Cloud Computing: Security, Applications, and Infrastructure

Challenges in Cloud Computing

1. Security and Privacy: The security and privacy of information are the biggest challenges to cloud computing. These issues can be overcome by employing encryption, security hardware, and security applications.

2. Portability: Applications should be easily migrated from one cloud provider to another.

3. Interoperability: An application on one platform should be able to incorporate services from other platforms.

4. Computing Performance: Data-intensive applications on the cloud require high network bandwidth, which results in high cost.

Customer Relationship Management (CRM)

CRM stands for Customer Relationship Management. It is software hosted in the cloud so that users can access information using the internet. CRM software provides a high level of security and scalability to its users and can be easily used on mobile phones to access data. Nowadays, many business vendors and service providers are using these CRM software to manage resources so that users can access them via the internet. Moving business computation from desktop to the cloud is proving a beneficial step in both IT and non-IT fields. Some major CRM vendors include Oracle Siebel, Mothernode CRM, Microsoft Dynamics CRM, Infor CRM, SAGE CRM, and NetSuite CRM.

Enterprise Resource Planning (ERP)

ERP is an abbreviation for Enterprise Resource Planning. It is software similar to CRM that is hosted on cloud servers, helping enterprises manage and manipulate their business data as per their needs and user requirements. ERP software follows a pay-per-use methodology. At the end of the month, the enterprise pays the amount as per the cloud resources utilized. There are various ERP vendors available, like Oracle, SAP, Epicor, SAGE, Microsoft Dynamics, Lawson Software, and many more.

Multifactor Authentication (MFA)

MFA methods include:

  1. Knowledge Factor: This typically refers to a password or PIN that only the user knows.
  2. Possession Factor: This involves a physical device like a security token or a virtual token generated by an authentication app on a smartphone.
  3. Inherence Factor: This uses biometric authentication methods such as fingerprint, facial recognition, or voice recognition.
  4. Behavior Factor: This involves behavioral biometrics like keystroke patterns or mouse movement.
  5. Location Factor: This leverages location-based authentication, such as IP address or GPS coordinates.

Virtual Desktop Infrastructure (VDI)

Virtual Desktop Infrastructure (VDI) is defined as the hosting of desktop environments on a central server. It is a form of desktop virtualization, as the specific desktop images run within virtual machines (VMs) and are delivered to end clients over a network. Those endpoints may be PCs or other devices, like tablets or thin client terminals. In modern digital workspaces in which numerous apps must be accessed on-demand, VDI facilitates secure and convenient remote access that helps boost employee productivity. Furthermore, it enables a consistent experience across multiple devices.

VDI Components

  1. Virtualization
  2. Hypervisor
  3. Connection Broker: A software program that connects users to desktop instances.

Testing Under Control

Cloud-based testing uses cloud-based tools to emulate real-world user traffic and environments. It can be applied for testing cloud, web, and installed applications. Providers of cloud testing services and tools offer test environments that can be configured according to the application’s requirements. In addition, cloud testing has given rise to Testing as a Service (TaaS), which allows organizations to outsource their testing efforts. TaaS can be used for overall software testing as well as for conducting specialized types of testing such as performance, security, or functional testing.

Security as a Service (SECaaS)

A business model called SECaaS, or Security as a Service, offers security to IT companies on a subscription basis. A superior security platform is provided by the outsourced approach, which lowers the total cost of ownership than the business could supply on its own. With the use of cloud computing, security for the company is maintained by an outside party. Many enterprises rely on security services for the necessary computational and storage resources to run their websites and apps. SECaaS is inspired by the “Software as a Service (SaaS)” model as applied to implement security services and doesn’t need on-premises hardware, avoiding substantial capital outlays. These security services typically embody authentication, antivirus, anti-malware/spyware, intrusion detection, penetration testing, and security event management, among others.

Identity and Access Management (IAM)

Identity and Access Management (IAM) security is a critical component of total IT security since it maintains digital identities and user access to an organization’s data, systems, and resources. In simple terms, IAM is a framework of business processes and technologies that regulates the management of digital or electronic identities. Information technology (IT) administrators can regulate user access to critical data within their organizations by implementing an IAM architecture. Identity and access management is a method to determine who a user is and what they are permitted to do.

