School of Law

Christ (Deemed to be University)

BENGALURU, INDIA

March, 2024

CLOUD COMPUTING: A CRITICAL ANALYSIS OF LEGAL AND

REGULATORY FRAMEWORKS

A DISSERTATION

Submitted by

Tirtharaj Dhar

(Reg. No. 2357158)

Under the Guidance of

Dr. Chaitra Rangappa Beerannavar

in partial Fulfilment of the Requirements for the Award of the Degree of

MASTER OF LAW IN INTELLECTUAL PROPERTY AND TRADE LAW

(LLM IPL)
 TABLE OF CONTENTS

TITLE PAGES

ABSTRACT

LIST OF SYMBOLS AND ABBREVIATIONS

TABLE OF AUTHORITIES
1. LIST OF STATUES
2. TABLE OF CASES

CHAPTER 1

1.1 Introduction

1.2 Statement of the Problem

1.3 Research Objectives

1.4 Research Questions

1.5 Research Methodology

CHAPTER 2 - LITERATURE REVIEW

CHAPTER 3 - OVERVIEW OF CLOUD COMPUTING

3.1 Introduction

3.2 What is Cloud Computing?

3.3 Essential Characteristics

3.4 What is Not Cloud Computing?

3.5 Where is the Cloud?

3.6 History of Cloud Computing

2|Dissertation
 3.7 Conclusion

CHAPTER 4 - COMMON MODELS OF CLOUD COMPUTING

4.1 Introduction

4.2 Service Models

4.3 Cloud Deployment Models

4.4 Examples of Cloud Deployment Models

4.5 On-premises vs. Cloud Computing

4.6 Example: On-Premises Email Vs. Cloud-Based Email

4.7 Conclusion

CHAPTER 5 - DATA PRIVACY AND SECURITY, WITH REGARD TO

THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023

CHAPTER 6 - INTELLECTUAL PROPERTY AND CLOUD COMPUTING

CHAPTER 7- CROSS BORDER DATA TRANSFERS

CHAPTER 8 - CONCLUSION AND SUGGESTIONS

CHAPTER 9 - REFERENCES

3|Dissertation
 CHAPTER 1

1.1 Introduction

In the digital age, cloud computing has emerged as a transformative technology that
revolutionizes the way businesses operate and individuals access and store information. It
offers unparalleled flexibility, scalability, and cost-efficiency, making it a pivotal element of
modern computing. As cloud computing continues to gain traction in India, it brings forth a
myriad of legal and regulatory challenges that demand careful consideration and governance.
This paper delves into the complex landscape of cloud computing within the legal and
regulatory framework of India. Cloud computing is a technology that enables users to access
computing resources, such as storage, processing power, and software applications, through
the internet, rather than relying on local hardware and software. This model allows
organizations to scale their operations efficiently, reducing the need for extensive
infrastructure investment. However, as businesses and individuals migrate their data and
services to the cloud, they encounter various legal and regulatory issues unique to the Indian
context.

One of the foremost concerns is data privacy and security. India has enacted the Digital
Personal Data Protection Act, which seeks to safeguard personal data of its citizens. Cloud
service providers and users must adhere to these regulations when handling and storing
personal data in the cloud.

Intellectual property rights in the cloud are another contentious issue. Businesses rely on the
cloud to collaborate and share information, which can involve the exchange of copyrighted
material or sensitive trade secrets. Balancing the rights of content creators and the needs of
cloud users can be a legal tightrope walk. It is essential to establish clear contracts and
policies that govern the use of intellectual property in the cloud to avoid legal disputes.
Additionally, cross-border data transfers raise intricate questions. Many cloud service
providers have data centers located outside India, and the transfer of data across international
boundaries can trigger jurisdictional issues. The cloud computing industry needs to ensure

4|Dissertation
that they align their operations with India's data localization requirements, as these
regulations continue to evolve.

This paper will explore the multifaceted aspects of cloud computing within the legal and
regulatory framework of India. It will delve into the specific laws and regulations governing
data privacy, intellectual property, contractual relationships, and international data transfers,
while also examining the role of government agencies and the need for global compliance.
As cloud computing continues to reshape the landscape of Indian business and society,
understanding and navigating these legal and regulatory challenges will be essential for
stakeholders to harness the full potential of this transformative technology.

1.2 Statement of Problem

The advent of cloud computing has revolutionized the storage, processing, and access of data.
This paradigm shift allows individuals and organizations to leverage remote data centers,
creating a dynamic and accessible computing environment. Cloud computing fosters
innovation and efficiency by offering flexibility and scalability to users, be they individuals
or large enterprises.

However, the adoption of cloud computing in India presents intricate legal and regulatory
challenges. As organizations migrate sensitive data, issues of data sovereignty, privacy, and
compliance with local laws become critical. Navigating diverse regulations is essential to
meet data residency requirements and address privacy concerns. Additionally, complexities
arise regarding intellectual property, contractual agreements, and liability in the event of
security breaches. Achieving a balance between technological innovation and legal
compliance is crucial in the Indian context.

1.2 Research Objectives

5|Dissertation
 1. To analyse the different common types of cloud computing models.

2. To examine the issues of data privacy and security in the context of cloud computing.

3. To examine the concerns related to Intellectual Property Rights in the context of

cloud computing.

4. To understand and examine the concept of localisation of data and the legal
framework governing the same.

1.3 Research Questions

1. What are the different common types of cloud computing models and what are the
similarities and differences?

2. What are the issues of data privacy and security in the context of cloud computing
with Regard to the Digital Personal Data Protection Act, 2023?

