1 An organization debating whether to install a private cloud or to use a public cloud

(e.g., the AWS) for its computational and storage needs asks for your advice. What
information will you require to come to your recommendation, and how will you use
each one of the following items? (a) The description of the algorithms and the type
of the applications the organization will run; (b) the system software used by these
applications; (c) the resources needed by each application; (d) the size of the user
population; and (e) the relative experience of the user population; and (f) the costs
involved?

Public clouds have distinct cost advantages over private clouds; there is no initial
investment in the infrastructure, no recurring costs for administration, maintenance,
energy
consumption, and for the user support personnel. The main concern is security and
privacy.
An organization with very strict security and privacy concerns is very unlikely to use a
public
cloud.
The type of applications play a critical role, scientific and engineering computations
which
require a low latency interconnection network and enjoy only fine-grain parallelism
are unlikely
to fare well on either a public or a private cloud. A large user population is more
likely to use
identical or similar software and to cooperate by sharing the raw data and the
results; thus,
a private cloud seems more advantageous in this case. Some of the services offered
by private
clouds target experiences users, e.g., AWS services such as ElasticBeanstalk, while
others are
accessible to lay persons.
OR
answer to (a)
as any application hosted is multiple locations and accessed by users on multiple
locations. You'll be much more able to scale with the cloud, and you won't have to
invest a lot in up-front hardware to see if your idea works. If your application is
designed only to serve one local office, migrating to the cloud is not as important.

answer to question (b) to identify if there is a need of software as a Service : This

type of service is usually positioned as 'software on demand,, this software is
deployed on remote servers and the user can access it via the Internet, and all
updates and licenses for this software is governed by the service provider. Payment
in this case is made for actual use of the software.
answer to question (c) to identify Resource allocation is to allocate the resource
based on infrastructure as a service is one of the keys for large-scale Cloud
applications. Therefore, performance evaluation of workload models and Cloud
resource allocation and algorithms in a repeatable manner under different
configurations and requirements is difficult. There is still lack of tools that enable
developers to compare different resource allocation strategies in regarding both
computing servers and user workloads. To fill this gap in tools for evaluation and
modelling of cloud environments and applications,

we will use information given as answer to question (d) to identify how much
resources are required to cater to number given users as id number is more then we
need more resources.

we will use information given as answer to question (e) as Ubiquitous and cloud
manufacturing systems have paved the way for the development of cloud services
based on users' distinct needs and requirements. user experience based on the
environment and user-related data. The end-user population does not form one
single mental category

we will use answer to question second (f) as the three biggest costs related to a
cloud environment include network, compute, and storage. When setting price,
cloud providers determine the expense to maintaining the network. They start by
calculating costs for network hardware, network infrastructure maintenance, labour
and to understand companies budget.

 A university is debating the question in question 3. What will be your advice

and why? Should software licensing be an important element of the decision?
Answer:
Both education and research are university activities that could benefit from cloud
computing. A public cloud is probably an ideal environment for education; indeed,
security is not
a significant concern for computing related to education. The student computational
activity
peaks when projects and other assignments are due and it is relatively low during
the remaining of a semester thus, the investment into a large infrastructure needed
for brief periods of
time do not seem to be justified. Moreover, once a student learns how to use a
cloud service,
e.g., AWS, this skill could help in finding a job and then during his/her employment.
The
students share the software for their assignments and a public cloud could provide
an ideal
environment for group projects. Software licensing can be a problem as some
projects may
require the use of licensed software.
The benefits of a private cloud for supporting university research is increasingly more
questionable as the cost of the hardware decreases and the computational needs of
many
research groups can be met with a medium or a high-end server which costs only a
few
thousand dollars. Of course, some research groups may need access to
supercomputers but
acquiring a supercomputer is only justified for a very few well-funded research
universities.

2 identify the main security threats for the SaaS cloud delivery model on a public
cloud. Discuss the different aspects of these threats on a public cloud vis-a-vis the
threats posed to similar services provided by traditional service-oriented
architecture running on a private infrastructure.

Answer
The main factor of Saas cloud delivery model for IT Executives when it moves to
cloud computing is security and privacy. It environments are the multi-domain
environment in which various resources are shared.
While sharing Hardware and placing data it seems to be a highly risk factor. Any
unauthorized person can easily hacked either accidentally or due to malevolent
attack. Hence data storage would be a major security violation.
Here we See Some Important threats ans there Aspects :-

1.Secure data transfer. All of the traffic travelling between your network and
whatever service you’re accessing in the cloud must traverse the Internet. Make sure
your data is always travelling on a secure channel; only connect your browser to the
provider via a URL that begins with ”https.” Also, your data should always be
encrypted and authenticated using industry standard protocols, such as IPsec
(Internet Protocol Security), that have been developed specifically for protecting
Internet traffic.

