CLOUD COMPUTING

Sarah Hoff Jeffrey Jewett Michele Saenz Andrew Schatzberg

Table of Contents
Introduction .............................................................................................................................................. 3 What is Cloud Computing? ................................................................................................................... 4 Software as a Service (SaaS) ................................................................................................................................ 4 Utility Computing ..................................................................................................................................................... 5 Web Services in the Cloud..................................................................................................................................... 5 Platform as a Service ............................................................................................................................................... 5 Managed Service Providers (MSP) .................................................................................................................... 5 Service Commerce Platforms............................................................................................................................... 5 Business Applications of Cloud Computing ................................................................................... 6 Opportunities for Business ................................................................................................................................... 7 Changes in the Business Climate ........................................................................................................................ 7 Obstacles and Opportunities of Cloud Computing ...................................................................... 8 Business Continuity and Service Availability................................................................................................ 9 Data Lock-In............................................................................................................................................................. 10 Data Transfer Bottlenecks ................................................................................................................................. 11 Bugs in Large-Scale Distributed Systems .................................................................................................... 11 Data Confidentiality/Security .......................................................................................................................... 11 Software Licensing ................................................................................................................................................ 13 Reputation Fate Sharing ..................................................................................................................................... 13 Other obstacles to consider ............................................................................................................................... 14 Conclusion............................................................................................................................................... 15 References .............................................................................................................................................. 16

Introduction
The competitive nature of todays global business environment demands resourcefulness and innovation in all areas of business. At the forefront of modern corporate strategy is the notion of leading with Information Technology (I.T.). By its own merits, I.T. is not a replacement for strategy. However, when combined with effective processes and competent decision-making, it is possible to gain a substantial competitive advantage. Everyone in I.T. knows their industry is one of continuous change; it is simply a fact of life. In order to stay competitive, all I.T. professionals must keep their education current and constantly infuse their skill sets with new techniques to accommodate fresh technologies. As a result, the entire industry is hardwired to be skeptical of game-changers. The typical response is to learn the new technology, implement it, and move on with life. However, once in a long while, a groundbreaking technology arrives to alter the face of business and information technology beyond recognition. Today, that technology is cloud computing. Most everyone has heard of cloud computing; most are even utilizing cloud based applications, but few actually know what it means or how it works. While cloud computing has become a diverse strategic direction for the future of web-based computing, it is important to truly understand the technology for corporate preparedness. Cloud computing has become the catalyst for technological outsourcing and will have an impact on all industries from healthcare to education to business services. The broad reach of cloud computing is evident, but long-term cost benefits and business applications have yet to be realized. Regardless, being able to access I.T. resources on demand, similar to a utility, is likely to drive costs down. The companies that can embrace this technology stand to gain on their competitors. However, there are concerns and risks in any technology, and it is crucial to be prudent when choosing a provider and transitioning to cloud computing. In order to help facilitate a better understanding of cloud computing, the following paper discusses what cloud computing is, how it can be applied to business, and some of the obstacles and opportunities

that must be taken into consideration when a business is considering implementing cloud-based technology.

What is Cloud Computing?

So, what is cloud computing? According to Cornells Information Technology Department, cloud computing can be defined as the delivery of scalable I.T. resources over the Internet, as opposed to hosting and operating those resources locally. The concept, although revolutionary, is fairly simple, but the applications are nearly infinite. So by definition, resources like Gmail (web based email), Facebook (social networking), and Blackboard (educational software) are just a few of the many types of services that are in the cloud. Looking beyond the novelty software of mass consumerism, major cloud-based applications known as Software As a Service (SaaS) such as SalesForce (CRM), Basecamp (Project Management), and Evernote (Document Management) are reshaping the way small to mid-sized businesses operate. As Cornells I.T. Department puts it: The list of potential services is almost endless and covers virtually every area of information technologies, including those at the top of the stack such as course management and administrative systems; those in the middle such as hardware and software provisioning, disaster recovery, back-up, and data storage; and those down at the network level including Internet service and bandwidth. The idea of cloud computing as simply a resource hosted online has been contested by many analysts and vendors who feel that the definition is too broad, and takes away from the real innovation. These skeptics, according to InfoTech.com consider cloud computing as an upgraded version of utility computing, whereby virtual servers and resources are made available over the Internet. Although there are mixed messages about how to properly define this phenomenon, InfoTech.com defines six types of cloud-based applications and resources that can be agreed upon. Software as a Service (SaaS) Provides a single application online, keeping the cost down, and allows for seamless updates as all users are using the same source code (Knorr, 2011). Although plugin applications are available, users are 4