3. What are the concerns related to Intellectual Property Rights in the context of cloud
computing?

4. What factors constitute the concept of localisation of data and the legal framework governing
the same?

1.4 Research Methodology

The methodology primarily used in the paper is doctrinal and analytical method of research
to explain the concept of cloud computing and also to analyse the provisions of law relating
to the same. This approach focuses on critically evaluating legal issues by examining facts,
arguments, and different perspectives. It involves assessing the practical implications and
policy considerations associated with legal principles.

6|Dissertation
The source of data is secondary in nature, consisting of various books, articles, research
papers and online database material.

7|Dissertation
 CHAPTER 2

LITERATURE REVIEW

1. Cloud computing: implementation, management, and security.1

This Article discusses the practical aspects of deploying cloud technology within an
organization. This encompasses the adoption of cloud services, managing cloud
resources, and ensuring robust security measures. The article provides guidance on
effective implementation strategies, resource allocation, and the protection of
sensitive data in the cloud environment, addressing the critical considerations in cloud
computing adoption and management.

2. Towards achieving data security with the cloud computing adoption framework.
IEEE Transactions on Services Computing.2

The article delves into the vital issue of data security when adopting cloud computing
solutions. It outlines a comprehensive framework or approach aimed at safeguarding
data in the cloud. The article addresses encryption, access controls, compliance with
data protection laws, and strategies for minimizing vulnerabilities. Its goal is to
provide a roadmap for organizations to enhance data security while harnessing the
benefits of cloud technology.

1
Rittinghouse, J. W., & Ransome, J. F. (2016). Cloud computing: implementation, management, and
security. CRC press.

2
Chang, V., & Ramachandran, M. (2016). Towards achieving data security with the cloud computing
adoption framework. IEEE Transactions on Services Computing, 9(1), 138-151.

8|Dissertation
 3. Al-Dossari, S. M., & Al-Ruwais, S. A. (2014). Cloud computing security issues and
challenges: A survey. Journal of King Saud University-Computer and Information
Sciences.3

This is a research article that provides a comprehensive overview of the various

security concerns in cloud computing. It explores the vulnerabilities, risks, and
potential threats faced by cloud users and providers. The survey covers topics like
data breaches, identity management, compliance, and encryption techniques. By
identifying and analyzing these issues, the article offers valuable insights into the
complex landscape of cloud computing security, aiding organizations in mitigating
risks and enhancing their security posture.

4. Jurisdictional Issues In Cyberspace4

This article refers to the complex legal questions surrounding the authority of nations
and their legal systems in the context of the internet. In a borderless digital realm,
determining which country's laws apply and which courts have jurisdiction can be
challenging. The issues encompass a wide range of matters, including cybercrimes,
data breaches, online content regulation, and e-commerce disputes. Resolving these
issues often requires international cooperation and the development of legal
frameworks to address the global nature of the internet. Finding common ground on
jurisdictional matters in cyberspace is essential for maintaining legal order in our
increasingly interconnected world.

3
Al-Dossari, S. M., & Al-Ruwais, S. A. (2014). Cloud computing security issues and challenges: A survey.
Journal of King Saud University-Computer and Information Sciences.

4
Muralidhar, Justice S. (2010) "Jurisdictional Issues In Cyberspace," Indian Journal of Law and Technology:
Vol. 6: Iss. 1, Article 1.

9|Dissertation
 5. Personal Jurisdiction for Internet Torts: Towards an International Solution?5

The article explores the complex legal issues surrounding personal jurisdiction in
cases involving internet-related wrongs. Hestermeyer offers insights on potential
international solutions to address these jurisdictional challenges.

6. Legal Requirements and Compliance in the Context of Cloud Computing, in Legal

Tech, Smart Tech and the Future of Law6

This article examines the complex legal landscape governing cloud technology. It
addresses issues like data privacy, data sovereignty, intellectual property, and
contractual compliance. The article explores how organizations navigate these
challenges while adhering to the legal framework, ensuring data security, and meeting
regulatory obligations in the context of cloud computing.

7. A Review Study on Cloud Computing Issues7

This study argues that cloud computing is the most promising current implementation
of utility computing in the business world, because it provides some key features over
classic utility computing, such as elasticity to allow clients dynamically scale-up and

5
Holger Hestermeyer, Personal Jurisdiction for Internet Torts: Towards an International Solution?, 26
NW. J. INT’L L. & BUS. 267 (2006).

6
Korn, S., Winkelmann, A., & Strobel, J., Legal Requirements and Compliance in the Context of Cloud
Computing, in Legal Tech, Smart Tech and the Future of Law 123-147 (2018).

7
Kadhim, Qusay & Robiah, Y. & Mahdi Alsultani, Hamid & Al-shami, Samer & Selamat, Siti Rahayu.
(2018). A Review Study on Cloud Computing Issues. Journal of Physics: Conference Series.

10 | D i s s e r t a t i o n
 scale-down the resources in execution time. Nevertheless, cloud computing is still in
its premature stage and experiences lack of standardization. The security issues are
the main challenges to cloud computing adoption. Thus, critical industries such as
government organizations (ministries) are reluctant to trust cloud computing due to
the fear of losing their sensitive data, as it resides on the cloud with no knowledge of
data location and lack of transparency of Cloud Service Providers (CSPs)
mechanisms used to secure their data and applications which have created a barrier
against adopting this agile computing paradigm. This study aims to review and
classify the issues that surround the implementation of cloud computing which a hot
area that needs to be addressed by future research.

8. Ahmed, Monjur & Hossain, Mohammad. (2014). Cloud Computing and Security
Issues in the Cloud. International Journal of Network Security & Its Applications.8

The aouthors explain how cloud computing has formed the conceptual and
infrastructural basis for tomorrow’s computing. The global computing infrastructure
is rapidly moving towards cloud based architecture. While it is important to take
advantages of could based computing by means of deploying it in diversified sectors,
the security aspects in a cloud based computing environment remains at the core of
interest. Cloud based services and service providers are being evolved which has
resulted in a new business trend based on cloud technology. With the introduction of
numerous cloud based services and geographically dispersed cloud service providers,
sensitive information of different entities are normally stored in remote servers and
locations with the possibilities of being exposed to unwanted parties in situations
where the cloud servers storing those information are compromised. If security is not
robust and consistent, the flexibility and advantages that cloud computing has to offer
will have little credibility. This paper presents a review on the cloud computing

8
Ahmed, Monjur & Hossain, Mohammad. (2014). Cloud Computing and Security Issues in the Cloud.
International Journal of Network Security & Its Applications.

