Category: Cloud Computing

Cloud Legal Aspects: US Cloud Act and Swiss Cloud: Solid as a bunker in the Swiss Alps?

Legal Aspects regarding US Cloud Act and Gaia-X

Companies moving their systems to the cloud have concerns regarding access to their data through the US authorities enforcing the US Cloud Act when using American cloud service providers. Alternatively, European CIO’s call for a European cloud infrastructure like Gaia-X.

Gaia-X is a project for the development of an efficient and competitive, secure and trustworthy data infrastructure for Europe, which is supported by representatives of the German Federal Government, business and science. The goals of the project are to maintain European data sovereignty against oligopolistic tendencies in the platform economy, to reduce dependence on international providers, to make cloud services on a broad scale more attractive through more trustworthy service offerings and to create an ecosystem for innovation so that those who drive innovation are also those who benefit economically from it.

The project objectives are to be achieved by networking existing central and decentralized infrastructures to form a system, which together form a digital ecosystem. Features of this ecosystem are the use of secure, open technologies (for example Open Source, Open Hardware), independent, uniquely identifiable network nodes, software components from a common repository, services that are generally implemented as functions and a central function directory service (for example App Store) to make the service offerings in the system transparent and securely identifiable.

The success of the Gaia-X initiative is largely viewed skeptically because it needs cooperation between government, politics and business to increase Europe’s digital sovereignty.

The power of the US cloud companies in particular arouses suspicion because European companies fear access to their data by the US Cloud Act. Since moving to the cloud is increasing in Europe too, companies are concerned about the dependencies on providers from abroad and they fear the loss of control over their data due to the market power of foreign cloud platforms such as Microsoft, Oracle, Amazon/AWS, Google or Alibaba. They also see that sensitive data such as customer and employee data may not be sufficiently protected and from public administration authorities, the fear is regarding citizen’s data.

The US Cloud Act allows American authorities to access data in clouds of US providers – even if the data belongs to their customers and is stored outside the US.

This is a difficult situation since the cloud market is dominated by US based companies.

However, even if join forces with companies, government and politicians will eventually set up an European cloud, there is no guarantee that the European Union will be able to remain digitally independent. The potential collapse of the European Union is another risk and countries are planning for decentralized scenarios.

Swiss Clouds – solid as a bunker in the Alps?

When it comes to legal aspects in the cloud, data location, data storage and data protection became a hot topic. Sensitive data processed in the cloud, distributed systems as well as contract, consumer, competition and copyright law is also affected.

This is especially the case since the US Cloud Act and the European data protection regulation (GDPR) are not compatible plus it adds additional complexity from the Privacy Shield.  

But how about Switzerland, which is not part of the European Union, where Swiss hosting and cloud providers promote their “Swissness” as a competitive advantage?

The “Swiss Hosting” label is aimed at Swiss SaaS and hosting providers and promises that there will be no data export, neither directly nor indirectly. This is relevant for cloud providers and cloud customers.

As of today, data can be exported from Switzerland to other countries when they have an adequate level of data protection. This is for example the case in the EU with the strict GDPR rules.

The Swiss Federal Data Protection and Information Commissioner keeps an overview of the countries with an adequate level of data protection. If a country does not meet the requirements, a contract must be drawn up between the companies involved to remedy the deficits in national legislation.

However, following standard contracts where these clauses are included, unfortunately does not have an effective protection against access by foreign governments.

Until recently, the so called Privacy Shield of 2016, an agreement between the USA and the EU, applied to the processing of exported data. There is a parallel agreement between the USA and Switzerland. The aim of the Privacy Shield was the responsible handling of data abroad and the protection of the privacy of citizens of the EU and Switzerland.

From the beginning, however, there were considerable doubts about its effectiveness. Now the European Court of Justice has officially confirmed that the Privacy Shield is not sufficient. Despite Switzerland is not in the EU, it is still expected that the Swiss version of the agreement will fall.

But at the same time, the ruling says that it is still possible to do business via standard clauses. But whether the USA is interested in contracts between two private companies in this context is a matter for each individual party to decide.

The question is whether the ruling applies to data that US companies hold outside the USA?

This gap was closed in 2018 by the Cloud Act. Before its introduction, an American company could refuse to release data held by a subsidiary abroad.

The Cloud Act clearly states that every American company must release data – regardless of whose territory it is located in.

The Cloud Act stipulates that bilateral agreements with other countries are possible to restrict this right of access, however no country has ever negotiated anything like this and it also applies to data stored by subsidiaries of international corporations on Swiss territory.

