Background on the terminology

Maybe you have heard about the term “Cloud Computing” but you wandering what’s it about and how it become such a hot topic in IT. Cloud computing is a bit of a catch-all term which can mean different things to different people and sometimes (wrongly) used by marketing departments. 

Cloud computing is in nature very conceptual. Some vendors use the term interchangeably with the term “distributed computing.” Others substitute it for the term “utility computing” or “hosted computing.” Others use it when they mean a type of web service. When you pin point it down, cloud computing is really a mix of all those phrases with each their own character. 

In general Cloud Computing is a type of computing, comparable to grid computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. The goal of cloud computing is to apply traditional supercomputing, or high-performance computing power, normally used by military and research facilities, to perform tens of trillions of computations per second, in consumer-oriented applications such as financial portfolios or even to deliver personalized information, or power immersive computer games. To do this, cloud computing networks large groups of servers, usually those with low-cost consumer PC technology, with specialized connections to spread data-processing chores across them. This shared

IT- infrastructure contains large pools of systems that are linked together. Often, virtualization techniques are used to maximize the power of cloud computing.

For an alternative definition, The Gartner Group defines cloud computing as, “A style of computing where massively scalable (and elastic) IT-related capabilities are provided as a service to external customer using Internet technologies.”

When you look closer at the term cloud computing and the way it’s currently being used, you can make a distinction between "cloud services" and "cloud computing." Cloud services  are "consumer and business products, services and solutions that are delivered and consumed in real-time over the Internet." In contrast, Cloud computing is the infrastructure or "stack" for development and deployment that enables the "real-time delivery of products, services, and solutions over the Internet."

 So if you put all these things together you get the following services (based on an article of infoworld)

1. 1. Utility computing 
2. 2. SaaS (Software as a Service)
3. 3. PaaS (Platform as a service)
4. 4. TaaS  (Testing as a service)
5. 5. Web services in the cloud
6. 6. Internet integration
7. 7. MSP (managed service providers)
8. 8. Service commerce platforms

All the above named services have the following in common:

• Offsite: you don’t own the IT resources, rather someone  else has purchased them and you use them when needed;  
• Assembled virtually: virtualization technology allows multiple customer applications to be run on the system or on a machine;
• On demand: the resource can be turned on or off quickly and as needed;
• Pay-per-use: use as needed, the economic model is OpExand not CapEx, pay for what you need, not for unneeded capacity;
• Shared workloads: scale economies exist because of shared use and because client traffic may be non-correlated from a time of year or day usage perspective;
• Massive scale: access to extremely large infrastructure that would be challenging to build as a single entity

Services that cloud computing has to offer

In the next paragraph I will explain the different services and organizations that offer these cloud (related) services.

Utility computing 

The idea is not new, but it had a rebirth after Amazon web services, Sun, IBM, and the others who now offer storage and virtual servers that IT can access on demand. Early enterprise adopters mainly use utility computing for supplemental, non-mission-critical needs, but one day, they may replace parts of the datacenter.  

The most obvious impediment to deployment addressed by utility computing is the need to provision and configure hardware again and again. Depending on the development methodology used, the size of the application and the level of desired redundancy, a single application may be integrated with hardware as many as six times. Every integration cycle inevitably introduces errors and they must be found and corrected. Utility computing eliminates continuous rebuilding of infrastructure. The needed infrastructure is defined along with the application in a portable format and the utility system creates that infrastructure dynamically every time the application is started.

However, that’s only the tip of the iceberg. Significant impact on development will come from more subtle changes in workflow enabled by the fact application infrastructure is portable and can be deployed multiple times at minimal cost. The developers can run actual copies of the full application to unit test their code. Eliminating simulation environments improve developer efficiency and increase the number of bugs found and fixed by the developers themselves. Test engineers can also use the application infrastructure even before the code is complete in order to build test suites. During the test cycle, multiple copies of the application can be run to reduce the duration of the cycle. Utility computing also makes different forms of testing levels more efficient by allowing cheap simple testing environments. Using utility computing enables developers and test engineers to focus on their core skills rather than worrying about hardware. The result is a more productive, streamlined process for taking applications to production.

Currently there are a number of big players that can offer you almost everything,  Amazon Web Services (AWS), Go Grid, AppNexusetc. etc.

