Cloud Computing Unit IV: SaaS Quiz

Questions and Answers

What is a significant disadvantage of using Software as a Service (SaaS)?

Higher initial software costs

Increased responsibility for software maintenance

Loss of control over software versions (correct)

Requirement for on-premise installations

Which factor contributes to the effectiveness of a SaaS application?

Limited scalability options

Static user requirements

Reliance on local storage

Multi-tenant efficiency (correct)

What does configurability in a SaaS model refer to?

The capability to optimize software for various user needs (correct)

The limit on the number of users accessing the software

The restriction of software updates to once a year

The ability to physically install the software on a user’s device

What is an example of a social networking SaaS application?

Facebook

Which is an advantage of SaaS for enterprise software applications?

Facilitates data sharing between internal and external users

What aspect of SaaS deals with maximizing concurrency?

Scalability

What is a characteristic of multi-tenancy in SaaS?

All users share the same application instance

Which of the following features is essential for a SaaS application to be scalable?

Maximizing resource sharing and pooling

What is a primary advantage of a multi-tenancy architecture?

Efficient resource sharing across multiple tenants

Which of the following is NOT an advantage of SaaS compared to traditional applications?

Requires installation of binary code on personal devices

How does configurability in SaaS applications differ from traditional applications?

It relies on metadata for user customization

What is a potential disadvantage of SaaS applications?

Inherent security risks due to data centralization

What key feature does Salesforce CRM provide?

Cloud-based solutions for customer interactions

What characterizes the agility of SaaS development?

Quick changes that respond to user demands

What challenge might organizations face when adopting multi-tenancy?

Ensuring data transparency and security across tenants

Why is configurability considered important in SaaS applications?

It lets customers tailor application behavior through metadata

What is a primary advantage of SaaS for small businesses?

Offers a pay-as-you-go pricing model

Which of the following is a disadvantage of using SaaS?

Concerns over privacy and security

What is a common cause of security problems in cloud environments?

Loss of control and lack of trust

How does multi-tenancy contribute to cloud security issues?

Tenants share resources with conflicting priorities

What aspect of SaaS applications is often criticized due to their reliance on third-party providers?

Loss of control over data and resources

In a cloud environment, what does loss of control typically mean for consumers?

Their data is overseen by the cloud provider

Trust in a third-party cloud provider often requires which of the following?

An understanding of shared risks

What is a critical focus area to ensure effective multi-tenancy in cloud services?

Creating isolated environments for each tenant

Study Notes

Cloud Computing (CS574)

• Course offered by Rajiv Gandhi Institute of Petroleum Technology, Jais, Amethi
• Taught by Dr. Kalka Dubey
• Course is for B.Tech 3rd Year (CSE) and B.Tech Final Year (PE+CH) students

Unit-IV: Software as a Service (SaaS)

• Introduction to SaaS
• Security in Cloud Environment
• Web Service Applications and Web Portal

Cloud Services

• SaaS (Software as a Service)
• PaaS (Platform as a Service)
• IaaS (Infrastructure as a Service)
• Layers of cloud services are shown with end users at the top of the triangle and those who manage the network infrastructure being at the bottom.

Cloud Layer

• The top level is "Software as a Service"
• The middle level is "Platform as a Service"
• The bottom level is "Infrastructure as a Service"
• Each layer is managed at a different level by the vendor.

Introduction to SaaS

• Definition: A software delivery model where software and associated data are hosted centrally and accessed using thin clients (web browsers).
• Method for delivering software with remote access as a web-based service.
• Purchased with a monthly fee and pay-as-you-go model.

Software as a Service (SaaS)

• Model of software deployment where an application is hosted as a service across the internet.
• Alleviates the burden of software maintenance and support but users relinquish control over software versions and requirements.

Applicability of SaaS

• Enterprise software application: Sharing data between internal and external users (e.g., Salesforce CRM).
• Single user software application: Runs on a single-user computer and serves one user at a time (e.g., Microsoft Office).
• Business utility SaaS: Applications for managing and collecting data, streamlining collaborative processes, and providing actionable analysis (e.g., Salesforce automation).
• Social networking SaaS: Platforms for networking and sharing information, photos, videos, etc. (e.g., Facebook).

Considerations for SaaS Application Development

• Community ecosystem (access anywhere, pay as you grow/subscription).
• Web services based (integration/mashups via web).
• Low TCO/Fast Result/High ROI.
• Highly secure and compliant.
• Superior service through SLAs.
• Rapid and continuous upgrades.
• Multi-tenant, release, efficient, and database infrastructure.

Important Factors for Good SaaS Design

• Scalability
• Multi-tenant efficiency
• Configurable

Scalability

• Maximizing concurrency and efficient use of resources
• Optimizing locking duration
• Statelessness
• Sharing pooled resources like threads and network connections
• Caching reference data
• Partitioning large databases

Multi-tenancy

• Important architectural shift from designing isolated single-tenant applications.
• One application instance accommodates users from multiple companies at the same time.
• Architecture for efficient resource sharing across tenants

Configurable

• Single application instance on a single server accommodates users from multiple companies.
• Traditional customization requires code changes, modern methods use metadata to configure application behavior.
• Simple and easy customer configuration procedures without extra development or operation costs.

SaaS Service Providers

• Salesforce.com: Feature-rich CRM solutions for marketing, sales, services, partner management, and community management.
• Microsoft 365, SuccessFactors, Mimecast, Concur, Right Now Technologies, NetSuite.

