NIST: Cloud Computing Reference Architecture

Figure 1 presents an overview of the NIST cloud computing reference architecture, which
identifies the major actors, their activities and functions in cloud computing. The diagram depicts
a generic high-level architecture and is intended to facilitate the understanding of the
requirements, uses, characteristics and standards of cloud computing.

As shown in Figure 1, the NIST cloud computing reference architecture defines five major
actors: cloud consumer, cloud provider, cloud carrier, cloud auditor and cloud broker. Each
actor is an entity (a person or an organization) that participates in a transaction or process and/or
performs tasks in cloud computing.

A cloud consumer may request cloud services from a cloud provider directly or via a cloud
broker. A cloud auditor conducts independent audits and may contact the others to collect
necessary information.

Actors in Cloud Computing:

Example Usage Scenario 1: A cloud consumer may request service from a cloud broker instead
of contacting a cloud provider directly. The cloud broker may create a new service by combining
multiple services or by enhancing an existing service. In this example, the actual cloud providers
are invisible to the cloud consumer and the cloud consumer interacts directly with the cloud
broker.

Usage Scenario for Cloud Brokers

Example Usage Scenario 2: Cloud carriers provide the connectivity and transport of cloud
services from cloud providers to cloud consumers.
A cloud provider participates in and arranges for two unique service level agreements (SLAs),
one with a cloud carrier (e.g. SLA2) and one with a cloud consumer (e.g. SLA1).
A cloud provider arranges service level agreements (SLAs) with a cloud carrier and may request
dedicated and encrypted connections to ensure the cloud services are consumed at a consistent
level according to the contractual obligations with the cloud consumers.
In this case, the provider may specify its requirements on capability, flexibility and functionality
in SLA2 in order to provide essential requirements in SLA1.

Usage Scenario for Cloud Carriers

Example Usage Scenario 3: For a cloud service, a cloud auditor conducts independent
assessments of the operation and security of the cloud service implementation. The audit may
involve interactions with both the Cloud Consumer and the Cloud Provider.

Usage Scenario for Cloud Auditors

Cloud Consumer
The cloud consumer is the principal stakeholder for the cloud computing service. A cloud
consumer represents a person or organization that maintains a business relationship with, and
uses the service from a cloud provider.
A cloud consumer browses the service catalog from a cloud provider, requests the appropriate
service, sets up service contracts with the cloud provider, and uses the service.
The cloud consumer may be billed for the service provisioned, and needs to arrange payments
accordingly.
Cloud consumers need SLAs to specify the technical performance requirements fulfilled by a
cloud provider.
 SLAs can cover terms regarding the quality of service, security, remedies for performance
failures.
A cloud provider may also list in the SLAs a set of promises explicitly not made to consumers,
i.e. limitations, and obligations that cloud consumers must accept.
A cloud consumer can freely choose a cloud provider with better pricing and more favorable
terms. Typically a cloud provider‟s pricing policy and SLAs are non-negotiable, unless the
customer expects heavy usage and might be able to negotiate for better contracts.
Depending on the services requested, the activities and usage scenarios can be different among
cloud consumers. Figure 6 presents some example cloud services available to a cloud consumer

Example Services Available to a Cloud Consumer

SaaS applications in the cloud and made accessible via a network to the SaaS consumers.
The consumers of SaaS can be organizations that provide their members with access to software
applications, end users who directly use software applications, or software application
administrators who configure applications for end users. SaaS consumers can be billed based on
the number of end users, the time of use, the network bandwidth consumed, the amount of data
stored or duration of stored data.

Cloud consumers of PaaS can employ the tools and execution resources provided by cloud
providers to develop, test, deploy and manage the applications hosted in a cloud environment.
PaaS consumers can be application developers who design and implement application software,
application testers who run and test applications in cloud-based environments, application
deployers who publish applications into the cloud, and application administrators who configure
and monitor application performance on a platform. PaaS consumers can be billed according to,
processing, database storage and network resources consumed by the PaaS application, and the
duration of the platform usage.

