Discovering Cloud computing

Cloud computing entered the hype cycle around 2010 and now, a decade later, it still dominates the IT market. In the wake of new privacy concerns arising globally, let’s take a look at what types of cloud computing services you can use nowadays.

The biggest cloud service players now are Amazon, Microsoft, Google, IBM, Oracle, and SAP. Millions of businesses and individuals use these services either as an extension to their existing computing infrastructure, or sometimes even to completely replace it.

What is cloud computing anyway?

Cloud computing services are all based on virtualization technology, where a set of physical servers are made into an abstract pool of resources through a hypervisor software. Virtual machines can be created using preconfigured OS images in minutes and can be decommissioned just as quickly.

So how does cloud computing work?

It works the same way as any other owned IT infrastructure – only you connect remotely via the internet, or direct VPN. The service provider owns several datacenter locations around the world and provides different virtualized functionalities (virtual machines, storage, databases, software, computing capabilities, networking functions, etc.) of its infrastructure on a subscription or contractual basis.

Different types of cloud computing services

There are 3 main types of cloud computing services: Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. They are best described from bottom to top, starting from the physical layer all the way up to the application.

Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS) lets you expand your own IT infrastructure with storage and computing power, or run it in entirely remotely. The service provider undertakes the maintenance and management of housing, physical servers, virtualization (hypervisor), storage, and networking. This infrastructure can be accessed via an API or dashboard through a private network or the internet. Customers can build and manage virtual machines and applications on top for whatever purpose they see fit. The provider needs to ensure business continuity via stable connection and resource availability. For instance, Magento can be considered a typical IaaS example in AWS.

Benefits of IaaS:

• Cost: Small or medium businesses that cannot invest too much into their IT infrastructure and IT personnel benefit the most from IaaS services. Service providers make their livelihood to operate such environments against demanding SLAs so any business can benefit from more advanced security and operational practices.
• Scalability: Companies with cost restrictions on their own IT environment can make the most of IaaS contracts that work on a use basis and can scale up or down easily when additional resources are required during peak periods.
• Flexibility: Employees can access files even when offsite or on-the-go, and teams can easily be assigned additional computing power, storage, or software applications.
• Business Continuity: In case of outages, connectivity problems or disasters, having an IaaS service spread out redundantly across several data center locations ensures that business operations never come to a halt.
• Locations: Restrictive legal requirements like HIPAA or GDPR might make it difficult for your company to do business in certain countries where personal data cannot be transferred to. Keeping data in a dedicated data center located in a particular country you want to do business in is an excellent solution.

Disadvantages of IaaS:

• Loss of Control: Large companies with many restrictions on the data they handle can lose control and visibility over performance, configuration, security and data if they choose IaaS. If data is kept in a public cloud, sensitive data could travel to unknown and restrictive locations bound by GDPR.
• Neighboring effect: In case of a public or virtual private cloud, you will compete for computing and storage power with other tenants on the same physical hardware. Also, the provider must ensure there is appropriate separation of different customer virtual machine clusters, so data leakage or cross talk does not happen.
• Maintenance: While one of the greatest benefits of cloud infrastructure services is that you are relieved of maintenance, hardware upgrades, and OS or application licenses, you are still dependent on providers keeping their contracted SLAs so you can stay competitive on the market.
• Customization: Highly automated environments with preset blueprints will make less room for customization. Providers also widely differ in their security practices in terms of data and user privacy.
• Vendor lock-in: Cloud providers offer short term, pay-as-you-go contracts, but at one point you might want to switch providers. Coming out of a contract can be difficult at times and migrating your IT from one environment to the other will become a complex and painful undertaking.
• Downtimes: Most IaaS comes with redundant datacenters stretched across multiple locations, yet downtimes can still occur. For critical applications and data that needs constant availability, consider a direct VPN connection to the IaaS instead of the internet. Make sure there’s enough WAN bandwidth and that maintenance work by the provider is not done in peak business periods.

