Consultants’ Corner A Bi-Monthly e-Journal from
Issue 86 | Pages 1– 13
February-March 2014
A sneak peek into the world of Cloud Computing
2
Consultants’ Corner
In this Issue
3 6
Cloud Computing - Decoded! An introduction to the world of Cloud Computing
Key terms associated with Cloud Computing Brief explanation to some of the important terms used in the area of Cloud Computing
8
Cloud Computing Threats and Assurances An insight into the risks and risk mitigation techniques practiced in the Cloud Computing environment
10
Mobile Cloud Computing (MCC)
11
Opinion Poll result
12
Quiz Corner
12
What’s up at MaGC?
Use of Cloud services in smartphones and mobile software applications
Results of the poll for judging the best article in the Dec 13-Jan 14 issue of Consultants’ Corner
All events during December and January at MaGC and upcoming birthdays of MaGCites
Readers’ Corner If you have any comment/suggestion for the editors, please write to us at cc@magc.in. Your views and comments on articles featured here are also welcome!
From the Editors Sometimes when things change, they change dramatically. This is exactly what happened with information technology and the internet. The pace at which it grew and stormed the human race is nothing less than dramatic. One such storm that is currently sweeping us is Cloud Computing. Cloud computing has changed the way people use software and store information. Innovations in technology, high internet speeds and falling costs of storage has facilitated the growth of cloud computing in a big way. Cloud computing as a concept is being used since 1950s and it began to spread its wings during the telecommunication boom of the 1990s when the telecom companies started offering Virtual Private Network (VPN) services at lower costs. But the breakthrough in cloud computing was made by Amazon when they launched their cloud services called Amazon Web Services (AWS) in the year 2006. The rest, as they say, is history. Cloud computing has helped businesses reduce their IT expenditure. On the other hand, it has helped Governments offer G2C services in a cost effective and seamless manner. And the best part about it is we still don’t know what more is there in store for us. In this backdrop, Cloud Computing has been chosen as the theme for this issue. We hope you find the articles informative and enriching. The level of readership and coverage that Consultants’ Corner is garnering never ceases to amaze us. The sole reason for this growth is our authors. The quality of the articles being published is improving over time. We fervently thank our authors for their zeal and commitment. But the journey has just begun. We seek all your support in this great and exciting journey ahead.
3
Consultants’ Corner
Cloud Computing - Decoded!
A
revolution is defined as a change in the way people think and behave that is both dramatic in nature and broad in scope. By that definition, cloud computing is indeed a revolution. Cloud computing is creating a fundamental change in computer architecture, software and tools development, and of course, in the way we store, distribute and consume information.
What is Cloud Computing? Cloud computing is a comprehensive solution that delivers IT as a service. It is an Internet-based computing solution where shared resources are provided like electricity distributed on the electrical grid. Computers in the cloud are configured to work together and the various applications use the collective computing power as if they are running on a single system. The key flexibility of cloud computing is allocation of resources on demand. This facilitates the use of the system's cumulative resources, negating the need to assign specific hardware to a task. Before cloud computing, websites and server-based applications were executed on a specific system. With the advent of cloud computing, resources are used as an aggregated virtual computer. This multifaceted configuration provides an environment where applications execute independently without regard for any particular configuration. The easiest way to think about cloud computing is as doing business on the Web, therefore eliminating the need for in-house technology infrastructure, such as the need to purchase, run and maintain servers and software. Unlike traditional software, which is distributed and deployed on-premise, cloud applications are designed for Web deployment. They are multitenant and users share processing power and space that is managed by the vendor.
Why is it popular? The primary reasons for the popularity of Cloud computing are as follows: Reduced cost: Cloud computing can reduce both capital expense (CapEx) and operating expense (OpEx) costs because resources are only acquired when needed and are only paid for when used. Refined usage of personnel: Using cloud computing frees valuable personnel allowing them to focus on delivering value rather than maintaining hardware and software. Robust scalability: Cloud computing allows for immediate scaling, either up or down, at any time without long-term commitment.