Consumers of IaaS have access to virtual computers, network-accessible storage, network

infrastructure components, and other fundamental computing resources on which they can
deploy and run arbitrary software. The consumers of IaaS can be system developers, system
administrators and IT managers who are interested in creating, installing, managing and
monitoring services for IT infrastructure operations. IaaS consumers are provisioned with the
capabilities to access these computing resources, and are billed according to the amount or
duration of the resources consumed, such as CPU hours used by virtual computers, volume and
duration of data stored, network bandwidth consumed, number of IP addresses used for certain
intervals..

Cloud Provider

A cloud provider is a person, an organization; it is the entity responsible for making a service
available to interested parties.
A Cloud Provider acquires and manages the computing infrastructure required for providing the
services, runs the cloud software that provides the services, and makes arrangement to deliver the
cloud services to the Cloud Consumers through network access.

For Software as a Service, the cloud provider deploys, configures, maintains and updates the
operation of the software applications on a cloud infrastructure so that the services are
provisioned at the expected service levels to cloud consumers.
The provider of SaaS assumes most of the responsibilities in managing and controlling the
applications and the infrastructure, while the cloud consumers have limited administrative
control of the applications.

For PaaS, the Cloud Provider manages the computing infrastructure for the platform and runs the
cloud software that provides the components of the platform, such as runtime software execution
stack, databases, and other middleware components.
The PaaS Cloud Provider typically also supports the development, deployment and management
process of the PaaS Cloud Consumer by providing tools such as integrated development
environments (IDEs), development version of cloud software, software development kits
(SDKs), deployment and management tools.
The PaaS Cloud Consumer has control over the applications and possibly some the hosting
environment settings, but has no or limited access to the infrastructure underlying the platform
such as network, servers, operating systems (OS), or storage.

For IaaS, the Cloud Provider acquires the physical computing resources underlying the service,
including the servers, networks, storage and hosting infrastructure.
The Cloud Provider runs the cloud software necessary to makes computing resources available to
the IaaS Cloud Consumer through a set of service interfaces and computing resource
abstractions, such as virtual machines and virtual network interfaces.
The IaaS Cloud Consumer in turn uses these computing resources, such as a virtual computer,
for their fundamental computing needs Compared to SaaS and PaaS Cloud Consumers, an IaaS
The IaaS Cloud Provider, on the other hand, has control over the physical hardware and cloud
software that makes the provisioning of these infrastructure services possible, for example, the
physical servers, network equipments, storage devices, host OS and hypervisors for
virtualization.

A Cloud Provider‟s activities can be described in five major areas, as shown in Figure a cloud
provider conducts its activities in the areas of service deployment, service orchestration, cloud
service management, security, and privacy. The details are discussed in Section 3
In system administration, orchestration is the automated configuration, coordination, and
management of computer
systems and software

Service Orchestration
Service Orchestration refers to the composition of system components to support the Cloud
Providers activities in arrangement, coordination and management of computing resources in
order to provide cloud services to Cloud Consumers. Figure 15 shows a generic stack diagram of
this composition that underlies the provisioning of cloud services

Cloud Auditor

A cloud auditor is a party that can perform an independent examination of cloud service.
Audits are performed to verify conformance to standards through review of objective evidence.
A cloud auditor can evaluate the services provided by a cloud provider in terms of security
controls, privacy impact, performance, etc.

Auditing is especially important for federal agencies as “agencies should include a contractual
clause enabling third parties to assess security controls of cloud providers” [4] (by Vivek Kundra,
Federal Cloud Computing Strategy, Feb. 2011.).
Security controls are the management, operational, and technical safeguards or countermeasures
employed within an organizational information system to protect the confidentiality, integrity,
and availability of the system and its information. For security auditing, a cloud auditor can
make an assessment of the security controls in the information system to determine the extent to
which the controls are implemented correctly, operating as intended, and producing the desired
outcome with respect to the security requirements for the system. The security auditing should
also include the verification of the compliance with regulation and security policy. For example,
an auditor can be tasked with ensuring that the correct policies are applied to data retention
according to relevant rules for the jurisdiction. The auditor may ensure that fixed content has not
been modified and that the legal and business data archival requirements have been satisfied.
A privacy impact audit can help Federal agencies comply with applicable privacy laws and
regulations governing an individual‟s privacy, and to ensure confidentiality, integrity, and
availability of an individual‟s personal information at every stage of development and operation.

