Cloud Computing

What is Cloud Computing?

It is the on-demand delivery of processing (compute) power, database, storage, applications, and other IT resources over the internet.
Cloud Service Providers (CSPs) enable users (and organizations) to store and access files and applications on remote servers via the internet, enabling location-independent access and supporting remote work.

Cloud Deployment Models

Public Cloud

Fully deploy services, storage, and applications on remote servers.
These can be either developed to run in the cloud or migrated from existing on-premise infrastructure.
Examples of public CSPs include Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM Cloud, and Alibaba Cloud.

Private Cloud

Organizations deploy computing resources within local data centers (on-premise).
These resources are only accessible over a private network and by specific individuals, devices, and business partners.
The main difference between legacy and private cloud data centers is the use of virtualization and management tools to improve resource utilization.

Community Cloud

Several organizations (from a specific industry or community) with shared requirements (security, compliance, jurisdiction, etc.) deploy and manage shared IT computing infrastructure.
These can be on- or off-premise and are governed by the member organizations or a third-party managed service provider.

Hybrid Cloud

It is simply a combination of public and private cloud services.
Usually implemented to extend and grow an organization’s infrastructure into the cloud while connecting cloud resources to internal systems.

Additional Cloud Deployment Models

Multi-Cloud: combines workloads across multiple cloud vendors, managed via one proprietary interface.
Distributed Cloud:
- A centralized cloud environment comprises geographically distributed public or private clouds controlled from a single interface.
- By distributing resources, organizations can reduce latency for users, improve performance, and enhance resilience.
Poly Cloud:
- Uses multiple public CSPs, each offering different specialized services, to optimize for specific workloads and business objectives.
- It focuses on portability and vendor flexibility by leveraging the strengths of individual cloud providers.

Types of Cloud Computing

There are four main types of cloud computing services provided:

Infrastructure as a Service (IaaS):
- The most basic of cloud services that grants the highest level of customization and control to the customer.
- Customers can manage the underlying infrastructure - operating systems, storage, deployed applications, and, to an extent, selected network components (such as firewalls).
- Customers avoid buying expensive software licenses and servers and procure these as an outsourced, on-demand service.
Platform as a Service (PaaS):
- A step above IaaS, customers control the deployed applications and possibly configurations for the application-hosting environment.
- Customers can focus on their core business functions without worrying about system resources at the operations level.
- PaaS customers are mainly developers or specific service providers, usually developing internet-delivered software and services, such as Microsoft Entra Domain Services, Salesforce, and Heroku.
Serverless Computing:
- It is a subset of PaaS that allows developers to write and deploy code without managing the underlying server infrastructure.
- CSPs handle the setup, capacity planning, and server management, while customers focus on code.
- It is highly scalable and event-driven, only using resources when a specific function or trigger occurs.
- Serverless computing should not be confused with Containers, which are self-contained units that enclose the application and all other elements it needs to run properly.
- Containers will take seconds to deploy, but serverless deployments will take milliseconds.
Software as a Service (SaaS):
- CSPs are entirely responsible for maintaining the systems, patches, and operations of core components, including network security and system licensing.
- In a turnkey operation, customers are provided with fully functional applications and services with limited control over user-specific application settings.

Additional Types of Cloud Computing

Identity-as-a-Service (IDaaS): This type of service implements authentication services for subscribed companies and is managed by a third party to provide Identity and Access Management (IAM) services, including SSO, MFA, and Identity Governance and Administration (IGA). Examples include OneLogin, Centrify Identity Service, Microsoft Entra ID, and Okta.
Security-as-a-Service (SECaaS): Provides penetration testing, authentication, intrusion detection, anti-malware, security incident, and event management services. Examples include eSentire MDR, Switchfast Technologies, OneNeck IT Solutions, and Foundstone Managed Security Services.
Container-as-a-Service (CaaS): This service offers container virtualization engines and containers, applications, and cluster management. Examples include Amazon EC2 and Google Kubernetes Engine (GKE).
Function-as-a-Service (FaaS): A specific type of serverless computing that focuses on executing code in small, modular pieces (functions) in response to events or requests. Examples - AWS Lambda, Google Cloud Functions, Microsoft Azure Functions, and Oracle Functions.
Firewall-as-a-Service (FWaaS): A cloud computing service that protects users and organizations from internal and external threats by filtering the network traffic - packet filtering, network analysis, and IPSec. Examples include Zscaler Cloud Firewall, SecurityHQ, Secucloud, Cisco Meraki, and Sophos.
Desktop-as-a-Service (DaaS): This service offers subscribers on-demand virtual desktops and apps as a multi-tenancy subscription. Examples include Amazon Workspaces, Citrix Managed Desktops, and Azure Windows Virtual Desktop.

Shared Responsibility Model

The organization that owns a local, on-premise data center is solely responsible for managing and maintaining its physical space, physical and digital security, cooling, maintenance, replacement, upgrades, and updates.
Depending on the cloud computing type, the CSP and customer share these responsibilities:
- IaaS: The CSP is only responsible for the basics, such as physical security, electrical power, and network connectivity, while the customer is responsible for everything else.
- SaaS: The CSP is responsible for everything except data (ingested, processed, and stored), devices accessing the cloud services, and account identity and security.
- PaaS: Evenly distributes the responsibility between the CSP and the customer.
However, the responsibility may also depend on the deployment details:
- Suppose the customer is using a cloud SQL database. In that case, the CPS is responsible for the actual database maintenance, and the customer is responsible for the data ingested and who can access the database.
- Suppose the customer deploys a virtual machine/server and installs an SQL database. In that case, they are responsible for the database’s maintenance—patches, updates, and security—and the data’s security.

