Cloud computing has evolved from the most emerged technologies like grid computing,
virtualization, utility computing in distributed computation environment with web based
platforms. The concept of Cloud Computing came into existence in the year 1950 with
implementation of mainframe computers, accessible via thin/static clients. The cloud
computing has evolved from the concepts of grid, utility and SaaS. The development towards
cloud computing started in the late 1980s with the concept of grid computing. Grid
computing also named as On Demand Computing centers around moving a workload to the
area of the required computing assets, which are for the most part remote and are promptly
accessible for utilize. A grid is a group of servers where huge task could be separated into
smaller tasks which will be keep running in parallel frameworks. Starting here of view, a grid
could really be seen as only one virtual server and oblige applications to fit in with the grid
programming interfaces. In the 1990s, the idea of virtualization was extended beyond virtual
servers to to higher levels of abstraction. Storage and network resources, and subsequently
the virtual application, which has no specific underlying infrastructure were applied in virtual
platform. Utility Computing is a concept established by John McCarthy, who predicted
already in the late 1960s that "computation may someday be organized as a public utility". In
utility computing, clusters are presented as virtual platforms for computing with a metered
business model. Characteristics of clusters are that the computers being linked to each other
are normally distributed locally, and have the same kind of hardware and operating system.
Therefore cluster work stations are connected together and can possibly be used as a super
computer. The utility approach also known as payper-use or metered services increasingly
common in enterprise computing and is sometimes used for the consumer market for Internet
service, file sharing, web site access and other applications. More recently software as an
service (SaaS) has raised the level of virtualization to the application, with a plan of action of
charging not by the resources devoured but rather by the estimation of the application to
supporters. In 2001, IBM began autonomic computing likewise called selfrevision in which
computers can naturally rectify themselves without human mediation. For example, consider
a network of computers running a set of programs and when there is a hardware failure on
one of the computers on the network, the programs running on that computer are transferred
to other computers in the network. The following section discusses the great features exist
with cloud computing which made an end user to use this computing concept easily.
Overview Of Cloud Computing
Cloud Computing provides us means of accessing the applications as utilities over the
Internet. It allows us to create, configure, and customize the applications online.
What is Cloud?
The term Cloud refers to a Network or Internet. In other words, we can say that Cloud is
something, which is present at remote location. Cloud can provide services over public and
private networks, i.e., WAN, LAN or VPN.
Applications such as e-mail, web conferencing, customer relationship management (CRM)
execute on cloud.
Deployment Models
Service Models
Deployment models define the type of access to the cloud, i.e., how the cloud is located?
Cloud can have any of the four types of access: Public, Private, Hybrid, and Community.
The public cloud allows systems and services to be easily accessible to the general public.
Public cloud may be less secure because of its openness.
The private cloud allows systems and services to be accessible within an organization. It is
more secured because of its private nature.
The hybrid cloud is a mixture of public and private cloud, in which the critical activities are
performed using private cloud while the non-critical activities are performed using public
Service Models
Cloud computing is based on service models. These are categorized into three basic service
models which are -
Infrastructure-as–a-Service (IaaS)
Platform-as-a-Service (PaaS)
Software-as-a-Service (SaaS)
Anything-as-a-Service (XaaS) is yet another service model, which includes Network-as-a-
Service, Business-as-a-Service, Identity-as-a-Service, Database-as-a-Service or Strategy-as-
The Infrastructure-as-a-Service (IaaS) is the most basic level of service. Each of the
service models inherit the security and management mechanism from the underlying model,
as shown in the following diagram:
IaaS provides access to fundamental resources such as physical machines, virtual machines,
virtual storage, etc.
PaaS provides the runtime environment for applications, development and deployment
tools, etc.
Cloud Computing has numerous advantages. Some of them are listed below -
One can access applications as utilities, over the Internet.
One can manipulate and configure the applications online at any time.
It does not require to install a software to access or manipulate cloud application.
Cloud Computing offers online development and deployment tools, programming
runtime environment through PaaS model.
Cloud resources are available over the network in a manner that provide platform
independent access to any type of clients.
Cloud Computing offers on-demand self-service. The resources can be used without
interaction with cloud service provider.
Cloud Computing is highly cost effective because it operates at high efficiency with
optimum utilization. It just requires an Internet connection
Cloud Computing offers load balancing that makes it more reliable.
Lock In
It is very difficult for the customers to switch from one Cloud Service Provider (CSP) to
another. It results in dependency on a particular CSP for service.
Isolation Failure
This risk involves the failure of isolation mechanism that separates storage, memory, and
routing between the different tenants.
Management Interface Compromise
In case of public cloud provider, the customer management interfaces are accessible through
the Internet.
Resource Pooling
Cloud computing allows multiple tenants to share a pool of resources. One can share single
physical instance of hardware, database and basic infrastructure.
Rapid Elasticity
It is very easy to scale the resources vertically or horizontally at any time. Scaling of
resources means the ability of resources to deal with increasing or decreasing demand.
The resources being used by customers at any given point of time are automatically
Measured Service
In this service cloud provider controls and monitors all the aspects of cloud service.
Resource optimization, billing, and capacity planning etc. depend on it.
PaaS is a programming platform for developers. This platform is generated for the
programmers to create, test, run and manage the applications.
A developer can easily write the application and deploy it directly into PaaS layer.
PaaS gives the runtime environment for application development and deployment tools.
Google Apps Engine(GAE), Windows Azure, are the examples of PaaS.
Advantages of PaaS
PaaS is easier to develop. Developer can concentrate on the development and innovation
without worrying about the infrastructure.
In PaaS, developer only requires a PC and an Internet connection to start building
Disadvantages of PaaS
One developer can write the applications as per the platform provided by PaaS vendor hence
the moving the application to another PaaS vendor is a problem.
3) Infrastructure-as-a-Service (IaaS)
IaaS is a way to deliver a cloud computing infrastructure like server, storage, network and
operating system.
The customers can access these resources over cloud computing platform i.e Internet as an
on-demand service.
In IaaS, you buy complete resources rather than purchasing server, software, datacenter
space or network equipment.
IaaS was earlier called as Hardware as a Service(HaaS). It is a Cloud computing platform
based model.
HaaS differs from IaaS in the way that users have the bare hardware on which they can
deploy their own infrastructure using most appropriate software.
Advantages of IaaS
In IaaS, user can dynamically choose a CPU, memory storage configuration according to
Users can easily access the vast computing power available on IaaS Cloud platform.
Disadvantages of IaaS
IaaS cloud computing platform model is dependent on availability of Internet and
virtualization services.
There are four main cloud deployment models that differ significantly and for which most of
the companies opt: a public, private, hybrid and a community one. There are also web-based
organization systems that are not so widespread, such as virtual private, inter-cloud and
Public Cloud
The name speaks for itself, as public clouds are available to the general public and data are
created and stored on third-party servers. As server infrastructure belongs to service providers
that manage them and administer pool resources, the need for user companies to buy and
maintain their own hardware is eliminated. Provider companies offer resources as a service
on a free of charge or pay-per-use basis via the Internet connection. Users can scale them
when required.