Auditor have to verify that only authorized individuals have access to cloud computing resources
based on their roles and responsibilities. Access is removed on timely manner when any
employee is terminated or/and when their roles get change.

· Auditor have to check about the type and sensitivity of data stored in the cloud. As loss,
leakage or unavailability of data can cause loss to business reputation and revenue or may also
result in non-compliance of regulations.

· Auditor have to verify the sufficiency and appropriateness of policies, practices and
procedures for the protection of data stored in the cloud.

· Auditor have to check the risk associated with the change of technology. How the new
technology is adopted and what are the benefits users are getting against the
costs they have incurred.
Auditor have to review the terms of Service level Agreement (SLA) for the protection of data
stored on the cloud and clauses for the termination of contract between organization and cloud
service provider.

· Auditor have to check the procedures that are related to incident management, problem
management, change management in the context of cloud computing.

· Auditor also have to check the legal and regulatory requirement that an organization are
required to comply for the protection of data which is stored in the cloud.

Cloud Broker

As cloud computing evolves, the integration of cloud services can be too complex for cloud
consumers to manage. A cloud consumer may request cloud services from a cloud broker,
instead of contacting a cloud provider directly. A cloud broker is an entity that manages the use,
performance and delivery of cloud services and negotiates relationships between cloud providers
and cloud consumers.
In general, a cloud broker can provide services in three categories:
Service Intermediation: A cloud broker enhances a given service by improving some specific
capability and providing value-added services to cloud consumers. The improvement can be
managing access to cloud services, identity management, performance reporting, enhanced
security, etc.
Service Aggregation: A cloud broker combines and integrates multiple services into one or more
new services. The broker provides data integration and ensures the secure data movement
between the cloud consumer and multiple cloud providers.
Service Arbitrage: Service arbitrage is similar to service aggregation except that the services
being aggregated are not fixed. Service arbitrage means a broker has the flexibility to choose
services from multiple agencies. The cloud broker, for example, can use a credit-scoring service
to measure and select an agency with the best score.

Cloud Carrier
A cloud carrier acts as an intermediary that provides connectivity and transport of cloud services
between cloud consumers and cloud providers. Cloud carriers provide access to consumers
through network, telecommunication and other access devices. For example, cloud consumers
can obtain cloud services through network access devices, such as computers, laptops, mobile
phones, mobile Internet devices (MIDs), etc. The distribution of cloud services is normally
provided by network and telecommunication carriers or a transport agent, where a transport
agent refers to a business organization that provides physical transport of storage media such as
high-capacity hard drives. Note that a cloud provider will set up SLAs with a cloud carrier to
provide services consistent with the level of SLAs offered to cloud consumers, and may require
the cloud carrier to provide dedicated and secure connections between cloud consumers and
cloud providers.

Cloud Storage – Storage-as-a-Service

What is Cloud Storage?

Cloud storage is a cloud computing model that stores data on the Internet through a cloud
computing provider who manages and operates data storage as a service. It’s delivered on
demand with just-in-time capacity and costs, and eliminates buying and managing your own data
storage infrastructure. This gives you agility, global scale and durability, with “anytime,
anywhere” data access.

Thus, cloud storage is simply the delivery of virtualized storage on demand. The formal term that
is used for this is Data storage as a Service (DaaS).

How Does Cloud Storage Work?

Cloud storage is purchased from a third party cloud vendor who owns and operates data storage
capacity and delivers it over the Internet in a pay-as-you-go model. These cloud storage vendors
manage capacity, security and durability to make data accessible to your applications all around
the world.

Applications access cloud storage through traditional storage protocols or directly via an API.
Many vendors offer complementary services designed to help collect, manage, secure and
analyze data at massive scale.

Cloud Storage Requirements

Ensuring your company's critical data is safe, secure, and available when needed is essential.
There are several fundamental requirements when considering storing data in the cloud.

Durability. Data should be redundantly stored, ideally across multiple facilities and multiple
devices in each facility. Natural disasters, human error, or mechanical faults should not result in
data loss.

Availability. All data should be available when needed, but there is a difference between
production data and archives. The ideal cloud storage will deliver the right balance of retrieval
times and cost.