Categories of Cloud computing Cloud computing frameworks are implemented in many flavors to suit user needs. They are primarily categorised into three buckets as follows: Software as a Service (SaaS) - These applications are designed for end-users, delivered over the web. This is an end-to-end solution including all facets of applications, software & hardware. contd on next page..
Transformation literally means going beyond your form. - Wayne Dyer
4
Consultants’ Corner
Platform as a Service (PaaS) - This is the set of tools and services designed to make coding and deploying those applications quick and efficient. The primary target users are Application Developers.
Infrastructure as a Service (IaaS) - Here the hardware and software that powers it all (Such as servers, storage, networks, operating systems, etc.) alone are provided and maintained by Vendor. The users of this form of service are mostly Network Architects.
Well known Cloud service providers
IaaS examples
SaaS examples
Rackspace Cloud: provides users with access to dynamically scalable computing and storage resources, as well as third-party cloud applications and tools
Google Apps: provides web-based office tools such as e-mail, calendar, and document management Salesforce.com: provides a full customer relationship management (CRM)6 application
To Cloud or not to Cloud!
Zoho.com: provides a large suite of web-based applications, mostly for enterprise use
Cloud Computing adoption requires cost/benefit/risk analysis to answer questions such as
PaaS examples
What resources should an organization move to
Force.com: from salesforce.com (an SaaS provider), provides users with a platform to build and run applications and components bought from AppExchange6 or custom applications Google App Engine: provides users with a complete development stack and allows them to run their applications on Google‘s infrastructure
IaaS examples Amazon Simple Storage Solution (S3): provides users with access to dynamically scalable storage resources IBM Computing on Demand (CoD): provides users with access to highly configurable servers plus value-added services such as data storage Microsoft Live Mesh: provides users with access to a distributed file system; targeted at individual use
the cloud, if any?
What situations warrant use of cloud resources, even for one-time situations?
Which model of access works better for the organization—private or public?
What risks are associated with using resources on the cloud?
Which drivers are most important to the organization? For example is concern over the security of data more important compared to data accessibility from multiple locations? contd on next page..
An expert is a person who has few new ideas; a beginner is a person with many. - Albert Einstein
5
Consultants’ Corner
Key Drivers A common set of key factors that drive organisations in deciding to Cloud or NOT Cloud... are given in table below: Attribute
Why it can draw an organization toward cloud computing
Availability
Users have the ability to access their resources at any time through a standard internet connection.
Collaboration
Users begin to see the cloud as a way to work simultaneously on common data and information.
Elasticity
The provider transparently manages a user‘s resource utilization based on dynamically changing needs.
Infrastructure Costs
The pay-per-usage model allows an organization to only pay for the resources they need with basically no investment in the physical resources available in the cloud. There are no infrastructure maintenance or upgrade costs.
Mobility
Users have the ability to access data and applications from around the globe.
Risk reduction
Organizations can use the cloud to test ideas and concepts before making major investments in technology.
Scalability
Users have access to a large amount of resources that scale based on their demand.
Virtualisation
Each user has a single view of the available resources, independently of how they are arranged in terms of physical devices. Therefore, there is potential from a provider perspective to serve a greater number of users with fewer physical resources.
(Source: Basics about Cloud Computing by Grace Lewis - Software Engineering Institute, Carnegie Mellon University)
Risks involved Key challenges and risks in migrating to a cloud computing environment have been tabulated below: Concern/Risk
Why it can act as a barrier to cloud computing adoption
Interoperability
A universal set of standards and/or interfaces have not yet been defined, resulting in a significant risk of vendor lock-in.
Latency
All access to the cloud is done via the internet, introducing latency into every communication between the user and the provider.
Platform/Language constraints
Some cloud providers support specific platforms and languages only.
Regulations
There are concerns in the cloud computing community over jurisdiction, data protection, fair information practices, and international data transfer—mainly for organizations that manage sensitive data.