Platform as a Service (PaaS)
With Platform as a Service, the service provider takes over responsibilities for the OS, Middleware and Runtime environment. It’s usually a platform for certain types of Business Software (e.g. SAP) that the customer manages on top. It’s also widely used for software development and programming, without having to care for the underlying infrastructure. Azure App Service is a prime example of a PaaS.

Benefits of PaaS:

• Cost: One of the greatest benefits of PaaS is its affordability. Even small or midsize companies can benefit from state-of-the-art resources and technology for a very reasonable price. No need to build and maintain robust IT environment on premise.
• Speed to market: PaaS is the perfect sandbox for any company wanting to develop an application as quick as possible and present it to the market.
• Scalability: PaaS enables quick scaling up for peak times, test or pre-production environments. Scaling down is just as easy.
• Flexibility: Employees can log in and work on applications from various devices and locations.

Disadvantages of PaaS:

• Vendor dependency: Providers differ widely in offered capabilities. It’s also easy to fall into contractual traps where you get stuck with programming language, interface or programs you no longer need.
• Compatibility: Customers who already have an established development platform might face difficulties when they want to integrate PaaS into their environment. Also, with time some incompatibility issues might arise.
• Cross Dependence: The customer remains responsible for the security of the application they develop. Proper planning is needed so that the underlying platform serves the applications purposes and its security build.
• Data security: Business or sensitive personal data being kept in databases by the provider can be at risk. Make an informed judgement on cloud providers' security practices, especially their encryption practices. How transparent they are regarding these matters usually implies how much you can trust them.

Software as a Service (SaaS)
Finally, Software as a Service is like renting a hotel room. You cannot make any changes to the room, you just use it as-is, and all maintenance is carried out by hotel staff. The service delivers a software application on-demand that is being used by customers typically via a web interface or API. All updates to the software elements are taken care of by the provider. It has the great benefit of you not having to manually install and maintain software on individual workspaces or servers and facilitates greater methods for collaboration. Typical business applications provided on a license or subscription basis: Office and communication software (e.g. Microsoft 365), HR, ERP and CRM management software, Payroll and accounting programs and mobile applications.

Advantages of SaaS:

• Ready for market: SaaS is the best solution for small or medium sized businesses. Owning an on-premise data center, building your own servers, configuring, and maintaining your own business applications by trained IT experts is costly and time consuming.
• Pay as you go: For larger companies, subscription-type SaaSis perfect for short-term projects or for applications that aren’t needed all year long.
• Cost: The most appealing benefit of SaaS is that your company can save hardware and software maintenance and operational staffing costs.
• Staying relevant: Service providers will always make sure all software is updated and patched, and that the latest technology is being used to stay competitive.
• Accessibility: A wide range of devices (mobile and office workspaces) will be able to connect to the application 24/7 via the internet.
• Scalability: If your business grows rapidly and needs additional resources, or you need to scale down because a development project ended, cloud providers have you covered with many options. They offer flexibility to satisfy small, medium, and large business for shorter or longer terms.

Disadvantages of SaaS:

• Lack of customization: One disadvantage of SaaS is that third-party vendor software comes with preconfigured features that don’t leave much space for customization.
• Exit strategy: SaaS market is filled with ephemeral start-ups that don’t make it in the long run. Also, there’s constant competition and your company might soon find itself convinced by another provider. But be prepared: transferring all your data, and making your employees familiar with a new interface will be time and resource consuming.
• Low performance: A browser-based application relying on internet bandwidth and availability may lack in performance, as opposed to an application running on the employee’s desktop.

What are the most popular cloud computing deployment models?

Computing models differ in terms of where virtualized environments are deployed. Customer or vendor site? Perhaps a combination of both? There’s also shared or single tenancy, which is a key aspect to data privacy issues.

The option for a direct WAN connection or just regular internet connection to a data center is another important aspect in cloud computing deployment models. Known cloud providers, such as Amazon, Google, Microsoft, and T-Systems all have their own public, private or in-between version of cloud services.

Let’s take a look at four different types of deployment models for cloud computing.