Security. All data is ideally encrypted, both at rest and in transit. Permissions and access
controls should work just as well in the cloud as they do for on premises storage.
Cloud storage is:

 Made up of many distributed resources, but still acts as one, either in a federated[8] or
a cooperative storage cloud architecture
 Highly fault tolerant through redundancy and distribution of data
 Highly durable through the creation of versioned copies
 Typically eventually consistent with regard to data replicas

Cloud storage services may be accessed through a colocated cloud computing service, a web
service application programming interface (API) or by applications that utilize the API, such
as cloud desktop storage, a cloud storage gateway or Web-based content management systems.

Cloud data management interface

The Cloud Data Management Interface (CDMI) is a specification for a functional interface that
applications will use to create, retrieve, update, and delete data elements from the cloud.
This interface also provides facilities for discovering the properties of a given cloud storage
offering.

CDMI has been proposed by the Cloud Storage Technical Working Group of the Storage
Network Industry Association (SNIA), an association promoting standards in the management of
IT information with a particular focus on data storage.

SNIA has also produced a reference implementation of the CDMI, thus facilitating the process of
quickly producing a working standard by means of feedback from the community.

The Cloud Data Management Interface defines the functional interface that applications will use
to create, retrieve, update and delete data elements from the Cloud.

As part of this interface the client will be able to discover the capabilities of the cloud storage
offering and use this interface to manage containers and the data that is placed in them. In
addition, metadata can be set on containers and their contained data elements through this
interface.

This interface is also used by administrative and management applications to manage containers,
accounts, security access and monitoring/billing information, even for storage that is accessible
by other protocols. The capabilities of the underlying storage and data services are exposed so
that clients can understand the offering.

The main concept of DaaS is to abstract data storage behind a set of interfaces and to make it
available on demand.

By abstracting data storage behind a set of service interfaces and delivering it on demand, a wide
range of actual cloud services and implementations are possible.

An important part of any DaaS system is the support of legacy clients.

Support is accommodated with existing standard protocols such as iSCSI (and others) for block
network storage and CIFS/NFS or WebDAV for file network storage.

iSCSI stands for Internet Small Computer Systems Interface. iSCSI is a transport
layer protocol that works on top of the Transport Control Protocol (TCP). It enables
block-level SCSI data transport between the iSCSI initiator and the storage target
over TCP/IP networks.

WebDAV (Web Distributed Authoring and Versioning) is an extension of the Hypertext Transfer
Protocol (HTTP) that allows clients to perform remote Web content authoring operations.

Its basic functionality includes enabling users to share, copy, move and edit files
through a web server.
 Existing data storage interface standards

The difference between purchasing a dedicated appliance or purchasing cloud storage is not the
functional interface, but the fact that the storage is delivered on demand.

Customers pay for either what they actually use or what they have allocated for use.

For block storage, a Logical Unit Number (LUN)—or virtual volume—is the granularity of
allocation.

For file protocols, a file system is the unit of granularity.

In either case, the actual storage space may be thin-provisioned and billed for based on actual
usage. Data services, such as compression and deduplication, can be used to further reduce the
actual space consumed.

Data deduplication, in computer storage, refers to the elimination of redundant data.

Managing this storage is typically done out of band for these standard data storage interfaces,
either through an API, or more commonly, through an administrative browser-based user
interface.

A typical out-of-band solutions is to have an access server, that is connected to a management port
of each controlled device. In systems management, out-of-band management involves the use of
management interfaces (or serial ports) for managing and networking equipment.

In this model, the underlying storage space that has been exposed by the out-of-band interfaces is
abstracted and exposed using the notion of a container.
 A container is not only a useful abstraction for storage space, but also serves as a grouping of
the data stored in it and a point of control for applying data services in the aggregate.

Each data object is created, retrieved, updated, and deleted as a separate resource. In this type of
interface, a container, if used, is a simple grouping of data objects for convenience.

Data and container management

There is no reason that managing data and managing containers should involve different
interfaces.

Therefore, the use of metadata is extended from applying to individual objects to applying to
containers of objects as well. Thus, any data placed into a container inherits the data system
metadata of the container into which it was placed.