Characteristics of Cloud Computing

On-demand self-service
- Services and resources are requested, provisioned, and used by the customer, usually via a web portal.
- As service & resource use expand or contract, billing is automatically adjusted.
- This self-service approach is integral to cloud computing's “pay-as-you-go” nature and the convergence of computing resources as a utility.
Broad network access
- All cloud resources and services are accessible over the Internet. Cloud computing is characterized by allowing heterogeneous access through various clients; services are agnostic to client access methods, such as mobile devices or desktops.
- The cloud revolution occurred concurrently with the mobile computing revolution (BYOD), making agnostic access a top priority.
Resource pooling
- Within cloud environments, there will always be a mix of applications and systems that coexist within the same set of physical and virtual resources.
- Customers add and expand their usage within the cloud, but have no control over (and have very little need to know other than regulatory requirements) where the actual services are deployed.
- Thus, customers enjoy significant cost savings through resource pooling and the economies of scale it affords.
Rapid elasticity
- In a traditional data center, businesses must build, configure, and have enough computing resources to handle projected loads at all times.
- In cloud computing, services are decoupled from hardware and can be rapidly expanded whenever additional resources are needed.
Metered service
- CSPs track and log resource usage for billing and utilisation reporting.
- This ‘metering’ uses different aspects of the system—storage, network, memory, processing, number of users, nodes, or virtual machines.
- In addition to billing customers, these metrics can be used to monitor, limit resource utilisation, set thresholds for automatic elasticity, and verify the service provider's adherence to the service level agreement (SLA).
Multitenancy
- In cloud environments, many customers can run resources and applications on the same physical hardware devices, relying on virtual and logical separation within the hosting model.
Building-Block Technologies
- Any cloud implementation at a fundamental level is composed of the same core components - processors, memory/RAM, network, and storage solutions.
- Depending on the cloud service category, customers may have varying degrees of control over or responsibility for these blocks.
Virtualization
- It joins physical computing resources and components into a seamless virtual environment where these resources are collectively shared.
- Thus, if a host system runs low on resources, virtual machines can be moved around automatically and dynamically without administrator intervention and entirely transparent to users.
- Additional hosts can be added, and the system can be seamlessly rebalanced across the infrastructure.
- Compare this to traditional data centers that require purchasing and setting up additional hardware to support increased usage.

Benefits of Cloud Computing

Swap Capital Expenditure (CapEx) for Operational Expenditure (OpEx).
- CapEx refers to the heavy investment required to set up data centres (servers, licenses, and skilled IT professionals) before using these IT resources.
- Cloud computing allows OpEx, pay only when you use computing resources, and pay only for how much you consume.
Massive Economies of Scale.
- CSPs aggregate usage from hundreds of thousands of customers, which translates to lower pay-as-you-go costs.
Stop Guessing Capacity.
- IT teams calculate system requirements and build data centres based on anticipated capacity needs. This can lead to expensive idle resources or limited system capacity.
- Cloud computing allows flexible resource utilization—access as much or as little as you need and scale up or down as required with only a few minutes' notice.
Improved Scalability.
- In cloud computing, new IT resources are only a click away, which means that IT teams reduce the time to make those resources available to customers from weeks to minutes.
- Vertical Scalability - increase/decrease the capability of resources, e.g., adding/reducing the number of CPUs or RAM assigned to a virtual machine.
- Horizontal Scalability (scaling out/in) - increase/decrease the number of resources, e.g., adding/reducing the number of virtual machines or containers.
Stop Spending Money Running and Maintaining Data Centers.
- The resources needed to set up and maintain data centers can be focused on developing core business strengths and customer satisfaction.
Go Global in Minutes.
- Organisations can deploy their services to multiple regions worldwide within a few minutes.
- CSPs set up several data centers in ‘regions’ to create ‘availability zones’ to lower latency, increase throughput, improve reliability, and improve customer experience.

Drawbacks of Cloud Computing

Limited Control.
- Particularly with SaaS and PaaS models, users have minimal control over the underlying infrastructure; they cannot access or customize the physical hardware, hypervisors, or network configurations.
- This can be problematic for organizations with specific compliance, configuration, or security needs.
Data Security and Privacy Risks. Data is stored on shared infrastructure in remote locations, often in multiple countries/jurisdictions, which introduces security concerns and risks that include unauthorized access, data breaches, and system or tool misconfigurations.
Downtime Risks. While cloud providers aim for high availability (typically 99.9% uptime), outages still happen due to hardware failures, software bugs, cyber attacks, and human error.
Vendor Lock-In. CSPs often use proprietary tools and services. If a company builds environments tailored to one provider - AWS, Azure, GCP, etc., it becomes technically and financially difficult to migrate to another provider.
Latency and Bandwidth Constraints.
- Sending data to and from a remote cloud server introduces significant delay, especially for real-time, latency-sensitive applications.
- This becomes worse with poor internet connections, long geographical distances to data centers, and congested networks.
Unexpected Costs.
- Although cloud computing is often cost-effective, poor resource management can lead to high costs.
- This can be due to unmonitored auto-scaling, idle but active resources, data egress charges, or underutilized reserved instances (look at tools like AWS Cost Explorer or Azure Cost Management).
Compliance and Legal Challenges.
- Different countries and regions have strict data sovereignty and compliance laws (e.g., the European GDPR and the USA HIPAA).
- Using a global CSP can result in data being stored or processed in non-compliant regions.

References

Public, Private, Community, and Hybrid Cloud Table: https[:]//www.researchgate.net/figure/Comparison-among-Public-Private-Hybrid-and-Community-Cloud_tbl1_270958592

Share Responsibility Diagram: https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Google Sites

Report abuse