Private cloud computing
Private cloud deployment is the closest to owning traditional on-premise infrastructure and therefore the costliest undertaking. In fact, private clouds can be deployed on the customers’ site and still be maintained remotely by a vendor. Businesses choosing this option usually plan on extending later to external cloud as well, creating a hybrid operation where their most critical data stays on-premise, while other non-sensitive, non-critical workloads run in the vendor’s cloud.

Generally, private cloud means that the customer is provided with a set number of physical servers, on one or multiple locations of their choosing. These servers constitute one virtualized server pool, where the customer can create virtual machines and can build their own servers and application the way they see fit. They can do this via a web based or API based self-service portal. One of the biggest advantages of private clouds is that it can come with a dedicated VPN connection from site-to-site and does not rely on the less trustful internet.

Private cloud computing is ideal for large businesses that run critical applications and cannot afford downtimes or connection failures, or who handle highly sensitive data that needs to stay within their country. Also, companies invest in private clouds when the risk for data leakage must be mitigated to the minimum. With a private cloud, you can choose a location close to your site or where your customers are to make connection, speed, and accessibility reliable. Also, you won’t have to compete for computing resources with other tenants on the same physical hardware. The private cloud is also the best option if you run complex legacy applications that are not ready for the public cloud yet. Scaling up or down is still possible the same way as with a public cloud, you basically only pay for exclusivity.

Virtual private cloud
Virtual private clouds are in principle closer to a public cloud but with advanced features that make it more secure. For one, the customer will know exactly where the physical servers are, so they can choose one close to its premises or where their customers are, to ensure data regulations are met. A direct VPN connection also ensures greater security and availability as opposed to unreliable internet connections. Therefore, it has more advantages compared to private clouds, in terms of cost and security. The only disadvantage of virtual private cloud is that it has shared tenancy, meaning that you will share the same physical server space with other tenants. Tenant separation is still more sophisticated than in the case of public cloud computing.

Public cloud computing
Public clouds are the most popular due to their flexibility in terms of cost, fast deployment, and accessibility. All you need is an internet connection, and any type of business can be set up with a pay-as-you-go subscription to have a short-term project or a peak period covered. Whether you need additional storage, network, database, application, or computing capabilities added to your IT, public clouds are a good solution both short and long-term.

However, the public cloud also has its disadvantages: an amalgamation of a vast virtual resource pool is available for thousands of tenants, and behind this are physical locations spreading across the world. Your crucial business data might be in China one minute and India the next. And data is most vulnerable in transit or when it is kept in virtualized environments shared by other tenants. So you are paying for the privilege of speed and flexibility, whilst being faced with a lack of security and possible downtimes caused by an unreliable internet connection. Also, the cost of public cloud consumption is gradually climbing, and you might find yourself stuck in a contract that no longer serves your business purposes in the long run.

Hybrid cloud computing
Some years after the big boom of public cloud offerings and in the wake of more and more privacy and security concerns arising globally, a tendency started to appear in combining traditional on-premises data centers and the use of cloud services. This combines the best of both worlds. It is more costly, but control and security stay in your hands and you still get the needed flexibility and mobility. The hybrid cloud has the most advantages for companies that have a lot of legacy applications bound to traditional hardware, but want to leverage some IT functionalities from the cloud, or plan on moving completely in the future.

This method serves more as an extension to existing IT infrastructure instead of completely replacing it. Hybrid cloud computing can also be an ideal path for healthcare companies, where legally sensitive personal and patient data cannot leave premises.

Advantages of cloud computing for businesses and individuals

The major advantages of cloud-based services for businesses include scalability and elasticity, i.e. the possibility of requesting resources on-demand almost in real-time. Thus, businesses don’t need to worry about peak loads and operating an over-provisioned computing infrastructure. In addition, by outsourcing to the cloud, a large part of the infrastructure management and maintenance burdens disappears, along with significant IT costs.

For individuals, cloud-based services offer flexibility and convenience by providing access to resources anytime and anywhere. It is problematic to keep data on multiple devices synchronized (laptop computers, tablets, and smart phones), so cloud services offer to keep everything in one place and accessibility to the data with any number of devices. Once data (e.g. photos and videos) is uploaded to the cloud, it becomes much easier to share it.