not able to change the software. This type of service allows companies to eliminate the investment in infrastructure and begin utilizing the services with little to no upfront cost. Great examples of this are Google Apps and SalesForce.com. Utility Computing This type of cloud computing allows individuals and businesses to get access to virtual servers, storage, or resources on demand. The scale of this use could be as small as a few gigabits of disk space to entire datacenters in the cloud. Companies such as Amazon and IBM offer these types of resources. Companies like SpotCloud provide a means for companies with excess resources to sell these resources through the cloud to other customers who could use them. Web Services in the Cloud Although very similar to SaaS, Web service providers offer APIs that enable developers to exploit functionality over the Internet, rather than delivering full-blown applications, (Knorr, 2011). These services are constrained by the limitations that the vendors place on their APIs. Platform as a Service Again, this is a service similar to SaaS, providing an application which creates a virtual platform for development. Essentially developers are able to plugin and create programs or applications on these platforms (Knorr, 2011). Managed Service Providers (MSP) This cloud-based service, an application used in monitoring of backend applications and processes, is designed for the I.T. team instead of being designed for the traditional end user (Knorr, 2011). Services such as Google Analytics, Spam Filters, and desktop management applications all fall into this category. Service Commerce Platforms This cloud-based platform is essentially a hybrid of SaaS and MSP, which offers a service hub that users interact with. The platform integrates with multiple vendors and services in order to create a central

location where a user can handle multiple tasks with one common interface and architecture (Knorr, 2011). Although each application can be used for many purposes, there are benefits which they all have in common. First, by utilizing cloud-based applications companies can simplify their network and resources and switch to online services. Second, leveraging the broad reach of cloud computing business users can reduce costs and better share information, due to the accessibility of the internet. Finally, since many applications can be connected, users can more easily share information across platforms. With so many applications for cloud computing and even the experts arguing over what cloud computing is, it is no wonder that people are still confused about cloud computing. Regardless, one thing is clear cloud computing is not going away anytime soon. Today we consider cloud computing any applications, services, [or resources] offered over the Internet but we will have to wait and see how it evolves (Tech Terms, 2011). Since these services are offered from data centers all around the world (Tech Terms, 2011) the possibilities are endless and the metaphoric cloud is ever expanding.

Business Applications of Cloud Computing

Traditionally, companies spend exorbitant amounts of money to develop I.T. infrastructure that is functional, powerful, reliable, secure, and in-house. Even individual consumers seek to have their own personal machines capable of handling all their processing and data storage needs. However, cloud computing will soon render all of that obsolete. Imagine the competitive advantage one firm would have over another if they did not have the costly burden of I.T. infrastructure hanging over their heads. All of their computing could be done through thin clients that use cloud computing on an as needed basis, much like a utility. And imagine how much more cash the average consumer would have if they didnt have to buy a computer every 18 months. The implications of cloud computing are almost beyond measure.

Opportunities for Business

According to David Plummer (Gartner, 2008) managing Vice President and Gartner fellow, the commoditization and standardization of technologiesvirtualization and the rise of service-oriented software architectures, and most importantly the dramatic growth in popularity of the Internet, have created a climate rich with opportunities for major change in the I.T. industry. These trends represent a shift in the relationship between vendors and consumers that will allow them to concentrate more on what they want out of an I.T. service and less on the format it is provided in. Cloud computing services can include processing, storage, software as a service (SaaS), and will grow in near future to encompass nearly all I.T. functions performed in a traditional manner by traditional infrastructure. However, there are doubts about the differing levels of maturity of vendors, each with their own specialty offerings in cloud computing. The following quote from Plummer (Gartner, 2008) sums it up: When organizations cross the threshold between the Internet as a communications channel and the deliberate delivery of service over the Internet, then we truly start to head for an economy based on consumption of everything from storage to computation to video to finance deduction management.

