MIS 5214 - Section 001 - David Lanter
February 3, 2022 by Jose Gomez 26 Comments
zijian ou says
February 4, 2022 at 11:54 am
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and distributed with minimal administrative effort or service provider interaction. Cloud computing is ubiquitous in our lives, with broad network access. Functionality is available over the network and accessed through standard mechanisms that facilitate the use of heterogeneous thin or fat client platforms (e.g., phones, tablets, laptops, and workstations). The cloud can be used to store files. The advantage is that backups are simple. They automatically synchronize files from the desktop. Dropbox allows users to access files and store up to 1 TB of free storage space. Social networking platforms require robust hosting to manage and store data in real-time. Cloud-based communication provides click-to-call functionality from social networking sites and access to instant messaging systems.
kofi bonsu says
February 8, 2022 at 7:49 am
You are on point as regards your analysis on cloud computing. However, compliance is also one of the challenges faced by cloud computing in 2021. For everyone using cloud storage or backup services, this is a problem. Whenever an organization transfers data from its internal storage to the cloud, it experiences compliance with the laws and regulations of the industry that is actually serious threat in cloud computing as of now. All in all, I still agree with you 100% regarding most of the points being raised in your sequential analysis.
Kelly Sharadin says
February 4, 2022 at 1:25 pm
NIST provides concise documentation on the key elements of cloud computing, such as understanding the differences between Software as a Service (O365), Platform as a Service (Azure/AWS), and Infrastructure as a Service. The documentation also describes the differences between public, private, community, and hybrid cloud deployment models. Upon reading, I believe SaaS and public clouds are the most widely adopted models organizations use today, given the ability to quickly provision enterprise-wide applications without managing the infrastructure necessary to host these applications. SaaS allows organizations to keep operational costs low, making it an ideal solution for smaller organizations with limited budgets.
Madalyn Stiverson says
February 5, 2022 at 9:11 am
The reading talked about the different deployment models: private, public, community, and hybrid.
A private cloud is owned and operated by a company and it may also be managed by either the company or a third party.
A public cloud is used by the general public. It may be operated and managed by a government, company, or academic organization.
A community cloud is used by a specific community of users that has a shared concern.
A hybrid cloud can combine facets of private, public, and community together.
February 5, 2022 at 11:55 am
As regards SP 800-145, “essential” was fundamentally used in that context to means each cloud service provider (CSP) should have the ability to provide and to make sure each essential characteristic to the cloud service customer (CSC) for a given service are being provided. This article basically permits flexibility in ensuring that a computing requirement qualifies as a cloud service by giving an option for examining each capability. This article clearly defines each of the attributes, which we have enclosed in a pair of quotation marks. These definitions are as follows: On-demand self-service: “A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.” Broad network access: “Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).” Resource Pooling: “The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. As matter of fact, there is a wisdom of location independence in that the customer generally has no control whatsoever or influence over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.”
Then also, rapid elasticity: that is where “Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer standpoint, the capabilities available for provisioning often seem to be unlimited and can be appropriated in any quantity at any time.”
Finally, measured service means that “Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). However, the use of resources can be tracked, controlled, and reported thereby establishing transparency for both the provider and consumer of the utilized service.
Vraj Patel says
February 5, 2022 at 12:34 pm
The purpose of the NIST 800-145 is to characterize the aspect of the cloud computing. There are different types of Service and Deployment models included within the NIST 800-145.
The Service model includes Software as a Service (Saas), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The Saas is where the company can use the software provided by the software companies with out installing anything on their network, such as through a web browser. PaaS is when the company uses a cloud infrastructure to install a software to use it. As an IaaS, cloud providers provide an more flexibility to their clients to manage their own network, storage, and other resources as part of cloud.
The Deployment model include different types of cloud implantation that companies could use such as Private cloud, Community cloud, Public cloud, and Hybrid cloud.
February 6, 2022 at 10:04 am
Nice summary of NIST 800-145, you highlight an important point about cloud computing – the flexibility it can offer to clients. However, flexibilty can have it tradeoffs when it comes to security. Cloud providers like AWS and Azure are making strides to help keep customers safe but sometimes the lack of visiblity into the infrastructure underneath can make security investigations difficult. To that end, it is important for cloud customers to understand the cloud shared-responsibility models to help assign accountabilty for security. Thanks!