For example, if the Swiss Federal Data Protection and Information Commissioner attests India and China insufficient protection, the standard clauses are needed and on top of that, companies are obliged to make sure that the promised measures actually exist.

If you take the legal aspect of data export, companies are obliged, at least according to the basic European data protection regulation (GDPR), to have a data protection declaration stating whether data is being exported and customers are informed. However, an explicit consent is not required.

This is where Swiss hosting jumps in. Only Swiss law applies. For customers from the European area, the GDPR, which is even stricter than Swiss law, also applies.

Countries outside of the European area are allowed to access data on an official level through a secure evidence via mutual legal assistance and only according to the principle of dual criminality. This means that the offence must not only be punishable in the third country, but must also be a crime in Switzerland.

As a conclusion, can foreign authorities access the data?

First of all, the Swiss authorities will have access. However, the use of confiscated data does not mean that they are automatically available in a trial. A defendant can defend himself by means of various legal remedies. In addition to these legal remedies, a defendant is above all aware that access is available and can act accordingly. From a legal perspective, these are clear advantages as it prevents foreign authorities just to retrieve the data on the first attempt.

Cloud Adoption Framework

There are several steps required to take up and follow before operating in a cloud environment. The prerequisites consists of different evaluations and scenarios before starting with the implementation.

The cloud adoption rates have different perceptions based on functions. The lowest estimates come from the business, followed by IT and the highest come from the top management. Awareness raising activities are necessary to achieve a common view.

The cloud adoption looks at factors which enable digital business success such as

  • New IT and Business capabilities.
  • Optimize business models and using IT capabilities.
  • Enable cloud models by embracing cloud first or replace legacy systems with cloud services.
  • Align cloud to the business strategy by embracing cloud best approach.
  • Ramp up workloads to the cloud appropriately to meet both existing and new requirements.

Companies use the public cloud to enable digital business transformation and optimization. Digital business models enable and support new revenue streams and enhance existing practices through data analytics. Infrastructure and operations leaders can use the public cloud’s ability to improve cost optimization, agility and innovation as a foundation for their digital business initiatives. Cloud brings dynamic capabilities.

Companies want measurable outcomes from their digital transformation initiatives. They should look at

  • Economy of scale – how can digital transformation support high volumes of transactions?
  • Where can agility be adapted most effective?
  • Which infrastructure can be easily automated?
  • Which applications have the biggest impact to enable digital business?

The cloud is not at the first place. CIO’s focus on digital initiatives, business and revenue growth. The role of Artificial Intelligence (AI) and Data Analytics has precedence over the cloud.

Success Factors

Cloud adoption success factors cover the 3 different areas (business, IT, top management) mentioned above. What are these? The following listing should help.

  1. Create and manage the inventory of systems and applications to assess readiness for the cloud.
  2. Cloud vendor selection per cloud layer. Conduct cloud layer evaluation workshops with different vendors and concrete showcases to demonstrate for IaaS, PaaS and SaaS.
  3. Build the required skills for IT and business team members to be part of the cloud team.
  4. As part of the vendor selection process, create different architecture scenarios for the private, public, hybrid and multi cloud solutions. An architecture based on open source helps you avoiding vendor lock-in in proprietary implementations.
  5. For each scenario create risk mitigations, security assessments, business continuity and exit scenarios to avoid vendor lock-ins.
  6. Ensure the scenarios meet legal and compliance requirements. Consider GDPR and location, external regulations an internal compliance.
  7. Estimate the costs and benefits based on future SLA’s with the vendors, define policies and procedures to have a governance in place.
  8. Before you order the first cloud services create scenarios with the vendors which cloud services are automated and how cloud workloads are managed. This is also a part of the SLA’s.
  9. Go through a future state when the cloud environments are in the operational mode. How are cloud deployments managed? How are the services consumed monitored and measured? This is also a part of the SLA’s with your vendors.

Cloud Service Providers Evaluation

Who are the top cloud service providers? Gartner’s 2020 magic quadrant shows the following ranking:

  1. Amazon Web Services (AWS)
  2. Microsoft Azure
  3. Google Cloud
  4. Alibaba Cloud
  5. Oracle
  6. IBM Cloud
  7. Tencent Cloud

Other key players in the cloud world are:

  • Salesforce
  • SAP
  • Rackspace Cloud
  • VMWare
  • Hewlett Packard Enterprise (HPE)
  • Cisco
  • Workday
  • Adobe

Expecting Changes in use of Cloud Service Providers

Regarding cloud vendor selection criteria, the leading cloud SaaS vendors are expecting changes based on Flexera’s 2020 State of Tech Spend Report:

What is a Cloud Strategy?

