Cloud Computing and Business

Submitted To:Er.Amit K.Bhardwaj Asst. Prof. LMTSOM Thapar Univ.,Patiala

Submitted By:Varun Bakshi (501004069) MBA-2nd Year

Contents
Introduction To Cloud Computing ........................................................................................................... 2 Three cloud service models ........................................................................................................................ 6 Cloud deployment models: ......................................................................................................................... 7 CLOUD ENVIRONMENT ROLES ...................................................................................................................... 8 SPECIFIC CHARACTERISTICS / CAPABILITIES OF CLOUDS .............................................................................. 9 Cloud Computing in Larger Businesses ....................................................................................................... 15 Cloud Computing in Small Business ............................................................................................................ 17 Benefits of Cloud Computing ...................................................................................................................... 18 Some Findings -- Cloud Computing ............................................................................................................. 20 TCSs Service Offerings in Cloud Computing ............................................................................................... 25 CLOUD COMPUTING IN HEALTHCARE INDUSTRY .................................................................................... 30 Cloud technology from Microsoft ............................................................................................................... 32 Cloud ERP .................................................................................................................................................... 35 Ramco OnDemand ERP ......................................................................................................................... 35 Business case for cloud computing ............................................................................................................. 38 Threats to Cloud Computing ....................................................................................................................... 40 How Integrated, Web-Based Software Makes Business More Efficient ..................................................... 44 Business Benefits Of Cloud Computing ....................................................................................................... 46 REFERENCES & SOURCES......................................................................................................................... 47

Introduction To Cloud Computing

The boom in cloud computing over the past few years has led to a situation that is common to many innovations and new technologies: many have heard of it, but far fewer actually understand what it is and, more importantly, how it can benefit them. In an attempt to gain a competitive edge, businesses are increasingly looking for new and innovative ways to cut costs while maximising value especially now, during a global economic downturn. They recognize that they need to grow, but are simultaneously under pressure to save money. This has forced the realisation that new ideas and methods may produce better results than the tried and tested formulas of yesteryear. It is the growing acceptance of innovative technologies that has seen cloud computing become the biggest buzzword in IT. However, before an organisation decides to make the jump to the cloud, it is important to understand what, why, how and from whom. Not all cloud computing providers are the same. The range and quality of services on offer varies tremendously. The increased degree of connectivity and the increasing amount of data has led many providers and in particular data centres to employ larger infrastructures with dynamic load and access balancing.

By distributing and replicating data across servers on demand, resource utilisation has been significantly improved. Similarly web server hosts replicate images of relevant customers who requested a certain degree of accessibility across multiple servers and route requests according to traffic load. However, it was only when Amazon published these internal resources and their management mechanisms for use by customers that the term cloud was publicly associated with such elastic infrastructures especially with on demand access to IT resources in mind. In the meantime, many providers have rebranded their infrastructures to clouds, even though this had little consequences on the way they provided their capabilities.

Cloud computing is an Internet-based way of working where users access applications through a web browser rather than hosting software locally on their own PC. The applications can be very simple, such as web-based email, through to more complex business software such as web-based accounting.
2

a 'cloud' is an elastic execution environment of resources involving multiple stakeholders and providing a metered service at multiple granularities for a specified level of quality (of service).

Cloud computing as a delivery model for IT services is defined by the National Institute of Standards and Technology (NIST) as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

NIST specify five characteristics of cloud computing:

a. On-demand self-service involves customers using a web site or similar control panel interface to provision computing resources such as additional computers, network bandwidth or user email accounts, without requiring human interaction between customers and the vendor. b. Broad network access enables customers to access computing resources over networks such as the Internet from a broad range of computing devices such as laptops and smartphones. c. Resource pooling involves vendors using shared computing resources to provide cloud services to multiple customers. Virtualisation and multi-tenancy mechanisms are typically used to both segregate and protect each customer and their data from other customers, and to make it appear to customers that they are the only user of a shared computer or software application. d. Rapid elasticity enables the fast and automatic increase and decrease to the amount of available computer processing, storage and network bandwidth as required by customer demand. e. Pay-per-use measured service involves customers only paying for the computing resources that they actually use, and being able to monitor their usage. This is analogous to household use of utilities such as electricity

Cloud computing can be visualised as a pyramid consisting of three sections:

Cloud Application
This is the apex of the cloud pyramid, where applications are run and interacted with via a web browser, hosted desktop or remote client. A hallmark of commercial cloud computing applications is that users never need to purchase expensive software licenses themselves. Instead, the cost is incorporated into the subscription fee. A cloud application eliminates the need to install and run the application on the customer's own computer, thus removing the burden of software maintenance, ongoing operation and support.

Cloud Platform
The middle layer of the cloud pyramid, which provides a computing platform or framework as a service. A cloud computing platform dynamically provisions, configures, reconfigures and deprovisions servers as needed to cope with increases or decreases in demand. This in reality is a distributed computing model, where many services pull together to deliver an application or infrastructure request.

Cloud Infrastructure
The foundation of the cloud pyramid is the delivery of IT infrastructure through virtualisation. Virtualisation allows the splitting of a single physical piece of hardware into independent, self governed environments, which can be scaled in terms of CPU, RAM, Disk and other elements. The infrastructure includes servers, networks and other hardware appliances delivered as either Infrastructure Web Services, farms or "cloud centres". These are then interlinked with others for resilience and additional capacity

Three cloud service models

Infrastructure as a Service (IaaS) involves the vendor providing physical computer
hardware including CPU processing, memory, data storage and network connectivity. The vendor may share their hardware among multiple customers referred to as multiple tenants using virtualisation software. IaaS enables customers to run operating systems and software applications of their choice. Typically the vendor controls and maintains the physical computer hardware. Typically the customer controls and maintains the operating systems and software applications. Example IaaS vendor services include Amazon Elastic Compute Cloud (EC2), GoGrid and Rackspace Cloud.

Platform as a Service (PaaS) involves the vendor providing Infrastructure as a Service plus
operating systems and server applications such as web servers. PaaS enables customers to use the vendors cloud infrastructure to deploy web applications and other software developed by the customer using programming languages supported by the vendor. Typically the vendor controls and maintains the physical computer hardware, operating systems and server applications. Typically the customer only controls and maintains the software applications developed by the customer. Example PaaS vendor services include Google App Engine, Force.com, Amazon Web Services Elastic Beanstalk, and the Microsoft Windows Azure platform.

Software as a Service (SaaS) involves the vendor using their cloud infrastructure and cloud
platforms to provide customers with software applications. Example applications include email and an environment for users to collaboratively develop and share files such as documents and spreadsheets. These end user applications are typically accessed by users via a web browser, eliminating the need for the user to install or maintain additional software. Typically the vendor controls and maintains the physical computer hardware, operating systems and software applications. Typically the customer only controls and maintains limited application configuration settings specific to users such as creating email address distribution lists. . Example SaaS vendor services include Salesforce.com Customer Relationship Management (CRM), Google Docs and Google Gmail.
6

Cloud deployment models:

Public cloud involves an organisation using a vendors cloud infrastructure which is shared via
the Internet with many other organisations and other members of the public. This model has maximum potential cost efficiencies due to economies of scale. However, this model has a variety of inherent security risks that need to be considered.