At the same time, relying on a third party in running their infrastructure deprives users of
knowing where their information is kept and who has access to it. Often enough, public
clouds experience outages and malfunction, as in the case of the Salesforce CRM disruption
in 2016 that caused a 10-hour storage collapse.
Only a clearly defined scope of persons have access to the information kept in a private
repository, preventing the general public from using it. In light of numerous breaches, a
growing number of large corporations decided on a closed private type as it is expected to be
less risky.
Individual development
Storage and network components are customizable
High control over the corporate information
High security, privacy and reliability
The major disadvantage of the private cloud deployment model is its cost intensiveness, as it
entails considerable expenses on hardware, software and staff training. That is why this
secure flexible computing deployment model is not a choice of small to medium companies.
Also, it is especially suitable for companies that seek to safeguard their mission-critical
operations or for businesses with changing requirements.
Multiple service providers – including Amazon, IBM, Cisco, Dell and Red Hat – also build
private solutions.
Community Cloud
A community cloud deployment model resembles a private one to a large extent; the only
difference is the set of users. While a private type implies that only one company owns the
server, in the case of a community one, several organizations with similar backgrounds share
the infrastructure and related resources.
As the organizations have uniform security, privacy and performance requirements, this
multi-tenant data center architecture helps companies achieve their business-specific
objectives. That is why a community model is particularly suited for organizations that work
on joint projects. In that case, a centralized cloud facilitates project development,
management and implementation. Also, the costs are shared across all users.
Cost reduction
Improved security, privacy and reliability
Ease of data sharing and collaboration
The shortcomings are:
Our extensive expertise allows us to choose the most appropriate model that fits the bill for
your company, based on your requirements and expectations, to improve your performance
and avoid risks and security issues in the future.
Privаtе Clоud
A private сlоud infrаѕtruсturе is рrоviѕiоnеd fоr еxсluѕivе uѕе by a ѕinglе оrgаnizаtiоn
соmрriѕing multiple соnѕumеrѕ (е.g., buѕinеѕѕ units). It mау bе оwnеd, mаnаgеd, аnd
operated bу the оrgаnizаtiоn, a third раrtу, оr ѕоmе соmbinаtiоn of thеm, аnd it mау еxiѕt оn
оr оff premises
In gеnеrаl, federal аgеnсiеѕ and departments орt for рrivаtе clouds whеn sensitive оr miѕѕiоn-
сritiсаl infоrmаtiоn are invоlvеd. The private cloud аllоwѕ for inсrеаѕеd security, reliability,
реrfоrmаnсе, and ѕеrviсе. Yеt, likе оthеr tуреѕ оf сlоudѕ, it mаintаinѕ the ability to scale
ԛuiсklу аnd оnlу pay fоr whаt iѕ uѕеd whеn provided by a third party, mаking it economical
аѕ wеll.
Onе example of a private cloud dерlоуmеnt mоdеl thаt has been imрlеmеntеd in thе fеdеrаl
gоvеrnmеnt rеlаtivеlу rесеntlу wаѕ imрlеmеntеd by thе Lоѕ Alаmоѕ National Lаbоrаtоrу,
whiсh allows researchers tо ассеѕѕ аnd utilizе ѕеrvеrѕ оn demand.
Cоmmunitу Clоud
The Cоmmunitу Cloud is a type of cloud hosting in whiсh thе setup iѕ mutuаllу ѕhаrеd
bеtwееn mаnу оrgаnizаtiоnѕ thаt bеlоng tо a раrtiсulаr community, i.e. bаnkѕ and trаding
firmѕ. It iѕ a multi-tеnаnt ѕеtuр thаt is ѕhаrеd among ѕеvеrаl organizations thаt bеlоng to a
ѕресifiс group which hаѕ ѕimilаr соmрuting apprehensions. Thе community mеmbеrѕ
gеnеrаllу ѕhаrе ѕimilаr privacy, реrfоrmаnсе аnd ѕесuritу concerns. The mаin intеntiоn оf
thеѕе communities iѕ to асhiеvе thеir buѕinеѕѕ-rеlаtеd objectives. A community сlоud may bе
internally mаnаgеd оr it can bе mаnаgеd by a third-party provider. It саn bе hosted externally
or intеrnаllу. The cost iѕ ѕhаrеd bу thе specific оrgаnizаtiоnѕ within thе соmmunitу, hence,
соmmunitу сlоud has cost ѕаving сарасitу. A соmmunitу cloud iѕ appropriate fоr
оrgаnizаtiоnѕ аnd buѕinеѕѕеѕ that wоrk on joint ventures, tеndеrѕ оr rеѕеаrсh thаt nееdѕ a
centralized cloud computing аbilitу for mаnаging, building аnd imрlеmеnting ѕimilаr
The сlоud infrastructure iѕ рrоviѕiоnеd fоr еxсluѕivе uѕе bу a specific соmmunitу оf
соnѕumеrѕ frоm оrgаnizаtiоnѕ thаt hаvе ѕhаrеd concerns
Thе соmmunitу сlоud deployment mоdеl iѕ idеаl and орtimizеd fоr agencies оr indереndеnt
оrgаnizаtiоnѕ thаt hаvе shared соnсеrnѕ, аnd therefore nееd ассеѕѕ tо shared and mutuаl
rесоrdѕ аnd оthеr types оf stored infоrmаtiоn.
Publiс Clоud
Thе gеnеrаl рubliс provisions thе сlоud infrаѕtruсturе fоr ореn uѕе. It mау bе owned,
mаnаgеd, and ореrаtеd by a business, асаdеmiс, or government оrgаnizаtiоn, or some
combination оf thеm. It еxiѕtѕ on the рrеmiѕеѕ оf thе cloud рrоvidеr.
Thе public cloud dерlоуmеnt model hаvе thе uniquе аdvаntаgе оf bеing ѕignifiсаntlу mоrе
secure than ассеѕѕing infоrmаtiоn via the Intеrnеt аnd tеnd to соѕt lеѕѕ thаn рrivаtе clouds
because ѕеrviсеѕ аrе more соmmоditizеd.
Research bу thе 1105 Gоvеrnmеnt Infоrmаtiоn Group fоund thаt fеdеrаl agencies intеrеѕtеd
in public сlоudѕ аrе most соmmоnlу intеrеѕtеd in thе following four funсtiоnѕ:
Sосiаl Networking
Onе еxаmрlе оf a рubliс сlоud deployment mоdеl bаѕеd solution is thе Trеаѕurу Department,
whiсh hаѕ mоvеd itѕ wеbѕitе Trеаѕurу.gоv tо a public сlоud uѕing Amаzоn'ѕ EC2 cloud
service tо hоѕt the ѕitе and itѕ аррliсаtiоnѕ. Thе site inсludеѕ social media аttributеѕ,
including Facebook, YоuTubе аnd Twittеr whiсh аllоwѕ fоr rарid аnd еffесtivе
communication with соnѕtituеntѕ.