11 | D i s s e r t a t i o n
 concepts as well as security issues inherent within the context of cloud computing and
cloud infrastructure.

9. Information Privacy and Data Control in Cloud Computing: Consumers, Privacy

Preferences, and Market Efficiency9

As part of this work, the authors analyzed and categorized the terms of TOS
agreements and privacy policies of several major cloud services to aid in their
assessment of the state of user privacy in the cloud. The empirical analysis showed
that providers take similar approaches to user privacy and were consistently more
detailed when describing the user’s obligations to the provider than when describing
the provider’s obligations to the user. This asymmetry, combined with these terms’
nonnegotiable nature, led to the conclusion that the current approach to user privacy
in the cloud is in need of serious revision. In this Article, the authors suggest adopting
a legal regime that requires companies to provide baseline protections for personal
information and also to take steps to enhance the parties’ control over their own data.

10. Data Governance Taxonomy: Cloud versus Non-Cloud.10

This article describes how forward-thinking organisations believe that the only way to
solve the data problem is the implementation of effective data governance. Attempts
to govern data have failed before, as they were driven by information technology, and
affected by rigid processes and fragmented activities carried out on a system-by-

9
Jay P. Kesan, Carol M. Hayes, and Masooda N. Bashir, Information Privacy and Data Control in Cloud
Computing: Consumers, Privacy Preferences, and Market Efficiency, 70 Wash. & Lee L. Rev. 341 (2013).

10
Al-Ruithe, Majid & Benkhelifa, Elhadj & Hameed, Khawar. (2018). Data Governance Taxonomy:
Cloud versus Non-Cloud.

12 | D i s s e r t a t i o n
 system basis. Until very recently, governance has been mostly informal, with very
ambiguous and generic regulations, in siloes around specific enterprise repositories,
lacking structure and the wider support of the organisation. Despite its highly
recognised importance, the area of data governance is still underdeveloped and under-
researched. Consequently, there is a need to advance research in data governance in
order to deepen practice. Currently, in the area of data governance, research consists
mostly of descriptive literature reviews. The analysis of literature further emphasises
the need to build a standardised strategy for data governance. This task can be a very
complex one and needs to be accomplished in stages. Therefore, as a first and
necessary stage, a taxonomy approach to define the different attributes of data
governance is expected to make a valuable contribution to knowledge, helping
researchers and decision makers to understand the most important factors that need to
be considered when implementing a data governance strategy for cloud computing
services. In addition to the proposed taxonomy, the paper clarifies the concepts of
data governance in contracts with other governance domains.

11. Privacy and Legal Issues in Cloud Computing (2015).11

Adopting a multi-disciplinary and comparative approach, this book focuses on

emerging and innovative attempts to tackle privacy and legal issues in cloud
computing, such as personal data privacy, security and intellectual property
protection. Leading international academics and practitioners in the fields of law and
computer science examine the specific legal implications of cloud computing
pertaining to jurisdiction, biomedical practice and information ownership. This
collection offers original and critical responses to the rising challenges posed by cloud
computing.

11
Anne S.Y. Cheung & Rolf H. Weber, Privacy and Legal Issues in Cloud Computing (2015).

13 | D i s s e r t a t i o n
 12. Christopher S. Yoo & Timothy J. Kelly, Cloud Computing and the Law: Old
Boundaries, New Challenges, 79 U. Chi. L. Rev. 691 (2012).12

This article articulates how cloud computing has emerged as perhaps the hottest
development in information technology. Despite all of the attention it has garnered,
existing analyses focus almost exclusively on the issues surrounding data privacy
without exploring cloud computing's architectural and policy implications. This
Article offers an initial exploratory analysis in that direction. It begins by introducing
key cloud computing concepts, such as service oriented architectures, thin clients, and
virtualization, and discusses the leading delivery models and deployment strategies
being pursued by cloud computing providers. It then analyzes the economics of cloud
computing in terms of reducing costs, transforming capital expenditures into
operating expenditures, aggregating demand, increasing reliability, and reducing
latency. It then discusses the architectural implications of cloud computing for access
networking (focusing on bandwidth, reliability, quality of service, and ubiquity) and
data center interconnectivity (focusing on bandwidth, reliability, security and privacy,
control over routing policies, standardization, and metering and payment). It closes by
offering a few observations on the impact of cloud computing on the industry
structure for data centers, server-related technologies, router-based technologies, and
access networks, as well as its implications for regulation.

13. The Rise of Cloud Computing: Data Protection, Privacy, and Open Research
Challenges—A Systematic Literature Review13

12
Christopher S. Yoo & Timothy J. Kelly, Cloud Computing and the Law: Old Boundaries, New Challenges, 79
U. Chi. L. Rev. 691 (2012)

13
Hassan J, Shehzad D, Habib U, Aftab MU, Ahmad M, Kuleev R, Mazzara M. The Rise of Cloud Computing:
Data Protection, Privacy, and Open Research Challenges-A Systematic Literature Review (SLR). Comput Intell
Neurosci. 2022 Jun 7

14 | D i s s e r t a t i o n
 In this paper, the authors conduct a systematic literature review (SLR) to illustrate
all the data protection techniques that protect sensitive data outsourced over cloud
storage. Therefore, the main objective of this research is to synthesize, classify, and
identify important studies in the field of study. Accordingly, an evidence-based
approach is used in this study. Preliminary results are based on answers to four
research questions. Out of 493 research articles, 52 studies were selected. 52 papers
use different data protection techniques, which can be divided into two main
categories, namely noncryptographic techniques and cryptographic techniques.