Real-Life Case Study

Healthcare Provider Data Breach: A healthcare provider experienced a data breach where unauthorized individuals accessed sensitive patient information. The investigation revealed that the breach occurred due to weak password policies and a lack of multi-factor authentication.

Grid Computing

Grid Computing can be defined as a network of computers working together to perform a task that would be difficult for a single machine. All machines on that network work under the same protocol to act as a virtual supercomputer. The tasks that they work on may include analyzing huge datasets or simulating situations that require high computing power. Computers on the network contribute resources like processing power and storage capacity to the network. Grid Computing is a subset of distributed computing, where a virtual supercomputer comprises machines on a network connected by some bus, mostly Ethernet or sometimes the Internet.

EC2 Renting

  1. Choose an Instance Type: Select a virtual server with the appropriate CPU, memory, and storage capacity for your needs.
  2. Select an Operating System: Choose from a variety of operating systems like Linux, Windows, etc., to run on your instance.
  3. Launch Your Instance: Start your virtual server with a few clicks.
  4. Access Your Instance: Connect to your instance remotely to manage it as if it were a physical server.
  5. Pay-as-You-Go: Pay only for the resources you consume, making it a cost-effective solution.

Cloud Security Challenges

  1. Data Breaches: Data breaches are a top cloud security concern. Many data breaches have been attributed to the cloud over the past years.
  2. Misconfigurations: Cloud assets are vulnerable to attack if set up incorrectly.
  3. Insecure APIs: CSP UIs and APIs that customers use to interact with cloud services are some of the most exposed components of a cloud environment.
  4. Limited Visibility: Cloud visibility has long been a concern of enterprise admins.

SSH Without Password

Yes, Secure Shell (SSH) keys allow you to identify and connect to an SSH server without needing to enter a password. To use SSH keys, you first generate a key pair on your local machine. The public key is a string of characters that can be shared with the remote server, while the private key must be kept secret. Once the public key is added to the authorized_keys file on the server, you can connect to the server without entering a password.

Provisioning

Cloud provisioning is a key feature of the cloud computing model, relating to how a customer procures cloud services and resources from a cloud provider. The growing catalog of cloud services that customers can provision includes Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS) in public or private cloud environments.

Types of Provisioning

  1. Advanced Provisioning: The customer signs a formal contract of service to the cloud provider.
  2. Dynamic Provisioning: Cloud resources are deployed flexibly to match a customer’s fluctuating demands.
  3. User Self-Provisioning: Also called cloud self-service, the customer buys resources from the cloud provider through a web interface or portal.

Block and File-Level Virtualization

Block-Level

High Performance: Excellent for applications requiring fast, random data access due to direct block access, resulting in low latency.

Disadvantage:

Complexity: Requires more technical expertise to manage due to the lack of a hierarchical file system.

File-Level

Ease of Use: Simple to manage with a familiar hierarchical file system, making data access and organization straightforward.

Disadvantage:

Lower Performance: Can experience performance bottlenecks for applications requiring high I/O rates due to the overhead of file system operations.

OS Virtualization

Operating system-based virtualization refers to an operating system feature in which the kernel enables the existence of various isolated user-space instances. The installation of virtualization software also refers to operating system-based virtualization. It is installed over a pre-existing operating system, and that operating system is called the host operating system. In this virtualization, a user installs the virtualization software in the operating system of his system like any other program and utilizes this application to operate and generate various virtual machines. Here, the virtualization software allows direct access to any of the created virtual machines to the user.

Resiliency

Resiliency is the ability of a server, network, storage system, or an entire data center to recover quickly and continue operating even when there has been an equipment failure, power outage, or other disruption. Data center resiliency is a planned part of a facility’s architecture and is usually associated with other disaster planning and data center disaster-recovery considerations such as data protection. The adjective resilient means having the ability to spring back. Data center resiliency is often achieved through the use of redundant components, subsystems, systems, or facilities.

Disaster Recovery

Cloud disaster recovery (CDR) is simple to configure and maintain, as opposed to conventional alternatives. Companies no longer ought to waste a lot of time transmitting data backups from their in-house databases or hard drives to restore after a tragedy. Cloud optimizes these procedures, decisions correctly, and information retrieval. Cloud Disaster Recovery (CDR) is based on a sustainable program that provides you recover safety functions fully from a catastrophe and offers remote access to a computer device in a protected virtual world.

