University of Buea,

College of Technology (COT),

Department of Computer Engineering -
2021/2022 Academic Year

CEC315: INTRODUCTION TO
CLOUD COMPUTING
Enjoy Your Ride to the Cloud!

Module 2

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
 1
CEC315: Introduction to Cloud Computing – Module 2

Module 2: The Benefits and Limitations of Cloud Computing

2.1 Introduction
 There are immense benefits from utilising cloud computing.
 Of course, with any new technology there will be inherent risks, but companies that intend to provide
cloud computing resources will tout many features that can benefit organisations using cloud
technology to become more efficient organisations.
 Organisation have different needs from the company next door. However, cloud computing can help
them with those IT needs.
 Let’s take a closer look at what cloud computing has to offer these organisations.
2.1.1 Reduced Investments (Low Costs)
 Lower costs because cloud networks operate at higher efficiencies and with greater utilisation,
significant cost reductions are often encountered.
 Similar to a product wholesaler that purchases goods in bulk for lower price points, public cloud
providers base their business model on the mass-acquisition of IT resources that are then made
available to cloud consumers via attractively priced leasing packages. This opens the door for
organisations to gain access to powerful infrastructure without having to purchase it themselves.
 The most common economic rationale for investing in cloud-based IT resources is in the reduction or
outright elimination of up-front IT investments, namely hardware and software purchases and
ownership costs. A cloud's Measured Usage characteristic represents a feature-set that allows
measured operational expenditures (directly related to business performance) to replace anticipated
capital expenditures. This is also referred to as proportional costs.
 This elimination or minimisation of up-front financial commitments allows enterprises to start small
and accordingly increase IT resource allocation as required. Moreover, the reduction of up-front
capital expenses allows for the capital to be redirected to the core business investment.
 In its most basic form, opportunities to decrease costs are derived from the deployment and operation
of large-scale data centers by major cloud providers. Such data centers are commonly located in
destinations where real estate, IT professionals, and network bandwidth can be obtained at lower costs,
resulting in both capital and operational savings.
 The same rationale applies to operating systems, middleware or platform software, and application
software. Pooled IT resources are made available to and shared by multiple cloud consumers, resulting
in increased or even maximum possible utilisation. Operational costs and inefficiencies can be further

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
1
 2
CEC315: Introduction to Cloud Computing – Module 2

reduced by applying proven practices and patterns for optimising cloud architectures, their
management and governance.
 Common measurable benefits to cloud consumers include:
➢ On-demand access to pay-as-you-go computing resources on a short-term basis (such as
processors by the hour), and the ability to release these computing resources when they are no
longer needed.
➢ The perception of having unlimited computing resources that are available on demand, thereby
reducing the need to prepare for provisioning.
➢ The ability to add or remove IT resources at a fine-grained level, such as modifying available
storage disk space by single gigabyte increments.
➢ Quality of Service: The Quality of Service (QoS) is something that you can obtain under contract
from your vendor.
➢ Reliability: The scale of cloud computing networks and their ability to provide load balancing
and failover makes them highly reliable, often much more reliable than what you can achieve in
a single organisation.
➢ Outsourced IT management: A cloud computing deployment lets someone else manage your
computing infrastructure while you manage your business. In most instances, you achieve
considerable reductions in IT staffing costs.
➢ Simplified maintenance and upgrade: Because the system is centralised, you can easily apply
patches and upgrades. This means your users always have access to the latest software versions.
➢ Abstraction of the infrastructure so applications are not locked into devices or locations and can
be easily moved if needed.
 For example, a company with sizable batch-centric tasks can complete them as quickly as their
application software can scale. Using 100 servers for one hour costs the same as using one server for
100 hours. This "elasticity" of IT resources, achieved without requiring steep initial investments to
create a large-scale computing infrastructure, can be extremely compelling.
 Despite the ease with which many identify the financial benefits of cloud computing, the actual
economics can be complex to calculate and assess. The decision to proceed with a cloud computing
adoption strategy will involve much more than a simple comparison between the cost of leasing and
the cost of purchasing.
 For example, the financial benefits of dynamic scaling and the risk transference of both over-
provisioning (under-utilisation) and under-provisioning (overutilisation) must also be accounted for.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
2
 3
CEC315: Introduction to Cloud Computing – Module 2