Olayinka Lucas says
February 6, 2022 at 11:07 pm
Well said. The biggest issue today regarding cloud storage is that cloud Users do not clearly understand the cloud shared-responsibility model between them and the Cloud Service providers. In summary, security loopholes exist due to a lack of clarity as to who does what; and to what extent security is implemented on both sides.
Andrew Nguyen says
February 5, 2022 at 7:30 pm
One of the takeaways that I took from this reading was an understanding of what cloud computing was.
I believe large companies (AWS and Google are two that come to mind) sell cloud computing in the PaaS service model, and I’m curious what security measures they have in place in order to ensure that individuals cannot abuse the use of their resources.
February 7, 2022 at 8:20 pm
That’s a great post. AWS and Google are the biggest cloud computing platform. Along, with PaaS AWS and Google provides an IaaS and SaaS services. The security measure that cloud service providers put in place is firewall, IDS/IPS, VPN and other technology to detect the threats.
Dhaval Patel says
February 8, 2022 at 9:54 am
A lot of the big players such as AWS, GCP, Azure, and Red Hat provide extensive services in the security realm to help protect your data. For example, AWS provides AWS Shield which is their IDS for DDoS attacks. You can also set up VPC’s to isolate your environment and VPN’s for an end to end encryption, and in the event of an attack they can scale down the servers that have been compromised to isolate the incident.
February 6, 2022 at 12:39 pm
The document summarizes the essential characteristics, service models, and deployment models of cloud computing. It is a great reference document for those organizations getting started with cloud computing. Understanding the essential characteristics such as on-demand self-service or rapid elasticity as these are key capabilities that set cloud computing apart from on-prem. Also, understanding the different service models allows for developers and security professionals to know exactly what they are working with from an infrastructure perspective to either make the development process easier or find any security gaps.
Lauren Deinhardt says
February 6, 2022 at 9:57 pm
HI Dhaval, great point here. I think that this document should be added to developer training; it is so important for developers (and all stakeholders, honestly) to know the differences between these cloud services–especially when it comes to security. I work at a SaaS-based company and can tell you that the compliance framework/security requirements we follow are much different than other companies using a PaaS/IaaS model. It is so important to know these differences to make sure that there are no gaps or incorrectly-assumed responsibilities of security measure deployment.
February 7, 2022 at 6:58 pm
My company leverages cloud computing in a few of our applications, and I agree that it has its advantages over on-prem. I can definitely see why developers could benefit from it, as well as security professionals.
Thanks for sharing your thoughts!
Antonio Cozza says
February 6, 2022 at 7:10 pm
NIST SP 800-145 provides an excellent summary of the cloud computing options available to an organization, detailing the main items to consider upon selecting a means of implementing a cloud solution. It demonstrates how a cloud resource implementation is elastic, and shows that the consumer has a choice between platform, infrastructure, or software as a service. All of these can be deployed in a different type of the four cloud environments depending on the customer’s needs. This document is a clear summary of the core information required to aid in selecting the appropriate model with the required understanding of the relevant benefits to different cloud options.
Dan Xu says
February 6, 2022 at 10:43 pm
Thanks for sharing that the elasticity of cloud resource implementation is such that consumers can choose between services. On the other hand, I learned that cloud computing enables on-demand grid access to a shared pool of configurable computing resources. The biggest advantage is that the functionality available for provisioning usually seems unlimited and consumers can use it unlimitedly and anytime.
Victoria Zak says
February 6, 2022 at 8:48 pm
Reading the article for this week, it was interesting to see the different deployment models such as private, community, public, and the hybrid cloud. As the article mentions, a private cloud can be owned, managed, and operated by the organization, third party, or a combination of them, existing on or off premises.
A community cloud is the cloud infrastructure provisioned for exclusive use by a specific consumers from organizations that have shared concerns. In the community or third party, it may be owned, managed, and operated.
A public cloud is provisioned for the public. This can be owned, managed, and operated by a business, academic, or government organization.
A hybrid cloud is a composition of two or more distinct cloud infrastructures that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability.