Private cloud involves an organisations exclusive use of cloud infrastructure and services
located at the organisations premises or offsite, and managed by the organisation or a vendor. Compared to the public cloud model, the private cloud model has reduced potential cost efficiencies. If the private cloud is properly implemented and operated, it has reduced potential security concerns. A well architected private cloud properly managed by a vendor provides many of the benefits of a public cloud, but with increased control over security. A managed private cloud may enable enterprise customers to more easily negotiate suitable contracts with the vendor, instead of being forced to accept the generic contracts designed for the consumer mass market that are offered by some public cloud vendors.

Community cloud involves a private cloud that is shared by several organisations with similar
security requirements and a need to store or process data of similar sensitivity. This model attempts to obtain most of the security benefits of a private cloud, and most of the economic benefits of a public cloud. An example community cloud is the sharing of a private cloud by several agencies of the same government.

Hybrid cloud involves a combination of cloud models. An example is using commodity

resources from a public cloud such as web servers to display non-sensitive data, which interacts with sensitive data stored or processed in a private cloud.

CLOUD ENVIRONMENT ROLES

In cloud environments, individual roles can be identified similar to the typical role distribution in Service Oriented Architectures and in particular in (business oriented) Virtual Organisations. As the roles relate strongly to the individual business models it is imperative to have a clear definition of the types of roles involved in order to ensure common understanding. (Cloud) Providers offer clouds to the customer either via dedicated APIs (PaaS), virtual machines and / or direct access to the resources (IaaS). Note that hosts of cloud enhanced services (SaaS) are typically referred to as Service Providers, though there may be ambiguity between the terms Service Provider and Cloud Provider. (Cloud) Resellers or Aggregators aggregate cloud platforms from cloud providers to either provide a larger resource infrastructure to their customers or to provide enhanced features .This relates to community clouds in so far as the cloud aggregators may expose a single interface to a merged cloud infrastructure. They will match the economic benefits of global cloud infrastructures with the understanding of local customer needs by providing highly customized, enhanced offerings to local companies (especially SMEs) and world-class applications in important European industry sectors. Similar to the software and consulting industry, the creation of European cloud partner ecosystems will provide significant economic opportunities in the application domain first, by mapping emerging industry requests into innovative solutions and second by utilizing these innovative solutions by European companies in the global marketplace. (Cloud) Adopters or (Software / Services) Vendors enhance their own services and capabilities by exploiting cloud platforms from cloud providers or cloud resellers. This enables them to e.g. provide services that scale to dynamic demands in particular new business entries who cannot estimate the uptake / demand of their services as yet .The cloud enhanced services thus effectively become software as a service. (Cloud) Consumers or Users make direct use of the cloud capabilities as opposed to cloud resellers and cloud adopters, however, not to improve the services and capabilities they offer, but to make use of the direct results, i.e. either to execute complex computations or to host a flexible data set. Note that this involves in particular larger enterprises which outsource their inhouse infrastructure to reduce cost and efforts.

SPECIFIC CHARACTERISTICS / CAPABILITIES OF CLOUDS

Since clouds do not refer to a specific technology, but to a general provisioning paradigm with enhanced capabilities, it is mandatory to elaborate on these aspects. There is currently a strong tendency to regard clouds as just a new name for an old idea, which is mostly due to a confusion between the cloud concepts and the strongly related P/I/SaaS paradigms but also due to the fact that similar aspects have already been addressed without the dedicated term cloud associated with it. This section specifies the concrete capabilities associated with clouds that are considered essential (required in any cloud environment) and relevant (ideally supported, but may be restricted to specific use cases). We can thereby distinguish non-functional, economic and technological capabilities addressed, respectively to be addressed by cloud systems. Non-functional aspects represent qualities or properties of a system, rather than specific technological requirements. Implicitly, they can be realized in multiple fashions and interpreted in different ways which typically leads to strong compatibility and interoperability issues between individual providers as they pursue their own approaches to realize their respective requirements, which strongly differ between providers. Non-functional aspects are one of the key reasons why clouds differ so strongly in their interpretation.

Economic considerations are one of the key reasons to introduce cloud systems in a business environment in the first instance. The particular interest typically lies in the reduction of cost and effort through outsourcing and / or automation of essential resource management. As has been noted in the first section, relevant aspects thereby to consider relate to the cut-off between loss of control and reduction of effort. With respect to hosting private clouds, the gain through cost reduction has to be carefully balanced with the increased effort to build and run such a system. Obviously, technological challenges implicitly arise from the non-functional and economical aspects, when trying to realize them. As opposed to these aspects, technological challenges typically imply a specific realization even though there may be no standard approach as yet and deviations may hence arise. In addition to these implicit challenges, one can identify additional technological aspects to be addressed by cloud system, partially as a pre-condition to realize some of the high level features, but partially also as they directly relate to specific characteristics of cloud systems.
9

NON-FUNCTIONAL ASPECTS
The most important non-functional aspects are:

Elasticity is an essential core feature of cloud systems and circumscribes the capability of the
underlying infrastructure to adapt to changing, potentially non-functional requirements, for example amount and size of data supported by an application, number of concurrent users etc. One can distinguish between horizontal and vertical scalability, whereby horizontal scalability refers to the amount of instances to satisfy e.g. changing amount of requests, and vertical scalability refers to the size of the instances themselves and thus implicit to the amount of resources required to maintain the size. Cloud scalability involves both (rapid) up- and downscaling. Elasticity goes one step further, tough, and does also allow the dynamic integration and extraction of physical resources to the infrastructure. Whilst from the application perspective, this is identical to scaling, from the middleware management perspective this poses additional requirements, in particular regarding reliability. In general, it is assumed that changes in the resource infrastructure are announced first to the middleware manager, but with large scale systems it is vital that such changes can be maintained automatically.

Reliability is essential for all cloud systems in order to support todays data centre-type
applications in a cloud, reliability is considered one of the main features to exploit cloud capabilities.Reliability denotes the capability to ensure constant operation of the system without disruption, i.e.no loss of data, no code reset during execution etc. Reliability is typically achieved through redundant resource utilisation. Interestingly, many of the reliability aspects move from a hardware to a software-based solution. (Redundancy in the file systems vs. RAID controllers, stateless front end servers vs. UPS, etc.).

Quality of Service support is a relevant capability that is essential in many use cases where
specific requirements have to be met by the outsourced services and / or resources. In business cases, basic QoS metrics like response time, throughput etc. must be guaranteed at least, so as to ensure that the quality guarantees of the cloud user are met.
10

Agility and adaptability are essential features of cloud systems that strongly relate to the
elastic capabilities. It includes on-time reaction to changes in the amount of requests and size of resources, but also adaptation to changes in the environmental conditions that e.g. require different types of resources, different quality or different routes, etc. Implicitly, agility and adaptability require resources (or at least their management) to be autonomic and have to enable them to provide self-capabilities.