Bare System Architecture

Bare system architecture, also known as bare-metal architecture, is a computer architecture that allows applications to run without an operating system or centralized kernel. A host architecture, often referred to as a “virtualized server,” involves using virtualization technology to create multiple virtual machines (VMs) on a single physical server. A hypervisor, a software layer, manages the allocation of physical resources to these virtual machines.

Applications of Cloud Computing

1. ECG Analysis

Healthcare is a field where information technology has found many applications. The analysis of the shape is used to identify arrhythmias, and it is the most common way of detecting heart diseases. The full form of ECG is Electrocardiogram. At the same time, doctors can instantly be notified with cases that need their attention. The respective information is transmitted to the patient’s mobile device that will immediately forward to the cloud-hosted web services for analysis.

QeHBmue2w0E0OP0ixTK01+IoV+iWIBHIsutTf739gfLSuWPcpWeUAAAAABJRU5ErkJggg==

2. Protein Structure Prediction

  1. Proteins are large molecules consisting of amino acids which our bodies and the cells in our bodies need to function properly.
  2. Our body structures, functions, the regulation of the body’s cells, tissues, and organs cannot exist without proteins.
  3. Our muscles, skin, bones, and many other parts of the body contain significant amounts of protein.
  4. Protein accounts for 20% of total body weight.

ouwN7q4n8P8DpqQ6ff0kh+wAAAAASUVORK5CYII=

Cloud Governance

Cloud Governance is a set of rules. It applies specific policies or principles to the use of cloud computing services. The aim of this model is to secure applications and data. The best Cloud Governance solutions include People, Processes, and technology. It basically refers to the decision-making processes, criteria, and policies involved in the planning, architecture, deployment, operation, implementation, operation, and management of a Cloud computing capability.

Third-Party Cloud Services

Third-party cloud services are provided by companies that offer cloud computing services but do not own or operate their own infrastructure. Instead, they rent or lease computing resources from major cloud providers like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

  1. Amazon Web Services (AWS): AWS is a secure cloud service platform provided by Amazon.
  2. Microsoft Azure: Microsoft Azure is also known as Windows Azure. It supports various operating systems, databases, programming languages, and frameworks that allow IT professionals to easily build, deploy, and manage applications through a worldwide network.
  3. Google Cloud Platform: Google Cloud Platform is a product of Google. It consists of a set of physical devices, such as computers, hard disk drives, and virtual machines.

Features of Azure Cloud

  1. Scalability: Azure offers seamless scalability, allowing you to easily adjust your computing resources to meet fluctuating demands.
  2. High Availability: Azure ensures high availability and reliability through redundant data centers and automatic failover mechanisms.
  3. Enhanced Security: Azure prioritizes security with advanced features like encryption, access controls, and threat protection.
  4. Hybrid Cloud Capabilities: Azure seamlessly integrates with your on-premises infrastructure, enabling a hybrid cloud approach.

QeHBmue2w0E0OP0ixTK01+IoV+iWIBHIsutTf739gfLSuWPcpWeUAAAAABJRU5ErkJggg==

Google App Engine (GAE)

Google App Engine is mostly used to run Web applications. These dynamic scales as demand change over time because of Google’s vast computing infrastructure. Because it offers a secure execution environment in addition to a number of services, App Engine makes it easier to develop scalable and high-performance Web apps. Google’s applications will scale up and down in response to shifting demand. Cron tasks, communications, scalable data stores, work queues, and in-memory caching are some of these services.

Market-Based Management of the Cloud

Market-based management of the cloud refers to the use of market mechanisms and economic principles to manage the allocation, pricing, and consumption of cloud computing resources. It involves applying market-based principles to optimize resource allocation, promote efficiency, and enhance the overall performance of the cloud.