SaaS

Short term for Software as a Service, is a software delivery method that provides access to software and its functions remotely as a Web-based service to thousands of customers using a multitenant architecture. SaaS allows organizations to access business functionality at a cost typically less than paying for licensed applications, since SaaS pricing is based on a monthly fee. Because the software is hosted remotely, users don't need to invest in additional hardware. SaaS removes the need for organizations to handle the installation, set-up and often daily upkeep and maintenance. Software as a Service may also be referred to as simply hosted applications. Salesforce.com is by far the best-known example among enterprise applications, but SaaS is also common for HR apps and has even worked its way up the food chain to ERP, with players such as Workday.
And who could have predicted the sudden rise of SaaS "desktop" applications], such as Google Appsand Zoho Office?

Platform as a service (PaaS)

Delivers Cloud computing development environments as a service. Developers can use tools and testing tools as a service on someone else's data center, building and refining their applications and services. In the end they can even put them through some “real world” performance testing, before going into production and use. We've seen a great deal of interest by the developers in using Amazon's Web services (Elastic Compute Cloud (EC2)) for PaaS. Like Google App Engine (Python) or Salesforce.com (Apex Code), these services are constrained by the vendor's design and capabilities, so you don't get complete freedom, but you do get predictability and pre-integration. 

We've also seen a lot of action and interest from Microsoft and even IBM. The new kid on the block these days will be become Windows Azure but currently we don’t have the insight what they are going to offer.

Testing as A Service (TaaS)

Is yes again an new SaaS variation, this form of Cloud computing delivers testing capabilities as a service. Customers can deliver their testing activities to a external supplier, how will the testing activities perform for a new build application. The customer can use tools and testing apparatus as a service on someone else's data center before going into production and use. This way it’s easier and cheaper for customers to use specialists tooling. Prime examples include such as uTest and Sogeti. Both offer customers a commercial on-demand testing services with a flexible payment method. 

Sogeti is using his own qualified personal to find defects where uTest's model (TaaS) is using a social network of testers to help companies test their applications. Customers of uTest in need of on-demand software testing can instantly create a account, testing budget, and create and post a release cycle for testing by the uTester Community. They offer two pricing models. An on-demand and annual subscription. Both options use a pay-for-performance and pay-per-bug model. In the last model the tester initially specifies the severity of each bug, it’s the customer who sets the final severity, and makes the approve/reject decision for any bug. This is what establishes the price for each approved bug.  

The Sogeti model (Named STaaS, Testing Software as a Service) is created around the T-map mythology and is more official of nature. You will find a complete set of processes to take care of the governance of a test line. Example; you are not able to create instantly a account to arrange your application to be tested, but work with agreement on a strategic level regarding contracts and SLA. At this level there is a responsibility for setting up the contracts and SLA etc. etc.

If you are one of the larger companies that need more insight on the quality of the testing and security that not everyone is looking new application this model offers a lot of opportunities.

One semi TaaS provider I don’t want to neglect is http://userfix.com. This free and and open source Social feedback hub is the place where you can log defects found for any website currently on the web. It has a wide scale of defects, for every test level you can think about.

Web services in the cloud

Is closely related to software a service in that way vendors offer small pieces of code, known as APIs (application programming interfaces) that enable software developers to provide smaller applications over the Internet, instead of larger, more complex applications. Rather than a single organization maintaining libraries of APIs for every and any language their develops might use, different vendors can provide a range of APIs for discrete business services -- such as Strike Ironand Xignite-- to the full range of APIs offered by Google Maps, ADP payroll processing, Bloomberg, and even conventional credit card processing services.

A lot of people directly look at SOA and web services as two similar things but this is not true. Web services are the preferred standards-based way to realize SOA (architectural style for building software applications). Web services in the cloud are applications that be connected by APIs by using the internet.

Currently there are not many suppliers who are offering full web services for an online test solution. The only company that’s able to help with the testing is http://litmusapp.com. They are able to give the customer a compatibility report for websites.

I think that we see a growing market, when test management or tooling companies deliver their application online and the developer is able to integrate by using the API’s testing capabilities within his application. The next step will be that tooling around .NET, Java/ J2EEwill delivered online and customers will use this to validate technologies like SunOne, WSDL, XML, SOAP, UDDI.

Internet integration

Internet integration of cloud-based services is in its early days. OpSource, which mainly concerns itself with serving SaaS providers, recently introduced the OpSource Services Bus, which employs in-the-cloud integration technology from a little startup called Boomi AtomSphereSM.  OpSource Connect unifies SaaS applications in the “cloud” with legacy enterprise applications behind the corporate firewall. The OpSource Services Bus (OSB) is a multitenant enterprise services bus that provides a “write-once, integrate with all” capability for SaaS applications and Web services. The OSB allows applications to consume Web services, to integrate with other OSB applications, and to integrate with third-party, non-OSB applications.