Availability of services and data is an essential capability of cloud systems and was actually
one of the core aspects to give rise to clouds in the first instance. It lies in the ability to introduce redundancy for services and data so failures can be masked transparently. Fault tolerance also requires the ability to introduce new redundancy (e.g. previously failed or fresh nodes) in an online manner non-intrusively (without a significant performance penalty). With increasing concurrent access, availability is particularly achieved through replication of data /services and distributing them across different resources to achieve load-balancing. This can be regarded as the original essence of scalability in cloud systems.

ECONOMIC ASPECTS
In order to allow for economic considerations, cloud systems should help in realising the following aspects:

Cost reduction is one of the first concerns to build up a cloud system that can adapt to
changing consumer behaviour and reduce cost for infrastructure maintenance and acquisition. Scalability and Pay per Use are essential aspects of this issue. Notably, setting up a cloud system typically entails additional costs be it by adapting the business logic to the cloud host specific interfaces or by enhancing the local infrastructure to be cloud-ready.

Pay per use The capability to build up cost according to the actual consumption of resources is
a relevant feature of cloud systems. Pay per use strongly relates to quality of service support, where specific requirements to be met by the system and hence to be paid for can be specified. One of the key economic drivers for the current level of interest in cloud computing is the structural change in this domain. By moving from the usual capital upfront investment model to
11

an operational expense, cloud computing promises to enable especially SMEs and entrepreneurs to accelerate the development and adoption of innovative solutions.

Improved time to market is essential in particular for small to medium enterprises that want to
sell their services quickly and easily with little delays caused by acquiring and setting up the infrastructure,in particular in a scope compatible and competitive with larger industries. Larger enterprises need to be able to publish new capabilities with little overhead to remain competitive. Clouds can support this by providing infrastructures, potentially dedicated to specific use cases that take over essential capabilities to support easy provisioning and thus reduce time to market. Return of investment (ROI) is essential for all investors and cannot always be guaranteed in fact some cloud systems currently fail this aspect. Employing a cloud system must ensure that the cost and effort vested into it is outweighed by its benefits to be commercially viable this may entail direct (e.g. more customers) and indirect (e.g. benefits from advertisements) ROI. Outsourcing resources versus increasing the local infrastructure and employing (private) cloud technologies need therefore to be outweighed and critical cut-off points identified. Going Green is relevant not only to reduce additional costs of energy consumption, but also to reduce the carbon footprint. Whilst carbon emission by individual machines can be quite well estimated, this information is actually taken little into consideration when scaling systems up. Clouds principally allow reducing the consumption of unused resources (down-scaling). In addition, up-scaling should be carefully balanced not only with cost, but also carbon emission issues. Note that beyond software stack aspects, plenty of Green IT issues are subject to development on the hardware level.

12

TECHNOLOGICAL ASPECTS
The main technological challenges that can be identified and that are commonly associated with cloud systems are:

Virtualisation is an essential technological characteristic of clouds which hides the technological complexity from the user and enables enhanced flexibility (through aggregation, routing and translation). More concretely, virtualisation supports the following features:

Ease of use: through hiding the complexity of the infrastructure (including management, configuration etc.) virtualisation can make it easier for the user to develop new applications, as well as reduces the overhead for controlling the system. Infrastructure independency: in principle, virtualisation allows for higher interoperability by making the code platform independent. Flexibility and Adaptability: by exposing a virtual execution environment, the underlying infrastructure can change more flexible according to different conditions and requirements (assigning more resources, etc.). Location independence: services can be accessed independent of the physical location of the user and the resource. Multi-tenancy is a highly essential issue in cloud systems, where the location of code and / or data is principally unknown and the same resource may be assigned to multiple users (potentially at the same time). This affects infrastructure resources as well as data / applications / services that are hosted on shared resources but need to be made available in multiple isolated instances. Classically, all information is maintained in separate databases or tables, yet in more complicated cases information may be concurrently altered, even though maintained for isolated tenants. Multitenancy implies a lot of potential issues, ranging from data protection to legislator issues.

Security, Privacy and Compliance is obviously essential in all systems dealing with potentially sensitive data and code.

13

Data Management is an essential aspect in particular for storage clouds, where data is flexibly distributed across multiple resources. Implicitly, data consistency needs to be maintained over a wide distribution of replicated data sources. At the same time, the system always needs to be aware of the data location (when replicating across data centres) taking latencies and particularly workload into consideration. As size of data may change at any time, data management addresses both horizontal and vertical aspects of scalability. Another crucial aspect of data management is the provided consistency guarantees (eventual vs. strong consistency, transactional isolation vs. no isolation, atomic operations over individual data items vs. multiple data times etc.).

APIs and / or Programming Enhancements are essential to exploit the cloud features: common programming models require that the developer takes care of the scalability and autonomic capabilities him- / herself, whilst a cloud environment provides the features in a fashion that allows the user to leave such management to the system.

Metering of any kind of resource and service consumption is essential in order to offer elastic pricing, charging and billing. It is therefore a pre-condition for the elasticity of clouds. Tools are generally necessary to support development, adaptation and usage of cloud services.

14

Cloud Computing in Larger Businesses

Major companies are increasingly seeking Cloud computing and exploring the development of private Clouds. While obviously mindful of potential pitfalls, anecdotal evidence suggests that many would embrace Cloud computing solutions for data storage and retrieval they could trust. It is fair to say that the Task Force discussed a wide range of large business responses to the emergence of Cloud computing. The rapid development of a wide range of Cloud service providers within Australia certainly implies an escalating demand from both public and private sector users. While some large businesses are moving quickly into the use of Cloud computing, others -- including some of the banks -- are proceeding cautiously at this stage. This is partly a response to the unsettled nature of the market for Cloud computing (including the absence of widely adopted standards), combined with concerns about the potential reputational risks which could arise if something goes wrong with client data in the Cloud. Indeed, several of the major banks have recently been calling for more work on the establishment of Cloud computing standards to ensure that they are able to retain control of any outsourced IT. This is particularly related to the question of vendor lock-in.

Banks operate in a complex regulatory framework regarding their handling of customer data, with the various privacy acts being a major consideration. However, such legislation does not pose the primary barrier - the wider question of customer trust remains the stumbling block. Customers have to trust their financial institution, which in turn should not expose their customers to unnecessary risk. The scope of bank services is far wider than merely financial transactions however, and customer relationship management is an area thought amenable to Cloud computing. It was noted that the Australian Prudential Regulation Authority (APRA) has been counseling caution in the adoption of Cloud computing.