When creating a new container within an existing container, the new container would similarly
inherit the metadata settings of its parent's data system metadata.

After an object is created, the data system metadata can be overridden at the container or
individual object level, as desired. Even if the provided interface does not support setting
metadata on individual objects, metadata can still be applied to the containers.

In such a case, the interface does not provide a mechanism to override metadata that an
individual object inherits from its parent container.

For file-based interfaces that support extended attributes (e.g., CIFS, NFSv4), these extended
attributes can be used to specify the data system metadata to override that specified for the
container.

Common Internet File System (CIFS) is a network filesystem protocol used for
providing shared access to files and printers between machines on the network.
A CIFS client application can read, write, edit and even remove files on the remote
server.

Figure 11.9 provides the overall context in which cloud storage interfaces will operate.

This model shows multiple types of cloud data storage interfaces that are able to support both
legacy and new applications. All of the interfaces allow storage to be provided on demand,
drawn from a pool of resources. The storage capacity is drawn from a pool of storage capacity
provided by storage services.

The data services are applied to individual objects, as determined by the data system metadata.
Metadata specifies the data requirements on the basis of individual objects or for groups of
objects (containers).
 A cloud data management service provides a CDMI made available to clients through REST ful
interfaces. Such an interface provides access to information, data, and storage services that can
be leveraged to access storage clouds.

The Cloud Data Management Interface (CDMI™) shown in can be used to create, retrieve,
update, and delete objects in a cloud. The features of the CDMI include functions that:

• allow clients to discover the capabilities available by the cloud provider,( These are either
boolean values that represent whether or not a system supports things such as queues, export via
other protocols, path-based storage and so on, or numeric values expressing system limits, such as
how much metadata may be placed on an object. As a minimal compliant implementation can be
quite small, with few features, clients need to check the cloud storage system for a capability before

attempting to use the functionality it represents. )

Here’s some of the capabilities that Cloud Storage offers your business:

Customization

Cost

Ease of Use
Accessibility
Scaleability
The capabilities of the underlying storage and data services are exposed so that clients can
understand what services the cloud provides.

• manage containers and the data that is placed in them, and

• allow metadata to be associated with containers and the objects they contain.

CDMI can also be used by administrative and management applications to manage containers,
domains, security access, and monitoring/billing information, even for storage that is
functionally accessible by legacy or proprietary protocols.

This International Standard uses RESTful principles in the interface design where possible (see
REST). CDMI defines both a means to manage the data as well as a means to store and retrieve
the data.

The means by which the storage and retrieval of data is achieved is termed a data path.

The means by which the data is managed is termed a control path. CDMI specifies both a data
path and control path interface. CDMI does not need to be used as the only data path and is able
to manage cloud storage properties for any data path interface (e.g., standardized or vendor
specific). Container metadata is used to configure the data requirements of the storage provided
through the exported protocol (e.g., block protocol or file protocol) that the container exposes.
When an implementation is based on an underlying file system to store data for a block protocol
(e.g., iSCSI), the CDMI container provides a useful abstraction for representing the data system
metadata for the data and the structures that govern the exported protocols.

The interface exposes an object model that allows clients to manipulate and discover data
components. The object model contains the following components:

Object model for CDMI

For data storage operations, the client of the interface only needs to know about container objects
and data objects. All data path implementations are required to support at least one level of
containers. Using the CDMI object model, the client can send a PUT via CDMI to the new
container URI and create a new container with the specified name. PUT is used to send data
to a server to create/update a resource. Typically, it replaces whatever exists at
the target URL with something else. You can use it to make a new resource or
overwrite an existing one. PUT requests that the enclosed entity must be
stored under the supplied requested URI (Uniform Resource Identifier).
Container metadata are optional and are expressed as a series of name-value pairs.

After a container is created, a client can send a PUT to create a data object within the newly
created container. A subsequent GET will fetch the data object, including the value field.

Queue objects are also defined and provide in-order, first-in-first-out access to enqueued
objects.

CDMI defines two namespaces that can be used to access stored objects, a flat object ID
namespace and a hierarchical path-based namespace. Support for objects accessed by object ID
is indicated by the system-wide capability cdmi_object_access_by_ID, and support for objects
accessed by hierarchical path is indicated by the container capability cdmi_create_dataobject
found on the root container (and any subcontainers).

