1.

A software development company is looking for an online ticketing tool to

manage the service requests. They are looking for a Software as a Service
(SaaS) based tool for this requirement. The IT head is trying to understand the
common challenges of SaaS model related to Cloud service provider going out
of business, Internet and OS related limitations and Loss of control. How can
you help understand the IT head about these SaaS challenges? (10 Marks)

Answer:

Software as a Service (SaaS) as the name suggests is one of the software

Deployment models/ cloud-based service mechanisms in which a third party
provider builds application on cloud infrastructure and makes them available to
customers via the internet. This means that the software can be accessed from
anywhere/device that has an internet and a web browser. From the customers
point of view he or she doesn’t need to have the technical expertise of managing
the application as all the technical know how’s will be managed by the vendor.
Emails and messaging are some of the prime examples of SaaS. Some of the
common examples are Office 365,Zoom, Google Gsuite, SAP, Sales force etc.

In the current scenario related to setting up an online ticketing tool to manage

service requests it is quite an easy task to set this up considering a SaaS tool
either in a public, private or a hybrid cloud. It can be fairly straight forward ,
self provisioned and cost effective. However like any other technology the SaaS
model also comes with its own set of common challenges or cons. Some of the
common challenges associated with SaaS are as below:

• Internet : The number one advantage can be a number one challenge as

well. If the internet connection is stable and good, then it’s a pro if
unstable then it can be a very big con.
• Loss of Control: In case of SaaS the vendor manages everything for you.
So, in this case you have to be dependent on the vendor fully.For instance
you need to do any kind of modifications /changes in the app then you
need to depend on the LCM and change management cycle of the vendor
and his timelines.
• Slower Speed : SaaS applications tend to have more latency as compared
to client/server setup
• Service Provider going out of business: Perhaps the most important factor
while putting your data into cloud is choosing a reliable and a reputed
service provider. Choosing a relatively less experienced service provider
also brings in a risk of closure or discontinuity of the cloud infra in case
of say company not doing well, bankruptcy causing a risk to the data
lying in their cloud as well and risk to the running business.
 • Security Risks : The SaaS provider secures the data himself , so the SP
wouldn’t be aware of the sensitive information from the application
perspective causing a risk.

As technology continues to grow SAAS based solutions will continue to evolve

as well. SaaS will continue to flourish despite the challenges faced during
implementation. However most of the above challenges can be overcome to a
great extent by doing thorough research, requirement gathering and carefully
selecting a reputable service provider who should make the journey to the cloud
more effective, less risky and hassle free.
 2. Few educational institutes of a city are looking to migrate some of their
services to the cloud for which they are thinking to create a community
cloud. A community cloud is an integrated setup that combines the
features and benefits of multiple clouds to address the needs of a specific
industry. They have set up a forum to discuss the features of the
community cloud. You as a consultant are expected to discuss features
like Cost- effectiveness, Regulatory compliance, Industry-based security
requirements, High availability and More control and prepare a report on
the same. Describe key points of your report on the features of the
community cloud. (10 Marks)

Answer:

The advancement of virtualization technology has made cloud

computing an integral part of every industry. Cloud computing has some
well-known flavors like public, private, hybrid, BareMetal cloud etc. The
Community cloud is one such flavor which falls somewhere between
public and private cloud. A community cloud is a cloud infrastructure in
which multiple organizations share resources and services based on
common operational and regulatory requirements. The purpose of this
concept is to allow multiple customers to work on joint projects and
applications that belong to the community where it is necessary to have a
centralized infrastructure. Some of the sectors where the community
cloud is the best fit are government sector, health care , education etc.

In the current scenario a community cloud is a best fit for educational

institutes to come together and host their services on a common infra. As
a consultant I feel below are some of the main features of a community
cloud

• Cost Effectiveness: A community cloud is cost effective as compared to

private cloud. For sectors like educational institutes it a good alternative
to a private cloud as it leverages most of the benefits of private and public
cloud .Same infra can be used across multiple institutes to perform
similar actions thus ensuring cost effectiveness.
• Security and Compliance: Since all the educational institutes are part of
the community cloud it is of importance that all the compliance and
security related to educational and data security related sector has been
implemented. Some of the security features may include restricted access
to specific data sets , IAM etc.
• High Availability: Cloud services ensures that application and data is
available at all the time with minimum/no downtime.
 • More Control : Many organizations opt for private cloud over public
because they have more control over the data and transparency . However
private clouds are expensive. Community clouds provides the best of both
the worlds and more control and transparency for the users.

With emerging technology cloud computing is evolving as well. Based on the

specific needs of a group of users the community cloud fits the bill with all the
above mentioned features thus emerging as a powerful tool for industry / sector
based innovations.

3. ProTech is a company providing Project Management related tools to

different organizations. As their business volume is going up their management
is thinking about utilizing the existing hardware or using some new technology
to provide support to maximum clients. Their CTO suggests two options to
achieve the same.

1. ProTech can use hypervisors so that they can use same set of hardware
for multiple services. What are hypervisors? Explain Type-1 and Type-2
hypervisors (5 Marks)

Answer : A hypervisor is a software that can be used to run multiple

virtual machines on a single physical machine. Every VM would have its own
OS and applications. The hypervisor allocates the underlying computing
resources like CPU and memory to the VM’s as required. Hypervisors thus
helps in reduction in the hardware expenditure and increase scalability and
accessibility thus helping Protech and its clients to leverage all the benefits of
technology essential for cloud. There are mainly 2 types of hypervisors.

a. Type 1: Bare metal or native hypervisors

They run directly on host machines physical hardware. They are highly
secure , efficient and performs better than hosted hypervisors. Due to these
reasons they are genrally used for high level production workloads requiring
failovers , high uptimes etc.Some of the eg’s of Type 1 are Red Hat
enterprise virtualization ,Citrix Xen server , Hyper-V
 b. Type 2: Hosted or Client hypervisors.

Type 2 also known as the client hypervisor runs as a software layer on top
of the OS of the host machine. It relies on the preexisting OS of the host to
manage calls to the CPU,memory,storage ,network. These are more used in the
end user ,client related systems where security and latency is of less importance.
Some of the egs of Type 2 are Oracle VM virtual box, Vmware Fusion.

2. ProTech can move to cloud solutions. Every cloud solution comes with
some cyber risk. Describe 3 types of threats related to cyber risks. (5
Marks)

Answer :

i. Unintentional threats

Unintentional Threats are acts performed without malicious intent that

nevertheless represents a serious threat to cloud security.A major
category of unintentional threat is Human error.Human error is a constant
risk when building business application and hosting it on a public cloud
magnifies that risk.It can be a case that a user is using an API which doest
have a good security and regulation control thereby unintentionally
exposing data.Even an unintentional misconfiguration can cause cloud
resources vulnerable to an attack.

ii. Natural events :

Natural events even though infrequent are events like a flood , earth
quake which may cause whole of the datacenter where the server is
located to go down and inaccessible causing loss of service in case there
is no disaster recovery.

iii. Intentional threats

These are attacks against a cloud asset intentionally in order to

exploit a risk.Cyberattacks in once such intentional wrong doing by
cyber criminals or hackers for the pupose of stealing , destroying or
exposing the information.Insider information is also once such
threat where a former employee or a current employee who has
access to some sensitive data can exploit it.