastructure that you can tweak to meet the demands of your employees and customers, cloud computing allows you to make real time adaptations to you system that can address CRM concerns as soon as they arise.

Cloud Deployment Models – Private, Community, Public, Hybrid

How are Cloud Computing Solutions deployed? What are the general implications for different deployment options? A couple of months back I wrote about Cloud Service Models – Which one is for you? This post will cover another basic of Cloud Computing, popularly known as Cloud Deployment Models.

The content of this post is based on the recommendations of the National Institute of Standards and Technology (NIST) – Special Publication 800-146. The credit for the images used in this article goes to NISTSpecial Publication 800-146. Please check references for details. This document is not subject to copyright.

Following are the four types of Cloud Deployment Models identified by NIST.

  • Private cloud
  • Community cloud
  • Public cloud
  • Hybrid cloud

Private Cloud

The cloud infrastructure is operated solely for an organization.    —NIST

Contrary to popular belief, private cloud may exist off premises and can be managed by a third party. Thus, two private cloud scenarios exist, as follows:

  • On-site Private Cloud
    • Applies to private clouds implemented at a customer’s premises.
  • Outsourced Private Cloud
    • Applies to private clouds where the server side is outsourced to a hosting company.

Examples of Private Cloud:

  • Eucalyptus
  • Ubuntu Enterprise Cloud – UEC (powered by Eucalyptus)
  • Amazon VPC (Virtual Private Cloud)
  • VMware Cloud Infrastructure Suite
  • Microsoft ECI data center.

Community Cloud

The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).  Government departments, universities, central banks etc. often find this type of cloud useful. Community cloud also has two possible scenarios:

  • On-site Community Cloud Scenario
    • Applies to community clouds implemented on the premises of
      the customers composing a community cloud
  • Outsourced Community Cloud
    • Applies to community clouds where the server side is
      outsourced to a hosting company.

Examples of Community Cloud:

  • Google Apps for Government
  • Microsoft Government Community Cloud

Public Cloud

The most ubiquitous, and almost a synonym for, cloud computing. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Examples of Public Cloud:

  • Google App Engine
  • Microsoft Windows Azure
  • IBM Smart Cloud
  • Amazon EC2

Hybrid Cloud

The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

Examples of Hybrid Cloud:

  • Windows Azure (capable of Hybrid Cloud)
  • VMware vCloud (Hybrid Cloud Services)

Cloud Deployment Implications

Irrespective of the deployment model, in general any organization opting for cloud must consider the following implications:

Network Dependency –  Whether you choose, on-site or off-shore, a reliable and secure network is highly desirable for good performance.

Subscribers still need IT skills – You can’t just offer a pink-slip to all your IT resources. To manage various user devices that access cloud, resources with traditional IT skills are required, though in lesser number. Additionally, your existing resources may need to update themselves with new skills for working in cloud.

Risk from multi-tenancy On-site private cloud mitigates this security risk by restricting the number of possible attackers as all the clients are typically the members of one subscriber organization. In a public cloud scenario, a single machine may be shared by the workloads of any combination of subscribers. This indeed raises the security risk as the number of potential attackers increases with number of subscribers. Therefore we can safely conclude that risk due to multi-tenancy increases in an order which can be stated as Private, Community, Hybrid, Public cloud.

Data import/export and performance limitations – Generally the on-demand bulk data import/export is limited by the cloud’s network capacity. In the on-site
private cloud scenario, however, these limits may be adjusted, although not eliminated, by provisioning high-performance and/or high-reliability networking within the subscriber’s infrastructure.

Workloads Locations – Workloads refers to managing hardware resources efficiently. Generally, cloud migrates workloads between machines without any inconvenience to the clients, i.e., it’s hidden from the client. Generally, the cloud vendors take care of this but you must explicitly check with your vendor if it manages the resources efficiently.

The implications described here are general in nature. Before making any decision in favor of a specific deployment model, study the detailed implications of that particular deployment model. For details, please check the reference section.



