NIST Definition v15… Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models , and four deployment models .
Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.
Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
Hybrid cloud . The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).
Service Models (NIST)
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS) . The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).
Evolution Over The Years Adoption Time 1961 John McCarthy proposed 'computer time-sharing technology' to be sold through utility business model (like electricity) in a lecture at MIT Mid 90’s
ASP (Application Service Provider) model with single tenant hosting of applications
SaaS (Software as a Service) model with multi-tenant hosting of applications
Cloud Computing with pay as you go model, leveraging virtualization for data center efficiencies and faster networks
Cloud computing is an amalgam of mostly existing technologies and services
Some use models, coupled with scope of availability and ease of use are part of what’s new
The access and availability of computing, storage and applications enables individual users to be content creators, publishers and application developers.
Further developments and roles are expanding in new and innovative ways.
Are existing regulatory paradigms relevant or applicable?
Virtualization Virtualization is “separating the computing workload from the hardware.”* Once computers have become more or less disembodied, all sorts of possibilities open up. Virtual machines … can be moved around while running, perhaps to concentrate them on one server to save energy. They can have an identical twin which takes over should the original fail. And they can be sold prepackaged as “virtual appliances”…eventually to turn a data centre—or even several of them—into a single pool of computing, storage and networking resources that can be allocated as needed. The Economist: Special Report – Where the Cloud Meets the Ground ; Oct 23, 2008 *Quoting Paul Maritz of VMware
Cloud Computing Architecture Web Services Commodity Hardware Virtual Machines Dynamic Application Provisioning CRM Database BI Email Virtualization Layer
Cloud Computing – Benefits
Reduce capital expenditures
Low barrier to entry
Cost-effective – Pay for what you use
Acquire resources on demand
Release resources when not needed
Virtually infinite compute and storage resources
Turn Organization’s fixed cost into variable cost
May improve security
Patch management/professionally managed services
Cloud Computing Vs. Traditional Hosting – Key Differences Less transparent, less direct control More transparent, more control Physical Deployment Architecture Minutes Weeks/Months Deployment Cycle Slow for part-cloud, part-outside applications Fast for fully cloud based applications Fast Application Performance Internet Dedicated link/VPN Application Owner Connectivity Fast to scale (up or down) Slow to scale Flexibility Pay per use, low Relatively fixed, high Total Cost Minutes Weeks/Months Procurement Cycle Cloud Computing Traditional Hosting Aspect
Where is my information?
Who controls it?
Who has access?
How is being used?
Who is it being shared with?
Who is looking out for my interests?
Cloud computing – operational concerns: the back end
Less by design and more by inertia…
Role of open standards
Cloud computing – legal concerns
International data transfers
Lawful access issues
Data breach notification laws
Data retention laws
Jurisdiction/Conflict of Laws
Cloud computing – contractual concerns
All of the operational/legal issues plus -
Limitation of liability issues
Notice/ consent for transfer, where applicable
Extended corporate controls
Good security/privacy policies, practices and controls*