Salesforce Services

• Includes solutions for marketing, sales, services, partner management, and community management.
• Originally software for managing customer interactions (scheduling, emailing, texting).
• Grew into a cloud software solution for PaaS (Platform as a Service) and SaaS.

Advantages of SaaS

• Compared to traditional apps, SaaS apps are less clunky.
• Delivery through internet, runs on a wide variety of devices.
• Better collaboration due to centralized data storage
• Change is faster and favors agile development
• Software changes are frequent and on-demand

Advantages of SaaS (cont.)

• Easy to use – Most SaaS applications require only a web browser.
• Cheap – Pay-as-you-go pricing makes it affordable for small businesses and individuals.
• Applications are less prone to data loss being stored in the cloud.

Disadvantages of SaaS

• Privacy
• Security
• Reliability
• Robustness

Security in Cloud Environment

• Causes of problems associated with cloud
  • Loss of control.
  • Lack of trust mechanisms.
  • Multi-tenancy.
• Self-managed clouds still face security issues, but not related to the above.
• Loss of Control in the Cloud: Consumers lose the ability to manage data, applications and resources when using a cloud service, because those resources are under the control of the cloud provider.
• Provider owns user access control, policies and enforcement.
• Consumers rely on the provider for data security, privacy, resource availability and monitoring & repairing of services/resources..
• Lack of Trust: Defined as two opposite sides of the same coin (J. Camp)
• People only trust when it's favorable to them (economists view)
• The need for trust arises under risky situations. Third party cloud management schemes exist to create balance between trust and risk.
• Multi-tenancy issues: Conflict between opposing goals of tenants who share common resources.
• Clouds bring new security threats where many independent users share a physical infrastructure.

Taxonomy of Fear

• Confidentiality
• Integrity
• Availability
• Privacy issues due to massive data mining on client data
• Privacy issues due to vulnerability of communication link between cloud and client
• Cloud provider employees being phished to acquire user data

Threat Model

• Used to analyze security problems, design mitigation strategies and evaluate solutions.
• Steps: Identify the attackers, assets, threats, and other components of the cloud system, rank the threats, choose mitigation strategies, and build solutions based on chosen strategies.
• Basic components
  • Attacker modeling
  • Insider vs. outsider?
  • Single attacker vs a collaborative group.
  • Motivation and capabilities of the attacker.
  • Vulnerabilities/threats The issues associated with SaaS are the levels of trust given by customers to cloud providers.

Infrastructure Security

• Network Level
• Host Level
• Application Level

The Network Level

• Ensuring confidentiality and integrity of data-in-transit between the organization and the cloud provider.
• Implementing proper access control (authentication, authorization, and auditing) to resources.
• Ensuring resources are available and assigned to the organization.
• Replacing standard network zones and tiers with domains.

The Host Level

• SaaS and PaaS platforms hide the host OS from users.
• Security responsibilities transfer to the Cloud Service Provider (CSP).
• Customers still own the risk of managing information hosted on the cloud services.

The Application Level

• Denial of Service (DoS) (Economic Denial of Sustainability)
• An attack against the billing model to bankrupt the service.
• End-user security is a concern.
• Who is responsible for web application security in the cloud?
  • SaaS/PaaS/IaaS applications security.
  • Customer-deployed application security.

Data Security and Storage

• Data-in-transit and data-at-rest security.
• Confidentiality & integrity use secured protocol.
• Data encryption is applied when data is not commingled with other users.
• Important to know where data is housed in the cloud for audits and compliance reasons.
• Data provenance ensures accuracy. (e.g., currency conversions, proper calculations)

Third-Party Cloud Computing

• Provides virtual machines on demand.
• Maximizes utilization of sunk capital.
• Confidentiality is vital in such systems.

New Vulnerabilities & Attacks

• Threats from other consumers can exploit how physical resources are shared among VMs.
• Attacks can happen due to VM placement and extraction.
• Adversaries can co-locate themselves with target VMs to violate confidentiality by penetrating the same physical server.

More on Attacks

• Collaborative attacks
• Mapping internal infrastructure
• Identifying target residence
• Instantiating new VMs for finding the right placement of target VMs.
• Cross-VM side-channel attacks
• Extract information from target VM

Web Service Applications and Web Portal

• Web services are used for computer-to-computer interaction rather than human consumption.
  • Web services may use SOAP, FTP, SMTP, etc., for communication.
  • Web services utilize HTTP for communication for XML and JSON.

Definition of Web Services

• Technologies for making connections.
• Software systems supporting interoperable m2m (machine-to-machine) interaction.
• Services offered by one electronic device to another by communicating through the Web.
• Utilize protocols, such as SOAP, over HTTP for communication, and transfer information in XML and JSON formats.

Service (cont.)

• Properly defined, self-contained and context-independent function.
• Carry out functions such as generating data or retrieving credit card statements.
• Web services form part of the technology architecture of SOA (Service Oriented Architecture).
• Commonly used APIs in cloud computing (SOAP and RESTful web services).

Web Services vs Websites

• Websites are for human consumption (human-to-computer interaction).
• Web services are for computer-to-computer interaction.
• Websites may implement background web services (e.g., PayPal).

Service Example

• Basic service-oriented architecture design.
• Service provider returns a response message to the service consumer (client).
• Simple data and message passing.
• Request and response connections must be understandable by both service consumer and provider.

Description

This quiz covers Software as a Service (SaaS) concepts as described in Unit IV of the Cloud Computing course at Rajiv Gandhi Institute of Petroleum Technology. Students will explore topics including the definition of SaaS, security in cloud environments, and different layers of cloud services. Test your understanding of these crucial cloud computing principles.