Reliability
Many existing cloud infrastructures leverage commodity hardware that is known to fail unexpectedly. The amount of control that the user has over the cloud provider and its resources varies greatly between providers.
Resource Control Security
The main concern is data privacy: users do not have control or knowledge of where their data is being stored.
(Source: Basics about Cloud Computing by Grace Lewis - Software Engineering Institute, Carnegie Mellon University )
Good to read! 1.
Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance - by Tim Mather
2.
Cloud Computing Explained: Implementation Handbook for Enterprises - by John Rhoton
Praveena K R can be reached at praveena@magc.in
6
Consultants’ Corner
Key terms associated with Cloud Computing
C
loud computing though an easy concept to follow comes with its own set of jargons. It will be useful for you as a consultant to know some of the key terms used in connection with cl oud computing. Whether to impress your clients at meetings or to flaunt your knowledge to your colleagues, knowledge of these terms can come in handy. Here is a compilation of certain important terms that you get to hear and their meanings. Content Delivery Network (CDN) A system consisting of multiple computers that contain copies of data, which are located in different places on the network so clients can access the copy closest to them. Cloud Broker An entity that creates and maintains relationships with multiple cloud service providers. It acts as a liaison between cloud services customers and cloud service providers, selecting the best provider for each customer and monitoring the services. Cloud Portability The ability to move applications and data from one cloud provider to another. Cloud portability is one of the key considerations while selecting a service provider. If the cloud portability is not good, be prepared to be stuck with the service provider for a long time. Cloud Storage The type and size of storage space available on the cloud. Many cloud service providers provide options to increase the cloud storage incrementally as your business grows thus optimizing costs.
Cloudstorming Connecting multiple cloud computing environments. Cloudware Software that enables creating, deploying, running, or managing applications in the cloud. Simply put – software on the cloud. Consumption-based pricing model A pricing model whereby the service provider charges its customers based on the amount of the service the customer consumes, rather than a time-based fee. For example, a cloud storage provider might charge per gigabyte of information stored. This is what makes the cloud so popular. External cloud Public or private cloud services that are provided by a third party outside the organization. -contd on next page..
If you want the truth, I'll tell you the truth: Listen to the secret sound, the real sound, which is inside you. - Kabir
7
Consultants’ Corner Infrastructure as a Service (IaaS) Cloud infrastructure services, whereby a virtualized environment is delivered as a service over the Internet by the provider. The infrastructure can include servers, network equipment, and software.
IaaS, PaaS and SaaS have totally revolutionized the way businesses look at IT investments by converting more and more of the Capital Expenditure to Operating Expenditure utilizing the power of the Cloud.
Internal cloud A type of private cloud whose services are provided by an IT department to those in its own organization.
Subscription-based pricing model A pricing model that lets customers pay a fee to use the service for a particular time period, often used for SaaS services.
On-demand service A model by which a customer can purchase cl oud serv i ces as needed; for instance, if customers need to utilize additional se rv e r s f or the duration of a project, they can do so and then drop back to the previous level after the project is completed. This is another highlight which makes cloud services popular. Platform as a service (PaaS) Cloud platform services, whereby the computing platform (operating system and associated services) is delivered as a service over the Internet by the provider. Pay as you go A pricing model for cloud services that encompasses both subscription-based and consumption-based models, in contrast to traditional IT cost model that requires up-front capital expenditures for hardware and software. Private cloud Services offered over the Internet or over a private internal network to only select users, not available to the general public. Public cloud Services offered over the public Internet and available to anyone who wants to purchase the service (Example: Gmail, Amazon Web Services). Software as a service (SaaS) Cloud application services, whereby applications are delivered over the Internet by the provider, so that the applications don't have to be purchased, installed, and run on the customer's computers.