Cloud Strategy interrelations

In a recent commissioned study conducted by Forrester Consulting on behalf of Virtustream, cloud adoption was done either in an ad hoc manner or planned from the ground up. 727 cloud strategy and application management decision makers using the multi cloud in the US, EMEA and AP were asked

“Which of the following best describes how your firm came to adopt its current cloud deployment model”?

  • 52% created an international, holistic strategy before deploying it
  • 47% took an ad hoc approach, adapting our model to fit specific needs over time
  • 1% do not know or does not apply

From an overall perspective, the cloud strategy is embedded in the long, mid and short term corporate strategy. The cloud strategy should be formulated in the context of the overall strategy.

The corporate strategy looks at a long term planning horizon and relates to the business strategy, data centers, development, procurement, security and other strategic plans.

The breakdown from the corporate strategy looks at the midterm planning horizon and consists of strategic plans for the cloud such as cloud adoption, implementations, migrations and operating plans.

Every business requires a cloud strategy, regardless of where it is in its cloud journey. It is also good to define which workloads are not moved or which applications are not going to migrate to the cloud at all.

CIOs should align the cloud strategy efforts within the context of overall strategic planning efforts which consists of

  • Stakeholders
  • Processes
  • Governance (clarify goals, roles, risks and deadlines)
  • Communication
  • Cultural Change Management
  • Adaptability (to remain flexible)

You need to engage the context in a collaborative and ongoing strategic planning process before breaking down into a cloud strategy.

First of all, you need to define what the cloud strategy is and what it is not. It is not defined by IT or business, it must be a group effort. Beyond the strategy, implementation is the next step.

Most organizations do not have a real cloud strategy, therefore you need to separate the cloud strategy from the implementation and the data center strategy.

What is a cloud strategy?

A cloud strategy is a short and concise analysis on the cloud and its role in your enterprise. The goal is to identify issues for a further analysis.

  • It should be a scope and road map document, maximal 20-30 pages.
  • It is a living document. Recognize that not all proof of concepts will succeed, regardless how exciting they sound in theory. Be open to adjust.
  • It is a breakdown from your corporate and business strategy.
  • Should be broad and cover IaaS, PaaS, SaaS, public, private, hybrid and multi cloud options.
  • Principles orientated.
  • It is a group effort, managed by IT and Business together.

What is a not a cloud strategy?

The cloud strategy is not a plan to migrate everything to the cloud as it was often misunderstood in the past when cloud strategies followed a “me – too” approach.

  • Not a huge, detailed and long plan such as
    • Vendor selection
    • Different checklists
    • Data migration plans
  • It is not a replacement for any existing security strategies.
  • It is not a development of IaaS, PaaS, SaaS, public, private, hybrid and multi cloud options.
  • It is not a data center strategy.
  • IT is not driven by IT or business, from one person or one group.
  • It does not have the attempt to solve everything upfront.
  • It is not an executive mandate.

Translating Cloud Strategies into Actions: Cloud Context and Definitions

Poor decisions around the cloud and just simply moving legacy applications to the cloud with badly constructed migration plans and lack of clear objectives disappointed cloud enthusiasts in the first place. A new phenomenon showed up, whether on purpose or not, companies started with cloud repatriation projects by shifting away from the cloud and back to on premises infrastructure.

Having the first applications in the cloud and being affected by the uncertainty of the pandemic agenda, companies struggle with prioritization between pushing digitalization and predicting future business.

Cloud should be the correct destination for the correct workload at the correct time with the proper organization and ownership plan.

Cloud has a great potential and benefit impacts when implemented correctly and when security and privacy concerns are properly addressed. There is still a lack of regulations and standards which are not related to implementations but leave a risk when migrating to the cloud.

Cloud Context

Cloud computing is a style of computing where scalable and elastic IT related capabilities are provided “as a service” to customers using internet technologies. There are different opinions of what cloud really is and the same applies to strategy. We need to understand the different views of IT, Business and Dev Ops teams. Each of them have a different view and the objective is to bring business and IT together to agree on a comprehensive cloud strategy.

Cloud is a lot about technology, architecture and operations.

  • From a pure IT perspective, the advantage of using a cloud is for example the virtualization of data center infrastructures.
  • From a pure business perspective, the bridge to the cloud is with the packages used, i.e. SAP or Oracle in the cloud or cloud based CRM systems. It is about questions related to cloud adoption and data migration.
  • From a pure Dev Ops point of view, cloud is about architecture, infrastructure and data center strategy. Arising questions consist of which platforms to use, which vendor cloud solutions, i.e. Oracle Cloud, AWS, Microsoft Azure, Google, Alibaba, IBM or Tencent Cloud.