Legal advice offered to one major banking concern regarding the possible use of Cloud computing focused on privacy considerations and the US Governments Patriot Act, and allowed for a range of options including asking customers to opt-in to the scheme. The failure of any Cloud-based arrangements could risk the reputation of the company and questions of confidentiality, reliability and security remain. Domestically-based Clouds are considered more
15

secure than international Clouds, but service providers must build trust with their banking clients, just as banks must earn the trust of their customers regarding the handling of their financial assets.

Unfortunately, contracts with Cloud providers have proved difficult to negotiate with insufficient protections for privacy, data backups and data segregation offered by vendors. The business model of Cloud service providers tends not to intersect with the more conservative framework that banks must adhere to. Vendors tend to offer a promise of 'best endeavours' to maintain services, rather than actually guaranteeing the continuity and security of provision demanded of them. Pitfalls experienced with other much-hyped revolutions in computing and the internet have underlined this tendency towards caution. The use of IT outsourcing raised similar considerations, for instance, and many problems were encountered with its deployment. The colocation of data in Cloud computing solutions also poses new challenges and creates the perception of new risk asymmetries.

16

Cloud Computing in Small Business

Small business will embrace Cloud computing to reap the cost savings promised by vendors, but in many instances may be ill prepared to do so in an informed and considered fashion. Government could therefore play a useful role in raising awareness and educating the small business community about the possibilities of Cloud computing, as well as its possible risks. The potential of Cloud computing to solve a firms specific problems could be demonstrated through the generation of practical scenarios which could also examine issues which might arise regarding privacy and security. Public seminars, workshops and concept exercises might also prove useful in helping small and medium enterprises understand Cloud technology. Cloud computing can offer a much wider set of solutions than simply aggregated data services. It facilitates new ways of collaborating and working and can drive increases in productivity as well as saving costs. It allows information and communications capacity to be bought as needed, offering flexibility and innovation to businesses which wish to free themselves of expensive and cumbersome in-house IT solutions. Cloud developments could also encourage employment by reducing IT start-up costs for small businesses.

Secondary brokerage is a growing market, with infrastructure aggregators becoming a major factor in the market. Cloud computing allows identities to be obscured online to an even greater degree than before, with small organisations able to appear much larger than they are, and vice versa. This has obvious risks as well as potential for small players to penetrate larger markets.

17

Benefits of Cloud Computing

Depending upon the implementation, Cloud computing promises compelling efficiency, cost and scaling advantages delivering:

Lower upfront costs: When introducing a new application, the cost of hardware and of software licenses are currently a major concern, but Cloud services allow the subscriber to pay the provider for usage alone, avoiding the need for up-front expenditure and allowing costs to be spread over time and managed more closely.

Reduced financial risk: If a Cloud-based application proves unsuccessful for whatever reason, or its use within the business is for a limited time, it can be discontinued without the retention of useless infrastructure. The user also avoids the financial risk of technological obsolescence.

Faster time to market (agility): It typically takes several months to achieve successful implementation of a traditional application, but Cloud applications can be deployed and scaled within days or hours.

No capital expense: Cloud computing allows the user to pay for ICT as a service when consumed, turning capital expenses into operating (variable) costs.

Lower operational expense: Given economies of scale, high levels of automation and selfservice, Cloud providers can usually offer ICT services at a significantly lower cost than individual organisations can deliver themselves.

Clear ICT value for businesses: ICT has always struggled to demonstrate its value to businesses, and there has been a seemingly constant disconnect between ICT spending and the perception of value it delivers. Cloud computing provides a direct connection between ICT spending and value similar to domestic spending on phone bills or electricity.

18

Innovation: Cloud computing can offer an almost infinite ICT sandpit for experimentation and innovation at low risk, low operating cost and with no capital expenditure. Experiments in the Cloud can be rapidly scaled up or abandoned depending on how they turn out.

Access to expanded expertise: Given their economies of scale, Cloud providers can afford to offer more specialised services and deeper expertise in advanced security techniques, application performance optimization, tailored user support and business continuity services than many in house ICT departments.

Sustainability: Most providers of Cloud services are facing pressure from consumers and governments to utilise facilities that consume less energy. There is a growing trend towards locating large data centres in locations where renewable energy is available.

Continuous enhancements: Instead of facing occasional, disruptive and costly upgrades of ICT, the Cloud can deliver incremental improvements and enhancements on a continuous basis.

Decreased downtime and delays (improved resilience): Since Cloud workloads can be spread across many facilities, and even across different Clouds, redundant applications can be used to avoid downtime. In addition, data distribution strategies can help address disaster recovery and business continuity issues. Larger Cloud providers can also afford to build hardened facilities with reserve power supplies and cooling equipment.

Standardisation: Over time, the use of Cloud services is likely to drive standardisation among users which in turn facilitates the simplification and alignment of business processes, yielding further savings and enabling the scaling of processes within an enterprise.

19

Some Findings -- Cloud Computing

Preferred channels for cloud services

Source: EY survey Cloud adoption in India, 2010 The stated preference of enterprises to buy cloud IaaS services from IT service providers or data center service providers could mean that the cloud computing idea becomes central to these service providers portfolios. Equipment vendors should recognize and respond to this possibility. For data center providers, cloud IaaS services may prove to be a more profitable source of revenue as compared to their existing service/product mix. IT service providers looking to leverage the cloud IaaS opportunity should form alliances with third-party data center service providers or invest in building their own infrastructure. Data center service providers and IT system integrators also need to play a pivotal role in bringing the ecosystem together to demonstrate commitment to security, service-level agreement (SLA) adherence and complete support at every layer of the cloud service model.
20

Scalability,Capacity and speed are key benefits of cloud.

MNC responses to our survey support the evolution model from traditional IT infrastructure provisioning to cloud-based infrastructure services, As shown in above figure 76% of MNCs surveyed rated scalability of capacity and matching capacity to fluctuating demand as the most beneficial attributes of cloud services. Speed of access to such services came in a close third, but all of the major benefits of cloud computing were recognised by the MNC respondents as such. The benefits of cloud in industry-specific contexts were also recognised by our respondents. Finance and insurance firms emphasized scalability of capacity (44%) and improved employee productivity (50%), unsurprising in an industry with such highly valuable employee 'capital'. Retail sector respondents cited scalability and matching capacity to demand (both ranked as major benefits by 50% of respondents) as key draws to cloud - again, unsurprising in a sector with such dramatic peaks and troughs in month-to-month and even day-to-day transactions

21

Barriers- An Industry View

Across all vertical sectors, 78% of companies rated security and 85% of companies rated data governance significant or major barriers to adoption. Clearly, any cloud-based service provider, or cloud service, must address security first. However, they should also be concerned that so many companies see loss of control, SLAs and potential difficulty in evaluating performance of prospective suppliers all as significant barriers, even if they are not the most important. If MNCs are consistent in bringing traditional concerns and requirements on managed ICT into cloud services, they also appear consistent within their business sectors, as the next figure shows. Banks and insurance companies overwhelmingly rated security their highest concern (75%).