Hybrid Cloud
Thе сlоud infrаѕtruсturе is a composition оf twо оr more diѕtinсt сlоud deployment models
(private, соmmunitу, оr рubliс) thаt remain uniquе еntitiеѕ, but are bound tоgеthеr bу
ѕtаndаrdizеd оr proprietary tесhnоlоgу thаt еnаblеѕ data аnd application роrtаbilitу (е.g.,
сlоud bursting for load balancing between clouds).
Lаrgе роrtiоnѕ оf аgеnсiеѕ thаt hаvе already ѕwitсhеd ѕоmе рrосеѕѕеѕ оvеr tо сlоud based
computing solutions hаvе utilizеd hуbrid сlоud options. Fеw еntеrрriѕеѕ hаvе the ability tо
ѕwitсh over аll оf thеir IT ѕеrviсеѕ аt оnе timе, the hybrid орtiоn allows fоr a mix оf оn bаѕе
and сlоud options which рrоvidе аn easier trаnѕitiоn.
NASA iѕ оnе example оf a federal аgеnсу whо is utilizing the Hybrid Cloud
Computing dерlоуmеnt model. Its Nеbulа open-source сlоud computing project uѕеѕ a
рrivаtе сlоud fоr rеѕеаrсh аnd dеvеlорmеnt as well as a рubliс сlоud tо shared dаtаѕеtѕ with
external раrtnеrѕ and thе рubliс.
Thе hуbrid сlоud соmрuting deployment model option has аlѕо рrоvеn tо be thе сhоiсе
option for ѕtаtе аnd lосаl gоvеrnmеntѕ аѕ wеll, with states likе Miсhigаn аnd Cоlоrаdо
hаving аlrеаdу declared thеir cloud соmрuting intentions with рlаnѕ illuѕtrаting hуbrid сlоud
deployment models.
Types of SLA
A service level agreement (SLA) is a contract between a business and its customer outlining
the details that the two parties have agreed to in a transaction. The types of SLAs that an
organization can use depends on many significant aspects. While some are targeted at
individual customer groups, others discuss issues relevant to entire companies. This is
because the needs of one user differ from those of another. Below is a list of the types of
SLAs used by businesses today, and how each one is utilized for specific situations:
1. Customer-based SLA
This type of agreement is used for individual customers and comprises all relevant
services that a client may need, while leveraging only one contract. It contains details
regarding the type and quality of service that has been agreed upon. For example, a
telecommunication service includes voice calls, messaging and internet services, but that
all exists under a single contract.
2. Service-based SLA
This SLA is a contract that includes one identical type of service for all of its customers.
Because the service is limited to one unchanging standard, it is more straightforward and
convenient for vendors. For example, using a service-based agreement regarding an IT
helpdesk would mean that the same service is valid for all end-users that sign the
service-based SLA.
3. Multi-level SLA
This agreement is customized according to the needs of the end-user company. It allows
the user to integrate several conditions into the same system to create a more suitable
service. It addresses contracts at the following levels:
a. Corporate level:
This SLA does not require frequent updates since its issues are typically unchanging.
It includes a comprehensive discussion of all the relevant aspects of the agreement,
and is applicable to all customers in the end-user organization.
b. Customer level:
This contract discusses all service issues that are associated with a specific group of
customers. However, it does not take into consideration the type of user services.
An example of this is when an organization requests that the security level in one of
its departments is strengthened. In this situation, the entire company is secured by
one security agency but requires that one of its customers in the company is more
secure for certain reasons.
c. Service level:
In this agreement, all aspects that are attributed to a particular service with regard to
a customer group are included.
The SLA monitor mechanism is used to specifically observe the runtime performance of
cloud services to ensure that they are fulfilling the contractual QoS requirements published in
SLAs (Figure 1). The data collected by the SLA monitor is processed by an SLA
management system to be aggregated into SLA reporting metrics. This system can
proactively repair or failover cloud services when exception conditions occur, such as when
the SLA monitor reports a cloud service as ―down.‖
Figure 1 – The SLA monitor polls the cloud service by sending over polling request messages
(MREQ1 to MREQN). The monitor receives polling response messages (M to M ) that report
that the service was ―up‖ at each polling cycle (1a). The SLA monitor stores the ―up‖ time—
time period of all polling cycles 1 to N—in the log database (1b). The SLA monitor polls the
cloud service that sends polling request messages (M to M ). Polling response messages are
not received (2a). The response messages continue to time out, so the SLA monitor stores the
―down‖ time—time period of all polling cycles N+1 to N+M—in the log database (2b). The
SLA monitor sends a polling request message (M ) and receives the polling response message
(M ) (3a). The SLA monitor stores the ―up‖ time in the log database (3b).
Virtualization in Cloud Computing
Virtualization is the "creation of a virtual (rather than actual) version of something, such as a
server, a desktop, a storage device, an operating system or network resources".
In other words, Virtualization is a technique, which allows to share a single physical instance
of a resource or an application among multiple customers and organizations. It does by
assigning a logical name to a physical storage and providing a pointer to that physical
resource when demanded.
Creation of a virtual machine over existing operating system and hardware is known as
Hardware Virtualization. A Virtual machine provides an environment that is logically
separated from the underlying hardware.
The machine on which the virtual machine is going to create is known as Host Machine and
that virtual machine is referred as a Guest Machine
Types of Virtualization:
1. Hardware Virtualization.
2. Operating system Virtualization.
3. Server Virtualization.
4. Storage Virtualization.
1) Hardware Virtualization:
When the virtual machine software or virtual machine manager (VMM) is directly installed
on the hardware system is known as hardware virtualization.
The main job of hypervisor is to control and monitoring the processor, memory and other
hardware resources.
After virtualization of hardware system we can install different operating system on it and run
different applications on those OS.
Hardware virtualization is mainly done for the server platforms, because controlling virtual
machines is much easier than controlling a physical server.
Operating System Virtualization is mainly used for testing the applications on different
platforms of OS.
3) Server Virtualization:
When the virtual machine software or virtual machine manager (VMM) is directly installed
on the Server system is known as server virtualization.
Server virtualization is done because a single physical server can be divided into multiple
servers on the demand basis and for balancing the load.
4) Storage Virtualization:
Storage virtualization is the process of grouping the physical storage from multiple network
storage devices so that it looks like a single storage device.
Virtualization plays a very important role in the cloud computing technology, normally in
the cloud computing, users share the data present in the clouds like application etc, but
actually with the help of virtualization users shares the Infrastructure.
The main usage of Virtualization Technology is to provide the applications with the
standard versions to their cloud users, suppose if the next version of that application is
released, then cloud provider has to provide the latest version to their cloud users and
practically it is possible because it is more expensive.