To put all three views in a neutral context we can say that cloud is about a scalable and elastic IT that provides capacities as a service using the internet.

The National Institute of Standards and Technology’s definition of cloud computing identifies five essential characteristics:

  1. On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
  2. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
  3. Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.
  4. Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear unlimited and can be appropriated in any quantity at any time.
  5. Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Cloud Definitions

What cloud has in common is that it is service based, scalable and elastic, shared, metered usage and based on internet technologies.

Cloud computing providers offer their “services” according to different models and depending on the requirements of the companies. Let’s look at the definitions and different deployment models from the National Institute of Standards and Technology’s and other sources.

Abbreviation and Name Definition, Advantages and Disadvantages Examples and Vendors
Cloud

 

compared to

 

Outsourcing

 

compared to

 

Managed Services

 Cloud Computing is storing and accessing data and executing programs using the internet on a cloud service provider’s infrastructure instead of a company’s own premises. As a basis for digitalization, cloud computing provides companies with IT infrastructure such as storage space, computing power or applications as a flexible service. Managing, processing and encryption of data is left in the control of a cloud service provider and offers the ability to operate real time data reporting and analytics. Generally used as needed, companies only pay for what they use and can scale up or down to respond to customer needs or business peaks.

 

We all use the “cloud” every day. Whether the old generation is posting on Facebook or the younger generation using TikTok for short form mobile videos, searching for something with Google, sending an email or backing up a document on an online storage device like OneDrive, listening Spotify, watching Netflix series – they all store data in the cloud.

 

The outsourcing of data and applications, or even of the entire enterprise IT to a virtual environment is called outsourcing.

 

If a company replaces parts of its IT with an offer from a provider, this is called managed services. Managed hosting, managed hardware support, and managed storage/backup will account for the biggest portions of managed service spend in 2020 according to Spiceworks.

 The cloud covers the entire spectrum of IT and includes Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

 

A company can use the managed services of a provider for data backup instead of performing the backup itself.
Private Cloud Private cloud is a cloud infrastructure set up and operated solely for a single organization or dedicated to a single business entity, whether managed internally or by a third party, hosted either internally or externally and is only accessible to dedicated groups of people.

As with other types of cloud computing environments, private cloud provides extended, virtualized computing resources via physical components stored on-premises or at a vendor’s datacenter, usually within the users firewall and traditionally run on premises.

 

The private cloud meets strict data protection requirements and regulations, and is therefore particularly suitable for sensitive data and highly regulated industries.

 

Undertaking a private cloud project requires significant engagement to virtualize the business environment, and requires the organization to reevaluate decisions about existing resources. It can improve business, but every step in the project raises security issues that must be addressed to prevent serious vulnerabilities. Self-run data centers are generally capital intensive. They have a significant physical footprint, requiring allocations of space, hardware, and environmental controls. These assets have to be refreshed periodically, resulting in additional capital expenditures. They have attracted criticism because users “still have to buy, build, and manage them” and thus do not benefit from less hands-on management, essentially lacking the economic model that makes cloud computing such an intriguing concept.

 

You may be running VMware or Hyper-V for a virtualized setup with limited physical boxes hosting many virtual servers. Since you control the connection, security, hardware, apps, and everything this is considered a private cloud. You also pay for everything upfront including cost of servers, licensing, and maintenance.

 The private cloud is set up in the company’s own data center or via a specialized provider – you maintain your own servers and infrastructure that hosts your applications and data.

 

Among the private cloud providers, VMware is the clear leader, with vSphere in the lead and vCloud Director in third place, separated by OpenStack.

 

Microsoft has a strong private cloud showing with System Center and Azure Stack, while CloudStack is a consistent presence and AWS Outposts – Amazon’s private cloud offering – is beginning to make its presence felt.
Public Cloud A cloud is called a “public cloud” when the services are rendered over a network that is open for public use. Public cloud services may be free. Technically there may be little or no difference between public and private cloud architecture, however, security consideration may be substantially different for services (applications, storage, and other resources) that are made available by a service provider for a public audience and when communication is effected over a non-trusted network.

 

The main differentiator between public and private clouds is that companies are not responsible for the management of the public cloud hosting solution. Public clouds have a strong security, however, the responsibility for data security is actually a shared one.

 

Your data is stored in the provider’s data center and the provider is responsible for the management and maintenance of the data center. This type of cloud environment is appealing to many companies because it reduces lead times in testing and deploying new products. However, the drawback is that many companies feel security could be lacking with a public cloud. Even though you do not control the security of a public cloud, all of your data remains separate from others and security breaches of public clouds are rare.

