Module 2: Economics, Benefits, Risks, Challenges and Solutions

Challenges in Cloud Computing

Application engineering and development:

• Programming a cloud, is more complex than writing code for a single machine.
• New programming paradigms (such as MapReduce, Spark or GraphLab), coupled with provider APIs to manage infrastructure, help developers manage complexity but still present a steep learning curve.
• Skilled developers with cloud experience are rare, and both costs and time for application development increase substantially with clouds.
• New cloud programming models and APIs are continually evolving, which may add to recurring engineering and development costs.

Movement of data:

• Use of public clouds typically requires connecting to the cloud over the Internet. Because of this requirement, movement of data to and from the cloud is significantly slower than in an organization's local area network (LAN).

Quality of service (QoS):

• As mentioned earlier, cloud infrastructure is typically shared among many users. This sharing presents a challenge for cloud providers to offer QoS assurances to their clients.
• This challenge could disallow certain performance-sensitive applications from being migrated to the cloud.
• QoS in clouds is an important area in cloud research. For example, regulating I/O bandwidth to specific virtual machines could offer predictable performance for critical applications

Risks of Cloud Computing

Vendor lock-in:

Cloud computing is slowly becoming standardized. Lack of standardization can lead to the situation of vendor lock-in, such as when a client signs up for a nonstandard cloud service, develops applications, and deploys data on it. The lack of standardization makes it unlikely for the client to move to another vendor seamlessly. The client often requires a third-party cloud migration specialist or an additional service to move the application to a different platform.

Security risks:

Because cloud computing with public clouds can result in an organization's data being shipped beyond its four walls, security becomes a primary risk and concern.

Privacy risks:

The use of the cloud also raises many privacy-related concerns. Depending on the laws under which a cloud service provider operates, governments may have the power to search and seize data from the provider without the client's explicit consent or notification. Furthermore, clients cannot be fully assured of data confidentiality when using public clouds. We discuss some of security risks associated with cloud computing later in this module.

Reliability risks:

Clouds are also plagued with reliability issues. Clients must design for failures and use features such as Amazon's multiple availability zones, in which clients can set up failover and redundant infrastructures to take over in case of failure, which comes at a price, of course. Cloud users attempt to mitigate the cloud reliability risk by signing Service Level Agreements (SLAs) that enable compensation when exposed to such events. Since cloud services can only be accessed over the network, any disruption of connectivity will cause the application to fail, leading to a loss of reputation and/or revenue.

Evolution of business model for IT software

• Traditional model: An organization purchases licensed software, which it then owns and maintains.
• Open-source model: Software is essentially free, but the organization pays vendor support costs.
• Outsourcing model: An organization hires another company, possibly overseas, to manage and maintain the software.
• Hybrid model: A software vendor sells highly standardized software to many clients, along with software management and support, thereby amortizing costs of expertise, software management, and support over several clients.
• Cloud computing model: Software is developed and delivered over the Internet to many clients at lower costs.

Cloud Service Provider Economics

Economies of Scale

Cloud service providers organize their infrastructure into large data centers, which typically leverage three main areas:

• Supply-side savings: Large-scale data centers lower costs per server.
• Demand-side aggregation: Aggregating demand for computing allows server utilization rates to increase.
• Multitenancy efficiency: When changing to a multitenant application model, increasing the number of tenants (i.e., customers, or users) lowers the application management and server cost per tenant.

Providers benefit from economies of scale in the following areas:

Cost of power:

Electricity is rapidly becoming the largest element of total cost of ownership (TCO) in a data center, contributing to approximately 15% to 20% of total costs. Large cloud service providers can place their data centers in locations with lower cost of power and sign bulk purchase agreements with electric providers to reduce electric costs significantly.

Infrastructure labor costs:

Cloud computing enables repetitive management tasks to be automated. In addition, in larger facilities, a single system administrator can service thousands of servers with the use of advanced management software.

Buying power:

Cloud service providers can purchase equipment in bulk from manufacturers, which can lead to major discounts over smaller buyers. In addition, cloud providers standardize their servers and equipment, which helps in lowering purchase and support costs compared to smaller IT departments.

Cloud Security - Threats

The lack of control over sensitive data storage and transfer is one of the leading inhibitors to large-scale cloud adoption. Two-thirds of potential adopters have placed “data security and privacy” as the biggest risk in cloud computing

Taxonomy of threats (Affected Services)

Threat #1: Abuse and Nefarious Use of Cloud Computing (IaaS, PaaS)

Criminals can leverage the anonymity provided by public clouds to launch malicious attacks at low cost.

Threat #2: Insecure Interfaces and APIs (IaaS, PaaS, SaaS)

even if the entire cloud infrastructure is designed securely, a single vulnerability in the provider's website may allow an attacker to take over a customer's account.

Threat #3: Malicious Insiders (IaaS, PaaS, SaaS)

Since the service runs on an external machine and stores data on the provider’s resources, it is always possible that a disgruntled or motivated employee of the cloud service provider could do something that adversely impacts the provider's service.

Threat #4: Shared Technology Issues (IaaS)

Although co-tenants should be unable to access their neighbors’ details, several exploits over the years have allowed tenants to break out of their sandboxes and steal data from another tenant’s memory, network etc.

Threat #5: Data Loss or Leakage (IaaS, PaaS, SaaS)

Often, regulations mandate that an enterprise bear legal responsibility for any sensitive data that is used or stored by their applications.