The cloud often includes virtualization products as a part of their service package. The
difference is that a true cloud provides the self-service feature, elasticity, automated
management, scalability and pay-as-you-go service that is not inherent to the technology.
The Basics
A technology called the Virtual Machine Monitor — also called virtual manager–
encapsulates the very basics of virtualization in cloud computing. It is used to separate the
physical hardware from its emulated parts. This often includes the CPU‘s memory, I/O and
network traffic. A secondary operating system that is usually interacting with the hardware is
now a software emulation of that hardware, and often the guest operating system has no idea
it‘s on the virtualized hardware. Despite the fact that performance of the virtual system is not
equal to the functioning of the ―true hardware‖ operating system, the technology still works
because most secondary OSs and applications don‘t need the full use of the underlying
hardware. This allows for greater flexibility, control and isolation by removing the
dependency on a given hardware platform.
The layer of software that enables this abstraction is called ―hypervisor‖. A study in
the International Journal of Scientific & Technology Research defines it as ―a software layer
that can monitor and virtualize the resources of a host machine conferring to the user
requirements.‖ The most common hypervisor is referred to as Type 1. By talking to the
hardware directly, it virtualizes the hardware platform that makes it available to be used by
virtual machines. There‘s also a Type 2 hypervisor, which requires an operating system. Most
often, you can find it being used in software testing and laboratory research.
Network Virtualization
Network virtualization in cloud computing is a method of combining the available resources
in a network by splitting up the available bandwidth into different channels, each being
separate and distinguished. They can be either assigned to a particular server or device or stay
unassigned completely — all in real time. The idea is that the technology disguises the true
complexity of the network by separating it into parts that are easy to manage, much like your
segmented hard drive makes it easier for you to manage files.
Storage Virtualizing
Using this technique gives the user an ability to pool the hardware storage space from several
interconnected storage devices into a simulated single storage device that is managed from
one single command console. This storage technique is often used in storage area networks.
Storage manipulation in the cloud is mostly used for backup, archiving, and recovering of
data by hiding the real and physical complex storage architecture. Administrators can
implement it with software applications or by employing hardware and software hybrid
Server Virtualization
This technique is the masking of server resources. It simulates physical servers by changing
their identity, numbers, processors and operating systems. This spares the user from
continuously managing complex server resources. It also makes a lot of resources available
for sharing and utilizing, while maintaining the capacity to expand them when needed.
Data Virtualization
This kind of cloud computing virtualization technique is abstracting the technical details
usually used in data management, such as location, performance or format, in favor of
broader access and more resiliency that are directly related to business needs.
Desktop Virtualizing
As compared to other types of virtualization in cloud computing, this model enables you to
emulate a workstation load, rather than a server. This allows the user to access the desktop
remotely. Since the workstation is essentially running in a data center server, access to it can
be both more secure and portable.
Application Virtualization
Software virtualization in cloud computing abstracts the application layer, separating it from
the operating system. This way the application can run in an encapsulated form without being
dependant upon the operating system underneath. In addition to providing a level of isolation,
an application created for one OS can run on a completely different operating system.
If a company decides on whether or not to apply the technology in a company‘s IT landscape,
we recommend making an in-depth analysis of its specific needs and capabilities, which is
better handled by specialists who can address costs, scalability requirements and security
needs and implement continuous development.
But also remember that all of these techniques and services are not omnipotent or all-
inclusive solutions. Like any other technology, tool or service a business adopts, things can
always change.
Technology is always at the risk of crashing down at the wrong time. Businesses can tolerate
a few glitches, but if your developer is working on an important application that needs to be
finished immediately, the last thing you could wish for is a system crash.
To counter this risk, virtualization lets you open the same work on another device. Store all
your backup data through virtualization on cloud services or virtual networks and get easy
access to it from any device. Apart from that, there are usually two servers working side-by-
side keeping all your data accessible. If one faces any problem, the other is always available
to avoid any interruption.
You can easily transfer data from a physical storage to a virtual server, and vice versa.
Administrators don‘t have to waste time digging out hard drives to find data. With a
dedicated server and storage, it‘s quite easy to locate the required files and transfer them
within no time.
You'll realize virtualizations actual worth when you‘ll have to transfer data over a long-
distance. You also have the choice of getting a virtual disk space. If you don‘t need much
space, you can opt for a thin-provisioned virtual disk.
Security is a major aspect IT professionals have to focus on. However, with virtual firewalls,
access to your data is restricted at much lower costs as compared to traditional methods.
Through virtualization, you get protected by a virtual switch that protects all your data and
applications from harmful malware, viruses, and other cyber threats.
You are allotted the firewall feature for network virtualization to create segments within the
system. Server virtualization storage on cloud services will save you from the risks of having
your data get lost or corrupted. Cloud services are also encrypted with high-end protocols that
protect your data from other various threats.
So it‘s a good idea to virtualize all your storage and then create a backup on a server that you
can store on cloud services. However, in order to ensure that you do this correctly, it‘s
preferable to first go through a cloud computing online course, to avoid making any errors.
4. Smoother IT Operations
Virtual networks help IT professionals become efficient and agile at work. These networks
are easy to operate and process faster, reducing the effort and time required to work on them.
Before virtual networks were introduced in the digital world, it would take days and weeks
for technical workers to maintain and install devices and software on physical servers.
Apart from the operations, visualization has also benefited IT support teams in solving
technical problems in physical systems. As all the data is available on a virtual server,
technicians don‘t have to waste time recovering it from crashed or corrupted devices. Learn
all the skills behind virtualization with cloud training online, and become a successful
5. Cost-Effective Strategy
Virtualization is a great way to reduce operational costs. With all the data stored on virtual
servers or clouds, there‘s hardly a need for physical systems or hardware, thus allowing
businesses to witness a vast reduction in wastage, electricity bills, and maintenance
costs. 70% of senior executives have supported virtualization by calling it efficient and cost
Virtualization also helps companies save a significant amount of space which can be utilized
to increase operations of a profitable department. This cost-effective strategy is both a
profitability and productivity booster!
The above mentioned benefits are perfect to convince any IT expert to stop using traditional
methods and switch to virtualization. With top-notch security protocols, reduction in costs
and better operations you can boost your performance and help grab the next flight towards a
prosperous future. The best way to do that and excel in operating virtual servers is to obtain a
recognized cloud certification.
Hypervisor is a form of virtualization software used in Cloud hosting to divide and allocate
the resources on various pieces of hardware.The program which provide partitioning,
isolation or abstraction is called virtualization hypervisor. Hypervisor is a hardware
virtualization technique that allows multiple guest operating systems (OS) to run on a single
host system at the same time. A hypervisor is sometimes also called a virtual machine
Types of Hypervisor –
TYPE-1 Hypervisor:
Hypervisor runs directly on underlying host system.It is also known as ―Native Hypervisor‖
or ―Bare metal hypervisor‖.It dose not require any base server operating system.It has direct
access to hardware resources.Examples of Type 1 hypervisors include VMware ESXi, Citrix
XenServer and Microsoft Hyper-V hypervisor.