22

Perceived Benefits of Implementing cloud IaaS Services

23

Other industry-specific findings include the following:

Related issues of data governance and loss of control were the next most important issues for financial services companies, with 50% or more of them citing these as major barriers.

Data governance was the major concern for the energy & utilities and retail & wholesale industries, where businesses are built on efficient management of huge volumes of customer records (billing, accounts and sales data).

Similarly manufacturing, which includes a number of significant pharmaceuticals companies, was most concerned about data governance, and in fact gave it equal rating to security.

Characteristically, professional services companies, including media, worried most about SLAs, perhaps showing just how much contracts and commercial metrics are in their blood.

24

TCSs Service Offerings in Cloud Computing

Despite the challenges that exist today around Cloud Computing, TCS believes that Cloud Computing will become an increasingly viable option for enterprise IT. TCS proposes a range of services to customers, beginning with an advisory role in helping customers identify opportunities for leveraging Cloud Computing to enabling new business models. As a part of the services, TCS will address key questions which its enterprise customers have been asking, and will provide unique solutions through its TM TCS COIN -based Cloud initiative Each service offering needs special competencies. Helping customers define a to-be strategy, devise a timeline, and a business case to move to the Cloud requires not just domain expertise but experience in end-to-end business transformation. Migrating Applications to the Cloud requires proven migration methodologies and toolsets which can rapidly cloud-enable applications. Fresh development of applications for the Cloud and in the Cloud requires a deep understanding of all the 3 Cloud delivery models - SaaS/PaaS/IaaS as well as tools for rapid application development and deployment in the Cloud.Cloud management services presuppose an Application Driven Infrastructure Management approach, among other things.

TCS has been providing a mature IT-as-a-Service component as a part of its Small and Medium Business (SMB) offering, which has built a completely new business model and which leverages the mindset and technologies of the Cloud.

TCS Cloud Taxonomy

With a lot of information available on Cloud Computing, it is imperative to build a taxonomy which forms the basis for common understanding and focus. TCS has extensively studied this area, and the following taxonomy reflects TCSs insights on Cloud Computing. There are other taxonomies available such as the OpenCrowd Cloud Taxonomy. All these views will be the basis for the standardization efforts that have just started across the industry.

25

The Cloud Taxonomy consists of four layers, eight sub-layers, and a variety of areas to address. Though layers and sublayers are static, TCS foresees that the areas to address will be a growing list. The growing list is denoted by ellipsis in the following figure:-

26

Service Offerings in the Cloud

Cloud Advisory Services Cloud Migration Services Cloud Development Services Cloud Management Services Cloud Strategic Services

Based on the 4.0 Cloud Services layer in the TCS Cloud Taxonomy, TCS will provide the following five service offerings:

Cloud Advisory Services For Cloud, TCS will help customers define to-be state strategy. The strategy will Honor business and application constraints and requirements Identify appropriate target state for each application Address issues of interoperability, investment protection and lock-in TCSs integrated consulting and IT services capabilities bring continuity and consistency to customers strategic programs. TCS will address a comprehensive set of questions on the what (strategy), when (timelines), and why (business case)

Cloud Migration Services

The typical entry point for the customers to the Cloud will be migration of their existing applications to the Cloud,initially as a proof-of-concept and later in production. In addition to the Cloud, TCS has extensive capabilities on application migration with automation assets and agility of building/enhancing tools for customer or engagement specific purposes. TCS has executed vast migration projects in which it has handled large engagements, wide variety of technologies, implemented tool-based approach and end-to-end solution including architecture definition, testing and performance engineering, which will also apply to the migration engagements in Cloud.

27

Cloud Development Services

Application development will be a key activity for organizations that want to use Cloud Computing. TCS classifies the development as follows: For the Cloud An application will be built to run in the Cloud. In the CloudApplication development will use platforms and environments that run in the Cloud.

TCS has built tools and platforms to support rapid application development and deployment, and they are being enhanced to support a Cloud model. TCS InstantApps empowers business analysts to create Web based applications using its WYSIWYG designer. It has built in features to move applications from the Dev environment to the production environment, if the application is also available in the same Cloud. Dev 2.0 Do It Yourself paradigm enables the customers to build simple applications and use it by themselves without TCS being involved. InstantApps will be available as a cloudenabled PaaS.

TCS Model-Driven Development (MDD) toolset (TCS MasterCraft ) provides an integrated environment along with a product or application development lifecycle. This significantly reuses code to speed up the new application development, legacy system integration, and/or making enhancements. With a variety of Cloud platforms available, standardization efforts are still in progress while vendor lock-in could become an issue with the usage of vendor-specific APIs. Besides, there is a need to define programming models, right abstractions, development, design, deployment and evolution architectures for data-intensive business applications in the TM Cloud. TCS will enhance MasterCraft to support application development for the Cloud.

Cloud Management Services

Though customers are aware of the Infrastructure Management Services, they want to know how this is adapted to manage a Cloud infrastructure. TCS NetAsthra will be enhanced to provide a single window view of the health of the entire federated virtual private cloud. This is a reporting tool and a real time dashboard that can be

28

seamlessly integrated with leading industry ESM tools such as BMC Patrol, CA Unicenter, and HP Openview, and other monitoring solutions.

Cloud Strategic Services

While migration, development, and management of applications on a Cloud infrastructure can be considered as an adaptation of existing tools and methodologies of conventional applications, a new offering is emerging in the Cloud arena, which provides tremendous opportunities to the vendors and service providers in providing innovative business models and applications in the Cloud. There are opportunities around innovative licensing and payment terms, which will enable almost any kind of application to be made available in the Cloud.

TCS Small and Medium Business (SMB) Offering

IT-as-a-Service is the TCS way of serving SMBs. In the IT-as-a-Service model, we deliver on-demand business capability with an integrated suite of hardware, network and software solutions. This also includes the required business, technical and consulting services for SMBs. The services are provided in a build-as-you-grow, pay-as-you use model through a combination of on premise and shared services hosted platforms. Through this, TCS provides a One Stop Shop for all SMB needs and removes the pain of running a highly complex internal IT departments and dealing with a large number of local vendors. We also understand SMBs constraints with IT related budget and hence provide a build as you grow model, which gives the subscriber flexibility in IT investment. The pay-as-you-use option provides SMBs the choice of scaling up, when their business grows. This gives them comfort of low capital investment.

29

CLOUD COMPUTING IN HEALTHCARE INDUSTRY A high upfront cost has been the main deterrent to health care IT adoption, as India has traditionally always been a cost-sensitive market. However, this trend is gradually changing.

The three key pain points for health care service providers are:

High initial costs The need for human resources to maintain and service systems in-house Accessibility of data 24/7

A good cloud computing provider can resolve such challenges as it can deliver reliable 24/7 data access at reasonable costs. This is the best solution for the Indian health care system, since it reduces upfront investments in software and hardware. However, the concept of cloud computing is yet to prove its worth in health care, with just a few early adopters of this technology with an established presence in this area. The most significant challenge in adopting this technology lies in the uncertainty around

whether hospitals and clinics will trust their data to be stored offsite.