2.1.2 Increased Scalability and Elasticity

 Scalability refers to desirable property of a computing system, network or process, which indicates
its ability to handle an increased number of requests either through its design, its existing or
expanding capacity.
 Elasticity:
➢ Ability to adapt in real-time to variable requirements, either by increasing or by decreasing
its capacity
➢ Can be achieved using Dynamic Resource Provisioning
 Any organisation that is anticipating a huge upswing in computing need (or even if you are surprised
by a sudden demand), cloud computing can help the organisation manage. Rather than having to buy,
install, and configure new equipment, they can buy additional CPU cycles or storage from a third
party. Since their costs are based on consumption, the organisation likely wouldn’t have to pay out
as much as if the organisation had to buy the equipment.
 Once the organisation have fulfilled thier need for additional equipment, they just stop using the
cloud provider’s services, and don’t have to deal with unneeded equipment. The organisation simply
add or subtract based on the organisation’s need.
 By providing pools of IT resources, along with tools and technologies designed to leverage them
collectively, clouds can instantly and dynamically allocate IT resources to cloud consumers, on-
demand or via the cloud consumer's direct configuration. This empowers cloud consumers to scale
their cloud-based IT resources to accommodate processing fluctuations and peaks automatically or
manually. Similarly, cloudbased IT resources can be released (automatically or manually) as
processing demands decrease.
 A simple example of usage demand fluctuations throughout a 24 hour period is provided in Figure
2-1.

Figure 2-1: Usage demand fluctuations throughout a 24 hour period.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
3
 4
CEC315: Introduction to Cloud Computing – Module 2

 The inherent, built-in feature of clouds to provide flexible levels of scalability to IT resources is
directly related to the aforementioned proportional costs benefit. Besides the evident financial gain
to the automated reduction of scaling, the ability of IT resources to always meet and fulfill
unpredictable usage demands avoids potential loss of business that can occur when usage thresholds
are met.
2.1.3 Simplicity and Ease of Utilisation
 Again, not having to buy and configure new equipment allows you and your IT staff to get right to
your business.
 The cloud solution makes it possible to get your application started immediately, and it costs a
fraction of what it would cost to implement an on-site solution.
2.1.4 Flexibility
 With the idea of a “server rental” model in place, it is easier to become more flexible in terms of
technology resources.
 The reason is that businesses are able, with cloud computing, to have lateral options when it comes
to technology.
 They can decide how much storage space to use, and how much processing power is required.
 While working to update software applications, the process can be pushed out much faster and more
efficiently.
 Administrators can choose when to update an application enterprise-wide all in real time. It is up to
them and how much they want to spend on IT with cloud technology.
2.1.5 Portability
 In today’s global economy organisations need to have people on the ground, far from headquarters,
to manage things.
 With cloud computing technology, organisations are able to use their computing power wherever
their people are as long as users are able to access thin clients.
 Thin client access is pretty much available everywhere that companies do business today, so this
should not even be an issue.
 With thin client technology the scale of geography and time variation is flattened somewhat and this
allows companies that are trying to globally integrate to be able to be more flexible than ever before.
2.1.6 Knowledgeable Vendors
 Typically, when new technology becomes popular, there are plenty of vendors who pop up to offer
their version of that technology.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
4
 5
CEC315: Introduction to Cloud Computing – Module 2