Vendor lock-in Dependency on the particular cloud vendor and difficulty moving from one cloud vendor to another due to lack of standardized protocols, APIs, data structures (schema), and service models. See Cloud Portability above. Virtual Private Cloud (VPC) A private cloud that exists within a shared or public cloud (Example: Documan at MaGC which is hosted on the Amazon public cloud). As you can now see Cloud Terminology need not be that cloudy after all!! You can find more terms associated with cloud computing on the internet. So, go and find that Silver Lining in the Cloud. References: www.techrepublic.com http://searchcloudcomputing.techtarget.com/ http://www.webopedia.com/quick_ref/ cloud_computing_terms.asp http://whatiscloud.com/
Ashok Rao can be reached at ashok@magc.in
There is no greater joy nor greater reward than to make a fundamental difference in someone's life. - Sr. Mary Rose McGeady
8
Consultants’ Corner
Cloud Computing Threats and Assurances
A
s enterprises look to numerous ways to reduce cost and increase the value and trust of their information systems, cloud computing has emerged as an important platform by offering these enterprises a potentially less expensive model to handle their computing needs. Some of the benefits offered by cloud computing are optimization of server utilisation, reduction in CAPEX and shortened life cycle development of new applications. What is cloud computing? NIST (US National Institute of Standards and Technology) defines cloud computing as a ―model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.‖ To put the above definition in a simplified manner, we can relate cloud computing to a utility service that can be used on a need basis. Think of renting a room in a hotel as and when needed based on our requirement. The hotel owner is the ‗Cloud Service Provider‘ (CSP) and the enterprise is its client. By using this utility service, the enterprise needs to pay only for the service availed by them. This leads to savings in cost of power, underutilized equipment, maintenance etc. Cloud computing offers virtual processing power in a variety of combinations through service delivery models and deployment models. Infrastructure-as-a-Service: Provides online processing or data storage capacity. This is ideal for enterprises considering a very large one-time processing project or infrequent large data storage needs. If the enterprise wants to perform data testing, it might need a lot of processing power coupled with very high data storage. For a one-time project as such, investing in infrastructure might not be a viable option. Taking the hotel example, IaaS can be related to the enterprise renting out the party hall for a one-time event. The enterprise saves cost by only paying rent and electricity for the space for the small time period.
Platform-as-a-Service: Provides an application development sandbox and also allows hosting of applications for access to end-users. It can be used by enterprises wishing to develop a new application and also allows them to host their application in the cloud. It usually includes an operating system, programming language execution environment. PaaS is similar to renting out a hotel room. The enterprise rents a deluxe suite that allows them to develop a software. Service-as-a-Service: Provides a business application used by many individuals or enterprises concurrently. Google Apps, Microsoft Office 365 are some of the popular consumer-directed SaaS applications. One doesn‘t have to worry about installing the software or setting it up. One can directly run the application. SaaS is similar to going to a hotel only for using the restaurant. You need not rent a room to use the services provided by the hotel.
contd on next page..
He who learns teaches, he who teaches learns.
- African proverb
9
Consultants’ Corner Cloud Computing Threats Cloud computing provides amazing benefits to an enterprise, however, as with any activity risk element is inherent in cloud computing.
Threat
It presents the same issues as generally found in a traditional IT world, but it also introduces new threats and vulnerabilities that may be due to lack of physical visibility and perceived loss of control over assets and information.
Description
Affected service model IaaS
Data breaches
In a hybrid cloud deployment, if a cloud service database is not properly designed, a flaw in one client‘s application could allow an attacker access to not only that client‘s data but every other client‘s data.
Data loss
Any accidental deletion by the cloud service provider or a physical catastrophe could lead to permanent loss of enterprise data unless adequate measures are taken for backup
Account hijacking
If an attacker gains access to the enterprise credentials, he can eavesdrop on its activities and transactions, manipulate data, redirect users to illegitimate sites. Confidentiality, integrity and availability of services are compromised.
Insecure interfaces
Interface is the main link for interacting with the cloud interface. From authentication and access control, interface must be properly secured. These interfaces are key to provide value added services to the customer.