Changes in the Business Climate

Despite all of the speculation, the real results of this new phenomenon are concrete and hard to ignore. Don Hinchcliffe (2009) identifies several ways that cloud computing will affect business. First and foremost, the cloud platform has allowed for the creation of a new generation of products and services. Many ideas that were once thought impossible can now be offered in a quality format for an extremely competitive price. Limitations imposed by the cost of I.T. resources are fading into oblivion as cloud computing enables businesses with the utmost degree of scalability. These new opportunities are reshaping not just product lines, but also business models. For example, CRM software has traditionally been installed on a companys hardware and operated locally, but SaaS firms, such as Salesforce.com, offer cloud-based CRM services that are functional, scalable, highly integrative, and require nothing more than an internet connection. Furthermore, the advent of cloud computing has turned many companies into I.T. service providers. The most prominent examples are Google and Amazon, who have not conventionally been thought of in that way. However, with innovations such as Gmail, GoogleDocs, and Amazon Cloud 7

Drive, they are carving out a significant market share and leaving some heavy footprints. This is all contributing to a newfound acceptance (and perhaps even an appetite) for I.T. innovation and experimentation that will soon be the norm for successful companies. Another broad-reaching impact of cloud computing is the dwindling necessity of in-house I.T. personnel. As more and more services are outsourced (especially SaaS), companies simply will not need as much help from their I.T. departments, because they will be able to find their own solutions. Smaller infrastructure means less I.T. people to keep it running. The reductions in cost could lead to more in investment in research and development, marketing, or any number of revenue-generating pursuits. Finally, the adoption of cloud-based technologies will eventually become atactical necessity. At the moment, firms are still testing the waters and cautiously incorporating new cloud computing services. However, once they are able to move into full implementation and realize the sheer cost-cutting benefits, their competitors will be unable to ignore that a once strategic advantage has become a tactical necessity. Although the cloud computing industry is still young, there is a plethora of services available. CIO magazine (Brodkin, 2009) identifies a handful of cloud computing companies to keep our eyes on. High up in the list are Amazon with the Elastic Compute Cloud and Simple Storage Services, AT&T with Synaptic, Enomaly with SpotCloud (a cloud resource marketplace), Google with GoogleApps, and Microsoft with Azure. Additionally, websites like Cloudtrip.com list cloud services that people find, use, post, and vote on, such as JumboTask, Brix, and cronsync. Amidst the hubbub about cloud computing, one thing is for sure: it will revolutionize I.T., business, and fundamentally change the way we live our lives.

Obstacles and Opportunities of Cloud Computing

Although the benefits of cloud computing such as cost containment and scalability are alluring, company executives need to realize that even a somewhat relatively small move to the cloud is the beginning of a large strategic change for an organization. According to Goodburn and Hall (2010), companies need a governance model and strategy for evaluating, selecting and deploying cloud

technologies, no matter how insignificant those technologies appear to be. It also means, from the outset, the organizations board of directors and senior leadership must be involved in the decision-making process. This decision-making process needs to include a review and/or an analysis of the obstacles and the opportunities to overcome these obstacles when implementing cloud technology. Armbrust et al (2010) identify ten obstacles to cloud computing and opportunities to overcome these obstacles. These obstacles and opportunities are shown in the table below and some will be explored in greater depth. Table 1: Top 10 obstacles to and opportunity for growth of cloud computing Obstacle Opportunity 1 Availability and business continuity Use multiple cloud providers Data lock-in Standardize APIs; compatible software to 2 enable surge or hybrid cloud computing 3 Data confidentiality and audit-ability Deploy encryption, VLANs, firewalls Data transfer bottlenecks FedExing disks; higher bandwidth 4 switches Performance unpredictability Improved virtual machine support; flash 5 memory; gang schedule virtual machines 6 Scalable storage Invent scalable storage Bugs in large distributed systems Invent debugger that relies on distributed 7 virtual machines Scaling quickly Invent auto-scaler that relies on ML; 8 snapshots for conservation Reputation fate sharing Offer reputation-guarding services like 9 those for email 10 Software licensing Pay-for-use licenses
Source: Armbrust et al; Association for Computing Machinery, April 2010