 This isn’t always good, because a lot of those vendors tend to offer less than useful technology. By
contrast, the first comers to the cloud computing party are actually very reputable companies.
 Companies like Amazon, Google, Microsoft, IBM, and Yahoo! have been good vendors because they
have offered reliable service, plenty of capacity, and you get some brand familiarity with these well-
known names.
2.1.7 More Internal Resources
 By shifting your non-mission-critical data needs to a third party, your IT department is freed up to
work on important, business-related tasks.
 You also don’t have to add more manpower and training that stem from having to deal with these
low-level tasks.
 Also, since network outages are a nightmare for the IT staff, this burden is offloaded onto the service
provider.
 True, outages happen, but let Amazon worry about getting the service back online. When you’re
looking at service providers, make sure you find someone who offers 24-hour help and support and
can respond to emergency situations.
2.1.8 Security
 There are plenty of security risks when using a cloud vendor, but reputable companies strive to keep
you safe and secure.
 NB: We’ll talk about some security issues later in this module.
 Vendors have strict privacy policies and employ stringent security measures, like proven
cryptographic methods to authenticate users.
 Further, you can always encrypt your data before storing it on a provider’s cloud.
 In some cases, between your encryption and the vendor’s security measures, your data may be more
secure than if it were stored in-house.
2.1.9 Questions linked to the benefits of Cloud Computing

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
5
 6
CEC315: Introduction to Cloud Computing – Module 2

2.2 Limitations, Risks and Challenges

General Concerns include:

 There are other cases when cloud computing is not the best solution for your computing needs.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
6
 7
CEC315: Introduction to Cloud Computing – Module 2

 Along with any technology that is new and cutting edge, there are potential downsides that are to be
expected out of cloud computing.
 These types of issues need to be seriously looked at by organisations that are going to rely on outside
resources to handle complex tasks.
 While the benefits seem immense, professionals in IT always have to consider the negatives that may
develop down the road.
 Applications not customizable
 Inherent latency in intrinsic WAN connectivity
 Privacy and security
 Potential performance hit due to the nature of Internet which is a stateless system, and may require
additional overhead in the form of service brokers and transaction managers.
 Cloud computing is impossible if you cannot connect to the Internet. Since you use the Internet to
connect to both your applications and documents, if you do not have an Internet connection you cannot
access anything, even your own documents. A dead Internet connection means no work and in areas
where Internet connections are few or inherently unreliable, this could be a deal-breaker.
 When you are offline, cloud computing simply does not work.
 Does not work well with low-speed connections:
➢ Similarly, a low-speed Internet connection, such as that found with dial-up services, makes
cloud computing painful at best and often impossible.
➢ Web-based applications require a lot of bandwidth to download, as do large documents.
 Features might be limited:
➢ This situation is bound to change, but today many web-based applications simply are not as
full featured as their desktop-based applications.
• For example, you can do a lot more with Microsoft PowerPoint than with Google
Presentation's web-based offering
 Can be slow:
➢ Even with a fast connection, web-based applications can sometimes be slower than accessing
a similar software program on your desktop PC.
➢ Everything about the program, from the interface to the current document, has to be sent back
and forth from your computer to the computers in the cloud.
➢ If the cloud servers happen to be backed up at that moment, or if the Internet is having a slow
day, you would not get the instantaneous access you might expect from desktop applications.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
7
 8
CEC315: Introduction to Cloud Computing – Module 2

 Each cloud systems uses different protocols and different APIs

➢ may not be possible to run applications between cloud-based systems
 Amazon has created its own DB system (not SQL 92), and workflow system (many popular workflow
systems out there)
➢ So, your normal applications will have to be adapted to execute on these platforms.
2.2.1 Increased Security Vulnerabilities
 Cloud environments can introduce distinct privacy and security challenges, some of which pertain
to overlapping trust boundaries imposed by a cloud provider sharing IT resources with multiple
cloud consumers.
 Stored data might not be secure:
➢ With cloud computing, all your data is stored on the cloud.
• The questions is How secure is the cloud?
➢ Can unauthorised users gain access to your confidential data?
 Stored data can be lost:
➢ Theoretically, data stored in the cloud is safe, replicated across multiple machines.
➢ But on the off chance that your data goes missing, you have no physical or local backup.
• Put simply, relying on the cloud puts you at risk if the cloud lets you down.
 Think:
➢ What are security challenges?
➢ What are overlapping trust boundaries?
➢ How can a cloud provider share IT resources with multiple cloud consumers?
➢ Can you give us examples?
 Your Sensitive Information
➢ We’ve talked about the concern of storing sensitive information on the cloud, but it can’t be
understated. Once data leaves your hands and lands in the lap of a service provider, you’ve lost
a layer of control.
 What’s the Worry?
➢ Let’s say a financial planner is using Google Spreadsheets to maintain a list of employee social
security numbers. Now the financial planning company isn’t the only one who should protect
the data from hackers and internal data breaches. In a technical sense, it also becomes Google’s
problem. However, Google may absolve itself of responsibility in its agreement with you. So,
it’s no less complicated a task to sort out how sensitive information is genuinely secured. Also,