Denial of Service
DOS attacks are meant to prevent users of cloud service from being able to access their data or applications. Service outages are critical since, customers are billed based on the space used. DOS attacks misuse finite resources such as memory, power, disk space and network bandwidth.
Insufficient due diligence
Enterprises often jump the cloud computing bandwagon without proper understanding of the risks involved. Operational responsibilities are moved to the cloud and they are exposed to unknown levels of risk. Unless the enterprise has adequate resources and understands its responsibilities and that of the cloud service provider, they should reconsider moving to the cloud.
High
Moderate
PaaS
SaaS
Low
Assurance in Cloud Computing Having discussed the threats faced by the enterprises using cloud computing, the onus is on the cloud service providers to provide assurance to its customers regarding the services offered by them. With shared resourcing, multi tenancy and geolocation, cloud computing requires an entirely new approach to providing approach. CSPs need to be more transparent with their clients regarding the movement of their data. Assurance needs to be provided on a real time basis rather than the traditional methods. The level and type of assurance must be driven by the type of cloud service offered and cloud deployment methods followed. CSPs need a strong risk management approach and they must balance it with strong performance to meet the user‘s needs.
Assurance can be provided at various levels by CSPs. They can adopt international standards such as COSO, COBIT and ISO. They can also provide assurances based on specific criteria such as reliability, effectiveness, efficiency, availability and confidentiality. The greater the assurance, the more confidence a client will have on CSP, which results in increased adoption and deployment of cloud computing in the industry.
Vinod M can be reached at vinod.m@magc.in
10
Consultants’ Corner
Mobile Cloud Computing (MCC)
A
lot of consumers are switching to smartphones as their computing requirement on the go has increased. Smartphones are now capable to support a wide variety of applications; however due to limited power, memory, storage etc. they are unable to fulfill their potential. Cloud computing is a facility available that allows us to process our data outside the realms of the physical hardware that we possess. Computing takes place in a virtual environment leading to savings in capital and operational expenditure. These are two significant trends in the current period. Imagine if the power these two combine? Mobile Cloud Computing (MCC) brings together cloud computing and mobile networks. In MCC the processing and storage happens outside the mobile device but the end product is delivered to the mobile device. The parties who benefit out of MCC are given in the figure below: Beneficiaries
Mobile users
Network operators
Cloud computing providers
Mobile users are benefitted since the cloud performs the computing-intensive tasks and storing massive amounts of data. They can continue to
Cloud computing providers are benefitted since their customer base will increase and the application developers will move to a cloud based infrastructure to develop these applications and provide seamless integration. Mobile Application Development The issues with regard to mobile application development are to build mobile applications that are applicable to all types of devices. Each and every device is distinct in terms of the Operating System or any other unique features. The developers will have to come up with new mobile applications as and when the vendors introduce new devices in the market. The only possibility of solving the above issue is to move the apps to the servers running in the cloud, in order to make the same available for the other users. The users can access the apps and the data available in the cloud using their browser. Hence one should understand that the data processing and storage takes place outside the mobile device and the result of the processing appears on the screen or from the speaker of the mobile device. This will be a major advantage for the mobile app developers as they need not create individual apps for individual devices. Few tools that make this work are:
perform these tasks with hand held devices and on the go.
-contd on next page..
Network operators are benefitted since mobile users will move to data intensive packages leading to greater demand and higher profits.
A different language is a different vision of life. - Federico Fellini
11
Consultants’ Corner
Mobile Cloud Computing – Challenges in the enterprise Considering the rapid growth in the industry of mobile devices, the MCC is projected as an opportunity to any enterprise. However the enterprise will have to face the following challenges: Security – Every enterprise deals with sensitive data. Hence when a mobile is stolen or lost or misplaced, crucial data may be compromised. Interoperability – Most of the enterprises follow the Build Your Own Device (BYOD) policy. Hence the major challenge is in sharing and receiving the data across various mobile devices. Mobile Enterprise Application Platforms (MEAP) – The MEAP ensures that data sent to the mobile devices from the cloud fits into the receiver‘s mobile screen. It has a very authenticated mechanism where the data reaches the device and if the device is stolen or lost, it can be wiped.