TYPE-2 Hypervisor:
A Host operating system runs on undrlying host system.It is also known as ‗Hosted
Hypervisor‖.Basically a software installed on an operating system.Hypervisor asks operating
system to make hardware calls.Example of Type 2 hypervisor include VMware Player or
Parallels Desktop. Hosted hypervisors are often found on endpoints like PCs.
Choosing the right hypervisor
Type 1 hypervisors offer much better performance than Type 2 ones because there‘s no
middle layer, making them the logical choice for mission-critical applications and workloads.
But that‘s not to say that hosted hypervisors don‘t have their place – they‘re much simpler to
set up, so they‘re a good bet if, say, you need to deploy a test environment quickly.One of the
best ways to determine which hypervisor meets your needs is to compare their performance
metrics. These include CPU overhead, amount of maximum host and guest memory, and
support for virtual processors.The following factors should be examined before choosing a
suitable hypervisor:
1. Understand your needs: The company and its applications are the reason for the data
center (and your job). Besides your company‘s needs, you (and your co-workers in IT) also
have your own needs.Needs for a virtualization hypervisor are:
g. Reliable support
2. The cost of a hypervisor: For many buyers, the toughest part of choosing a hypervisor is
striking the right balance between cost and functionality. While a number of entry-level
solutions are free, or practically free, the prices at the opposite end of the market can be
staggering. Licensing frameworks also vary, so it‘s important to be aware of exactly what
you‘re getting for your money.
3. Virtual machine performance: Virtual systems should meet or exceed the performance
of their physical counterparts, at least in relation to the applications within each server.
Everything beyond meeting this benchmark is profit.
4. Ecosystem: It‘s tempting to overlook the role of a hypervisor‘s ecosystem – that is, the
availability of documentation, support, training, third-party developers and consultancies, and
so on – in determining whether or not a solution is cost-effective in the long term.
5. Test for yourself: You can gain basic experience from your existing desktop or laptop.
You can run both VMware vSphere and Microsoft Hyper-V in either VMware Workstation
or VMware Fusion to create a nice virtual learning and testing environment.
There are 3 main modues coordinate in order to emiulate the undrelying hardware:
1. Dispatcher
2. Allocator
3. Interpreter
The dispatcher behaves like the entry point of the monitor and reroutes the instructions of the
virtual machine instance to one of the other two modules.
The allocator is responsible for deciding the system resources to be provided to the virtual
machine instance.It means whenever virtual machine tries to execute an instruction that
results in changing the machine resources associated with the virtual machine, the allocator is
invoked by the dispatcher.
The interpreter module consists of interpreter routines.These are executed, whenever virtual
machine executes a priviliged instruction.
Infrastructure Security
IaaS application providers treat the applications within the customer virtual instance as a
black box and therefore are completely indifferent to the operations and management of a
applications of the customer . The entire pack 146 D. Velev and P. Zlateva (customer
application and run time application) is run on the customers‘ server on provider
infrastructure and is managed by customers themselves. For this reason it is important to note
that the customer must take full responsibility for securing their cloud deployed applications .
• Cloud deployed applications must be designed for the internet threat model.
• They must be designed with standard security countermeasures to guard against the
common web vulnerabilities.
• Customers are responsible for keeping their applications up to date - and must therefore
ensure they have a patch strategy to ensure their applications are screened from malware and
hackers scanning for vulnerabilities to gain unauthorized access to their data within the cloud.
• Customers should not be tempted to use custom implementations of Authentication,
Authorization and Accounting as these can become weak if not properly implemented. The
foundational infrastructure for a cloud must be inherently secure whether it is a private or
public cloud or whether the service is SAAS, PAAS or IAAS.
• Inherent component-level security: The cloud needs to be architected to be secure, built
with inherently secure components, deployed and provisioned securely with strong interfaces
to other components and supported securely, with vulnerability-assessment and change-
management processes that produce management information and service-level assurances
that build trust.
• Stronger interface security: The points in the system where interaction takes place (user-to-
network, server-to application) require stronger security policies and controls that ensure
consistency and accountability.
• Resource lifecycle management: The economics of cloud computing are based on multi-
tenancy and the sharing of resources. As the needs of the customers and requirements will
change, a service provider must provision and decommission correspondingly those resources
- bandwidth, servers, storage and security. This lifecycle process must be managed in order to
build trust. The infrastructure security can be viewed, assessed and implemented according its
building levels - the network, host and application levels
Infrastructure Security – The Network Level When looking at the network level of
infrastructure security, it is important to distinguish between public clouds and private clouds.
important to distinguish between public clouds and private clouds. With private clouds, there
are no new attacks, vulnerabilities, or changes in risk specific to this topology that
information security personnel need to consider. If public cloud services are chosen, changing
security requirements will require changes to the network topology and the manner in which
the existing network topology interacts with the cloud provider‘s network topology should be
taken into account .There are four significant risk factors in this use case: Cloud
Infrastructure Security 147
• Ensuring the confidentiality and integrity of organization‘s data-in-transit to and from a
public cloud provider; • Ensuring proper access control (authentication, authorization, and
auditing) to whatever resources are used at the public cloud provider;
• Ensuring the availability of the Internet-facing resources in a public cloud that are being
used by an organization, or have been assigned to an organization by public cloud providers;
• Replacing the established model of network zones and tiers with domains. 4.2 Infrastructure
Security – The Host Level When reviewing host security and assessing risks, the context of
cloud services delivery models (SaaS, PaaS, and IaaS) and deployment models public,
private, and hybrid) should be considered [7]. The host security responsibilities in SaaS and
PaaS services are transferred to the provider of cloud services. IaaS customers are primarily
responsible for securing the hosts provisioned in the cloud (virtualization software security,
customer guest OS or virtual server security). 4.3 Infrastructure Security – The Application
Level Application or software security should be a critical element of a security program.
Most enterprises with information security programs have yet to institute an application
security program to address this realm. Designing and implementing applications aims at
deployment on a cloud platform will require existing application security programs to
reevaluate current practices and standards. The application security spectrum ranges from
standalone single-user applications to sophisticated multiuser e-commerce applications used
by many users. The level is responsible for managing [7], [9], [10]:
• Application-level security threats;
• End user security;
• SaaS application security;
• PaaS application security;
• Customer-deployed application security
• IaaS application security
• Public cloud security limitations It can be summarized that the issues of infrastructure
security and cloud computing lie in the area of definition and provision of security specified
aspects each party delivers. 5 Conclusion The cloud is a major challenge in how computing
resources will be utilized since aim of the cloud computing is to change the economics of the
data center, but before sensitive and regulated data move into the public cloud, issues of
security 148 D. Velev and P. Zlateva standards and compatibility must be addressed
including strong authentication, delegated authorization, key management for encrypted data,
data loss protections and regulatory reporting. All are elements of a secure identity,
information and infrastructure model and can be applied to private and public clouds as well
as to IAAS, PAAS and SAAS services. In the development of public and private clouds the
service providers will need to use these guiding principles to adopt and extend security tools
and secure products to build and offer end-to-end trustworthy cloud computing and services.