Cloud Security Architecture

A cloud security architecture, also sometimes called a “cloud computing security architecture,” is defined by the security layers, design, and structure of the platform, tools, software, infrastructure, and best practices that exist within a cloud security solution. A cloud security architecture provides the written and visual model to define how to configure and secure activities and operations within the cloud, including such things as identity and access management methods and controls to protect applications and data, approaches to gain and maintain visibility into compliance, threat posture, and overall security, processes for instilling security principles into cloud services development and operations, policies, and governance to meet compliance standards, and physical infrastructure security components.

Vision of Cloud Computing

  1. We have seen how far Cloud computing has progressed in the short time since its initiation. Now let’s have a look on what may become of Cloud computing technology in the future.
  2. Cloud computing will become even more prominent in the coming years with the rapid, continued growth of major global cloud data centers.
  3. 50% of all IT will be in the cloud within the next 5-10 years.
  4. Data for companies and personal use will be available everywhere in standardized formats, allowing us to easily consume and interact with one another at an even greater level.
  5. The total global cloud computing spend will reach $241 Billion in 2021.

Cloud Adoption and Rudiments

Cloud Adoption is a strategic move by organizations of reducing cost, mitigating risk, and achieving scalability of database capabilities. Cloud adoption may be up to various degrees in an organization, depending on the depth of adoption. In fact, the depth of adoption yields insight into the maturity of best practices, enterprise-ready cloud services availability. Organizations that go ahead with the strategic decision of adopting cloud-based technologies have to identify potential security thefts and controls, required to keep the data and applications in the cloud secured.

Fault Tolerance

Fault tolerance in cloud computing is creating a blueprint for continuous work when some components fail or become unavailable. It assists businesses in assessing their infrastructure needs and requirements, as well as providing services if the relevant equipment becomes unavailable for whatever reason. The capacity of an operating system to recover and recognize errors without failing can be managed by hardware, software, or a mixed approach that uses load balancers. As a result, fault tolerance solutions are most commonly used for mission-critical applications or systems.

Aneka

Aneka is an agent-based software product that provides the support necessary for the development and deployment of distributed applications in the cloud. In particular, it enables to beneficial utilize numerous cloud resources by offering the logical means for the unification of different computational programming interfaces and tools. By using Aneka, consumers are in a position to run applications on a cloud structure of their making; and efficiency and effectiveness are not being compromised.

Virtualization Security

Virtualization security is software which refers to the implementation of security measures and policies within a virtual environment or infrastructure, such as virtual machines, servers, and networks. It involves using software-based security solutions that can monitor and protect these virtual systems from threats and attacks, much like physical security does for traditional hardware-based environments. This approach allows for more flexible and scalable security management in cloud and virtualized data centers.

Types of Cloud Computing

Public Cloud

Public cloud is open to all to store and access information via the Internet using the pay-per-usage method.

Private Cloud

Private cloud is also known as an internal cloud or corporate cloud. It is used by organizations to build and manage their own data centers internally or by a third party. It can be deployed using open-source tools such as OpenStack and Eucalyptus.

Hybrid Cloud

Hybrid Cloud is a combination of the public cloud and the private cloud. Hybrid cloud is partially secure because the services which are running on the public cloud can be accessed by anyone, while the services which are running on a private cloud can be accessed only by the organization’s users.

Community Cloud

Community cloud allows systems and services to be accessible by a group of several organizations to share the information between the organization and a specific community. It is owned, managed, and operated by one or more organizations in the community, a third party, or a combination of them.

Comparing Cloud Solutions for Research

Nimbus is the best cloud solution for research purposes because it was designed for scientific applications and has an efficient job scheduler.

  1. Nimbus: Designed for scientific applications, Nimbus has a simple client that allows scientists to provision virtual machines. It also has an efficient job scheduler.
  2. Eucalyptus: A good choice for researchers and private cloud providers because of its extensibility and quick installation. Eucalyptus aims to mimic Amazon EC2.
  3. OpenNebula: Focuses on a highly customizable private cloud. OpenNebula is an open-source cloud solution that can be used to build a production cloud.

Secure Cloud Software Requirements

  1. Authentication and Authorization: Use identity and access management (IAM) to ensure that only authorized users and devices can access cloud data and workloads.
  2. Encryption: Use encryption to protect data from theft, loss, and unauthorized access.
  3. Monitoring and Reporting: Use tools to continuously monitor activities and events and provide real-time security alerts.
  4. Network Security: Use perimeter defenses like firewalls, intrusion detection and prevention systems (IDPS), and virtual private networks (VPNs) to prevent unauthorized access.