Business Continuity and Service Availability

Businesses need to be assured that computing services will be continually available in order to perform critical business functions. An interruption in cloud service can certainly affect a businesss bottom line especially in todays interconnected, wired economy. From a technical standpoint, most businesses want a robust cloud computing system available at their fingertips with no worries that there will ever be a disruption in service. With the likes of Google Search as the model of availability, cloud vendors have their work cut out for them in providing this ondemand availability; and businesses need to do their homework on how the vendor assures continuity of 9

service. Armbrust et al (2010) suggest that cloud vendors could offer different service-level agreements which provide customers with the availability they need to compute. But they then go on to say that businesses that use only one cloud computing service dont align with the computing communitys mantra no single point of failure. Tisnovsky (2010) suggests that in times of heavy cloud usage and constraints, low-level users may get bumped from the cloud because they pay fewer fees for the service. Non-technical issues such as a cloud provider going out of business, regulatory issues, and inadequate back-up and restore practices performed by the cloud provider can also disrupt business operations (Armbrust et al, 2010; Tisnovsky, 2010). Regardless if problems are technical or non-technical in nature, customers may want to consider using multiple cloud computing providers to avoid business interruptions (Armbrust, 2010). In addition, customers want to make certain that their contractual agreements address being able to get access to their data should the cloud vendor go out of business or is purchased and for data redundancy across multiple sites (Tisnovsky, 2010).

Data Lock-In
The cloud increases the risk of data lock-in. This lock-in, or in other words portability, prevents customers from moving data and code from one cloud to another or back to the enterprise. This can be an important obstacle for businesses to consider when evaluating moving to the cloud. Because there are many differences between platforms, applications and operating systems, rewrites of code and reworking of data is necessary. Armbrust et al (2010) believe that, application program interfaces (APIs) should be standardized in such a way that a SaaS developer could deploy services and data across multiple cloud computing providers so that the failure of a single company would not take all copies of a customers data with it. This standardization of APIs would allow surge computing allowing an application to transition between a private and public cloud.

10

In contrast, Linthicum (2009) believes that there will always be a trade-off even with established standards. He believes that companies need to focus more on leveraging the inherent features in cloud applications rather than on portability. This will allow companies to be the best that they can possibly be on that particular platform.

Data Transfer Bottlenecks

As the world of I.T. continues to evolve and grow so does the data. According to Armbrust et al (2010) both cloud users and cloud providers need to consider the transfer of data at every level of the system if they want to minimize costs. The authors note that in order for companies to alleviate the high cost of internet data transfers for large delay tolerant point-to-point transfers, they may want to consider shipping data disks as opposed to bottlenecking the internet.

Bugs in Large-Scale Distributed Systems

Removing errors in large-scale distributed systems is a challenge and requires correction in production data centers because these errors, or bugs, usually cant be reproduced in smaller configurations. An opportunity may be to rely on virtual machines (VMs) to debug since VMs offer potent mechanisms for efficient management of networked utilities, and also provide a means to capture information in ways that are unlikely without VMs (Armbrust et al, 2010).

Data Confidentiality/Security
Security is the most often reason I.T. executives and CIOs give for not adopting a cloud services model (Armbrust et al, 2010; Subashini & Kavitha, 2011) because of the number of players in the cloud such as the cloud user, cloud vendor and any third-party vendors that users would use for securitysensitive software or configurations. Challenges such as SQL (structured query language) interjection, issues related to data verification, issues with third-parties having control of the data, and data loss and theft are just a few issues that businesses need to consider when looking at the cloud-based business model. Subashini & Kavitha (2011) show just how complex the security risks are in a cloud environment; and this security risk complexity is shown in Figure 1 below. 11

Source: Subashini, S., Kavitha, V.; Journal of Network and Computer Applications (2011)