Objects are created by ID by performing an HTTP POST against a special URI, designated as
/cdmi_objectid/ . Subsequent to creation, objects are modified by performing PUTs using the
object ID assigned by the CDMI server, using the /cdmi_objectid/ URI (see 8.4 "Update a data
object using CDMI"). The same URI is used to retrieve and delete objects by ID.

Objects are created by name by performing an HTTP PUT to the desired path URI (see 8.2
"Create a data object using CDMI"). Subsequent to creation, objects are modified by performing
PUTs using the object path specified by the client. The same URI is used to retrieve and delete
objects by path.

CDMI defines mechanisms so that objects having only an object ID can be assigned a path
location within the hierarchical namespace, and so that objects having both an object ID and path
can have their path dropped, such that the object only has an object ID. This function is
accomplished by using a "move" modifier to a PUT or POST operation.

Types of resources in the model

• Data objects

These are the fundamental storage component in CDMI and are analogous to file in a file system.
Data objects can have a set of well-defined single-value fields. In addition, they can support
metadata used to describe the object, which can be provided by either the storage system or the
client.

Objects are similar to files in a traditional file system, but are enhanced with an increased amount
and capacity for metadata. they may be accessed by either name or OID. When accessed by name,
clients use URLs that contain the full pathname of objects to create, read, update and delete them.
When accessed by OID, the URL specifies an OID string in the cdmi-objectid container; this
container presents a flat name space conformant with standard object storage system semantics.
Systems that support query allow arbitrary queries to be run against the metadata.

 Container objects

Container objects are the fundamental abstraction used to group stored data. A container may
have zero or more child objects and a set of well-defined fields.

As happens for data objects, containers support metadata as well. Containers support nesting, and
a child container inherits all the data system metadata from its parent.

A CDMI client may access objects, including containers, by either name or object id (OID), assuming
the CDMI server supports both methods. When storing objects by name, it is natural to use nested
named containers; the resulting structure corresponds exactly to a traditional filesystem directory
structure.

 Domain objects

Domain objects are quite similar to container objects and they are used to represent
administrative ownership stored within a CDMI storage system. As containers, they support
nesting and facilitate the flow of information upward since an aggregate view of data is useful
for administrative purposes.

CDMI supports the concept of a domain, similar in concept to a domain in the Windows Active
Directory model. Users and groups created in a domain share a common administrative
database and are known to each other on a "first name" basis, i.e. without reference to any
other domain or system.
Domains also function as containers for usage and billing summary data.
 Queue objects

Queues are a special class of containers that are used to provide first-in, first-out (FIFO) access
when storing and retrieving data. Queues are useful to support writer-reader and producer-
consumer patterns for storage data management. A queue always has a parent object from which
it inherits the system metadata.

These are useful for job scheduling, order processing and other tasks in which lists of things
must be processed in order.
 Capability objects

Capability objects are a special class of container object that allow a CDMI client to discover
what subset of the CDMI standard is implemented by a CDMI provider.
 Capabilities are descriptors of the set of interactions that the system is capable of performing
against the URI to which they are attached. Each entity defined in the object model is expected to
have a field that represents the URI from which the capabilities for that object can be retrieved.
Every CDMI-compliant interface must be able to list the capabilities for each given object, but
support for all the capabilities listed in the standard is optional.

ntroduction. URI stands for Uniform Resource Identifier, and it's the official name for those
things you see all the time on the Web that begin ' http: ' or ' mailto: ', for example
http://www.w3.org/ , which is the URI for the home page of the World Wide Web consortium

Cloud storage reference model

Using the simple operation defined by REST, clients can discover and manipulate these objects by creating, retrieving, updating,
and deleting objects (CRUD: Create, Retrieve, Update, and Delete).

The set of operations that are supported is defined by the capabilities attached to each entity.

