CLOUD COMPUTING

Q1.
Ans 1

1. Introduction. Software-as-a-Service (SaaS) is one of the Cloud Computing

Service Models. In this model, various software applications like CRM, ERP and
collaboration tools on the web can be used. There is saving as you do not have to buy
or maintain hardware or applications. SaaS allows consumers to access and use
providers application running on cloud infrastructure (Server, Storage, OS, network).
2. SaaS makes available a software on-demand as a Web-based service. This
type of software service does not require any type physical installation of the software
at the client end. Service is available on the basis of monthly subscription/ based on
usage. There are two varieties: -
(a) Vertical SaaS – addresses need of specific industries like healthcare,
real estate, Finance etc.
(b) Horizontal SaaS – addresses software categories like marketing, sales,
developer tools, HR Management etc.
3. Characteristics of SaaS. Some common characteristics of SaaS application
are as under :-
(a) Configuration and Customisation.
(i) Customisable by customers in terms of look , feel and
functionality.
(ii) Set own parameters for configuration options.
(b) Frequent Updates. SaaS applications are frequently updated centrally
as compared to traditional software.
(c) Open Integration Protocols. SaaS offers Integration protocols and
APIs for different networks having protocols like HTTP, SOAP etc.
(d) Collaborative functionality. SaaS applications allows users to
collaborate and share information.
4. Common Challenges of SaaS Model.
(a) Cloud Service Provider going out of Business.
(i) A cloud provider may simply shut down and go out of business
without warning.
(ii) For example, this happened with Nirvanix, which went bankrupt
in 2019, and their customers were given one month’s notice to pull their
data.

(b) Loss of Control.

 (i) Since reliance is on third-party vendors to deliver services, these
services are not completely in the end user’s control.
(ii) Because of the multi-tenant nature of the cloud, the “noisy
neighbour” effect may have an impact. This effect is basically the result
of a shared infrastructure. The use of a virtual machine in a neighbouring
core, operating within the same cloud, can lead to performance
degradation which the user does not have control.
(iii) Vendor lock-in is a concern. Vendor lock-in is a situation where a
cloud vendor has manipulated the system, with the goal of making it
difficult or expensive to transfer data to another cloud. The customer
becomes “locked in” to a service that may be inferior to those offered by
other clouds.
(iv) There may be times the customer cannot access the services
they need. When an organization’s staff does not have complete access
to the cloud’s services, they can’t use resources that are being paid for.
(c) Requirement of Internet Connection. Employees can no longer work
offline when SaaS software services are used and that they must be connected
to the internet whenever they need to use these SaaS software services.
(d) Software/ OS Integration Issues.
(i) Some software/ OS cannot be integrated with certain clouds.
(ii) Integration problems can range from architectural problems,
compatibility issues to network latency issues.
(iii) If a mix of on-premises software and SaaS is used, it can be
difficult to organize the right balance between use of the cloud and the
on-premises system. Even businesses wanting to transfer completely to
the cloud may require to leave some of their legacy systems in on-
premises computers.
(e) Security, Confidentiality, integrity, Availability and Authentication
Issue.
(i) Service Provider need to ensure that users who sign in are not
cyber criminals.
(ii) Integration of security with SDLC at different phases such as
architecture, coding, testing and deployment need to be ensured.
(iii) Web Security standards are required to be followed.
(iv) Protection of customers data need to be protected from other
users/ cyber criminals.
5. Conclusion. Businesses can still benefit from implementing SaaS as long as
they choose a reputable SaaS service provider and have a solid Service Level
Agreement contract in place. By having a solid Service Level Agreement contract in
place, businesses can prevent their SaaS service provider, from abusing their position
of power
Q2
Ans.