14. Data Privacy and Data Protection: The Right of User’s and the Responsibility of
Companies in the Digital World14

The author offers a comprehensive analysis of the General Data Protection

Regulation, highlighting the regulation's aim to harmonize data protection laws
across Europe and to afford EU citizens greater control over their personal data.
Key provisions, such as the right to withdraw consent, the right to erasure, and the
requirement of a data protection officer, embody the overarching principles of
autonomy and privacy.

The author also explores the challenges companies encounter when attempting to
comply with these stringent requirements, such as the financial burdens associated
with data mapping and cross-border data transfer. Small businesses, in particular,
struggle to allocate resources for GDPR compliance, indicating a disparity in the
regulation's impact across different enterprise scales.

14
Alafaa, Princess, Data Privacy and Data Protection: The Right of User’s and the Responsibility of Companies
in the Digital World. (January 7, 2022). Available at SSRN: https://ssrn.com/abstract=4005750 or
http://dx.doi.org/10.2139/ssrn.4005750

15 | D i s s e r t a t i o n
 Tentative System of the Study

Chapter 3 - Overview of Cloud Computing

This chapter will define and introduce the concept of cloud computing, explaining its
evolution and significance in the IT landscape.

Chapter 4 - Common Models Of Cloud Computing

This chapter will delve into the different common models of cloud computing.

Chapter 5 - Data Privacy And Security, with Regard to the Digital Personal Data
Protection Act, 2023

Chapter 6 - Intellectual Property and Cloud Computing

Chapter 7 - Cross-Border Data Transfers

Chapter 8 - Conclusion and Suggestions

16 | D i s s e r t a t i o n
 CHAPTER 3

OVERVIEW OF CLOUD COMPUTING

“Cloud is about how you do computing, not where you do computing.”

–Paul Maritz

3.1 Introduction

In the ever-evolving landscape of information technology, cloud computing has emerged as a

transformative force, reshaping the way data is stored, processed, and accessed. Representing
a departure from traditional computing models, cloud computing introduces a dynamic and
flexible paradigm that allows individuals and organizations to leverage remote data centers
for their computing needs. This paradigm shift has profound implications, offering
scalability, cost-effectiveness, and accessibility on a scale previously unimaginable.

At its core, cloud computing provides users with the ability to offload IT infrastructure and
applications to centralized, often virtualized, environments. This not only streamlines
operations but also facilitates innovation by eliminating the constraints associated with local
hardware and infrastructure. As users can scale resources based on demand, cloud computing
becomes an enabler for businesses of all sizes, from individual entrepreneurs to multinational
corporations, to adapt and thrive in an increasingly digital and interconnected world.

3.2 What is Cloud Computing?

Cloud computing is a technology paradigm that involves the delivery of computing services,
including storage, processing power, and applications, over the internet. Instead of relying on
local servers or personal devices to handle computing tasks, users can access and use these

17 | D i s s e r t a t i o n
resources through remote data centers. The term "cloud" in cloud computing represents the
internet, and the services are often referred to as being delivered "in the cloud."

There are two primary standards organizations that have developed terms and definitions for
cloud computing—the US government-based National Institute of Standards and Technology
(NIST)15 and the non-governmental International Organization for Standardization (ISO).
The formal cloud computing definition from ISO/IEC 17788:2014 16 is as follows: “Cloud
computing: Paradigm for enabling network access to a scalable and elastic pool of shareable
physical or virtual resources (examples of resources include servers, operating systems,
networks, software, applications, and storage equipment) with self-service provisioning and
administration on-demand.”

3.3 Essential Characteristics

These organizations have gone further by developing essential characteristics that more
precisely define cloud computing. These characteristics also represent some of the key
benefits of cloud computing. The six essential characteristics as stated in the ISO standard
are:

Broad network access: A feature where the physical and virtual resources are available over
a network and accessed through standard mechanisms that promote use by heterogeneous
client platforms. The focus of this key characteristic is that cloud computing offers an
increased level of convenience in that users can access physical and virtual resources from
wherever they need to work, as long as it is network accessible, using a wide variety of
clients including devices such as mobile phones, tablets, laptops, and workstations.

Measured service: A feature where the metered delivery of cloud services is such that usage
can be monitored, controlled, reported, and billed. This is an important feature needed to
15
See “US Government Cloud Computing Technology Roadmap Volume I,” NIST at
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-293.pdf
16
See “ISO/IEC 17788:2014,” ISO at http://www.iso.org/iso/catalogue_detail?csnumber=60544

18 | D i s s e r t a t i o n
optimize and validate the delivered cloud service. The focus of this key characteristic is that
customers only pay for the resources that they use. From the customers' perspective, cloud
computing offers the users value by enabling a switch from a low efficiency and asset
utilization business model to a high efficiency one.

Multi-tenancy: A feature where physical or virtual resources are allocated in such a way that
multiple tenants and their computations and data are isolated from and inaccessible to one
another. Typically, and within the context of multi-tenancy, the group of cloud service users
that form a tenant will all belong to the same cloud service customer organization. There
might be cases where the group of cloud service users involves users from multiple different
cloud service customers, particularly in the case of public cloud and community cloud
deployments. However, a given cloud service customer organization might have many
different tenancies with a single cloud service provider representing different groups within
the organization.

On-demand self-service: A feature where a cloud service customer can provision computing
capabilities, as needed, automatically or with minimal interaction with the cloud service
provider. The focus of this key characteristic is that cloud computing offers users a relative
reduction in costs, time, and effort needed to take an action, since it grants users the ability to
do what they need, when they need it, without requiring additional human user interactions or
overhead.