The cloud model has been criticised by privacy advocates for the greater ease in which the companies hosting the cloud services control, thus, can monitor at will, lawfully or unlawfully, the communication and data stored between the user and the host company. Instances such as the secret NSA program, working with AT&T, and Verizon, which recorded over 10 million phone calls between American citizens, causes uncertainty among privacy advocates, and the greater powers it gives to telecommunication companies to monitor user activity. Using a cloud service provider (CSP) can complicate privacy of data because of the extent to which virtualization for cloud processing (virtual machines) and cloud storage are used to implement cloud service. The point is that because of CSP operations, customer or tenant data may not remain on the same system, or in the same data center or even within the same provider’s cloud. This can lead to legal concerns over jurisdiction. While there have been efforts (such as US-EU Safe Harbor) to “harmonise” the legal environment, providers such as Amazon still cater to major markets (typically the United States and the European Union) by deploying local infrastructure and allowing customers to select “availability zones.Cloud computing poses privacy concerns because the service provider at any point in time, may access the data that is on the cloud. They could accidentally or deliberately alter or even delete some info.


In order to obtain compliance with regulations including FISMA, HIPAA, and SOX in the United States, the Data Protection Directive in the EU and the credit card industry’s PCI DSS, users may have to adopt community or hybrid deployment modes that are typically more expensive and may offer restricted benefits. This is how Google is able to “manage and meet additional government policy requirements beyond FISMA and Rackspace Cloud or QubeSpace are able to claim PCI compliance.

Many providers also obtain a SAS 70 Type II audit, but this has been criticised on the grounds that the hand-picked set of goals and standards determined by the auditor and the auditee are often not disclosed and can vary widely. Providers typically make this information available on request, under non-disclosure agreement.

Customers in the EU contracting with cloud providers established outside the EU/EEA have to adhere to the EU regulations on export of personal data.

U.S. Federal Agencies have been directed by the Office of Management and Budget to use a process called FedRAMP (Federal Risk and Authorization Management Program) to assess and authorize cloud products and services. Federal CIO Steven VanRoekel issued a memorandum to federal agency Chief Information Officers on December 8, 2011 defining how federal agencies should use FedRAMP. FedRAMP consists of a subset of NIST Special Publication 800-53 security controls specifically selected to provide protection in cloud environments. A subset has been defined for the FIPS 199 low categorization and the FIPS 199 moderate categorization. The FedRAMP program has also established a Joint Acceditation Board (JAB) consisting of Chief Information Officers from DoD, DHS and GSA. The JAB is responsible for establishing accreditation standards for 3rd party organizations who will perform the assessments of cloud solutions. The JAB will also review authorization packages and may grant provisional authorization (to operate). The federal agency consuming the service will still have the final responsibility for final authority to operate.


As can be expected with any revolutionary change in the landscape of global computing, certain legal issues arise; everything from trademark infringement, security concerns to the sharing of propriety data resources.

Open source

See also: Category:Free software for cloud computing

Open-source software has provided the foundation for many cloud computing implementations, one prominent example being the Hadoop framework. In November 2007, the Free Software Foundation released the Affero General Public License, a version of GPLv3 intended to close a perceived legal loophole associated with free software designed to be run over a network.

Open standards

See also: Category: Cloud standards

Most cloud providers expose APIs that are typically well-documented (often under a Creative Commons license) but also unique to their implementation and thus not interoperable. Some vendors have adopted others’ APIs and there are a number of open standards under development, with a view to delivering interoperability and portability.


Main article: Cloud computing security

As cloud computing is achieving increased popularity, concerns are being voiced about the security issues introduced through adoption of this new model. The effectiveness and efficiency of traditional protection mechanisms are being reconsidered as the characteristics of this innovative deployment model can differ widely from those of traditional architectures. An alternative perspective on the topic of cloud security is that this is but another, although quite broad, case of “applied security” and that similar security principles that apply in shared multi-user mainframe security models apply with cloud security.