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
8
 9
CEC315: Introduction to Cloud Computing – Module 2

the door is wide open for government investigators to subpoena that information. It has become
much easier for the government to get information from third parties than from a privately owned
server.
➢ Also, less scrupulous service providers might even share that data with a marketing firm. And
other providers may, by way of their agreement with you, be allowed to access and catalog your
information and use it in ways you never intended. Again, be absolutely certain you understand
fully your agreement with any service provider and that you approve and accept the terms of the
agreement.
➢ What’s important is that you realise what the provider’s policies are governing the management
and maintenance of your data. For example, Google’s policy states that the company will share
data with the government if it has a “good faith belief” that access is necessary to fulfill lawful
requests.
➢ NB: In some cases, if providers get “closed” subpoenas, the provider is legally prohibited from
telling their customers that data has been given to the government.
➢ Private data has certainly been released. In 2006, AOL released search terms of 650,000 users
to researchers on a public web page. In 2007, Microsoft and Yahoo! released some search data
to the US Department of Justice as part of a child pornography case. Obviously, no one wants
predators to get away with their crimes, but consider the implication if your data was innocently
mixed in with the data that Yahoo! and Microsoft provided the government, and you were
wrongly pulled into an investigation.
➢ And in the media, we regularly hear about retailers and others losing credit card numbers. In
2007, the British government even misplaced 25 million taxpayer records. The point is, if you
have sensitive or proprietary data, the cloud might not be the safest place for it.
 Other Examples:
➢ What happens when moving to the cloud?
• The responsibility over data security becomes shared with the cloud provider as seen
above.
• The remote usage of IT resources requires an expansion of trust boundaries by the cloud
consumer to include the external cloud.
• It can be difficult to establish a security architecture that spans such a trust boundary
without introducing vulnerabilities, unless cloud consumers and cloud providers happen

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
9
 10
CEC315: Introduction to Cloud Computing – Module 2

to support the same or compatible security frameworks – which is unlikely with public
clouds.
• Cloud provider’s privileged access to cloud consumer data.
• The extent to which the data is secure is now limited to the security controls and policies
applied by both the cloud consumer and cloud provider. Furthermore, there can be
overlapping trust boundaries from different cloud consumers due to the fact that cloud-
based IT resources are commonly shared.
• The overlapping of trust boundaries and the increased exposure of data can provide
malicious cloud consumers (human and automated) with greater opportunities to attack IT
resources and steal or damage business data.
• Figure 2-2 illustrates a scenario whereby two organisations accessing the same cloud
service are required to extend their respective trust boundaries to the cloud, resulting in
overlapping trust boundaries. It can be challenging for the cloud provider to offer security
mechanisms that accommodate the security requirements of both cloud service consumers.

Figure 2-2: Two organisations accessing the same cloud service.

2.2.2 Reduced Operational Governance Control
 A cloud consumer’s operational governance can be limited within cloud environments due to the
control exercised by a cloud provider over its platforms.
 Think:
➢ What does it mean by operational governance?
➢ Why can a cloud consumer’s operational governance be limited?
➢ What controls do a cloud provider exercise over its platforms?
➢ Can you give us examples?