Integrity – If the user pulls any document from the cloud, updates it and forgets to sync it back to the cloud, another user who retrieves the document can view only the older version and not the updated version causing a data integrity risk for the enterprise as a whole.
HTML5 – It assesses the characteristics of the device to provide data and automatically gets adjusted to the size, resolution and other unique features of the device
Sandya Manohar can be reached at sandya.m@magc.in
Opinion Poll Result
Best article in the Dec 13-Jan 14 issue of Consultants’ Corner The Editorial Team thanks its readers for taking part in this poll. We request our readers to actively participate in this Opinion Poll since the annual best article for CC would be selected based on your votes.
Total no. of votes polled: 14
Process Documentation 5WH approach to Business Process Reengineering Business Process Mapping Essentials of a good Business Process Document
"Only those who will risk going too far can possibly find out how far one can go. TS Eliot
12
Consultants’ Corner
What’s up at MaGC? Study Circle Presentation at MaGC 1. Karthik M V conducted a session on ―One person Company‖ on 16th December 2014. 2. Praveena K R conducted a session on ―Agile Methodology - an overview‖ on 20th Dec 2014. 3. Padmaja J conducted a session on ―Nine Money Personalities‖ on 20th January 2014.
Chess Tournament The first ever MaGC Chess Tournament got underway on 04th January 2014 with 24 participants from the Bangalore office competing for the championship. We wish all the participants all the very best!! May the best player win!! For more details about the fixtures click here and for pictures of the matches click here
Birthday wishes Happy Married Life!!! Mahesh - 3rd Feb
Gopal Agarwal - 17th Feb
Karthik M V of MaGC Bengaluru office exchanged marital vows with Nitya Nair on 8th January 2014 Team MaGC wishes the couple a blissful married life forever.
Vinod Murali - 17th Feb
Karthik M V - 6th March
1. Coffee houses are places where people hangout. How has a coffee house in Moscow decided to charge its customers? It is becoming a trend now. 2. In marketing, what is Osborne effect ? What is the origin of this term ? 3. Identify the brand with the tagline ―Handcrafted in Chennai‖. 4. Vape is a term increasingly being used and a term in fashion in 2013. What is ‗vape‖ ? 5. What is the newly imposed tax in Italy commonly called ―Google Tax‖?
Right answers for the previous issue quiz was given by
Send in your answers to the editor at cc@magc.in Participants with the correct entry will be awarded with a Recognition Certificate by MaGC.
Bhavana R !!! Congratulations !!!
Last issue answers. 1. Mobile science laboratory which will be taken from school to school in motor cycles to show science experiments; 2. Black Dog; 3. wholly owned subsidiary; 4. A free Laddoo; 5. Zips.
Our Mission is to apply our professional capabilities with a holistic approach for the happiness of clients, through values and social commitment.
Editorial Board
Contact
C S Suresh, Executive Director Ashok Rao, Executive Director
Editors Sandya M, Consultant Karthik M V, Consultant
Published by MaGC Private Limited, Chennai & Bangalore
Email to cc@magc.in
Management and Governance Consulting Pvt. Ltd.
Registered Office: 2nd Floor, New No. 4, Old No. 23, C P Ramasamy Road, Alwarpet, Chennai - 600 018, INDIA Ph:+91 44 2466 0955/ 24986850 Email: chennai@magc.in Branch Office: #107, 1st Floor, Railway Parallel Road, Kumarapark West, Bengaluru - 560 020, INDIA Phone/Fax: +91 80 23560265 Email: bengaluru@magc.in
Website: www.magc.in
Our Business Associates
N.C.R & Co.