Data security has consistently been a major issue in IT. Data security becomes particularly
serious in the cloud computing environment, because data are scattered in different
machines and storage devices including servers, PCs, and various mobile devices such as
wireless sensor networks and smart phones. Data security in the cloud computing is more
complicated than data security in the traditional information systems.
To make the cloud computing be adopted by users and enterprise, the security concerns of
users should be rectified first to make cloud environment trustworthy. The trustworthy
environment is the basic prerequisite to win confidence of users to adopt such a
technology. Cloud computing environment provides two basic types of
functions: computing and data storage. In the cloud computing environment, consumers of
cloud services do not need anything and they can get access to their data and finish their
computing tasks just through the Internet connectivity. During the access to the data and
computing, the clients do not even know where the data are stored and which machines
execute the computing tasks.
Coming to data storage, data protection and security are the primary factors for gaining
user's trust and making the cloud technology successfully used. A number of data
protections and data security techniques have been proposed in the research field of cloud
computing. However, data protection related techniques need to be further enhanced.
Services of cloud computing are provided across the entire computing spectrum.
Nowadays, organizations and companies are moving and extending their business by
adopting the cloud computing to lower their cost. This can contribute to free more man-
powers to focus on creating strategic differentiation and business division of labor is
The concept of cloud has a number of implementations based on the services from service
providers. For example, Google Apps Engine, Microsoft Azure, and Amazon Stack are
popular implementations of cloud computing provided by cloud service providers, that is,
Google, Microsoft, and Amazon companies. Besides, the ACME enterprise implemented
VMware based v-Cloud for permitting multiple organizations to share computing
According to the difference of access scope, cloud can be divided into three types: public
cloud, private cloud, and hybrid cloud. Public cloud is as the property of service provider
and can be used in public, private cloud refers to being the property of a company, and
hybrid cloud is the blends of public and private cloud. Most of the existing cloud services
are provided by large cloud service companies such as Google, Amazon, and IBM. A
private cloud is a cloud in which only the authorized users can access the services from the
provider. In the public cloud anybody can use the cloud services whereas the hybrid cloud
contains the concept of both public and private clouds.
Cloud computing can save an organization's time and money, but trusting the system is
more important because the real asset of any organization is the data which they share in
the cloud to use the needed services by putting it either directly in the relational database
or eventually in a relational database through an application.
Cloud computing brings a number of attributes that require special attention when it comes
to trusting the system. The trust of the entire system depends on the data protection and
prevention techniques used in it. Numerous different tools and techniques have been tested
and introduced by the researchers for data protection and prevention to gain and remove
the hurdle of trust but there are still gaps which need attention and are required to be lined
up by making these techniques much better and effective.
The major issues in the cloud computing include resource security, resource management,
and resource monitoring. Currently, there are no standard rules and regulations to deploy
applications in the cloud, and there is a lack of standardization control in the cloud.
Numerous novel techniques had been designed and implemented in cloud; however, these
techniques fall short of ensuring total security due to the dynamics of the cloud
The inherent issues of data security, governance, and management with respect to control
in the cloud computing are discussed in . Sun et al. highlighted the key security, privacy,
and trust issues in the existing environment of cloud computing and help users to
recognize the tangible and intangible threats related to its use. According to the authors,
there are three major potential threats in cloud computing,
namely, security, privacy, and trust. Security plays a critical role in the current era of long
dreamed vision of computing as a utility. It can be divided into four subcategories: safety
mechanisms, cloud server monitoring or tracing, data confidentiality, and avoiding
malicious insiders' illegal operations and service hijacking.
A data security framework for cloud computing networks is proposed . The authors mainly
discussed the security issues related to cloud data storage. There are also some patents
about the data storage security techniques . A security and privacy framework for RFID in
cloud computing was proposed for RFID technology integrated to the cloud computing ,
which will combine the cloud computing with the Internet of Things.
In short, the foremost issues in cloud data security include data privacy, data protection,
data availability, data location, and secure transmission. The security challenges in the
cloud include threats, data loss, service disruption, outside malicious attacks, and
multitenancy issues . Data security issues are primarily at SPI (SaaS, PaaS, and IaaS) level
and the major challenge in cloud computing is data sharing.
Now we will review different security techniques and challenges for data storage security
and privacy protection in the cloud computing environment. As Figure 1 shows, a
comparative research analysis of the existing research work regarding the techniques used
in the cloud computing through data security aspects including data integrity,
confidentiality, and availability. Data privacy issues and technologies in the cloud are also
studied, because data privacy is traditionally accompanied with data security. Comparative
studies on data security and privacy could help to enhance the user's trust by securing data
in the cloud computing environment.
2. Data Integrity
Data integrity is one of the most critical elements in any information system. Generally,
data integrity means protecting data from unauthorized deletion, modification, or
fabrication. Managing entity's admittance and rights to specific enterprise resources
ensures that valuable data and services are not abused, misappropriated, or stolen.
Data integrity is easily achieved in a standalone system with a single database. Data
integrity in the standalone system is maintained via database constraints and transactions,
which is usually finished by a database management system (DBMS). Transactions should
follow ACID (atomicity, consistency, isolation, and durability) properties to ensure data
integrity. Most databases support ACID transactions and can preserve data integrity.
Authorization is used to control the access of data. It is the mechanism by which a system
determines what level of access a particular authenticated user should have to secure
resources controlled by the system.
Data integrity in the cloud system means preserving information integrity. The data should
not be lost or modified by unauthorized users. Data integrity is the basis to provide cloud
computing service such as SaaS, PaaS, and IaaS. Besides data storage of large-scaled data,
cloud computing environment usually provides data processing service. Data integrity can
be obtained by techniques such as RAID-like strategies and digital signature.
Owing to the large quantity of entities and access points in a cloud environment,
authorization is crucial in assuring that only authorized entities can interact with data. By
avoiding the unauthorized access, organizations can achieve greater confidence in data
integrity. The monitoring mechanisms offer the greater visibility into determining who or
what may have altered data or system information, potentially affecting their integrity.
Cloud computing providers are trusted to maintain data integrity and accuracy. However,
it is necessary to build the third party supervision mechanism besides users and cloud
service providers.
Verifying the integrity of data in the cloud remotely is the perquisite to deploy
applications. Bowers et al. proposed a theoretical framework ―Proofs of Retrievability‖ to
realize the remote data integrity checking by combining error correction code and spot-
checking [17]. The HAIL system uses POR mechanism to check the storage of data in
different clouds, and it can ensure the redundancy of different copies and realize the
availability and integrity checking .