Rapid elasticity and scalability: A feature where physical or virtual resources can be rapidly
and elastically adjusted, in some cases automatically, to quickly increase or decrease
resources. For the cloud service customer, the physical or virtual resources available for
provisioning often appear to be unlimited and can be purchased automatically in any
quantity, at any time, subject to constraints of service agreements. Therefore, the focus of this
key characteristic is that cloud computing means that customers no longer need to worry
about limited resources and might not need to worry about capacity planning.

Resource pooling: A feature where a cloud service provider's physical or virtual resources
can be aggregated in order to serve one or more cloud service customers. The focus of this

19 | D i s s e r t a t i o n
key characteristic is that cloud service providers can support multi-tenancy while at the same
time using abstraction to mask the complexity of the process from the customer. From the
customers’ perspective, all they know is that the service works, while they generally have no
control or knowledge over how the resources are being provided or where the resources are
located. This offloads some of the customers’ original workloads, such as maintenance
requirements, to the

provider. Even with this level of abstraction, it should be pointed out that users might still be
able to specify location at a higher level of abstraction (e.g., country, state, or data center).

3.4. What Is Not Cloud Computing?

While the NIST and the ISO definitions encompass a variety of computing configurations,
there are services that would only be considered “cloud computing” based on how they are
delivered.

The following scenarios would not be considered true cloud services unless they were
implemented with all six essential characteristics present:

Out-sourced IT or remote data centers: Many IT vendors blur the definition of outsourced
IT and cloud computing with some claiming outsourced IT is the same as a private cloud.
Just because someone else manages your data center, doesn’t mean the services are hosted in
the cloud. For example, true cloud services still need a self-service component, they need to
be automatically scalable based on utilization and the customer should be charged based on
cycles, bandwidth and storage used.

Virtual machine hosting: While virtual machine hosting is a key workload in the cloud,
simply hosting a virtual machine at a remote data center does not provide all the benefits that
accrue from running a virtual machine in the cloud. For example, the customer should be able
to create and retire virtual machines based on typical workload templates with a few simple
commands and could instantly gain access to the newly-created environment. The customer
20 | D i s s e r t a t i o n
should not have to worry about whether the host environment has the necessary resources to
host a single virtual machine or a thousand virtual machines. The cloud provider should be
able to automatically scale to meet the needs of the virtual machines.

Remote login or remote desktop: Hosting physical desktops or servers at a remote site where
users can log in to use the computers is just remote hosting. At the remote hosting site,
someone needs to configure and manage those individual machines. Even if that process is
automated, the ability to quickly scale up and scale down would be resource intensive. For
this reason, virtually all cloud workloads run as virtual workloads or services which are
easily spun up as customers need them.

Web-based applications or sites: Many web-based services may appear to look very much
like a cloud service but behind the scenes the site is running on a fixed number of machines
and other resources. If demand for the service grows, a non-cloud service may not be able to
scale to meet the demand and overall performance slows down for all users. A true cloud
application or site would be able to take advantage of a large pool of resources and should be
able to scale to meet any reasonable demand from users without any degradation of service.

Internet-based email: Web-based email services were some of the first Software-as-a-
Service cloud offerings from the big vendors such as Microsoft Office 365 and Google
Gmail. While these offerings are true cloud services, other web-based email solutions may
not feature the same self-service capabilities, nor can they be multi-tenant nor able to easily
scale as more customers use the service. In addition, some non-cloud services are hosted in
one data center in one location and therefore are not capable of failing over to another
location or may have poor performance if accessed from afar.

Client-server computing or distributed computing: Client-server computing was popular

before the rise of cloud computing. For example, many retail operations would have basic
client devices for service personnel to use when dealing with customers and these devices
would interact with servers at a remote location and exchange data with those servers, such as
record a sale. While it might appear that the servers were “in the cloud,” they were simply
somewhere else and most of the essential characteristics—such as rapid elasticity, scalability

21 | D i s s e r t a t i o n
and resource pooling were not available. Other characteristics such as self-service were also
not available. For example, adding a new point of sale system typically required service
personnel visits and extensive manual configuration.

Again, for a service to be classed as a true cloud computing service, all six of the essential
characteristics need to be present.

3.5. Where is the Cloud?

Modern cloud providers use a modular system of servers, data storage and networking
components that can be dropped into a data center anywhere in the world. These compute
modules are connected to electricity for power and water for cooling and then they can be
provisioned automatically to join the cloud.

The major cloud providers typically have data centers around the world to serve local users
and to provide some level of redundancy in the event of disruptions in other data centers. In
some cases, these data centers may only be available for a particular set of users based on
national data residency requirements or regulations, or to address the special needs of a
community of customers, such as government users. In other cases, using local data center
trustees is a way for a cloud provider to have local government data requests handled by the
legal team of the local data center trustee.

Ultimately an enterprise-grade cloud vendor should provide transparent, seamless, secure and
fast access to its cloud services from almost anywhere in the world while complying the
regulatory needs of each region and its customers.

22 | D i s s e r t a t i o n
Figure: Google’s cloud network17

3.6. History of Cloud Computing

As businesses migrate workloads online and build new cloud-native applications, the cloud
displaces enterprise data centers. However, the concept of computing as a utility or service is
certainly not new, and businesses didn't always own and operate private data centers. Until
the introduction of minicomputers -- such as the Digital Equipment PDP and VAX series that
proliferated across business and academia in the 1970s -- only the largest enterprises and
government agencies could afford to buy and operate a mainframe.