Patrick Jurgelewicz says
February 6, 2022 at 9:01 pm
As mentioned in the article, cloud computing is an evolving paradigm. As a result, it is important to have clear definitions of what cloud computing entails, along with differentiating between the nuances within cloud computing. One key takeaway from this article is how there are 3 main service models for cloud computing: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Each model has a varying amount of service offered by the cloud provider, with IaaS allowing the consumer control over a number of factors (such as OS, storage, deployed applications, etc.) and SaaS leaving most operations to the service provider.
February 7, 2022 at 8:57 pm
I found this interesting as well. Infrastructure as a Service, is a self-service model for managing remote data center infrastructures. It provides virtualized computing resources over the internet hosted by amazon web services, Microsoft azure, or google. Platform as a Service can reduce Management’s overhead and lower costs. It can also make it easier to innovate and scale services on demand. Software as a Service is a licensed subscription basis. Applications can be access directly form the web browser without any downloads or installations required.
February 6, 2022 at 9:54 pm
One takeaway I got from this reading was the differing levels of consumer/cloud service provider (CSP) control in different cloud service models. With SaaS, the CSP seems to manage nearly everything for that environment (most configuration settings, applications, etc.). In PaaS, the direction of control shifts, with CSP’s managing everything except for consumer deployed applications. Lastly, IaaS gives consumers the necessary cloud infrastructure to conduct business, and therefore nearly total control of their instance. This is important when understanding CSP versus consumer security responsibilities (i.e. who should be deploying application-level firewalls, logical and physical access controls, etc.)
February 6, 2022 at 10:40 pm
From NIST SP 800-145 I learned that cloud computing is a model that has the advantage of enabling on-demand grid access to a shared pool of configurable computing resources. And these resources can be configured and distributed quickly with minimal management effort. For consumers, the features available for configuration Often seem unlimited and can be occupied in any number at any time.
February 8, 2022 at 10:04 am
The points of cloud computing: it can reduce the cost of computers, improve performance, and reduce software costs.
February 6, 2022 at 10:50 pm
NIST SP 800-145 defines cloud computing as the model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing infrastructure that can be rapidly provisioned and released with minimal management effort or service provider interaction. In simple terms, Cloud computing is the online real-time availability of computer system resources, data storage, and computing power by a Cloud Service Provider (CSP) to the Cloud user, with very minimal user effort.
Secondly, NIST 800-145 also mentioned the under-listed as required elements of cloud computing functionality:
1. Essential Characteristics:
Broad network access.
2. Service Models:
Software as a Service (SaaS).
Platform as a Service (PaaS).
Infrastructure as a Service (IaaS).
3. Deployment Models:
Michael Jordan says
February 8, 2022 at 11:54 pm
I like how you outlined the main characteristics from the article that define cloud computing; the specific essential characteristics, service models, and deployment models. All of these are important to keep in mind when investing in, deploying, or assessing a cloud computing system, and also important in understanding cloud computing as a whole.
February 6, 2022 at 11:22 pm
One key point I took from NIST SP 800-145 is that a group of computing resources is only considered a “cloud” if it has all five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service.
I found the “resource pooling” essential characteristic pretty interesting because it reminded me of our first case study and the attack on the Titan cluster. The Titan cluster certainly pooled resources (processing, memory, storage), and the cluster as a whole was able to process and store massive amount of information in a short amount of time. I would also say that the Titan cluster met the other four essential characteristics, so I would consider the cluster a cloud.
Kyuande Johnson says
February 7, 2022 at 10:29 pm
Cloud Computing is the on demand availability of computer system resources. that can be rapidly provisioned and released with minimal management effort or service provider interaction. The cloud model is composed of five essential characteristics, On Demand Self Service, Broad Network Access, Resource Pooling, Rapid Elasticity and Measured Service. On-demand self-service allows customers to use cloud computing as required without human contact between consumers and service providers. Broad network access is defined as the ability of network infrastructure to connect with a wide variety of devices, including thin and thick clients, such as mobile phones, laptops, workstations, and tablets, to enable seamless access to computing resources across these diverse platforms. Resource Pooling: provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model. Rapid Elasticity is the ability to provide scalable services.Measured Service: cloud provider measures or monitors the provision of services for various reasons, including billing, effective use of resources, or overall predictive planning.
You must be logged in to post a comment.