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
10
 11
CEC315: Introduction to Cloud Computing – Module 2

 Examples:
➢ Scenario 1: An unreliable cloud provider may not maintain the guarantees it makes in the
SLAs (A Service Level Agreement (SLA) is a contract between a service provider and a
client which specifies in quantifiable terms the quality of the services which are provided)
that were published for its cloud services. This can jeopardize the quality of the cloud
consumer solutions that rely on these cloud services.
➢ Scenario 2: Longer geographic distances between the cloud consumer and cloud provider
can require additional network hops that introduce fluctuating latency and potential
bandwidth constraints.

Figure 2-3: A cloud consumer’s operational governance limitation

2.2.3 Limited Portability Between Cloud Providers

 The portability of cloud-based IT resources can be inhibited by dependencies upon proprietary
characteristics imposed by a cloud.
 Think:
➢ What does it mean by portability?
➢ What are proprietary characteristics?
➢ Why use proprietary characteristics?
➢ Can you give us examples?
2.2.4 Dependability
 For those planning on providing cloud resources to their customers, they will need to project an
image that shows that they can be very reliable, to the level of the electric utility model.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
11
 12
CEC315: Introduction to Cloud Computing – Module 2

 Energy is a very dependable resource outside of force majeure and cloud computing vendors must
strive for the same level of service, included in their SLAs.
 This could be a problem for companies that rely on the cloud to keep critical business functions up
and running.
 One solution around dependability would be to plan around the most critical functions to be hosted
from within the company while much of the non-critical processing can be done through a cloud
vendor.
 This approach requires some planning but can be beneficial. There are also concerns about what
might happen to data.
 While unlikely, it is very possible that data could be lost.
 Companies that are interested in working with a cloud vendor may want to look deeply into the
vendor’s back up plans should something happen.
 Ideally knowledge geographically where the data is stored would be helpful but many cloud
providers are reluctant to give out sensitive information like that.
 One idea would be to make geographical information a deal breaker for a provider. If you are willing
to enter into an agreement with them on everything else, most vendors will probably be
accommodating for requests like these.
 If they are unable to give out the information still, it probably means that even they do not know
where all the information is stored, which is not a good thing.
 In fact, just recently it was reported that Google’s App Engine service suddenly went down.
 While Google blamed the issue on a server bug, there should be enough redundancy in cloud
services so that users never experience downtime unless it is something like a major world event
that is happening – much like a utility.
2.2.5 Little or no Reference
 Because of privacy concerns, cloud vendors for the most part are unable or unwilling to present case
studies about companies that are currently using their services.
 As a matter of fact, there are very few large companies that are publicly reporting their usage of cloud
computing at a large scale level.
 This leaves many organisations feeling shy about using cloud computing resources as of yet even
though it has become popular terminology in the tech world.
 So the other two disadvantages of this technology are compounding along with the fact that very few
companies are reportedly using the technology cause the entire cloud movement some problems.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
12
 13
CEC315: Introduction to Cloud Computing – Module 2

 It may be possible that the smaller start-up companies will have to take advantage of some larger
ones before they begin to adopt cloud computing.
2.2.6 Legal Issues
 The geographical location of data and IT resources can be out of cloud consumer’s control when hosted
by a third-party cloud provider. This can introduce various legal and regulatory compliance concerns.
 Think:
➢ What are the motivations of changing the geographical location of data and IT resources?
➢ Who moves the data and IT resources?
➢ What are the causes of legal concerns?
➢ Can you give us examples?
2.3 Security Concerns
 As with so many other technical choices, security is a two-sided coin in the world of cloud
computing—there are pros and there are cons. In this section, let’s examine security in the cloud and
talk about what’s good, and where you need to take extra care.
 International Data Corporation (IDC) conducted a survey of 244 IT executives about cloud services.
As Figure 2-4 shows, security led the pack of cloud concerns with 74.5 percent.
 In order to be successful, vendors will have to take data like this into consideration as they offer up
their clouds.