 

 Public cloud service providers like Amazon Web Services (AWS), IBM Cloud, Oracle, Microsoft, Google, and Alibaba own and operate the infrastructure at their data center and access is generally via the Internet. AWS, Oracle, Microsoft, and Google also offer direct connect services called “AWS Direct Connect”, “Oracle FastConnect”, “Azure ExpressRoute”, and “Cloud Interconnect” respectively, such connections require customers to purchase or lease a private connection to a peering point offered by the cloud provider.
Hybrid Cloud Hybrid cloud is a composition of a public cloud and a private environment, such as a private cloud or on-premises resources, that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud can also mean the ability to connect collocation, managed and/or dedicated services with cloud resources. Hybrid cloud service can be also seen as a cloud computing service that is composed of some combination of private, public and community cloud services, from different service providers. A hybrid cloud service crosses isolation and provider boundaries so that it cannot be simply put in one category of private, public, or community cloud service. It allows one to extend either the capacity or the capability of a cloud service, by aggregation, integration or customization with another cloud service.

 

Varied use cases for hybrid cloud composition exist. For example, an organization may store sensitive client data in house on a private cloud application, but interconnect that application to a business intelligence application provided on a public cloud as a software service. This example of hybrid cloud extends the capabilities of the enterprise to deliver a specific business service through the addition of externally available public cloud services.

 

Hybrid cloud adoption depends on a number of factors such as data security and compliance requirements, level of control needed over data, and the applications an organization uses.

 A hybrid model is where you also have some applications or servers based on business need running in a public cloud infrastructure like Microsoft Azure or Amazon Web Services. In this case you still may maintain your own datacenter for some legacy applications while moving other ones to the public cloud. In the public cloud you are still managing the virtual servers, connections, as well as the security. You are not managing the physical hardware. This is a pay as you go model meaning you are not paying upfront you are paying as you use resources.
Multi Cloud Multi cloud is the use of multiple cloud computing and storage services in a single heterogeneous architecture from multiple public cloud providers for the same purpose.  This also refers to the distribution of cloud assets, software, applications, etc. across several cloud-hosting environments. With a typical multi cloud architecture utilizing two or more public clouds as well as multiple private clouds, a multi cloud environment aims to eliminate the reliance on any single cloud provider. It differs from hybrid cloud in that it refers to multiple cloud services rather than multiple deployment modes (public, private, and legacy). Also, in a multi cloud environment, synchronization between different vendors is not essential to complete a computation process, unlike parallel computing or distributed computing environments.

 

Advantages are found in a number of reasons for deploying a multi cloud architecture, including reducing reliance on any single vendor, cost-efficiencies, increasing flexibility through choice, adherence to local policies that require certain data to be physically present within the area/country, geographical distribution of processing requests from physically closer cloud unit which in turn reduces latency, and militating against disasters. It is similar to the use of best-of-breed applications from multiple developers on a personal computer, rather than the defaults offered by the operating system vendor. It is a recognition of the fact that no one provider can be everything for everyone.

 

Several disadvantages and challenges also present themselves in a multi cloud environment. Security and governance is more complicated, and more “moving parts” may create resiliency issues. This is related to the different transparency levels of the different vendors. Companies must know when the vendor makes a change, upgrade or when events occur. However, using multi cloud requires matching of workloads to different cloud service providers and for example the same security concerns are communicated per vendor differently and leaving users confused with different alerts and notifications for the same kind of issues. If more IT experts are required to monitor and control each vendor separately, operational costs go up and automated governance is prevented. Selection of the right cloud products and services can also present a challenge, and users may suffer from the paradox of choice.

 For example, an enterprise may concurrently use separate cloud providers for infrastructure (IaaS), platform (PaaS) and software (SaaS) services, or use multiple infrastructure (IaaS) or platform (PaaS) providers. In the latter case, they may use different infrastructure providers for different workloads, deploy a single workload load balanced across multiple providers (active-active), or deploy a single workload on one provider, with a backup on another (active-passive).

 

Anthos from Google for example is a multi- cloud compatible platform supporting different cloud environments such as managing and maximizing existing applications and build cloud native applications (i.e. in AWS or Azure). Anthos repackages the Google Kubernetes Engine (GKE) and manages multi cloud environments, configuration and service meshes running on a private or public cloud, regardless of the cloud service provider.
Distributed Cloud A distributed cloud no longer provides resources centrally, but offers decentralized cloud services with less distance between the service source and the service user. The aim is to stretch cloud capabilities by distributing public cloud services (or a subset of services) to different physical locations where needed.