The relative security of cloud computing services is a contentious issue that may be delaying its adoption. Physical control of the Private Cloud equipment is more secure than having the equipment off site and under someone else’s control. Physical control and the ability to visually inspect the data links and access ports is required in order to ensure data links are not compromised. Issues barring the adoption of cloud computing are due in large part to the private and public sectors’ unease surrounding the external management of security-based services. It is the very nature of cloud computing-based services, private or public, that promote external management of provided services. This delivers great incentive to cloud computing service providers to prioritize building and maintaining strong management of secure services. Security issues have been categorised into sensitive data access, data segregation, privacy, bug exploitation, recovery, accountability, malicious insiders, management console security, account control, and multi-tenancy issues. Solutions to various cloud security issues vary, from cryptography, particularly public key infrastructure (PKI), to use of multiple cloud providers, standardisation of APIs, and improving virtual machine support and legal support.

Cloud computing offers many benefits, but it also is vulnerable to threats. As the use of cloud computing increase, it is highly likely that more criminals will try to find new ways exploit vulnerabilities in the system. There many underlying challenges and risks in cloud computing that increase the threat of data being compromised. To help mitigate the threat, cloud computing stakeholders should invest heavily in risk assessment to ensure that system encrypts to protect data; establish trusted foundation to secure the platform and infrastructure; and build higher assurance into auditing to strengthen compliance. Security concerns must be addressed in order to establish trust in Cloud computing technology.


Although cloud computing is often assumed to be a form of “green computing“, there is no published study to substantiate this assumption. Citing the servers affects the environmental effects of cloud computing. In areas where climate favors natural cooling and renewable electricity is readily available, the environmental effects will be more moderate. (The same holds true for “traditional” data centers.) Thus countries with favorable conditions, such as Finland, Sweden and Switzerland, are trying to attract cloud computing data centers. Energy efficiency in cloud computing can result from energy-aware scheduling and server consolidation. However, in the case of distributed clouds over data centers with different source of energies including renewable source of energies, a small compromise on energy consumption reduction could result in high carbon footprint reduction.


As with privately purchased hardware, customers can purchase the services of cloud computing for nefarious purposes. This includes password cracking and launching attacks using the purchased services. In 2009, a banking trojan illegally used the popular Amazon service as a command and control channel that issued software updates and malicious instructions to PCs that were infected by the malware.

Glossary: Cloud Computing

Cloud Computing Glossary

Advertising-based pricing model : A pricing model wherein cloud services are offered to users at low or no cost, with the service provider being compensated by advertisers whose ads are delivered to the user along with the service.  Google

CDN:Content delivery network- a system consisting of multiple computers that contain copies of data which are located in different places on the network so clients can access the copy nearest to them

Cloud: A Metaphor used for global network. Historically it was first used in reference to the telephone network and currently commonly used to represent the Internet.:

Cloud broker:A service/entity that creates and maintains relationship with multiple cloud service providers.  It acts as a liaison between cloud service users and cloud service providers, selecting the best provider for each user monitoring the service.

Cloud operating system

A computer operating system that is designed specially to run in a service provider’s datacenter and be delivered to the user over the Internet


  1. Microsoft Azure is a cloud operating system that runs on windows server 2008.
  2. Google Chrome which refers to cloud-based client operating client based operating system

Cloud oriented architecture

An architecture where applications act as services in the cloud and serve other applications in the cloud environment

Cloud portability

The ability to move application and data from one cloud service provider to another

Cloud provider

A company that provides cloud-based platform, infrastructure, applications, or storage service to other organizations and individuals. The provision is usually for fee.

Cloud storage

A service that allows users to save data by transferring it over to the Internet or another network to an offsite system maintained by a third party

Cloud sourcing

Replacing traditional IT services with cloud services

Cloud storming

Connecting multiple cloud computing environments


Software that enables creating, deploying, running, or managing applications in the cloud


  1. A group of linked computers that work together as a unified resource, for high availability and / or load balancing
  2. Cluster computing: Cluster computing is a form of distributed computing in which resource allocation is performed by a centralized resource manager and all nodes co-operatively work together as a single unified resource.

Consumption-based pricing model

A pricing model whereby the service provider charges its consumers based on the amount of the service the user consumes, rather than time-based fee. For example, a cloud storage provider might charge per GB of information stored.