Besides the fundamental operations allowed by REST, the CDMI also provide support for snapshots, serialization and
deserialization, logging, and interoperation compared to other protocols and standards. The CDMI was initially proposed in 2010
and collected consensus from several other bodies involved in the standardization of cloud computing technologies and was
included in roadmaps and studies. Currently, SNIA is moving toward transforming CDMI into a de jure standard by
interoperating with the major standardization organizations, such as ISO/IEC and INCITS.

Advantages of Cloud Storage – Cloud Storage Providers

10 benefits of using cloud storage

 Usability and accessibility

 Security
 Cost-efficient
 Convenient sharing of files
 Automation
 Multiple users
 Synchronization
 Convenience
 Scalable
 Disaster recovery

1. Usability and accessibility

Most all of the cloud services come with an easy-to-use user interface and provide a feature of
drag and drop.

For instance, you can think of Google drive from Google or iDrive from Apple. They both have
a simple interface, and you can easily upload your file on your online drive without any expert
knowledge.

For example, if you have saved a file in drive using a mobile device, you can retrieve that file
using a computer or any other device with internet connectivity. It doesn’t matter where you are
right now. If you have a good internet connection, you can access your files, which is saved
online somewhere on the data centers.

2. Security

If anything is associated with the internet, then safety becomes our primary concern, and mostly
the big and small businesses use cloud storage services, so before they choose a cloud service for
their business, they make sure that service provided giving them better security.

The cloud storage saves your data across the redundant servers, so even if one of the data centers
gets collapsed, your data will be managed by the other data centers, which make your data safe
and supervised.

If all the data centers of the storage provider get collapse or destroyed, then only your data could
be lost, and this is entirely impossible phenomena because a cloud storage service is formed of
thousands of data centers.

Some of the cloud storage vendors keep the copies of your data at the different data centers, so
even if the data get lost or corrupted at the server, the backup must be there.

3. Cost-efficient

By only using the cloud storage service, the business outsources the storage problem.
 By using online data storage, the enterprise reduces the expenses of internal resources. With this
technology, the company itself does not need any inner power and support to manage and store
their data; the cloud storage vendor handles all.

There are some cloud storage services provided which give cloud storage for a lifetime at an
affordable price, which is a win-win offer for small business and individual users.

4. Convenient sharing of files

Every cloud storage service provides the file-sharing features, which helps you to share your file
with other users.

You can either send a file to another user or invite multiple users to view your data. Mostly all
the vendors provide a cloud environment in which two users using the same cloud service can
share their data, though there are only a few service vendors that offer the cross-platform file
sharing features.

5. Automation

Cloud storage works like a hard disk on your system, and if you want to store any file in the
cloud, it will not temper any ongoing task. There may be more than one user using a cloud
storage service, and the current responsibility of one user would not affect the task of another
since it is all is managed and automated by the cloud vendor.

6. Multiple users

The same cloud environment can have more than one use associated with it. With cloud storage,
multiple users can collaborate with the common file. For instance, you can give access to your
files to multiple users so they can access and edit your file. The authorized person can access
your file from any part of the world in real-time.

7. Synchronization

Every storage vendor gives the sync feature. With synchronization, you can sync the cloud
storage data with any device you want. As we have discussed, we can access our data from any
device and any part of the world, but this accessibility is done with the help of synchronization.
With proper credentials, you can log in to your subscribed storage service with any device, and
you will be able to access your all data that have been stored in that cloud storage. There is no
need to copy data from one device to another, but you need a good internet connection to have
access to all of your files.

8. Convenient

You do not need any hard disk or flash drive to access or view your data — all is done online.
However, if you want to download any file or data, you may require a storage device or you can
download that data in your device. But if you want to surf your data, then it would not occupy
any space on your device. Even if you make any changes to the data, all the changes will reflect
on every device which is synced with that storage service. You do not require any expert or
technical knowledge to use the cloud storage service. All the heavy lifting is managed by the
vendor itself.

9. Scalable

Cloud storage is scalable and flexible. If the current plan of storage is not enough, you can
upgrade the service plan. And you do not need to move any data from one location to another,
the extra space will be added to your storage environment with some extra features.

10. Disaster recovery

Every business has a backup storage plan where they store all the copies of their data. If they
encounter any collapse or loss of data problem, they can retrieve data from their backup plan,
and that is why cloud storage is the best method to deal with this problem. Cloud storage service
provides the best platform for disaster recovery data. Any business can use cloud storage as a
data backup storage, so if there is a data loss, the company can retrieve backup data from the
cloud.