Virtualization is the main method businesses use for security in todays cloud environment. It is powerful and can protect against most attacks. Nevertheless, Armbrust et al (2010) state, Not all resources are virtualized and not all virtualization environments are bug free and its possible that some virtualized code can break loose to some extent there is also a problem with incorrect network virtualization. All these predicaments are not exclusive to cloud environments but still need to be considered. An alternate technique of assuring security is seen in a company called Quadron Data Solutions. This company believes that customer records and transactions can be safely put in the cloud to the tune of 30 million records per day which includes customer, transaction and revenue information for eight million customer accounts. The firms chief executive, David Fetter says, We've really nailed security and I can honestly say we've passed the audits of the biggest firms with flying colors. The secret to this companys success is not only the physical data centers 24/7 guards and a $10 million biometric scanning system that requires employees to scan their whole hand [hands shrink if they arent attached to the body], but also by 12

not using the terminology cloud computing and using the terminology of service bureau instead (SteinertThrelkeld, 2011). Whether it is called cloud computing or not, businesses need to do their homework when considering transitioning to a cloud-based business model. Organizations such as the Cloud Security Alliance (CSA), a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing (CSA, 2009); Open Web Application Security Project (OWASP, 2011), a non-profit organization focused on improving the security of application software; and Open Grid Forum (OGF, 2011), a community of users, developers, and vendors leading the global standardization effort for grid computing, can be tremendous resources when businesses are determining their cloud security solutions.

Software Licensing
The current software license model includes payment for the software upfront, annual license fees and restrictions on the location where the software will run (usually restricted to one computer). This poses a problem because many cloud providers originally relied on open source software because the licensing model for commercial software is not a good match for utility computing. Opportunities to correct this obstacle include continuing with open source or for software companies to change their licensing structure to better fit cloud computing. In fact, Microsoft and Amazon now offer pay-as-you-go software licensing for Windows server and Windows SQL Server on EC2 notes Armbrust, et al (2010).

Reputation Fate Sharing

The bad behavior of one company can have a ripple effect on the reputation of many companies using the same cloud. Armbrust et al (2010) note that creation of reputation-guarding services would help ameliorate this problem. It would also behoove companies to assure that this is addressed in service agreements with cloud providers.

13

Other obstacles to consider

Human capital Business leaders need to have an adventuresome spirit when it comes to cloud computing. If a companys employees dont have the desire to stretch themselves and learn new technologies, then cloud computing can be a difficult challenge to overcome (Schultz, 2009). Employers can lessen this challenge and get buy-in from employees by encouraging and paying for training on new technologies. Standards The National Institute of Standards and Technologys (NIST) most recent version of standards for cloud computing is version 15 (2009) and notes that cloud computing is still an evolving paradigm (NIST Cloud Computing Program, 2011). Although NIST is targeting the end of fiscal year 2011 with issuing the first draft of the USG Cloud Computing Technology Roadmap, businesses need to be vigilant because nongovernmental organizations compliance with NISTs standards is voluntary. Legal Businesses need to consider legal issues such as intellectual property rights which include trade secrets, disaster recovery/business continuity, compliance with laws, audit rights, privacy and information security, privacy and data security for both contractual and regulatory requirements, and e-discovery. Its important that businesses address these issues at the time of contract signing rather than dealing with these issues at the time of litigation. Although there are numerous risks and obstacles in adopting cloud computing technologies, this should not deter businesses from going forward with this groundbreaking technology. According to Goodburn & Hill (2010), Businesses that understand and manage risks and take advantage of business virtualization, will create sustainable competitive advantage, excel at creating new types of value chains and better leverage the value of globalization. If companies are hesitant to jump in with both feet, perhaps deploying noncritical, low-risk applications and services to the cloud is in order while long-term cloud computing strategies are investigated.