3. Data Confidentiality
Data confidentiality is important for users to store their private or confidential data in the
cloud. Authentication and access control strategies are used to ensure data confidentiality.
The data confidentiality, authentication, and access control issues in cloud computing
could be addressed by increasing the cloud reliability and trustworthiness .
Because the users do not trust the cloud providers and cloud storage service providers are
virtually impossible to eliminate potential insider threat, it is very dangerous for users to
store their sensitive data in cloud storage directly. Simple encryption is faced with the key
management problem and cannot support complex requirements such as query, parallel
modification, and fine-grained authorization.
Gentry firstly proposed the fully homomorphic encryption method [22], which can do any
operation that can be performed in clear text without decrypting. It is an important
breakthrough in the homomorphic encryption technology. However, the encryption system
involves very complicated calculation, and the cost of computing and storage is very high.
This leads to the fact that the fully homomorphic encryption is still far from real
For more flexibility and enhanced security, a hybrid technique that combines multiple
encryption algorithms such as RSA, 3DES, and random number generator has been
proposed . RSA is useful for establishing secure communication connection through
digital signature based authentication while 3DES is particularly useful for encryption of
block data. Besides, several encryption algorithms for ensuring the security of user data in
the cloud computing are discussed .
Because the homomorphic encryption algorithm is inefficient, researchers turn to study the
applications of limited homomorphic encryption algorithm in the cloud environment.
Encrypted search is a common operation.
In-Memory Database encryption technique is proposed for the privacy and security of
sensitive data in untrusted cloud environment . A synchronizer exists between the owner
and the client for seeking access to the data. Client would require a key from the
synchronizer to decrypt the encrypted shared data it receives from the owner. The
synchronizer is utilized to store the correlated shared data and the keys separately. A
shortcoming of this technique is that the delays occur due to the additional communication
with the central synchronizer. However, this limitation can be mitigated by adopting group
encryption and through minimizing communication between nodes and synchronizer.
Huang and Tso proposed an asymmetric encryption mechanism for databases in the cloud.
In the proposed mechanism, the commutative encryption is applied on data more than once
and the order of public/private key used for encryption/decryption does not matter.
Reencryption mechanism is also used in the proposed scheme which shows that the cipher-
text data is encrypted once again for duality. Such schemes are very useful in the cloud
applications where privacy is a key concern.
Arfeen et al. describe the distribution of resources for cloud computing based on the
tailored active measurement. The tailored measurement technique is based on the network
design and the specific routes for the incoming and outgoing traffic and gradually
changing the resources according to the user needs. Tailored measurement depends on the
computing resources and storage resources. Because of the variable nature of networks,
the allocation of resources at a particular time based on the tailored active method does not
remain optimal. The resources may increase or decrease, so the system has to optimize
changes in the user requirement either offline or on-line and the resource connectivity.
A three-layered data security technique is proposed : the first layer is used for authenticity
of the cloud user either by one factor or by two factor authentications; the second layer
encrypts the user's data for ensuring protection and privacy; and the third layer does fast
recovery of data through a speedy decryption process.
Data concealment could also be used to keep the data confidentiality in the cloud. Delettre
et al. introduced a concealment concept for databases security. Data concealment
approaches merge real data with the visual fake data to falsify the real data's volume.
However, authorized users can easily differentiate and separate the fake data from the real
data. Data concealment techniques increase the overall volume of real data but provide
enhanced security for the private data. The objective of data concealment is to make the
real data safe and secure from malicious users and attackers.
Watermarking method can serve as a key for the real data. Only the authorized users have
key of watermarking, so the authentication of users is the key to ensure the true data to be
accessible for right users.
Deletion confirmation means that data could not be recovered when users delete their data
after the deletion confirmation. The problem is very serious, because more than one copy
exists in the cloud for the security and convenience of data recovery. When users delete
their data with confirmation, all the copies of data should be deleted at the same time.
However, there are some data recovery technologies that could recover the data deleted by
users from the hard disks. So the cloud storage providers should ensure that the deleted
data of users could not be recovered and used by other unauthenticated users.
4. Data Availability
Data availability means the following: when accidents such as hard disk damage, IDC fire,
and network failures occur, the extent that user's data can be used or recovered and how
the users verify their data by techniques rather than depending on the credit guarantee by
the cloud service provider alone.
The issue of storing data over the transboarder servers is a serious concern of clients
because the cloud vendors are governed by the local laws and, therefore, the cloud clients
should be cognizant of those laws. Moreover, the cloud service provider should ensure the
data security, particularly data confidentiality and integrity. The cloud provider should
share all such concerns with the client and build trust relationship in this connection. The
cloud vendor should provide guarantees of data safety and explain jurisdiction of local
laws to the clients. The main focus of the paper is on those data issues and challenges
which are associated with data storage location and its relocation, cost, availability, and
Locating data can help users to increase their trust on the cloud. Cloud storage provides
the transparent storage service for users, which can decrease the complexity of cloud, but
it also decreases the control ability on data storage of users. Benson et al. studied the
proofs of geographic replication and succeeded in locating the data stored in Amazon
cloud .
The most common abnormal behavior of untrusted storage is that the cloud service
providers may discard part of the user's update data, which is hard to be checked by only
depending on the simple data encryption. Additionally, a good storage agreement needs to
support concurrent modification by multiple users.
However, operation types supported by reliable storage protocol support are limited, and
most of the calculations can only occur in the client.
Hard-drive is currently the main storage media in the cloud environment. Reliability of
hard disks formulates the foundation of cloud storage. Pinheiro et al. studied the error rate
of hard-drives based on the historical data of hard-drive . They found that the error rate of
hard-drives is not closely relevant to the temperature and the frequency to be used, while
the error rate of hard-drives has the strong clustering characteristics. Current SMART
mechanism could not predict the error rate of hard disks. Tsai et al. studied the correlation
between the soft error and hard error of hard disks, and they also found that the soft error
could not predict the hard errors of hard-drives precisely , only about 1/3 probability that
hard errors follow the soft errors.
5. Data Privacy
(i) When: a subject may be more concerned about the current or future information
being revealed than information from the past.
(ii) How: a user may be comfortable if his/her friends can manually request his/her
information, but the user may not like alerts to be sent automatically and
(iii) Extent: a user may rather have his/her information reported as an ambiguous
region rather than a precise point.
In commerce, consumer's context and privacy need to be protected and used appropriately.
In organizations, privacy entails the application of laws, mechanisms, standards, and
processes by which personally identifiable information is managed .
In the cloud, the privacy means when users visit the sensitive data, the cloud services can
prevent potential adversary from inferring the user's behavior by the user's visit model (not
direct data leakage). Researchers have focused on Oblivious RAM (ORAM) technology.
ORAM technology visits several copies of data to hide the real visiting aims of users.