Cloud Computing Business Process Management

Cloud computing business process management is the use of (BPM) tools that are delivered as software services (SaaS) over a network. Cloud BPM business logic is deployed on an application server and the business data resides in cloud storage. The discipline of managing processes as the means for improving business performance outcomes and operational agility. Processes span organizational boundaries, linking together people, information flows, systems, and other assets to create and deliver value to customers and constituents.

Groupware

Groupware in cloud computing refers to a category of software applications that facilitate collaboration and information sharing among a group of people working towards a common goal, where all the software and data are hosted on a remote cloud server, allowing access from anywhere with an internet connection; essentially, it’s a suite of tools like calendars, document sharing platforms, messaging systems, and workflow management systems that enable teams to work together effectively, regardless of their physical location, all accessible through the cloud.

Cloud Federation Stock

Cloud federation stock refers to shares in a company that provides or facilitates cloud federation services, meaning they enable organizations to connect and manage multiple cloud services from different providers as a single, unified computing environment, allowing for greater flexibility and resource utilization across various cloud platforms.

VLAN and VSAN

VLAN

  1. VLAN stands for Virtual Local Area Network.
  2. VLAN is defined as a logical partitioning of a physical network into multiple virtual networks, each with its own broadcast domain.
  3. VLAN is used to segment a network and improve its performance, management, and security.

VSAN

  1. VSAN stands for Virtual Storage Area Network.
  2. VSAN has defined as a logical partitioning of a physical storage area network into multiple virtual storage area networks where each can set its own storage resources and policies.
  3. VSAN is used to improve management, scalability, and storage efficiency.

ouwN7q4n8P8DpqQ6ff0kh+wAAAAASUVORK5CYII=

Data Security in the Cloud

In the Cloud, data security is managed through a combination of measures including encryption at rest and in transit, robust access controls (like Identity and Access Management – IAM), regular security monitoring, data redundancy across multiple servers, and strict policies to limit who can access sensitive information, all while relying on the cloud provider’s own robust physical and virtual security infrastructure to protect the data from unauthorized access and breaches.

Confidentiality

Confidentiality in cloud computing refers to the protection of sensitive data from unauthorized access, disclosure, or use. It ensures that only authorized individuals can view and process sensitive information. This is achieved through various security measures such as data encryption, access controls, secure communication protocols, regular security audits, and data loss prevention.

Integrity

Integrity in cloud computing refers to the assurance that data remains accurate and complete throughout its lifecycle. It ensures that data is not altered, corrupted, or destroyed without authorization. To maintain data integrity, cloud providers employ various techniques such as data validation, checksums, and digital signatures.

Authenticity

Authenticity refers to the process of verifying the identity of a user, device, or system attempting to access cloud resources, ensuring that only authorized entities can gain access and preventing unauthorized access by confirming that they are who they claim to be; essentially, it’s the practice of proving someone’s true identity in a digital environment, often achieved through credentials like usernames and passwords, to safeguard sensitive data and systems.

Cloud Offering

Cloud offerings are the various services provided by cloud computing platforms that enable businesses to leverage computing resources without the need for significant upfront investment in hardware and infrastructure.

Satellite Image Processing

Satellite Image Processing is an important field in research and development and consists of the images of earth and satellites taken by means of artificial satellites. Firstly, the photographs are taken in digital form and later are processed by computers to extract information. Statistical methods are applied to the digital images, and after processing, the various discrete surfaces are identified by analyzing the pixel values.

Gene Expression

  1. The disease caused by an uncontrolled division of abnormal cells in a part of the body.
  2. A malignant growth or tumor resulting from such a division of cells.
  3. Cancer is a term used for diseases in which abnormal cells divide without control and can invade other tissues.
  4. Gene expression analysis is a process of analyzing hundreds and thousands of genes at a time.

Social Networks

Social network platforms have rapidly changed the way that people communicate and interact. They have enabled participation in digital communities as well as the representation, documentation, and exploration of social relationships. I personally believe that as “apps” become more sophisticated, it will become easier for users to share their own services, resources, and data via social networks.