 

Operation, governance, updates and development of the services are with the responsibility of the originating public cloud provider. Customers can monitor, manage and maintain the distributed cloud from a central control plane, which is offered by the public cloud provider. The challenge is to manage a heterogeneous environment of different components and services (i.e. enterprise edge clouds, near neighbor clouds, on premises clouds, public clouds, urban clouds and community of cloud substations).

 

Advantages: Reduces latency of data transmission and increases the performance of services and better redundancy. Companies can still manage distributed clouds from a central control plane and can for example scale services or adapt services to user needs.

 

Disadvantages relate to higher complexity as it takes more effort to deploy, maintain, update and handling security and data transfer of different systems instead of managing a centralized system. Initial costs are higher and running costs may become higher due to increased processing overhead and exchange of information. It also takes more effort to manage security of distributed clouds as you control replicated data across multiple locations.

 The aim of the distributed cloud is to bring cloud services geographically closer to the user and reduce latency. For example, in the case of content delivery such as videos, the central cloud provides all services and receives or sends data from regional clouds or edge clouds. Regional clouds perform proxy and caching functions and act as intermediaries between the core cloud and the edge cloud or offer services themselves. Edge clouds are placed as close as possible to the user and provide cloud services with minimal latency.

Another example is personal data where the distributed cloud allows to keep this sensitive data in a specific location.
Cloud Native Cloud-native technologies are developed from the beginning for the cloud and empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, micro services, immutable infrastructure, and declarative APIs exemplify this approach. These techniques enable loosely coupled systems that are resilient, manageable and observable. Combined with robust automation, they allow engineers to make high-impact changes frequently and predictably with minimal toil. A container based architecture is not cloud native. Architecture, applications and operations must be cloud native, otherwise it is not.

 

The main advantage of the cloud native approach is that applications run independently of the environment and the containers are portable. Containers can be executed in development, test or production systems. If the application design supports horizontal scaling, multiple instances of a container can be started or stopped.

 

Disadvantages relate to higher time consumption and effort of create cloud native applications in a re-platforming approach and once created to monitor and maintain load balancing between application instances. You need additional orchestration solutions and platforms such as Kubernetes, Apache Mesos and Amazon ECS to manage cloud native applications. You are not assured of a consistent performance if you migrate cloud native applications to a different cloud, i.e. moving from a private to a public cloud.

 Cloud native applications are typically made up of micro services packaged in containers. These micro services are designed as independent of each other and are optimized for cloud scaling. This ensures a continuous delivery that provides better performance, reliability and faster time to market.

 

Companies such as Netflix, Uber, and WeChat take the full advantage of the cloud native model by deploying micro services in a fast and agile way.
Edge Computing Edge computing refers to decentralized data processing at the edge of the network. This can be at the edge of a centralized system or a cloud.  In edge computing, computer applications, data and services are shifted away from central nodes (data centers) to the outer edges of a network. In edge computing, data is processed directly at the network periphery, i.e. where it is generated. The aim is to process data streams in a resource saving manner, at least partially on the spot (e.g. directly at the end device or within premises), but still benefit from the advantages of the cloud. Cloud and Edge are complementary concepts and not competing styles of an architecture.

 

Advantages: Edge computing delivers the decentralized extension of hyper scaled clouds and legacy data centers. Edge computing services significantly reduce the volume of data to be transmitted and therefore the data exchange and transmission distance, reducing transmission costs and waiting times. With edge computing, centralized data centers are required less often or not at all, eliminating a major bottleneck for data transfer and a potential source of error. Security is also improved as encrypted files are processed closer to the network core.

 

Disadvantages of edge computing arise when there is a very large amount of data to process or store or when computing or storage requirements are very irregular. The cloud does not work the same way as a datacenter does.

 

How does Edge Computing redefine the Infrastructure? IoT and immersive technologies will drive more information processing to the edge, redefining and reshaping what infrastructure and operations leaders will need to deploy and manage.

 Edge is a decentralized data architecture concept. Edge characteristics are: it is decentralized, intimate, independent, performant, data rich and contextual.

 

Edge Computing also means connecting Internet of Things (IoT): As these edge computing use cases take their place in our daily lives, businesses will have more and more reason to place their data as close to the edge as possible. This could be smart factories, connected cars and trucks, smart traffic and street lights, smart buildings and power grids, connected rail systems and airplanes, connected wind turbines and connected oil platforms.
Cloud Repatriation Cloud Repatriation is the shift of workloads from the public cloud to the local infrastructure environments, such as data center. Typically, these on premises data centers are in either a private or hybrid cloud.