The data processing needs of smaller companies fueled the rise of time-sharing as a business,
with hundreds of companies providing services by the mid-1960s. While most of these
companies are lost to history, some like IBM Global Services, DXC Technology (successor
of Electronic Data Systems and Computer Sciences Corporation) and NTT Data (which
acquired Perot System) survive as part of full-service IT services providers.

he rise of minicomputers was followed by PCs and Unix workstations along with Windows
and Unix servers destroyed what was left of the time-sharing market and paved the way for
modern data centers and subsequently cloud computing. Though virtualization had long been
17
See https://cloud.google.com/about/locations#network

23 | D i s s e r t a t i o n
part of IBM's mainframe operating system, the final piece of technology was the reinvention
of virtual machines for x86 systems by the founders of VMware in 1999. VM technology
provided the foundation for cloud compute instances and soon led to the virtualization of
other infrastructure resources that constituted the early cloud services, including the
following:

storage (block volumes, network file shares and object buckets);

networks (VPNs and virtual LANs);

application containers (Docker runtime); and

network control plane and service (software-defined network and network functions
virtualization).

Tracing the etymology of the term cloud is difficult since the cloud metaphor was widely
used by early internet designers to denote the wide-area routing and switching infrastructure
between network nodes. Perhaps the first use of cloud to describe a collection of remotely
executing applications and services came from Andy Hertzfeld, one of the creators of the
original Apple Mac computer, who later co-founded General Magic in 1993. In a 1994 Wired
article, Hertzfeld described the startup's new Telescript system as follows:

The beauty of Telescript is that now, instead of just having a device to

program, we now have the entire Cloud out there, where a single program can
go and travel to many different sources of information and create sort of a
virtual service.

The term cloud came into widespread use in 2006 when Amazon launched AWS with the
Elastic Compute Cloud (EC2) service.

24 | D i s s e r t a t i o n
1990s: Precursors to cloud computing- The precursors to cloud computing include time-
sharing, ASPs and consumer information services, such as CompuServe and AOL. They
show that the impetus for remote services, whether delivered over the internet or a dial-up
line, was the need for applications and data that couldn't easily -- if at all -- be provided
locally. Although virtual machines were long part of mainframe systems, early time-sharing
uses centered on application processing.

By the late 1990s, ASPs were common, and the Oracle brain trust extended the idea to multi-
tenant SaaS applications, leading Benioff to leave and found Salesforce while Goldberg
stayed on at Oracle and started NetSuite.

Complicated enterprise software -- such as enterprise resource planning (ERP), customer

relationship management (CRM) and financial systems -- are ideal candidates for SaaS due to
the cost of the required infrastructure and expertise needed to operate them.

It wasn't until enterprises installed larger internet circuits and executives warmed up to the
concept of remotely executing applications that companies such as Salesforce took off, with
revenue exploding in the 2000s. The popularity of consumer online applications and social
networks -- such as Evernote, Facebook, Webex and Dropbox -- paved the way for business
SaaS by demonstrating the convenience, simplicity and reliability of online applications to
enterprise executives.

2000s: The modern cloud- Cloud services as broadly understood today -- virtual
infrastructure resources, development platforms and complete applications -- emerged in the
2000s. While Benioff was evangelizing the benefits of SaaS business applications, internet
businesses such as Amazon, Google and Microsoft were building vast data centers to
accommodate the rapid growth of online commerce and applications.

AWS birthed the IaaS industry as an outgrowth of previous efforts to create its Amazon
marketplace for third-party retailers. After building the necessary infrastructure and APIs,
some at the company realized that they had unused capacity -- particularly outside peak
shopping periods -- that could be rented on demand. AWS was born when S3 and EC2 were

25 | D i s s e r t a t i o n
released in 2006. Microsoft and Google soon followed with cloud services in 2008, with
Azure and Google App Engine, respectively. The same year, NASA released the Nebula
platform that evolved into OpenStack.

Google simultaneously pioneered SaaS productivity applications by releasing the Google

Apps suite in 2007. In 2009, Apple introduced limited online document sharing and editing in
iWork, while Microsoft joined the SaaS market by launching Office 365 in 2011.

Consumers were first to embrace the cloud via services such as Dropbox, Google Drive,
iCloud and other file storage products that replaced email and USB sticks for file sharing and
local hard drives for backup. These same use cases attracted businesses to both packaged
SaaS backup products and low-cost IaaS storage services such as S3 and Azure Storage for
off-site archival. As virtualization overtook enterprise data centers, organizations augmented
these storage services with compute instances to create remote disaster recovery
environments at a fraction of the cost of dedicated secondary facilities.

2010s: Cloud computing evolves- The nexus of cost-conscious businesses recovering from
the 2008 financial crisis and rapidly maturing cloud technology led many organizations to
explore cloud services as an alternative to capital-intensive private infrastructure. The pay-as-
you-go convenience of cloud services fueled organic bottom-up adoption within large
enterprises. It enabled teams to begin creating cloud environments from department budgets
without needing to go through long capital approval processes for new equipment or
supporting complex deployment and maintenance demands that accompany local data
centers.

The decade saw an explosion of new business and consumer cloud services along with
construction of the hyperscale data centers required to operate them, with Apple iCloud, IBM
Cloud and Oracle Cloud all launching. The decade's latter half saw the rise of container
infrastructure -- namely, Docker container runtime and image format, and the Kubernetes
cluster manager -- as a replacement for VMs. Every cloud service soon introduced container
management services and hybrid products, such as Docker Enterprise, Red Hat OpenShift

26 | D i s s e r t a t i o n
and VMware Tanzu, offering workload portability between private and public cloud
environments.

3.7. Conclusion

Cloud computing is a technology paradigm that involves the delivery of computing services,
including storage, processing power, and applications, over the internet. Instead of relying on
local servers or personal devices to handle computing tasks, users can access and use these
resources through remote data centers. The term "cloud" in cloud computing represents the
internet, and the services are often referred to as being delivered "in the cloud."

