Cloud computing

Overview
Cloud computing involves the sharing or storage by users of their own information on remote servers owned or operated by others and accessed through the Internet or other connections. Cloud computing services exist in many variations, including data storage sites, video sites, tax preparation sites, personal health record websites, photography websites, social networking sites, and many more. The term cloud is a metaphor for the Internet, and is an abstraction for the complex infrastructure it conceals.

Cloud computing provides convenient, remote, on-demand utilization (e.g., rental) of computing power and applications that the user cannot afford to maintain locally, but may need from time-to-time. This capability provides ubiquitous network access, on-demand self-service of computing power, metered-use (rent by the hour), elasticity of the capability meeting real-time requirements, and resource pooling.

Cloud capability may be deployed by various cloud providers to a multitude of cloud customers in various ways, including: software as a service, platform as a service, and infrastructure as a service. Delivery models of service providers include: internal, community, public, and hybrid. Each has benefits and some controversy.

Two basic kinds of clouds include storage clouds and processing clouds; both require extremely fast, reliable, secure and low-cost networking. Clouds are a good fit for very large-scale applications involving huge quantities of data and vast computing power that is often highly variable in quantity over time. Any information stored locally on a computer can be stored in a cloud, including email, word processing documents, spreadsheets, videos, health records, photographs, tax or other financial information, business plans, PowerPoint presentations, accounting information, advertising campaigns, sales numbers, appointment calendars, address books, and more. The entire contents of a user’s storage device may be stored with a single cloud provider or with many cloud providers.

The concept incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the user. Often-quoted examples are Salesforce.com and Google Apps which provide common business applications online that are accessed from a web browser, while the software and data are stored on remote servers.

Cloud computing is rapidly becoming an integral part of the U.S. economy, with implications for business development, security, and privacy. As  of  September  2008,  69%  of  Americans  were  using web-based email  services,  [[data storage|storing  data]] online,  or  otherwise  using  [[software  program]]s  such  as [[ word  processing]] [[ application]]s  whose  functionality  is  located  on  the web. A March 2009 study indicated that corporate IT spending on cloud computing services are expected to triple, reaching US$42 billion by 2012.

The rise of cloud computing can be ascribed at least in part to efforts by cloud computing providers to make their services as user-friendly as possible. Cloud computing consumers enjoy the convenience of accessing their information from any Internet-connected device, the ability to share documents and information with others, and the security of protection from data loss.

An example of cloud computing is Google Docs, in which the word processing program is accessible through a web browser, and the content in the document resides in Google’s servers.

Definitions
The NIST defines "cloud computing" as:


 * Cloud computing is a model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five essential characteristics, three delivery models, and four deployment models.

The Yankee Group defines "cloud computing" as "dynamically scalable virtualized information services delivered on demand over the Internet."

Key characteristics

 * On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
 * Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
 * Location independent resource pooling. The provider’s computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
 * Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for provisioning often appear to be infinite and can be purchased in any quantity at any time.
 * Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.

Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.

Delivery Models

 * Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
 * Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
 * Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).

Deployment Models

 * Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization.
 * Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
 * Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group.
 * Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).

Each deployment model has one of two types: internal or external. Internal clouds reside within an organizations network security perimeter and external clouds reside outside the same perimeter.

Privacy implications
Whenever an individual, a business, a government agency, or other entity shares information in the cloud, privacy or confidentiality questions may arise. According  to  a  report  of  the  Pew  Internet  and  American  Life  Project,  an  overwhelming  majority  of  users  of  cloud  computing  services  expressed  serious  concern  about  the  possibility  that a  service  provider  would  disclose  their  data  to others.

A typical information exchange in cloud computing occurs when a user shares information with the cloud provider. Can any and all information be legally shared in a cloud service? With cloud computing, many factors affect the answer to this fundamental question. The shortest answer to the question, however, is that for some information and for some users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared. Generally, an individual is free to share his or her personal information with a cloud provider. For a business, disclosing the personal information of customers or employees, or other business information to a cloud provider is often unrestricted by law because no privacy law or other law applies. For example, privacy laws do not cover most marketing records in the United States. Even when privacy laws apply to particular categories of customer or employee information, disclosure to a cloud provider may not be restricted. For a federal agency, various laws may have bearing on the decision to employ a cloud provider. For example, the Privacy Act of 1974 imposes standards for the collection, maintenance, use, and disclosure of personal information. The use of cloud computing for personal information held by a federal agency may violate the Privacy Act of 1974, especially if there is no contractual arrangement between the agency and the cloud provider. If a cloud provider offers services to the public on behalf of agencies, other Privacy Act requirements may apply, as may security obligations under various federal laws and policies. Federal record management and disposal laws may also be relevant.