Tata example

Customer self-service

A feature that allows customers to provision, manage, and terminate service themselves , without involving the service provider, via a web interface or programmatic calls to service ie APIs

Elastic computing

The ability to dynamically provision and de-provision processing, memory, and storage resources to meet demands of peak usage without worrying about capacity planning and engineering for peak usage

External cloud

Public cloud services that are provided for outside users

Grid Computing

The Grid is a type of parallel and distributed computing system (peer-to-peer computing) that enables the sharing, selection, and aggregation of geographically distributed autonomous resources (nodes)  dynamically at runtime depending on their availability, capability, performance, cost and user’s quality-of-service requirements. In Grid computing, each node has its own resource manager, providing a single system view. Autonomous resources in grid computing may span across single or multiple organizations. Grid aims at exploiting synergies that result-from cooperation – ability to share and aggregate distributed computational capabilities.


Hardware as a service

Hosted application

An Internet- based or web-based application software program that runs on a remote server and can be accessed via an Internet-connected PC or thin client

Hybrid cloud

A networking environment that includes multiple integrated internal and or public clouds


Infrastructure as a service also known as IaaS. It is one of three service models in cloud computing. In IaaS- cloud infrastructure services, where by a virtualized environment is delivered as a service over the Internet by the provider. The Infrastructure can include servers, network equipment, and software

Internal Cloud

A type of private cloud whose services are provided by an IT department to those in its own organization

Mash up

A web-based application that combines data and / or functionality from multiple sources



Software that sits between applications and operating system, consisting of set of services that enable interoperability in support of distributed architecture by passing data between applications.  So, for example , the data in database can be accessed through another database

On-demand service

A model by which a customer can purchase cloud services as needed; for instance if customers need to utilize additional servers for the duration of a project, they can do so and then drop back to the previous level after the project is completed.


Platform as a service- Cloud platform services, whereby the computing platform ( operating system and associated services) is delivered as a service over the Internet by the provider

Pay as you go

A cost model for cloud services that encompasses both subscription-based and consumption-based models, in contrast to traditional IT cost model that requires up-front capital expenditures for hardware and software.

Private cloud

Service offered over the Internet or even over a private internal network to only select users, not available to the general public

Public Cloud

Public cloud services offered over the public Internet and available to anyone who wants to purchase the service


Software as a service- cloud applications service, whereby applications are delivered over the Internet by the provider, so that the applications don’t have to be purchased, installed, and run on the customer’s computers. SaaS providers were earlier known as ASP (application service providers)

Service migration

The act of moving from one cloud service or vendor to another

Service provider

The company or organization that provides a public or private cloud service


Service level agreement – A contractual agreement by which a service provider defines the level of service, responsibilities , priorities , and guarantees regarding availability , performance, and other aspects of the service

Subscription-based pricing model

A service pricing model that lets customers pay a fee to use the service for a particular time period, often used for SaaS services

Utility computing

Online computing or storage sold as a metered commercial service in a way similar to public utility

Vendor lock-in

Dependency on the particular cloud vendor and difficulty moving from one cloud vendor to another due to lack of standardized protocols, APIs, data structures (schema), and service models

Vertical cloud

A Cloud computing environment that is optimized for use in a particular industry, such as health care or education or financial service

Virtual private data centre

Resource grouped according to specific business objective


Opposite views on cloud computing

Some experts and vendors define cloud computing narrowly as an updated version of utility computing: essentially virtual servers available over the Internet.

Other defines cloud computing broadly saying that any thing we consume outside the firewall is in the cloud, including conventional outsourcing.

Variety of cloud computing

There are many patterns, or categories, in the world of cloud computing that individuals and institutions can use to meet the needs of enterprise architecture. Some solve specific problems such as security-as-a-service or testing as a service, and some provide complete platform, such as Plat-form-as a service or infrastructure as a service. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet , which extends IT’s existing capabilities

Currently cloud computing is an early stage , with diverse crew of providers, large and small , delivering a slew of services , from full blown applications to storage services to spam filtering.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s