2. Secure software interfaces. The Cloud Security Alliance (CSA) recommends that
you be aware of the software interfaces, or APIs, that are used to interact with cloud
services. ”Reliance on a weak set of interfaces and APIs exposes organizations to a
variety of security issues related to confidentiality, integrity, availability, and
accountability,” says the group in its Top Threats to Cloud Computing document. CSA
recommends learning how any cloud provider you’re considering integrates security
throughout its service, from authentication and access control techniques to activity
monitoring policies.
3. Secure stored data. Your data should be securely encrypted when it’s on the
provider’s servers and while it’s in use by the cloud service. In Q&A: Demystifying
Cloud Security, Forrester warns that few cloud providers assure protection for data
being used within the application or for disposing of your data. Ask potential cloud
providers how they secure your data not only when it’s in transit but also when it’s
on their servers and accessed by the cloud-based applications. Find out, too, if the
providers securely dispose of your data, for example, by deleting the encryption key.

4. User access control. Data stored on a cloud provider’s server can potentially be
accessed by an employee of that company, and you have none of the usual
personnel controls over those people. First, consider carefully the sensitivity of the
data you’re allowing out into the cloud. Second, follow research firm Gartner’s
suggestion to ask providers for specifics about the people who manage your data
and the level of access they have to it.

5. Data separation. Every cloud-based service shares resources, namely space on the
provider’s servers and other parts of the provider’s infrastructure. Hypervisor
software is used to create virtual containers on the provider’s hardware for each of
its customers. But CSA notes that ”attacks have surfaced in recent years that target
the shared technology inside Cloud Computing environments.” So, investigate the
compartmentalization techniques, such as data encryption, the provider uses to
prevent access into your virtual container by other customers

6. Insufficient identity, credential, and access management:-Bad actors

masquerading as legitimate users, operators, or developers can read, modify, and
delete data; issue control plane and management functions; snoop on data in transit
or release malicious software that appears to originate from a legitimate source, CSA
says. As a result, insufficient identity, credential, or key management can enable
unauthorized access to data and potentially catastrophic damage to organizations or
end users.

7. Malicious insiders:-While the level of threat is open to debate, the fact that insider
threat is a real adversary is not, CSA says. A malicious insider such as a system
administrator can access potentially sensitive information, and can have increasing
levels of access to more critical systems and eventually to data. Systems that depend
solely on cloud service providers for security are at greater risk.

Usually there is an ongoing debate between IT professionals of whether or not

private Clouds are really more secure. Besides from the common view that private
Clouds should be more secure, there are some interesting attributes/properties of
public Clouds to consider.
Public Clouds are hardened through continual hacking attempts. Public Cloud
providers are much larger targets for hackers than private Clouds.
Public Clouds also attract the best security people available; the biggest and best
Cloud service providers have millions of customers relying on them.
They definitely would be meticulous about who they hire. Also public Cloud
providers, especially larger companies like Google, Amazon, and Facebook would get
the latest security gear much easier than a small to midsize private company. Here
are some other security issues related to Public Cloud Computing:

Services provided by a traditional service-oriented architecture for such threats:-

Firewall:-

is a system designed to prevent unauthorized access to or from a private network.

Firewall can help by decreasing the attack surface of virtualized servers in cloud
computing environments. Deploying firewall on VM with policies that map to
security policy of organization, one may achieve the Virtual Machine isolation, data
filtering at fine-grained level of ports, data segregation for analysis covering all IP-
based protocols, frame types, etc.. Attacks like Denial of Services (DoS) can be
prevented. Firewalls also allow setting different policies over different network
interfaces.

Intrusion Detection and Prevention (IDS/IPS):

IDS/IPS can shield vulnerabilities in operating systems and enterprise applications

until they can be patched, to achieve timely protection against known and zero-day
attacks. An IDS/IPS can detect newly discovered vulnerabilities in both applications
and operating system running in VM. This provides protection against exploits
attempting to compromise virtual machines. There are IDS/IPS which are based on
artificial intelligence techniques [8] which may learn about new vulnerabilities
dynamically.

Integrity Monitoring:-

It involves monitoring files, systems and registry for changes. Application files and
critical system files (files, directories, registry keys and values, etc.) can be monitored
for detecting malicious and unexpected changes which could signal compromise of
cloud computing resources. Integrity monitoring software must be applied at the
virtual machine level. An integrity monitoring solution should enable . On-demand or
scheduled detection. Extensive file property checking, including attributes (enables
compliance with PCI Directory-level monitoring. iv. Flexible, practical monitoring
through includes/excludes. Auditable reports.

Log Inspection:

Log inspection collects and analyzes operating system and application logs for
security events. Rules are defined in log inspection which allows efficient extraction
of security related events from multiple log-files. These logs can be sent to a stand-
alone security system, or to a Security Information and Event Management (SIEM)
system or centralized logging server for analysis. Log inspection software on cloud
resources enables suspicious behavior detection. Like integrity monitoring, log
inspection capabilities must be applied at the virtual machine level.
Secure introspection:-

In cloud computing users may move images from one cloud to another, thus an
effective solution requires learning what guest operating system (OS) runs in each
virtual machine (VM) and secure the guest OS without relying on the guest OS
functionality or an initially secure guest VM state. One such solution is secure
introspection .