Challenges for technology adoption in the Indian health care industry:

The health care delivery environment in India has distinctive challenges. Inadequate infrastructure and a constrained health care delivery work process further intensify the complexity. Other challenges in integrating IT into the Indian health care system include:

Lack of standards Lack of in-house IT domain knowledge Reluctance of medical, nursing and other staff to adjust to change Apprehensions around technology failures (paper systems appear more reliable) Lack of proper vendor support

30

Cloud computing in the health care sector

The health care sector is now increasingly automated and highly dependent on information technology in the daily functioning of their businesses. They use health care management and information systems (HMIS), picture archiving and communications systems (PACS), electronic medical/health records (EMR/EHR) and point of care systems and generate significant clinical data. The key users of IT, apart from hospitals are also diagnostic centers, clinics or medical centers and R&D within drug companies. Correspondingly, these networks are complex and face constraints such as the availability of these services in remote locations, business continuity requirements, data security and integrity. The awareness and interest for cloud computing in the health care segment is at a nascent stage. Currently, hospitals spend a significant portion of their budget on non core resource costs. Cloud services extend to health care provide the promise of reduced IT costs in the face of continued margin pressures and the critical need to generate and store large amounts of health data or information. For the small and medium business (SMB) health care providers, cloud IaaS services lower the barriers to market growth by minimizing technology costs and upfront investments. For hospitals, besides keeping costs low, cloud helps in meeting compliance requirements of maintaining EHRs.

Health care providers can use private or public cloud to:

Store pathology and other reports(x-ray, etc.) Maintain and store patient records/billing/claimns. Host third party or in house applications (HMIS,etc) Connect on a community level between doctors/hospitals, diagnostics companies and patients.

31

Cloud technology from Microsoft

As one of the largest, hosted services providers in the world, Microsoft offers a solid track record as an online solution provider. Long established in the cloud, Microsoft continues to invest heavilyU.S.$9.5 billion per yearin research and development to help drive the technology further. Uptime Microsoft guarantees 99.9 percent uptime at its data centers, which are outfitted to operate during power outages and after natural disasters. Microsoft replicates data from its primary data centers to secondary data centers for redundancy, without storing any data offsite Government IT is not one size fits alland neither is the cloud. Thats why our approach to cloud computing is developed on providing you with choices and flexibility. Government IT will continue to run applications within its own environment while adding new applications and services that run in the cloud. Our focus is making solutions for the real world of hybrid IT environments by providing cost-effective software and services that support your efforts to boost economic growth, create opportunities, and address societal challenges. And our extensive community of partners is available to work with you to deliver innovative solutions on premises or in the cloud.

Software and services from Microsoft

Microsoft Business Productivity Online Suite delivers a suite of services, also available as standalone software, for hosted communication and collaboration. Microsoft Exchange Online delivers your e-mail with protection, along with calendar and contacts. Microsoft SharePoint Online creates a highly secure, central location for collaboration, content, and workflow. Microsoft Office Communications Online provides real-time person-to-person communications through text, voice, and video. Microsoft Office Live Meeting delivers hosted Web conferencing. For agencies that require a secure, isolated hosted environment, our enhanced Business Productivity Online Suite meets International Traffic in Arms Regulations (ITAR), with

32

fingerprint access control and data access limited to U.S. citizen personnel who have cleared background checks. Microsoft Exchange Hosted Services offers online tools to help your organization protect itself from spam and malicious software, satisfy retention requirements for e-discovery and compliance, encrypt data to preserve confidentiality, and more. Microsoft Forefront Online Protection for Exchange helps protect e-mail from spam, viruses, phishing scams, and e-mail policy violations. Microsoft Dynamics CRM Online streamlines customer relationship management, and delivers results through your browser and within your everyday productivity applications. Microsoft Office Web Apps (coming soon) let you access documents from virtually anywhere, and provides online access to your work and a core set of Microsoft Office functionality over the Web.

Platform and infrastructure services from Microsoft Azure Services Platform supports applications, data, and infrastructure in the cloud, giving you the flexibility to run applicationsor just store code or datain the cloud, on premise, or with a combination of both. Azure Services Platform is an on-demand operating environment for hosting, managing, and creating application services in the cloud, making it the choice of many Microsoft partners who are using it to build their own public and private cloud services and data centers.

Featuring Windows Azure for running Windows applications and storing data in the cloud, Azure Services Platform also includes Microsoft SQL Azure Database, a cloud-based, relational database service built on Microsoft SQL Server that offers highly available, scalable, multitenant database services. Software developers can use Windows Azure Tools for Microsoft Visual Studio to create, configure, build, debug, and run Web applications and services on Windows Azure. Windows Azure platform AppFabric, formerly known as .NET Services, makes it simpler for them to connect cloud services and on-premise applications. For more information, see our Windows Azure platform white papers.

33

Microsoft Code-Name Dallas makes it easy to find, purchase, and manage premium data subscriptions in the Windows Azure platform, and you can consume the data from any platform, application, or business workflow. Dynamic Data Center Toolkit for Enterprise is a free, partner-extensible toolkit that provides a framework for creating virtualized IT infrastructures. IT teams can use the toolkit with Windows Server 2008 R2 Hyper-V and Microsoft System Center Virtual Machine Manager 2008, along with partner extensions, to plan, operate, and deliver the foundation for a private cloud. System Center Online Desktop Manager lets you easily secure, update, monitor, configure, and troubleshoot computers from a single Web-based consolewithout the overhead associated with installing and maintaining an on-premise management infrastructure.

34

Cloud ERP
ERP software that is deployed into a cloud environment becomes "Cloud ERP Software". Most (if not all) Cloud environments are built using virtualization and load balancing technology that allows applications to be deployed across multiple servers and database resources. Ramco OnDemand ERP Ramco OnDemand ERP is a Software as a Service (SaaS) ERP delivered on the cloud

Ramco OnDemand ERP is the right solution for all your enterprise needs, because it takes the full power of ERP and places it on the cloud. Our ERP solution enables you to run the required solution on the Internet. Since it is a delivery of application (ERP) via Internet, you do not require any investment on new hardware, training, or additional IT staff. Also, you need not worry about the maintenance & upgrades, as all these happens automatically. Moreover, Ramco OnDemand ERP is so simple to install and can be implemented in weeks, and is definitely cost effective. Ramco OnDemand ERP is completely modular; you can choose the functions you need to achieve the perfect fit for your business. As the solution is available on the subscription model, you can scale up or down as per your requirements and save costs.