14

Conclusion
After evaluating the technical aspects cloud computing, how it can be implemented in business, and the opportunities and obstacles it presents, one can clearly see its broad impact on business. In a complex and ever changing competitive environment it is essential for businesses to capitalize on every advantage possible. Cloud computing is one such advantage. Granted, cloud computing will not solve all of a companys problems. Strategy and processes are first and foremost; however, what cloud computing will do is help implement and streamline these ideas. Todays executives and managers need to understand that this technology is here to stay and it will be an integral part of everyday business. With the advent of cloud computing, capital can be spent on other projects, instead of expensive I.T. infrastructure that will be obsolete in a year. Although this technology is still in its infancy, the possibilities are endless. Companies that leverage cloud technology for their benefit will move ahead of their competition, until cloud computing inevitably becomes a tactical necessity Despite its revolutionary power, cloud computing is not without risk. Like any responsible business decision, research and practicality must be a part of the equation. Security and legal risks are real, but the benefits may far exceed the threats. As the modern business terrain weathers wave after wave of transformations, stalwart firms will emerge as icons of ingenuity, adaptability, and change leadership. The future holds only promise for those who can seize opportunities and capitalize upon them. Cloud computing is the next great frontier and we will soon see its pervasive influences reshape business as we know it.

15

References
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., et al. (2010). A View of Cloud Computing. Communications of the ACM , 50-58. Brodkin, J. (2009, May 18). 10 Cloud Computing Companies to Watch. Retrieved April 13, 2011, from CIO : http://www.cio.com/article/492885/10_Cloud_Computing_Companies_to_Watch?page=3&taxonomyId=3 112 Cloud Trip. (2011, April 14). Cloud Trip. Retrieved April 14, 2001, from Cloud Trip: http://cloudtrip.com/ Cornell University. (2011, March 7). http://www.cit.cornell.edu. Retrieved April 15, 2011, from Cornell University: http://www.cit.cornell.edu/catc/cms/policies/cloud/whatis.cfm CSA. (2009). Retrieved April 10, 2011, from CSA - Cloud Security Alliance: https://cloudsecurityalliance.org/ Gartner. (2008, June 26). Gartner Says Cloud Computing Will Be As Influential As E-business . Retrieved April 14, 2011, from Gartner Newsrooms: http://www.gartner.com/it/page.jsp?id=707508 Goodburn, M., & Hill, S. (2010). The Cloud Transforms Business. Financial Executive , 35-39. Hinchcliffe, D. (2009, June 5). Eight ways that cloud computing will change business. Retrieved April 14, 2011, from ZDNet: http://www.zdnet.com/blog/hinchcliffe/eight-ways-that-cloud-computing-will-changebusiness/488 Knorr, E. (2011, April 15). What Cloud Computing Really Mean. Retrieved April 15, 2001, from Info World: http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031 Linthicum, D. (2009, September 15). Cloud Computing. Retrieved April 9, 2011, from InfoWorld: http://www.infoworld.com/d/cloud-computing/truth-about-lock-in-and-cloud-computing-487 NIST Cloud Computing Program. (2011, April 8). Retrieved April 10, 2011, from NIST: http://www.nist.gov/itl/cloud/index.cfm OGF. (2011, April). Retrieved April 10, 2011, from OpenGridForum: http://www.ogf.org/About/abt_overview.php OWASP. (2011, February 16). Retrieved April 10, 2011, from OWASP - The Open Web Application Security Project: https://www.owasp.org/index.php/Main_Page Schultz, B. (2009, May 18). Cloud Computing: Pros and Cons. Retrieved April 10, 2011, from Network World: http://www.networkworld.com/supp/2009/ndc3/051809-cloud-pro-con.html Steinert-Threlkeld, T. (2011, March 22). Retrieved April 9, 2011, from Information Management Online: http://www.information-management.com/news/cloud_BI_security_storage_service_bureau_SaaS10020006-1.html

16

Subashini, S., & Kavitha, V. (2011). A Survey on Security Issues in Service Delivery Models of Cloud Computing. Journal of Network and Computer Applications , 1-11. Tech Terms. (2011, April 15). Cloud Computing. Retrieved April 15, 2011, from Tech Terms: http://www.techterms.com/definition/cloudcomputing Tisnovsky, R. (2010, November). Risks Versus Value in Outsourced Cloud Computing. Retrieved March 25, 2011, from Financial Executives International: http://www.financialexecutives.org

17