SaaS provider Workday recently acquired another player in this space, CapeClear, an ESB (enterprise service bus) provider that was edging toward b-to-b integration. Way ahead of its time, Grand Central – who wants to be a universal "bus in the cloud" to connect SaaS providers and provide integrated solutions to customers.

FUSE ESB is one of the potentials for bringing SOA to unserved and underserved markets (such as smaller businesses and nonprofit organizations). In essence, people who don't have the budget for SOA solutions and consultants. SOA has been a part and parcel of high-margin business for vendors, but the time for market disruption may be here. Open source solutions may pave the way for this shift towards this new generation of commoditized SOA deployments.

The background of these “internet integration by Service” is, because organization will use more Web services mash up’s with data coming from multiple locations. In the end customers don’t care if the data is coming from the desktop or from a Web services call. They just want it to be secure and compliant. So we are helping our customers solve problems.

Managed service providers

This is one of the oldest forms of IT-services on the internet. It’s managed service is basically an application exposed to the cloud rather than to end-users. You can think about  a virus scanning service for e-mail or an application monitoring service. When you look closely to this service it’s something that is outsourced to someone else to develop it for you and all you have to do when it’s completed is to implemented into your own package.  Think of Google’s purchase of Youtubein which Google video has been rubbed out because Youtube did it better with video sharing. Or managed security services delivered by SecureWorks, IBM and Verizon, fall into this category, as do such cloud-based anti-spam services as Postini, recently acquired by Google.

Service commerce platforms

Is a hybrid of SaaS and MSP and better known as e-commerce. This cloud computing service offers a service hub that users or companies interact with. They're most common in trading environments, such as expense management systems that allow users to order travel or secretarial services from a common platform that then coordinates the service delivery and pricing within the specifications set by the user. But it all depends on what your selling and all that stuff. But either way what would take hours to set up a e-commerce site. Your cutting down the time and on top of that your connecting a lot of other e-commerce related services as well.  Such as airplane tickets, car rentals and a hotel reservations. Companies like Best Buy, Walmart benefit especially because they don’t have to maintain thousands of products of various sizes and prices. Well-known examples include Rearden Commerceand Ariba.

As described the next web solution is coming to us shortly. Microsoft’s Software-plus-services (S+S) is designed around Azure Services Platform. They are describing that it will bring together the best of cloud-based, hosted services and the software that resides on a variety of devices to provide flexible and effective solutions. This model is based on the premise that we need flexibility in the way which they access services and IT departments need the flexibility to decide which workloads they are most comfortable moving to the cloud and which are better left on-premise. 

Today companies around the world are implementing Microsoft technologies to take advantage of the best combination of on-premise software and cloud-based services. Using Microsoft Online Services, businesses including Coca-Cola Enterprises, Blockbuster and Energizer access and manage Microsoft Exchange, SharePoint, Office Live Meeting etc.  over the Web through a single secure infrastructure. In addition, 1 million people rely on Office Live Workspace for sharing and collaborating with friends, family, and colleagues.

Risks

It’s true these clouds services are build flexible but in the end they depend on network connectivity and normal hardware (servers, switches etc) which can fail like everything in daily live. They must withstand escalating (internal & external) security threats. And, upstart providers must build a strong customer base in order to survive financially. Failures in any of these areas could result in disruptions to a subscriber’s access to the online application which can adversely affect its ability to do business.  

According to analyst firm Gartner, customers need to ask tough questions  and consider getting a security assessment from a neutral third party, before committing to a cloud vendor.  Says Gartner  in a June report titled “Assessing the Security Risks of Cloud Computing.” Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery and privacy and an evaluation of legal issues in areas such as e-discovery, regulatory compliance and auditing,” Gartner says (Compare security products).

Therefore, it is imperative that subscribers put the right safeguards in place to mitigate these risks. A technology escrow agreement is a proven mechanism for protecting the investment which organizations make in software applications. It ensures that if something goes wrong and the provider cannot fulfill their promise of delivering their application. If you look around on the internet,  we see that there is a growing concern that mainstream adoption of cloud computing could present a mixture of privacy and ownership issues, with users potentially being locked out of their own files or customer data gets in the wrong hands.

In this article I’ve focused on 2 areas (privacy, legal) to understand which risks there are and how customers can deal with these treats. 