Ramco OnDemand ERP is a solution from Ramco Systems, a global software solution company in India, which has invested heavily in the state-of-the-industry service delivery, security technologies, and certification programs

Ramco OnDemand ERP offers the following integrated features:

Enterprise Resource Planning
The ERP functionality in Ramco OnDemand ERP is designed to meet the needs of growing companies, and is based on the traditional Ramco ERP application, an industry-leading product. The software includes comprehensive features to manage all facets of your business. It delivers role-based access to business application data and analytical tools. Your company can use it across the following areas:

35

Human Capital Management Cost Planning and Control Supply Chain Management Discrete Production Process Production Tool Management Maintenance Customer Relationship Management Financial Management Service Management

Business Analytics
Ramco Business Analytics solution empowers organizations to 'Measure, Monitor and Manage' their business goals and growth. This solution comprises the facility to conduct a simple yet comprehensive analysis of data and processes, on a real-time basis, and this eases decision making. With this solution, you can analyze, measure, and control organizational processes, and this provides a framework for planning ahead.

Extension Tools
Ramco's extension tools are an integral part of Ramco OnDemand ERP. They encompass the methodology, configuration settings, and documentation, which enable you to quickly evaluate, implement, and deploy best business practices for both industry-specific and general activities. These tools include the Extension Development Kit (EDK), which is pivotal in the effective functioning of a successful ERP application.

Ramco EDK allows organizations to build their own unique set of extended features to their existing functionalities. Ramco's EDK does this, without modifying the base product source code. As a result, migration to the next version is not compromised. Ramco EDK is also useful for making in-house changes after the solution goes live.

36

Technology Platform
Ramco OnDemand ERP
TM

is

based

on Ramco VirtualWorksTM (RVW)

Platform.

The Ramco VirtualWorks is a new breed of enterprise software, which allows organizations to assemble global-class applications rather than engineer them.

Data Security at Ramco

37

Business case for cloud computing

The promise of cloud computing is real. It has the potential to reshape the role that IT plays within an organization to the same extent that the Internet has changed communications and commerce.

Efficiency and cost control. Companies depend on being able to provide consistent, reliable access to internal applications, external websites, and customer portals. In a traditional computing environment, this creates the need to build and maintain redundant systems, which can be expensive and difficult to manage. In cloud computing, this function is moved to the cloud, where service providers can leverage economies of scale to provide a highly reliable platform with greater cost and management efficiency. For many organizations, the most appealing feature of cloud computing is the flexible capacity it offers. Access to large amounts of scalable computing power gives organizations the freedom to adjust capacity up and down with the natural cycles of business. Resources can be added, turned off, or reassigned whenever necessary. The cloud eliminates the need for over-provisioning and the unnecessary hardware, software, maintenance, and electricity costs it incurs.

Better business support. The advantages of cloud computing are especially clear when looked at from a business perspective. By reducing the time and effort required to launch new applications, cloud computing helps IT become more responsive to the pace and dynamic nature of business. For IT, deploying a new business application is a major undertaking. Without sufficient time to assemble the necessary resources (human and financial), IT becomes a bottleneck to projects that could benefit the business. Applications supported by the cloud dont require the deployment of a large infrastructure at the customers location, which dramatically reduces the upfront

38

commitment of resources. New applications can be approved and deployed more quickly, making it easier to satisfy the needs of business managers throughout the organization.

Better financial management. With cloud computing, the financials are dramatically altered. Cloud computing eliminates the need for large capital outlays to launch new applications, moving the decision out of the investment realm and into the operational.

Transitioning from a capital expense model to an operational expense model reduces financial risk to monthly increments and provides a higher degree of flexibility to manage expenses over time. If the market slows, organizations arent locked into expenses their budgets can no longer support. If applications produce disappointing results, an enterprise can walk away or pursue a different direction without having to abandon an expensive on-premises infrastructure.

Stronger IT focus.
Cloud computing creates an opportunity for IT departments to change their focus from deploying and supporting applications to managing the services that those applications provide. By transferring the responsibility for monitoring and maintenance activities to a third party, the IT department can focus more on high-value activities that align with and support the business goals of the enterprise. Instead of being primarily reactive and operations-focused, the chief information officer (CIO) can function more as a technology strategist, working with business units to understand their business needs and advising them on how best to use technology to accomplish their objectives.

39

Threats to Cloud Computing

Abuse and Nefarious Use of Cloud Computing
Cloud Computing represents one of the most significant shifts in information technology many of us are likely to see in our lifetimes. Reaching the point where computing functions as a utility has great potential, promising innovations we cannot yet imagine. Customers are both excited and nervous at the prospects of Cloud Computing. They are excited by the opportunities to reduce capital costs. They are excited for a chance to divest themselves of infrastructure management, and focus on core competencies. Most of all, they are excited by the agility offered by the on-demand provisioning of computing and the ability to align information technology with business strategies and needs more readily. However, customers are also very concerned about the risks of Cloud Computing if not properly secured, and the loss of direct control over systems for which they are nonetheless accountable.

Examples IaaS offerings have hosted the Zeus botnet, InfoStealer trojan horses, and downloads for Microsoft Office and Adobe PDF exploits. Additionally, botnets have used IaaS servers for command and control functions. Spam continues to be a problem as a defensive measure, entire blocks of IaaS network addresses have been publicly blacklist.

Insecure Interfaces and APIs

Cloud Computing providers expose a set of software interfaces or APIs that customers use to manage and interact with cloud services. Provisioning, management, orchestration, and monitoring are all performed using these interfaces. The security and availability of general
40

cloud services is dependent upon the security of these basic APIs. From authentication and access control to encryption and activity monitoring, these interfaces must be designed to protect against both accidental and malicious attempts to circumvent policy. Furthermore, organizations and third parties often build upon these interfaces to offer value-added services to their customers. This introduces the complexity of the new layered API; it also increases risk, as organizations may be required to relinquish their credentials to third parties in order to enable their agency. Examples Anonymous access and/or reusable tokens or passwords, clear-text authentication or transmission of content, inflexible access controls or improper authorizations, limited monitoring and logging capabilities,unknown service or API dependencies.

Malicious Insiders
The threat of a malicious insider is well-known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. Impact:- The impact that malicious insiders can have on an organization is considerable, given their level of access and ability to infiltrate organizations and assets. Brand damage, financial impact, and productivity losses are just some of the ways a malicious insider can affect an operation. As organizations adopt cloud services, the human element takes on an even more

41

profound importance. It is critical therefore that consumers of cloud services understand what providers are doing to detect and defend against the malicious insider threat.

Shared Technology Issues

IaaS vendors deliver their services in a scalable way by sharing infrastructure. Often, the underlying components that make up this infrastructure (e.g., CPU caches, GPUs, etc.) were not designed to offer strong isolation properties for a multi-tenant architecture. To address this gap, a virtualization hypervisor mediates access between guest operating systems and the physical compute resources. Still, even hypervisors have exhibited flaws that have enabled guest operating systems to gain inappropriate levels of control or influence on the underlying platform. A defense in depth strategy is recommended, and should include compute, storage, and network security enforcement and monitoring. Strong compartmentalization should be employed to ensure that individual customers do not impact the operations of other tenants running on the same cloud provider. Customers should not have access to any other tenants actual or residual data, network traffic, etc. Examples Joanna Rutkowskas Red and Blue Pill exploits Kortchinksys CloudBurst presentations.