Figure 2-4: IDC’s findings show that security concerns are the number one issue facing cloud computing.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
13
 14
CEC315: Introduction to Cloud Computing – Module 2

2.3.1 In whatever case, Protect Your Data

 With all the above naratives, that doesn’t mean you can’t maintain your data on a cloud; you just
need to be safe.
 The best way is to encrypt your data before you send it to a third party. Programs like PGP
(www.pgp.com) or open-source TrueCrypt (www.truecrypt.org) can encrypt the file so that only
those with a password can access it.
 Encrypting your data before sending it out protects it. If someone does get your data, they need the
proper credentials or all they get is gibberish.
 Of course, that just applies to data you manipulate in-house and then send to the cloud.
 If you use word-processing files or spreadsheets that are edited online rather than just stored on the
Web, then the data, when saved to the cloud, may not be encrypted.
 In general, look for paid services, rather than those funded by advertising. Those are most likely to
rummage through your data looking to assemble user profiles that can be used for marketing or other
purposes.
 No company can provide you with free tangible goods or services and stay in business for long.
 They have to make money somehow, right? When in doubt, always keep your data where you can
be most certain it is secure, even if that means keeping it in your own server room until you can
develop an alternate solution you know you can trust.

Figure 2-5: Encryp you Data before sending to the cloud.

2.3.2 Privacy Concerns with a Third Party
 The first and most obvious concern is for privacy considerations. That is, if another party is
housing all your data, how do you know that it’s safe and secure?
 You really don’t. As a starting point, assume that anything you put on the cloud can be accessed
by anyone.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
14
 15
CEC315: Introduction to Cloud Computing – Module 2

 There are also concerns because law enforcement has been better able to get at data maintained on
a cloud, more so than they are from an organisation’s servers.
 The first and most obvious concern is for privacy considerations. That is, if another party is
housing all your data, how do you know that it’s safe and secure?
 You really don’t. As a starting point, assume that anything you put on the cloud can be accessed
by anyone.
 There are also concerns because law enforcement has been better able to get at data maintained on
a cloud, more so than they are from an organisation’s servers.
2.3.3 Are They Doing Enough to Secure It?
 Before signing on with a reputable vendor, keep in mind, also, that they are doing all they can to
protect your data.
 Now, there is a school of thought that says, in fact, that vendors will be going above and beyond to
ensure that your data is secure.
 This is a simple matter of doing business. If word gets out that they don’t protect the data they
house, then no one will want to do business with them.
 There’s also an issue of performance and efficiency. Since you pay as you go, if you spend an
inordinate amount of time on CPU cycles using their security tools, you’ll go looking to the
competition.
 Ultimately, while we like to think that they’re doing their best, their best simply might not be good
enough.
 There are a lot of ways that their cloud and your data can be compromised.
1. Hackers
 Hackers (Blackhat hackers) aren’t the nice people that Hollywood has made them out to be.
 Most aren’t just sitting around, drinking Mountain Dew and trying to break into a secure network
just because they can. They want something.
 There’s a lot they can do if they’ve compromised your data. It ranges from selling your proprietary
information to your competition to surreptitiously encrypting your storage until you pay them off.
 Or they may just erase everything to damage your business and justify the action based on their
ideological beliefs. It can and does happen.
 Either way, hackers are a real concern for your data managed on a cloud. Because your data is held
on someone else’s equipment, you may be at the mercy of whatever security measures they support.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
15
 16
CEC315: Introduction to Cloud Computing – Module 2

2. Bot Attackers
 In a commonly recognised worst-case scenario, attackers use botnets to perform distributed denial
of service (DDOS) attacks.
 In order to get the hackers to stop attacking your network, you face blackmail.
 In fact, in Japan, blackmail involving DDOS is on the rise. One major Tokyo firm had to pay 3
million yen (about US $31,000) after the network was brought to a screeching halt by a botnet attack.
 Because the attack was so dispersed, police have been unable to track down the attackers.
 In the world of cloud computing, this is clearly a huge concern. If your data is on the cloud being
attacked, who will the ransomers come to for money? Will it be you? Will it be the vendor? And
will the ransom even be paid?