27 | D i s s e r t a t i o n
 CHAPTER 4

COMMON MODELS OF CLOUD COMPUTING

“The cloud services companies of all sizes…The cloud is for everyone. The cloud is a
democracy.”

–Marc Benioff

4.1. Introduction

In the dynamic realm of cloud computing, diverse service models form the bedrock of this
transformative technology, providing users with tailored approaches to meet their specific
needs. These service models, namely Infrastructure as a Service (IaaS), Platform as a Service
(PaaS), and Software as a Service (SaaS), delineate the scope and responsibilities of users
and service providers, shaping the landscape of cloud-based solutions.

As organizations and individuals navigate the vast possibilities offered by the cloud,
understanding these distinct service models becomes imperative. IaaS offers a virtualized
infrastructure, granting users the flexibility to manage and scale virtual machines, storage,
and networks. PaaS, on the other hand, abstracts away infrastructure complexities, providing
a platform for application development and deployment. Meanwhile, SaaS delivers ready-to-
use software applications over the internet, eliminating the need for local installations.

This exploration into the models of cloud computing invites us to delve deeper into the
intricacies of each, understanding how they empower users with unprecedented flexibility,
scalability, and efficiency. By unraveling the layers of IaaS, PaaS, and SaaS, we unravel the
fabric of cloud computing, where innovation converges with functionality to shape the digital
landscape.

4.2. Service Models

28 | D i s s e r t a t i o n
Along with the essential characteristics, the NIST and the ISO have defined several cloud
computing service models and sub-models as well as four deployment models. The first three
service models are the primary models on which the other models are based.

The following cloud service categories provide capabilities to the cloud service customer:

Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision

processing, storage,networks, and other fundamental computing resources where the
consumer is able to deploy and run arbitrary software, which can include operating systems
and applications. The consumer does not manage or control the underlying cloud
infrastructure but has control over the operating systems, storage, deployed applications, and
possibly limited control of select networking components (e.g., host firewalls).

The most common example of IaaS is running virtual machines in a remote cloud
environment. While the customer has control over the rapid provisioning and management of
the virtual machine hosted operating environment, the CSP manages the infrastructure that
the virtual machine runs in as well as supporting services such as networking and storage.
The CSP also ensures there is a large enough pool of resources to accommodate the new
infrastructure requirements.

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the
cloud infrastructure consumer-created or acquired applications created using programming
languages and tools supported by the provider. The consumer does not manage or control the
underlying cloud infrastructure including network, servers, operating systems, or storage, but
has control over the deployed applications and possibly application hosting environment
configurations.

In this case, the customer or an independent software vendor (ISV) creates a computer
program that executes in the cloud using a set of application programming interfaces (APIs)
specifically tuned to executing in a cloud environment. Instead of the program running on a

29 | D i s s e r t a t i o n
local computer, the program runs in the cloud and provides services to users and client
processes that interface with the program.

Software as a Service (SaaS): The capability provided to the consumer to use the provider’s
applications running on a cloud infrastructure. The applications are accessible from various
client devices through a thin client interface such as a Web browser (e.g., Web-based email).
The consumer does not manage or control the underlying cloud infrastructure including
network, servers, operating systems, storage, or even individual application capabilities, with
the possible exception of limited user-specific application configuration settings.

The most common examples of a SaaS solution is cloud-based email as a service, such as
Microsoft Exchange Online (which is part of Office 365) or Google Gmail. In both cases, the
user can interface with the email service using a Web browser connected to the cloud service
or they can configure a mail application on a client device, such as Outlook, to interface with
the service and download and send email using the application’s interface.

In addition, there are numerous sub-models that have been offered by CSPs and we can
expect new models to appear in the future. The additional sub-models that the ISO defines
are as follows:

Communications as a Service (CaaS): This model includes real-time communications,

interaction and collaboration services and can be delivered as PaaS or SaaS. Microsoft’s
Skype for Business is an example of this type of service.

Compute as a Service (CompaaS): The ISO defines this as the “provision(ing) and use of
processing resources needed to deploy and run software.” This service is delivered as IaaS
and is actually the original cloud service model. In the early days of Amazon’s EC2 offering,

30 | D i s s e r t a t i o n
customers could buy raw compute power or server capacity and be billed using a
consumption-based model.

Data Storage as a Service (DSaaS): The ISO defines this as the “provision(ing) and use of
data storage and related capabilities” and it can be delivered using IaaS, PaaS or SaaS. The
most common examples of DsaaS would be virtual data storage offerings such as Dropbox,
Box, Google Drive and Microsoft OneDrive. In each case, customers can connect to the
cloud service and use the cloud to store files.

Network as a Service (NaaS): The ISO defines this as the delivery of “transport connectivity
and related network capabilities.” This service can be delivered as IaaS, PaaS or SaaS and
can address network enhancement, security and bandwidth challenges. A common example
of NaaS would be a virtual private network (VPN) service offered by a CSP. The customer
connects to the CSP’s network infrastructure and the cloud offering then tunnels the
customer’s network traffic using the cloud-delivered VPN service.

4.3. Cloud Deployment Models

Cloud deployment models represent how cloud computing can be organized based on the
control and sharing of physical or virtual resources. The cloud deployment models, as
defined by the ISO, include:

Public cloud: Cloud deployment model where cloud services are potentially available to any
cloud service customer and resources are controlled by the cloud service provider. A public
cloud may be owned, managed, and operated by a business, academic, or government
organization, or some combination of them. It exists on the premises of the cloud service
provider. Actual availability for specific cloud service customers may be subject to
31 | D i s s e r t a t i o n
jurisdictional regulations. Public clouds have very broad boundaries, where cloud service
customer access to public cloud services has few, if any, restrictions.

Public cloud is the most common deployment model. Examples include Amazon AWS,
Google G Suite and Microsoft Azure and Office 365.