Data Loss or Leakage

There are many ways to compromise data. Deletion or alteration of records without a backup of the original content is an obvious example. Unlinking a record from a larger context may render it unrecoverable, as can storage on unreliable media. Loss of an encoding key may result in effective destruction. Finally, unauthorized parties must be prevented from gaining access to sensitive data. The threat of data compromise increases in the cloud, due to the number of and interactions between risks and challenges which are either unique to cloud, or more dangerous because of the architectural or operational characteristics of the cloud environment. Examples
42

Insufficient authentication, authorization, and audit (AAA) controls; inconsistent use of encryption and software keys; operational failures; persistence and remanence challenges: disposal challenges; risk of association; jurisdiction and political issues; data center reliability; and disaster recovery.

Account or Service Hijacking

Account or service hijacking is not new. Attack methods such as phishing, fraud, and exploitation of software vulnerabilities still achieve results. Credentials and passwords are often reused, which amplifies the impact of such attacks. Cloud solutions add a new threat to the landscape. If an attacker gains access to your credentials, they can eavesdrop on your activities and transactions, manipulate data, return falsified information, and redirect your clients to illegitimate sites. Your account or service instances may become a new base for the attacker. From here, they may leverage the power of your reputation to launch subsequent attacks Impact Account and service hijacking, usually with stolen credentials, remains a top threat. With stolen credentials, attackers can often access critical areas of deployed cloud computing services, allowing them to compromise the confidentiality, integrity and availability of those services. Organizations should be aware of these techniques as well as common defense in depth protection strategies to contain the damage (and possible litigation) resulting from a breach.

Unknown Risk Profile

One of the tenets of Cloud Computing is the reduction of hardware and software ownership and maintenance to allow companies to focus on their core business strengths. This has clear financial and operational benefits, which must be weighed carefully against the contradictory security concerns complicated by the fact that cloud deployments are driven by anticipated benefits, by groups who may lose track of the security ramifications. Versions of software, code updates, security practices, vulnerability profiles, intrusion attempts, and security design, are all important factors for estimating your companys security posture. Information about who is sharing your infrastructure may be pertinent, in addition to network intrusion logs, redirection attempts and/or successes, and other logs. Security by obscurity may be low effort, but it can
43

result in unknown exposures. It may also impair the in-depth analysis required highly controlled or regulated operational areas. Examples IRS asked Amazon EC2 to perform a C&A; Amazon refused.

How Integrated, Web-Based Software Makes Business More Efficient

Cloud computing is the future of business software. Using online software to free you up to get on with actually running your business and making informed decisions based on the information you get. Theres a plethora of web based systems available for accounting, CRM, ecommerce and email marketing, as well as service desk, billing and card payments.

If your business has been running for a while, then youll have a load of contacts, leads, customers and suppliers, as well as a bookkeeping system to make sure that youre tracking money properly. Maybe youve also got a website thats capturing new leads and sending you an email each time. If you sell products, then you might be running a stock control system, maybe only on Excel, but its a system nonetheless. As the business grows, youll be taking on more staff that will need to get to grips with the information management systems that youre using. Getting the information out of the owners head and into a system is a crucial step in the life of any business, and the sooner you start being organised, then faster youll grow. Not to mention the fact that using an intuitive, powerful piece of software means that you can spend less time on training staff and more time on selling! If youve got different software applications for each part of your business, then its going to take more time to get things done. Re-keying data takes time, and also opens up room for human error. You need to know where the most up to date information is when a contact is in your accounting system as well as your invoicing or CRM package, which one is right?

Integrated software brings all your essential tools into the same application, which means that you can move quickly efficiently and also gives you brilliant reporting capabilities without spending hours in spreadsheets. Having this integrated system online as a web based application
44

extends this power so that you can access the same, live data as the rest of your team, from wherever you all happen to be working.

Online CRM (Customer Relationship Management) software can be set up to create contacts automatically from your website, sending an automated response to keep customers engaged until you are ready to follow up. From here, they progress through various steps as you start to narrow down deals and make sales. Sending quotes and invoices straight out by email from a web based application is easy, and the client can approve or pay online by card. When invoices are raised and payments made, everything happens in the same system, which means that you can track the entire relationship from beginning to end without needing to bounce between different pieces of software. No re-keying of data. Everything is online, accessible from home, office or on the road, by multiple users, all at the same time.

45

Business Benefits Of Cloud Computing

Low initial investment
Cloud services usually offer a low initial investment or a free trial, allowing you to try the application and make sure that it does what you need, before you spend money. In contrast, traditional software needs to purchased and installed on your computer before it can be assessed, which takes time and money

Software that grows with your business

You dont need to pay for a large amount of software features that you dont need. Cloud services tend to have several pay plans, allowing you to start with a basic package and roll out more services as your business grows and needs more sophisticated software systems. For example, Pearl costs as little as 10 per month (ex VAT) per user. If you need more features, you pay more for them when you need them.

Reduce your spend on IT

Cloud Computing services are hosted by the company supplying them, so theres less need for you to have your own servers, software and dedicated IT support staff, which reduces your overheads, something thats very important in the current economic climate.

Flexibility in working
Cloud Services are accessed securely through a web browser giving you and your staff access to vital business information anywhere, anytime, from any computer (MAC or PC). This makes implementing a flexible, mobile working system much more simple.

No need to worry about backing up your data

46

All the data you enter into a Cloud application will be looked after by the service provider, so you dont need to worry about having to back-up the data on your computer in case it is lost, damaged or stolen. Service Providers will store your data in specialist data centres, where there is very low risk of it being damaged, and it is available for you to access whenever you need it.

REFERENCES & SOURCES

The IT Report, Winter 2011 GAP Task Force on CLOUD COMPUTING Final Report, May 2011 Wikipedia, Cloud Computing -available at http://en.wikipedia.org/wiki/Cloud_computing RightScale Inc. (2009), RightScale Cloud Management Features - available at http://www.rightscale. com/products/features/May 2011, Australia Chong, F; Carraro, G & Wolter, R (2006), Multi-Tenant Data Architecture - available at http://msdn.microsoft.com/en-us/library/aa479086.aspx

White paper, Think Grid,2011

IDC Cloud Computing 2010 - An IDC Update, Frank Gens, Robert P Mahowald, Richard L Villars, Sep 2009 - Doc # TB20090929, 2009

Technical

aspects

of

Cloud

computing,

Lus

Ferreira

Pires,University

of

Twente,Meeting of the NVvIR, 17 June 2010 Ranganathan V (2010), Privacy Issues with Cloud Applications, IS Channel, Vol. 5, No. 1, pp. 16-20. Top Threats To Cloud Computing V1.0 Prepared by the Cloud Security Alliance, March 2010

47

http://www.forrester.com/cloudsecuritywebinar http://www.cerias.purdue.edu/site/blog/post/symposium_summary_security_in_the_clou d_panel/

48