Major concerns of moving to the cloud: security and privacy

Besides all these advantages, moving everything in the cloud also has some potential drawbacks, our major concerns being security and privacy.

Nowadays, almost all cloud service providers have unlimited access to the users’ data that they handle. While users may trust the service provider with storing and maintaining the uploaded data, they may not intend that the providers are allowed to use their data. Still, users have limited choices: either they agree to terms of use and accept unlimited access to their data, or they don’t sign up for the service.

The question is if companies realize the magnitude of risks when passing private data into the hands of cloud service providers. No wonder the freemium business model is so popular on the market: cloud service providers offer their basic plan for free to allure customers, and by doing so, they only highlight the advantages of signing up. In the end, companies pay the price in form of giving up their privacy. It is a known fact that users data is often analyzed and processed for profiling, resulting in targeted advertisements, or being passed on to third parties for profit.

Businesses should be better prepared to assess the risk of trusting the cloud operator with their confidential company documents, databases, and e-mails. Experience has shown that sensitive data should not be uploaded to the cloud (see private and hybrid cloud options above). Special service agreements could be negotiated that hold the cloud operator responsible for any leakage of sensitive information, but such agreements also come at a higher price. Some companies work in highly regulated industries (like healthcare), and legal requirements prevent the company from storing data outside its premises, especially if ’outside’ means another country regulated by local data protection laws. In any case, these businesses lose the advantages of cloud computing, because they either must set up and run their own computing infrastructure, or they need to pay extra for keeping their data private.

The winds of change: encrypting your content in the cloud

Fortunately, this situation is not carved in stone. In fact, there’s no fundamental reason not to change it. Encryption methods can be used to make data stored in the cloud unintelligible, although some service providers only mean data encryption at rest when they talk about encrypted storage. Server-side encryption does not solve the problem entirely – in this case, the provider still gains unlimited access by owning encryption keys and decrypting data at will. Client-side encryption is needed, i.e., the user should encrypt the data before it is uploaded to the cloud.

So client-side encryption solves a large part of the problem. But if done naively, it makes sharing impossible. If you encrypt the data with a key that only you know, even though others can access encrypted data via the cloud service, they cannot decrypt the data locally.

What we need is a key management system that creates keys to decrypt data stored in the cloud available to those parties authorized to access the data. And that’s exactly the key feature provided by Tresorit to its users. The process may sound complicated – however, the software is designed to apply maximum level of security without hindering usability.

Encryption is done locally by the Tresorit client, so the cloud operator sees only encrypted files. Besides, Tresorit also lets users decide who can access their folders. When another user is given access to a folder, a key needed to decrypt the folder’s content is made available via the cloud storage’s encrypted public key. The invited user can download the encrypted content and the encrypted content’s key, then use his private key to decode the content’s key first, and then the content key to decode content of the folder. The software also handles all problems arising from concurrent accesses of multiple users to the same folder in the cloud, as well as other complications inherent to management of authorized group users, including the invitation of new members or expelling undesired ones.

Tresorit uses state-of-the-art encryption algorithms with large key sizes. The contents of folders are encrypted with AES-256, and content keys are encrypted with RSA-4096. For authentication, Tresorit uses RSA digital signatures in 512-bit long SHA hash values. Additionally, technologies such as lazy re-encryption are utilized for efficiency purposes, and a carefully designed own key setup protocol, called ICE, for handling the invitation of new members into a folder’s group of users.

To sum it up, Tresorit addresses an even more important problem, by securing the storage of information within the cloud, making cloud computing a suitable option for both businesses and individuals who don’t trust cloud operators or have confidentiality and privacy concerns. It provides a solution based on client-side encryption and related key management protocols that are secure, yet efficient, preserving the possibility to share data within a group of users. Concurrency and group management issues are handled in the background, without bothering users with details harming their productivity. At the time of conception, Tresorit was unique, and even today, it has only very few competitors providing similar services.

This post is an updated and expanded version of our "Discovering cloud computing – it works" article originally published on August 23, 2013. The last update occured on December 02, 21 by the Tresorit Team.