 Companies need only pay for the storage they actually use, typically an average of
consumption during a month.[10] This does not mean that cloud storage is less expensive, only
that it incurs operating expenses rather than capital expenses.
 Businesses using cloud storage can cut their energy consumption by up to 70% making them
a more green business.[11]
 Organizations can choose between off-premises and on-premises cloud storage options, or a
mixture of the two options, depending on relevant decision criteria that is complementary to
initial direct cost savings potential; for instance, continuity of operations (COOP), disaster
recovery (DR), security (PII, HIPAA, SARBOX, IA/CND), and records retention laws,
regulations, and policies.
 Storage availability and data protection is intrinsic to object storage architecture, so
depending on the application, the additional technology, effort and cost to add availability
and protection can be eliminated.
 Storage maintenance tasks, such as purchasing additional storage capacity, are offloaded to
the responsibility of a service provider.
 Cloud storage provides users with immediate access to a broad range of resources and
applications hosted in the infrastructure of another organization via a web service interface.
 Cloud storage can be used for copying virtual machine images from the cloud to on-premises
locations or to import a virtual machine image from an on-premises location to the cloud
image library. In addition, cloud storage can be used to move virtual machine images
between user accounts or between data centers.[15]
 Cloud storage can be used as natural disaster proof backup, as normally there are 2 or 3
different backup servers located in different places around the globe.
 Cloud storage can be mapped as a local drive with the WebDAV protocol. It can function as
a central file server for organizations with multiple office locations.

Drawbacks to using cloud storage

1. Drag and drop

The drag and drop option may move your original data from one location to another, so make
sure instead of using the drag and drop option. Simply use the copy and paste method.

2. Internet dependency

Without the internet, you cannot access your data while downloading the file from cloud storage.
If there is an internet failure, it might corrupt the data which you were downloading.

3. Data security and privacy

Many cloud storage vendors lack data security and privacy fields, and there are many cases
where the data from the cloud storage gets leaked.

 When data has been distributed it is stored at more locations increasing the risk of
unauthorized physical access to the data. For example, in cloud based architecture, data is
replicated and moved frequently so the risk of unauthorized data recovery increases
dramatically.
 Such as in the case of disposal of old equipment, reuse of drives, reallocation of storage
space.
 The manner that data is replicated depends on the service level a customer chooses and on
the service provided.
 When encryption is in place it can ensure confidentiality. Crypto-shredding can be used when
disposing of data (on a disk).

1. The number of people with access to the data who could be compromised (e.g., bribed, or
coerced) increases dramatically.

A single company might have a small team of administrators, network engineers, and
technicians, but a cloud storage company will have many customers and thousands of
servers, therefore a much larger team of technical staff with physical and electronic
access to almost all of the data at the entire facility or perhaps the entire company.

Decryption keys that are kept by the service user, as opposed to the service provider,
limit the access to data by service provider employees.

As for sharing multiple data in the cloud with multiple users, a large number of keys has
to be distributed to users via secure channels for decryption, also it has to be securely
stored and managed by the users in their devices.
 Storing these keys requires rather expensive secure storage. To overcome that, key-
aggregate cryptosystem can be used.

2. It increases the number of networks over which the data travels. Instead of just a local
area network (LAN) or storage area network (SAN), data stored on a cloud requires a
WAN (wide area network) to connect them both.
3. By sharing storage and networks with many other users/customers it is possible for other
customers to access your data.

Sometimes because of erroneous actions, faulty equipment, a bug and sometimes

because of criminal intent.

This risk applies to all types of storage and not only cloud storage. The risk of having
data read during transmission can be mitigated through encryption technology.
Encryption in transit protects data as it is being transmitted to and from the cloud service.

Encryption at rest protects data that is stored at the service provider. Encrypting data in
an on-premises cloud service on-ramp system can provide both kinds of encryption
protection.

4. Expensive cloud storages

Most of the best cloud services are expensive; this is because they are specially designed for
business purposes. If you go for a less expensive plan, you might have to compromise with some
of the features.