Privacy

These day’s we are using more and more free web applications such as e-mail, word processing, spreadsheets and storage. These applications are hosted "in the cloud"--in other words, on a server somewhere in the world that’s not yours. Users access these programs through the Web in a format that allows for easy data sharing. The side effect of using these applications and store data with programs hosted on someone else's hardware is that you lose a degree of control over your (sensitive)  information. The responsibility for protecting that information from hackers and internal data breaches then falls into the hands of the hosting company rather than the individual user or within the company internal surroundings.

The concept of handing sensitive data to another company worries many people and companies. Is data held somewhere in the cloud as secure as data protected in user-controlled computers and networks? Privacy and security can only be as good as its weakest link. Cloud computing increases the risk that a security breach may occur. there is also a growing concern around the world as to whether personal information about individuals stored may be accessed by law enforcement bodies, particularly under anti-terrorism legislation such as the USA PATRIOT Act.

If a corporate or public sector customer uses a cloud computing service for purposes such as managing its e-mail system, it is quite possible that e-mails sent or received by individuals within the organization will be stored in the U.S. or another country.  Government investigators trying to subpoena information could approach that company without informing the data's owners. Some companies could even willingly share sensitive data with marketing firms. So there is a privacy risk in putting your data in someone else's hands. Obviously, the safest approach is to maintain your data under your own control.

In theory at least, such e-mail could be accessed by law enforcement bodies in that country, possibly without the knowledge of the persons affected. The reason behind this lies in the USA in the two types of legislation “Constitutional rights/legislation”- which are stronger then the Statutory rights/legislation. In practice, to intercept the same email kept on your home computer (as opposed to in the Cloud) the government law enforcement authorities need to show probable causesince the data is kept within the premises of you home/company and protected by Constitutional rights. If the same piece of data is kept “in the Cloud”, then the law enforcement authorities need only a Court orderwhich is relatively easier to get. The solution is to anonymous and encrypt the data online so that it cannot be 'released' without the user's permission.

The security of data stored by Web companies is a question that users need to consider after a number of recent events. In 2006, AOL released the search terms of 650,000users to researchers on a public web page. Microsoft and Yahoo!last year released some search data to the U.S. Department of Justicein a child pornography case. Yahoo was lambastedin Congress for giving the Chinese governmentthe e-mail information of dissident journalist Shi Tao, who was later sentenced to a 10-year prison term. Another concern is the rise in cybercriminal intrusions and companies losing data also pose problems for cloud computing. Last year, for instance, retailer TJX  lost 45 million credit cardnumbers to hackers and the British government misplaced 25 million taxpayer records.

Does all this mean that users have to give up on Web applications for the sake of security? No, but the users of one of these cloud services must be aware of the risk and the possible impact on their organization or personal live.

For more information on the privacy implications of cloud computing, check the following report articles:

1.    Ann Cavoukian: “Privacy in the Clouds” -- A White Paper on Privacy and Digital Identity: Implications for the Internet.

2.    Robert Gellman wrote the World Privacy Forum's report on cloud computing (Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing).

3.    Bruce Schneierwrote the article Do You Know Where Your Data Are?

Legal

The technological possibilities of cloud computing could meet its nemesis in the form of national regulations and issues around legal jurisdiction.

These day’s a lot of countries are looking at the internet and the way it’s contributing to their national tax income. How is this going to work for, example, a reservation program for the European market located in the VS. Currently every European country has got its own tax rules and what about sales tax because your applications are hosted in the VS?

The cloud computing trend also gives rise to concerns about whether rights holder will be in a position to enforce their intellectual property rights when computing resources are used for the unauthorized distribution of video, music or other content, and the location of the infringing activity may be difficult to determine.

Finally, there is the broader issue of which courts will have jurisdiction to deal with any wrongful activity such as the posting of defamatory content on storage devices located in one jurisdiction, where the customers or any affected third parties may be located in other jurisdictions. The whole point is that it isn't confined to one box, one building, or even one country.

Philip Nolan, partner at leading business law firm Mason Hayes+Curran, was speaking at an event organized by the Irish Software Association(ISA). He told the public the following:

“Although cloud computing is all about providing services remotely from what might appear to be global ‘cloud’, that cloud is still going to be subject to national regulations. The companies building the massive server farms that are going to support this cloud are going to have to think in terms of jurisdiction and so, in terms of location.” (check the PowerPoint slides)

** This article is written based information that is freely available on in the Cloud. If you have any comment on the material, please contact the administrator.