Companies which assume that the cloud just works as their corporate data center got disappointed and those who have uncritically embraced Cloud First strategies have seen costs increase, performance drop, or compliance being challenged and are now moving workloads and data off a public cloud environment to their own private or hybrid cloud infrastructure.

 

Advantages of Cloud Repatriation is that in most cases it is not about going back to the architecture model used before migration to the public cloud. It is rather a way to improve cost, performance, legal reasons (data protection), security, flexibility (reduced vendor lock-in), reduced latencies, governance and control by moving to a more sophisticated architecture.

 

Disadvantages are found when the Cloud Repatriation is related to a painful lessons learnt when there was not attention paid to purpose and planning. The cloud became more expensive and less secure. Cloud Repatriation is then only a “ritorno” exercise as a result of poor initial road mapping and a botched migration.

 For example, you might have virtual machines hosted on a service like Amazon EC2 or Azure Virtual Machines that you migrate back to an on-premises data center.

 

You may replace a SaaS application running in the public cloud with one hosted on a private or hybrid cloud.

 

Companies built on public cloud platforms like Dropbox migrated back to on premises from AWS for cost savings and control reasons.

 
Container

and

Kubernetes

 Containers offer a logical packaging mechanism in which applications can be abstracted from the environment in which they actually run. This decoupling allows container-based applications to be deployed easily and consistently, regardless of whether the target environment is a private data center, the public cloud, or even a developer’s personal laptop. Containerization provides a clean separation of concerns, as developers focus on their application logic and dependencies, while IT operations teams can focus on deployment and management without bothering with application details such as specific software versions and configurations specific to the app. A container based architecture is not cloud native.

 

With the Kubernetes platform, you bundle and run your micro services and applications and organize them in groups of containers. The Docker engine is taking care of keeping your application running as you request.

 

The advantage of Kubernetes is that it allows cloud databases to interoperate across clouds and gives a control of the different services running in the clouds so that they can be centrally managed and look the same, regardless of the different cloud services provided.

 

The disadvantage of Kubernetes is that it does not include to manage the security across different databases and applications, authorizations and authentication such as monitoring concurrent users and logins. You still need a tool to harmonize security across different clouds.

 Popular container vendors / open source platform systems are Docker and Kubernetes.

 

Docker provides a toolset to easily create container images of applications.

 

Kubernetes is an open-source container management platform that unifies a cluster of machines into a single pool of compute resources.

 

IBM, for example, offers Red Hat Open Shift as the Kubernetes enterprise container platform empowering developers to develop and deploy faster into the hybrid cloud.
On Premises The infrastructure or hardware is stored in house and the software is purchased, licensed and installed on the company’s own servers and behind its firewall. All the software and services are run within the company and hence the company is responsible for hardware and software updates and has the complete ownership.

 

The advantage of on premises applications is that they are stable, reliable, secure, and allow the company total control that the cloud often cannot. There is no external dependency on a reliable internet connection or server downtime.

 

The disadvantage of on premises is that some cloud native applications can help companies to leverage to the new technologies and better achieve their business goals and they run only in a cloud. On premises deployment takes longer than in the cloud. From a cost perspective, managing and maintaining on premises solutions can be higher than in the cloud because you have higher capital expenditures by investing in server hardware, software licenses, configuration, integration and workforce to support these in house services. Any maintenance for hardware, software, storage, data backups and disaster recovery is performed on premises and is challenged with limited budgets and resources.

 On premises was the only offering in the past and there are valid reasons not to move to the cloud if there are no benefits.

 

Taking the analogy of a pizza, on premises means you make the pizza at home.
Infrastructure as a Service (IaaS)

 

Focus: hardware, storage, networks, servers, virtual servers

 In the IaaS model, the cloud service vendor provides all components related to the customer’s IT systems such as hardware, storage, networks and environment for various software applications such as a virtual servers on which users can run their operating system or applications. IaaS promotes access instead ownership.

 

The user transfers the company’s applications to the cloud and thus uses the provider’s infrastructure. They manage the data themselves, access their software via the cloud and remain responsible for data security. The service provider protects the virtualization platform against attacks and ensures availability.

 

The user is able to deploy and run arbitrary software, which can include operating systems and applications. The user does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

 

The advantage is to use the infrastructure only on demand and there is no need to invest in IT infrastructure which is idle when not used, so companies only pay for what they use. IaaS makes really sense for creating virtual data centers for large organizations that require an efficient, scalable and secure infrastructure environment.

 

The disadvantage is that the internal IT has no direct control of the IT, security and governance provided by the cloud service provider. Companies need to review and understand the Service Level Agreements regarding the security obligations of their cloud service providers.