ORAM has been widely used in software protection and has been used in protecting the
privacy in the cloud as a promising technology. The privacy issues differ according to
different cloud scenarios and can be divided into four subcategories as follows:
(i) how to enable users to have control over their data when the data are stored and
processed in cloud and avoid theft, nefarious use, and unauthorized resale,
(ii) how to guarantee data replications in a jurisdiction and consistent state, where
replicating user data to multiple suitable locations is an usual choice, and avoid
data loss, leakage, and unauthorized modification or fabrication,
(iii) which party is responsible for ensuring legal requirements for personal
(iv) to what extent cloud subcontractors are involved in processing which can be
properly identified, checked, and ascertained.
Service abuse means that attackers can abuse the cloud service and acquire extra data or
destroy the interests of other users.
User data may be abused by other users. Deduplication technology has been widely used
in the cloud storage, which means that the same data often were stored once but shared by
multiple different users. This will reduce the storage space and cut down the cost of cloud
service providers, but attackers can access the data by knowing the hash code of the stored
files. Then, it is possible to leak the sensitive data in the cloud. So proof of ownership
approach has been proposed to check the authentication of cloud users .
Attackers may lead to the cost increase of cloud service. Fraudulent resource consumption
is a kind of attack on the payment for cloud service. Attackers can consume the specific
data to increase the cost for cloud service payment
The cloud computing facilitates huge amount of shared resources on the Internet. Cloud
systems should be capable of averting Denial of Service (DoS) attacks.
Shen et al. analyzed requirement of security services in cloud computing .The authors
suggest integrating cloud services for trusted computing platform (TCP) and trusted
platform support services (TSS). The trusted model should bear characteristics of
confidentiality, dynamically building trust domains and dynamic of the services. Cloud
infrastructures require that user transfers their data into cloud merely based on trust.
Neisse et al. analyzed indifferent attacks scenarios on Xen cloud platform to evaluate
cloud services based on trust. Security of data and trust in cloud computing is the key point
for its broader adoption .
Cloud computing provides a podium to use wide range of Internet-based services . But
besides its advantages, it also increases the security threat when a trusted third party is
involved. By involving a trusted third party, there is a chance of heterogeneity of users
which affects security in the cloud. A possible solution to this problem could be to use a
trusted third party independent approach for Identity Management to use identity data on
untrusted hosts.
Squicciarini et al. focused on problems of data leakage and loss of privacy in cloud
computing . Different levels of protections can be used to prevent data leakage and privacy
loss in the cloud. Cloud computing provides new business services that are based on
demand. Cloud networks have been built through dynamic virtualization of hardware,
software, and datasets. Cloud security infrastructure and the trust reputation management
play a vital role to upgrade the cloud services . The Internet access security, server access
security, program access security, and database security are the main security issues in the
At the outset, it may very well be clarified that though cloud computing enables the customer
access to computing, networking, storage resources just like traditional outsourcing services
and Application Service Providers (ASPs), it has a legal nature quite different from these two
owing to its distinctive features like ‗on-demand access‘, and ‗unit-based pricing‘ (pay-per-
Seemingly, the main privacy/data security issue relating to the cloud is ‗data breach‘. Data
breach may be in the generic sense defined as the loss of unencrypted electronically stored
personal information . A data breach can cause loss to both the provider as well as the
customer in numerous ways; with identity theft and chances of debit/credit card fraud to the
customer, and financial harm, loss of customer, loss of reputation, potential lawsuits et cetera
for the provider.
The American law requires data breach notification to be issued of affected persons in such
case of a data breach. Almost all the states in the United States now require notification of
affected persons upon the occurrence of a data breach.
Talking about the Indian scenario, most of the providers are seen to attempt at lessening their
risk liability in case of a data breach scenario. However, as more sensitive information is
entering the cloud every passing day, businesses and corporations have started negotiating the
contracts so as to insert terms that expand the contractual obligations of the providers.
Problem arises when the data is subject to more than one jurisdictions, and the jurisdictions
have different laws regarding data privacy. For example, the European Union Data Privacy
Directive clearly states that ‗Data cannot leave the EU unless it goes to a country that ensures
an ―adequate level of protection‖.‘ Now, although such statement makes the EU provisions
easily enforceable, but it restricts the data movement thereby reducing the data efficiency.
Contracting Issues:
Clearly, licensing agreements are fundamentally different from Service agreements. Cloud
essentially, in all its permutations (IaaS, PaaS, SaaS), is a service, and therefore is governed
by a Service agreement instead of a Licensing agreement.
However, the main issue regarding the Cloud Service agreements is ‗contract of adhesion‘.
Owing to the limited expansion of Cloud Services in India, most of the time the ‗Click-wrap
agreement‘ model is used, causing the contract to be one of the contract of adhesion. It leaves
no or little scope for negotiation on the part of the user/customer.
With the expansion of the Cloud computing, gradually the negotiation power of the large
corporation will cause the Cloud Contracts to be standard and negotiated ones. However, at
an individual level, this is still a far destination.
Legal provisions clearly cannot force the cloud providers to have a negotiating session with
each and every customer. However, legal provisions may be made to ensure that the liability
and risk responsibility clauses follow a standard pattern which compensates the user for the
lack of negotiation during the formation of the contract.
Jurisdictional Issues:
Multi-tenancy refers to the ability of a cloud provider to deliver services to many individuals
or organisations from a single shared software. The risk with this is that it makes it highly
possible that the data of one user may be accessed in an unauthorised manner by another user
since the data of various users are only virtually separated and not physically. Also, it makes
it difficult to back up and restore data.
The cloud enables a great deal of flexibility in data location, which ensures maximum
efficiency in data usage and accessibility. However, it creates a number of legal issues as
well. It makes it quite possible a scenario that the same data may be stored in multiple
locations at a given time. Now, if the multiple locations are subject to different jurisdiction
and different legal system, there arises a possibility that there may be conflicting legal
provisions regarding data in the two aforementioned different locations. This gives rise to
most of the jurisdictional issues in Cloud computing.
Also, laws relating to confidentiality and Government access to data are different across
different nations. While the Indian laws manage to strike a balance between national security
and individual privacy, most of the nations do not prefer a balance and have adopted a biased
view on this. Problem of conflict of laws arises herein, in such cases.
Other commercial and business considerations like the urge to minimize risk, maintain data
integrity, accessibility and availability of data as well as Service level Agreements have also
significantly shaped the present as well as future of Cloud Computing in India. It also creates
a number of foreseeable as well as unforeseeable issues that needs to be addressed by
dedicated legislations therefor.
It is an accepted truth that Law always lags behind technical innovations, and the
complexities of the Cloud innovations and related Cloud Services like Software as a Service
(SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) will force the law
and legislations to catch up in order for an effective legal system that provides legal remedies
to prevent and redress the resultant harms.
Raising awareness, ensuring universal access to information, and resource mobilizing are
complimentary solutions that‘ll never go wrong for the Indian scenario in order to add to the
effectiveness of an effective legal system.