3 list the challenges in cloud computing and describe each in detail

The challenges of cloud computing:

Security issues: Security issues are the main challenge of cloud computing. In cloud
computing, we store our data in a third-party system (cloud). So it has to be very
secure. Many users store data in cloud computing so there may be a chance for
misconfiguration. That means one user may get or/and others data. So cloud
providers have to take special concern about security.

Cost: One of the advantages of cloud computing is low cost. Because we don't need
any physical computer, hardware, etc to run our system all we need is a faster
internet connection. But the cost may vary from one to another company. This will
be based on the transferring of data.

Internet connection: The main thing we need in cloud computing is a faster internet
connection. First, we have to focus on internet connection. Because the internet
downtime will stop the whole system and the losses also very high.

Downtime: This can define as the shortcomings of Cloud computing. No cloud

provider can't avoid this downtime. Lack of internet connection the downtime will
occur.

Performance: The cloud has to be maintained as same as when it was created. That
means it has to work the same all time. If it has a full load or less load it has to
perform as same.
PARAphrased

Security and privacy are the two key considerations for IT executives when switching
to a SaaS cloud delivery model.
It environments are multi-domain settings where a variety of resources are shared.

It appears to be a major danger factor to share hardware and place data.

Anyone who is not permitted to do so can readily hacked, either unintentionally or
as a result of an evil attack.
Thus, data storage would constitute a serious security infringement.

Here are a few significant dangers and their components:

1. Data transport that is secure.

Any traffic that needs to transit between your network and the cloud service you're
using must do so via the Internet.
Make sure that your data is always being transmitted over a secure channel by
always using URLs that start with ”https”. Additionally, you should always use
industry-standard protocols like IPsec (Internet Protocol Security), which were
created especially for securing Internet traffic, to encrypt and verify your data.

2. Safe interfaces for software.

You should be aware of the software interfaces, or APIs, that are used to
communicate with cloud services, according to the Cloud Security Alliance (CSA).
According to the group's Top Threats to Cloud Computing report, relying on a shoddy
set of interfaces and APIs exposes enterprises to a number of security issues relating
to confidentiality, integrity, availability, and accountability.
The Cloud Security Alliance (CSA) advises researching how any cloud provider you're
thinking about incorporates security throughout its service, from authentication and
access control procedures to activity monitoring guidelines.

3. Safely storing data

When your data is on the provider's servers and when the cloud service is using it, it
should be safely secured.
Forrester advises that few cloud providers guarantee safety for data being utilized
within the application or for disposal of your data in Q&A: Demystifying Cloud
Security.
As possible cloud service providers, find out how they protect your data both on
their servers and when it is accessible by cloud-based applications, as well as when it
is in transit.
Ascertain whether the service providers properly dispose of your data by, for
instance, removing the encryption key.
4. User access management
An employee of a cloud provider may have access to data stored on that provider's
server, and you have no standard personnel controls over those employees.
First, carefully examine how sensitive the data is that you're sending to the cloud.
Second, question providers for specifics regarding the individuals who manage your
data and the level of access they have to it, as advised by research firm Gartner.

5. Data division.
Each cloud-based service shares the same resources, such as server space and other
infrastructure components.
On the hardware of the provider, virtual containers are built for each of its clients
using hypervisor software.
However, according to the CSA, "attacks have surfaced in recent years that target the
shared technology inside Cloud Computing settings."
Therefore, look into the compartmentalization strategies the provider employs to
keep other customers from accessing your virtual container, such as data encryption.

6. Inadequate management of identity, credentials, and access:

Bad actors can access, change, and delete data, issue control plane and management
functions, snoop on data in transit, or distribute malicious software that looks to
come from a genuine source, according to the CSA. They can also pose as legitimate
users, operators, or developers.
As a result, inadequate identity, credential, or key management may allow for illegal
access to data and cause companies or end users to suffer grave consequences.

7. Negligent insiders:
Although there is some disagreement over the threat's seriousness, the CSA asserts
that the insider threat is a genuine enemy.
A malevolent insider, such a system administrator, can gain access to potentially
sensitive data and subsequently gain access to data as well as more vital systems.
Systems that depend solely on cloud service providers for security are at greater risk.

Usually, the topic of whether private Clouds are actually more secure is a topic of
continuing discussion among IT professionals.
In addition to the widely held belief that private clouds should be more safe, there
are some intriguing features of public clouds to take into account.

Public Clouds become more secure as a result of ongoing hacking efforts.

Private Clouds are far less of a target for hackers than public Cloud companies.

Since millions of users rely on the biggest and best Cloud service providers, public
clouds also draw the top security professionals.

They would undoubtedly be careful in their selection of employees.

Additionally, public cloud providers, particularly bigger businesses like Google,
Amazon, and Facebook, would have much easier access to the most recent security
equipment than a small to medium private corporation.