 

The challenges come with integration of IaaS to existing systems.

 

A downtime of the IaaS makes it impossible to access applications and data and companies are fully dependent on the IaaS provider. Problems occurred related to the virtual machine is in the responsibility of the end user.

 

Companies need to invest in IaaS technical training and skills as the companies’ IT team need to understand the IaaS provider’s infrastructure as they manage and control storage, servers, virtualization and networking whereas the customer’s IT teams and end users manage and control the middleware, operating systems, applications and data.

 The customer company transfers its MS Windows system from the local server to the Azure cloud and thus use an Infrastructure as a Service. It enables to control user access to virtual machines, servers, storage, load balancers, network, …

 

The Google Cloud Platform offers IaaS and PaaS.

 

Amazon Elastic Compute Cloud (EC2) is a part of Amazon’s cloud computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. Netflix uses Amazon Web Service (AWS).

 

Cisco is taking a network-centric approach to multi-cloud and hybrid deployments.

 

Oracle’s cloud business focuses on SaaS and autonomous database services.

 

SAP is leveraging a neutral approach with partnerships with all the leading IaaS vendors while converting customers to its HANA platform.

 

Taking the analogy of a pizza, IaaS means you are using a take and bake service.
Platform as a Service (PaaS)

 

Focus: virtual Infrastructure and Middleware

 PaaS allows customers to rent hardware, operating systems, storage and network capacity over the internet from the cloud service provider and allows frequent changes and upgrades to operating systems. This type of service is mainly used in the area of software development. The provider provides a secure platform for developing applications (development environment, program code and databases). The capability provided to the user is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.

 

The user does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment. The cloud customer is responsible for the security and management of the content operated on the platform, i.e. the applications and data.

 

The advantage is both on cost savings and operational efforts because internal IT and developers can use a full virtual environment, including hardware and software. They can write code and test applications before deploying to the production systems. There is no need to have an internal set up and installations first before new code can be tested and deployed.

 

The disadvantages are security risks, governance and legal issues when developing new applications when it becomes subject to intellectual property and their exposures to the cloud service provider. If the customer operates already in emerging technologies and is used to cloud native applications, the potential risk is that vendors may not meet the needs of rapidly evolving startup companies.

 Controls of user access to the operating software and services needed to develop new applications such as execution runtime, database, web server, deployment tools, …

 

App Engine is the PaaS offering from Google Cloud and allows the building and hosting of applications.

 

Others are AWS Elastic Beanstalk, Windows Azure Cloud Services,

OpenShift, Heroku (Salesforce) and Apache Stratos

 

 

Taking the analogy of a pizza, PaaS means you are using a pizza delivery service.
Software as a Service (SaaS)

 

Focus: Infrastructure, Middleware and Applications

 SaaS is a web based application where the software is accessed and works via the internet. The capability provided to the user is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

 

The provider is responsible for maintenance, availability and updates, while the customer (company) manages user access and the data stored in the cloud itself. Data and information protection is also the responsibility of the SaaS users.

 

The advantage is that SaaS vendors have the expertise in their field in running the data and applications the company is using. The vendor takes care of operations and (automatic) updates and there is no need for hardware, maintenance or installation and setup related to the use. Functions and capacities can be used or added as needed. Monthly fees or subscriptions replace software license and maintenance costs, providing more transparency. The access is possible from anywhere where an internet connection is available.

 

The disadvantage is a potential vendor lock-in risk. This is the case when the company wants to migrate their data to another system or move the data back from the cloud to their own on premises system.

 Classic examples of Software as a Service are publicly accessible mail applications such as Gmail, Google Apps, virtual desktop, Cisco WebEx, GoToMeeting, Zoom and other communications tools. Other SaaS products are Dropbox, CRM tools such as Salesforce, HR systems such as Workday or SharePoint Online and Office 365.

 

SaaS price structures are usually less complex than IaaS or PaaS billing models.

 

The vendor provides the software via the cloud and the user accesses it via the browser.

 

Taking the analogy of a pizza, SaaS means you are visiting an eat-in restaurant
Cloud Clients

 

Focus:

Data

 Users can use any devices linked to their applications to cloud computing storage and services through application programming interfaces (API’s) exposed to their applications and custom software. Services include user management, push notifications and integration with social networking services and more.

 

Advantage of cloud clients is that applications can be accessed from anywhere at any time via any device or a web browser. The importance of cloud clients has emerged with the increased use of mobile devices in business.

 Web browsers, mobile applications, thin clients, terminal emulators, laptops, tablets, smartphones…