1. Introduction. A Community cloud is a type of cloud that is shared among

various organisations with a common tie. This type of cloud is generally managed by
a third party offering the cloud services and can be available on or off premise. A
community cloud is an infrastructure used by specific community of users or
organisation. The NIST document defines community cloud as a cloud infrastructure
provisioned for exclusive use by a specific community of consumers from
organisations that have shared concerns (for e.g., mission, security requirements,
policy and compliance considerations). It may be owned, managed and operated by
one or more of the organisations in the community, a third party, or a combination of
some of them, and it may exist on or off premises.
2. Community clouds are more expensive than public clouds but also more
secure. Each member of the cloud is allocated a fixed amount of data storage and
bandwidth, making scalability somewhat more difficult than with private and public
clouds, Community clouds are a great solution for growing organizations in the health,
financial, legal, and educational sectors. This is because these industries are the most
bound by various regulations.
3. Key Features of Community Cloud.
(a) It may be managed by users or third party.
(b) May be located within the premises of the user organisation or at the
location where it is hosted/ space provider’s site.
(c) Cost Effectiveness.
(i) Setting up Community Cloud is much more economical than
setting up Private Cloud.
(ii) A community cloud allows the users to connect to the same
environment with logical segmented sessions. The need of servers to
fulfil the same requirement is removed. This makes it cost effective.
(iii) However, it is more expensive than the public cloud.
(d) Regulatory Compliance.
(i) Regulatory laws that govern privacy tend to evolve every second.
They tend to vary at the national, regional, and global levels.
(ii) For e.g. California has already implemented the Consumer
Privacy Act (CCPA), while other states simply follow suit.
(iii) By binding together under the community cloud umbrella, the
common interpretation and implementation of these laws can be
ensured. This drastically reduces vulnerability to legal action.
(e) Industry-based security requirements.
 (i) Regulations such as the Health Insurance Portability and
Accountability Act (HIPAA) for healthcare and Payment Card Industry
Data Security Standard (PCI DSS) for the payment industry require
companies to store and transfer data in specific ways.
(ii) These guidelines are necessarily required to be followed. Hence,
the requirement of technical expertise and technology to implement
security cannot be avoided.
(iii) The available expertise can be shared by cloud members.
(f) High Availability. It has low downtime or downtime is non existent.
(g) More Control. Many enterprises opt for private clouds over public ones
because of the need for transparency and control. While public clouds make
setup, scalability, and maintenance much easier than on-premise solutions,
they come at the cost of control. Community clouds provide organizations with
the best of both cloud models.
(h) Higher level of compliance, security and privacy to users.
(j) Its service is created around a specific group of contextual restrictions
for the purpose of supporting a particular user base. Those contextual
restrictions are most often related to physical and logical security needs,
compliance validation, audit needs and certification.
4. Conclusion. Building a community cloud involves more focus on business
processes and cooperation than technical considerations. After all, a community cloud
is just a modified private cloud. A community cloud can be a powerful tool for
businesses with the same objectives and requirements. It can even serve as a
background for industry-based innovations. When deciding on infrastructure migration
to the cloud, private and public clouds are not the only options; community clouds can
also be considered.
Q 3 (a)
Ans 3 (a).
1. Introduction. Virtualisation technology, in computing terms, allows creation of
virtual versions of hardware platforms, Operating Systems (OSs), networking
resources, or storage devices. It supports multiple-guest OSs to be run on a single
physical machine, called a host machine and multiple guest applications on a single
server, called the host server. Virtualisation is implemented using Hypervisor.
2. Hypervisor.
(a) A hypervisor is a important software that makes virtualization possible.
It creates a virtualization layer that separates the actual hardware components
- processors, RAM, and other physical resources - from the virtual machines
and the operating systems they run.
(b) The machine hosting a hypervisor is called the host machine, while the
virtual instances running on top of the hypervisor are known as the guest virtual
machines.
(c) Hypervisors emulate available resources so that guest machines can
use them. No matter what operating system boots up on a virtual machine, it
will think that actual physical hardware is at its disposal
3. Types of Hypervisor. There are two types of Hypervisor :-
(a) Type 1 or baremetal Hypervisor.
(b) Type 2 or hosted Hypervisor(on top of existing OS).
4. Type 1 or Bare Metal Hypervisor.
(a) A Type 1 hypervisor is a layer of software installed directly on top of a
physical server and its underlying hardware. Since no other software runs
between the hardware and the hypervisor, it is also called the bare-metal
hypervisor.
(b) This hypervisor type provides excellent performance and stability since
it does not run inside Windows or any other operating system. Instead, it is a
simple operating system designed to run virtual machines. The physical
machine on which the hypervisor runs on serves virtualization purposes only.
(c) Type 1 hypervisors are mainly found in enterprise environments.
e.g Xen, VMWare vSphere with ESX/ESXi, Microsoft Hyper-V
5. Type 2 or Hosted Hypervisor.
(a) Type 2 hypervisors run inside the physical host machine's operating
system, which is why they are called hosted hypervisors.
(b) Unlike bare-metal hypervisors that run directly on the hardware, hosted
hypervisors have one software layer in between. The system with a hosted
hypervisor contains :-
(i) A physical machine.
 (ii) An operating system installed on the hardware (Windows, Linux,
mac OS).
(iii) A type 2 hypervisor software within that operating system.
(iv) Guest virtual machine instances.
(c) Type 2 hypervisors are typically found in environments with a small
number of servers.
(d) They do not need a management console on another system to set up
and manage virtual machines. Everything is performed on the server with the
hypervisor installed, and virtual machines launch in a standard OS window.
(e) Hosted hypervisors also act as management consoles for virtual
machines. Any task can be performed using the built-in functionalities.
e.g Oracle VM VirtualBox, VMWare Workstation Pro/ VMware Fusion, Windows
Virtual PC
6. Conclusion. Hypervisors are essential in the world of technology. They are
often used to lower operational costs, test systems, develop applications, and run
various servers.

Q3 (b)
Ans 3 (b)
1. Introduction. A threat is an illegal activity that can cause damages, such as
loss of information and data corruption to a cloud provider organisation
2. Types of Threats. There are three types of threats :-
(a) Unintentional or accidental threats.
(b) Natural Events.
(c) Intentional threats.
3. Unintentional or accidental threats.
(a) It is an activity that occurs accidentally and its occurrence is not
dependent on any entity.
(b) It can occur due to exposure of confidential information or unauthorised
modification of information.
e.g – accidental loss of CD/ DVD/ HDD containing classified information,
Leaving the system unattended after logging in to server and thereby exposing
the system to theft of info etc
4. Physical or Natural threats.
(a) Physical threats come from things like bombs, fires, and floods.
(b) They can damage your computer or corrupt your information. Physical
threats can also cause injuries.
 E,g – Damage to Firewall due to short circuit rendering the firewall unusable
and entire network exposed, Damage of Network attached Storage due to fire
thereby having loss of data etc.
5. Intentional Threats.
(a) The activity has been intentionally performed.
(b) The entity has performed the activity with an aim to violate security of
the computer system and network.
e.g. Traffic Eavesdropping, Malicious Intermediary, Denial of Service,
Virtualisation Attack, Virus, Malware, Trojans etc
6. Conclusion. Security in cloud is of utmost importance irrespective of the cloud
architecture being used by the organisations. Cybersecurity is a growing concern for
businesses of all sizes. Unfortunately, there’s no one-size-fits-all answer when it
comes to managing cyber risks, as the risk posed by different types of attacks will vary
greatly.