Figure 2-6: How hackers set up systems to send out distributed denial of service attacks

2.4 Regulatory Issues

 It’s rare when we actually want the government in our business.
 In the case of cloud computing, however, regulation might be exactly what we need. Without some
rules in place, it’s too easy for service providers to be unsecure or even shifty enough to make off
with your data.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
16
 17
CEC315: Introduction to Cloud Computing – Module 2

2.4.1 No Existing Regulation

 Currently there is no existing regulation, but there should be. In September 2008, the United States
government took control of Washington Mutual.
 It was viewed as the greatest bank failure in American history to date. It reminds us that no matter
how huge a company is, it can still come tumbling down.
 Look at a company like Google, for instance. It’s a big one and recently valued at $107 billion.
 That size and value would seem to make them bulletproof. But WaMu was worth $307 billion when
it failed.
 While comparing cloud service providers to banks might seem like an apples-to-oranges
comparison, it underscores the need for regulation.
 While banks deal in money, and cloud service providers deal in data, both are of immense value to
consumers and organisations alike.
 The fact that there was some regulation in place (in the form of government-backed insurance)
prevented a run on the bank.
 When WaMu failed, everyone got to keep their money, thanks to the government’s insurance.
 There isn’t a third party insuring anyone’s cloud data, and if a provider decides to close up shop,
then that data can be lost.
2.4.2 Government to the Rescue?
 Is it the government’s place to regulate cloud computing?
 As we mentioned, thanks to the Great Depression, we had regulation that protected WaMu’s
customers’ money when the bank failed.
 There are two schools of thought on the issue. First, if government can figure out a way to safeguard
data—either from loss or theft—any company facing such a loss would applaud the regulation.
 On the other hand, there are those who think the government should stay out of it and let competition
and market forces guide cloud computing.
2.4.3 Who Owns the Data?
 There are important questions that government needs to work out. First, who owns the data?
 Also, should law enforcement agencies have easier access to personal information on cloud data
than that stored on a personal computer?
 A big problem is that people using cloud services don’t understand the privacy and security
implications of their online email accounts, their LinkedIn account, their MySpace page, and so
forth.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
17
 18
CEC315: Introduction to Cloud Computing – Module 2

 While these are popular sites for individuals, they are still considered cloud services and their
regulation will affect other cloud services.
 So far, US courts have tended to rule that private data stored in the cloud does not have the same
level of protection from law enforcement searches than data stored on a personal computer.
 A September 2008 report released by the Pew Internet and American Life project reported that 49
percent of US residents who use cloud computing services would be very concerned if the cloud
service providers shared files with law enforcement agencies.
 These are some of the other cloud computing concerns that were reported:
➢ Eighty percent said they’d be very concerned if a vendor used their photos and other
information in marketing campaigns.
➢ Sixty-eight percent said they’d be very concerned if the vendor used their personal
information to send them personalised ads.
➢ Sixty-three percent said they’d be very concerned if service providers kept their data after
the user deleted it.
2.4.4 Government Procurement
 There are also questions about whether government agencies will store their data on the cloud.
 Procurement regulations will have to change for government agencies to be keen on jumping on the
cloud.
 The General Services Administration is making a push toward cloud computing, in an effort to
reduce the amount of energy their computers consume.
 Hewlett-Packard and Intel produced a study that shows the federal government spends $480 million
per year on electricity to run its computers.
 In fact, the GSA is working with a vendor to develop an application that will calculate how much
energy government agencies consume.
 While this is a responsible, ecologically wise move (not to mention saving millions of taxpayer
dollars every year), government agencies may not be moving to the cloud quite so soon.
 Again, issues of data privacy and ownership of data must still be addressed.
 There are pros and cons to using a cloud computing solution.
 Your organisation is a unique animal and there is no one right answer as to whether or not you
should use a cloud.
 However, consider your organisation’s needs and weigh the pros and cons of whether you should
move to the cloud or not.

Copyright ©Kometa Denis; [email protected]; Dpt. of Com. Engineering, COT, University of Buea, 2021
18