Private cloud: Cloud deployment model where cloud services are used exclusively by a
single cloud service customer and resources are controlled by that cloud service customer. A
private cloud may be owned, managed, and operated by the organization itself or a third party
and may exist on premises or off premises. The cloud service customer may also authorize
access to other parties for its benefit. Private clouds seek to set a narrowly controlled
boundary around the private cloud based on limiting the customers to a single organization.

Private clouds are less common but popular with very large organizations that want more
control over the cloud infrastructure. For example, IBM offers private cloud services and
Microsoft offers the packaged Azure Pack software solution to allow customers to front-end
their own data center systems and services as cloud services within their own organizations.
OpenStack is another tool that is popular for building private clouds.

Community cloud: Cloud deployment model where cloud services exclusively support and
are shared by a specific collection of cloud service customers who have shared requirements
and a relationship with one another, and where resources are controlled by at least one
member of this collection. A community cloud may be owned, managed, and operated by one
or more of the organizations in the community, a third party, or some combination of them,
and it may exist on or off premises. Community clouds limit participation to a group of cloud
service customers who have a shared set of concerns, in contrast to the openness of public
clouds, while community clouds have broader participation than private clouds. These shared
concerns include, but are not limited to, mission, information security requirements, policy,
and compliance considerations.

32 | D i s s e r t a t i o n
Community clouds are most popular in government or law enforcement scenarios where
there is a need to share data and resources across similar agencies and a requirement to
isolate the environment from public access.

Hybrid cloud: Cloud deployment model using at least two different cloud deployment
models. The deployments involved remain unique entities but are bound together by
appropriate technology that enables interoperability, data portability and application
portability. A hybrid cloud may be owned, managed, and operated by the organization itself
or a third party and may exist on premises or off premises. Hybrid clouds represent situations
where interactions between two different deployments may be needed but remained linked
via appropriate technologies. As such the boundaries set by a hybrid cloud reflect its two base
deployments.

Hybrid cloud is becoming more popular as organizations look to leverage existing data center
resources wrapped as private cloud services set up to interact with public cloud services such
as a SaaS email service or an IaaS virtual machine. Microsoft offers the Microsoft Azure
Stack which allows customers to automate the integration of private and public cloud
services while providing a single combined experience for users.

4.4. Examples of Cloud Deployment Models

4.4.1. Multi-tenant public cloud

33 | D i s s e r t a t i o n
As this graphic here are three service models (SaaS, PaaS and IaaS) hosted by a cloud vendor
and these solutions service three different companies and within those companies, multiple
workers access the various services. Since multiple companies use the same services—but in
an isolated way—this is considered a multi-tenant environment. For example, the SaaS
solution might be an email service such as Gmail. Worker #1 from Company A is using the
service at the same time as Worker #2 from Company B. They are both using the same
service but they are totally isolated from each other and the user and company data are
protected from being exposed to other customers using the same service. Other workers are
building cloud apps using a PaaS solution and others are running virtual machines for hosting
custom workloads. All these run isolated from each other as though each user had his or her
own machine or dedicated application environment. If more users access the services, the
cloud environment is engineered to automatically draw from its pool of resources and scale to
meet the demands of the users.

Another key part of this example is the use of the term public cloud. This refers to the fact
that these services are available for use by multiple customers and these customers typically
gain access to the services using a secure connection via the public Internet infrastructure.
Access could be simply a web-based application running in the user’s browser as the
interface into the service in the cloud (for example, a web-based email service such as Gmail)
or it could be a rich client application on a PC or mobile device that front ends access to the
backend services hosted in the cloud (for example, Outlook running on a PC accessing mail
hosted in Office 365).

The cloud provider might also have multiple data centers around the country or around the
globe in order to provide better performance or fault tolerance in the event of a disaster. To
the users, there is no sense of this backend architecture as it is totally transparent to the user
experience.

The key point in this example is multiple customers and users are sharing access to the same
set of services and resources but each is totally protected and isolated from the other.

34 | D i s s e r t a t i o n
4.4.2. Single entity private cloud

One of the more confusing deployment models is the private cloud. In this example, there is a
single company accessing services hosted in a cloud but this cloud is not shared with other
companies. Not only is this cloud not shared, but the infrastructure is often built behind
firewalls to isolate it from the public Internet. And in addition, the cloud data center is often
hosted in a company facility or possibly a remote facility that the company or its agents
control. These facilities are accessed using a VPN or similar secure network tunneling
technology. The confusion arises as we consider if this is really a cloud scenario or is it
simply a dedicated data center hosting applications for local and remote workers around the
company. Again, our essential characteristics are the key to distinguishing this environment
as a cloud or not. If the services are running on static servers, then this is probably not a
cloud. If the services run as virtualized workloads that automatically scale to meet demand
and can be easily created and retired by departments and users, then it probably is a cloud
environment. The fact that a single entity uses the environment does not impact whether this
is a cloud or not. The elastic, highly-automated, resource-pooled architecture is the key. This
architecture, while simple to use, is based on an extremely complex foundation and therefore

35 | D i s s e r t a t i o n
is not something that most companies are in a position to build for themselves. For this
reason, companies typically turn to off-the-shelf toolsets or packaged software offerings to
build their private cloud environments. For example, Microsoft packages up the core
software components that make up its Azure cloud services and makes it available as the
Windows Azure Pack, which runs on top of Microsoft Server,

System Center, SQL Server and more. To the users, this makes their own data center
software look like cloud services and extends capabilities by offering self-service, scaling,
virtual machine hosting and more.

Private clouds appear to be more popular in highly regulated industries where data protection
is paramount or in other applications that deal with highly sensitive data. Some customers
feel they are better protected if they control the entire environment and the physical security
of their data centers. But doing security right can be very expensive and may defeat the cost
benefits of cloud computing. Ultimately, large cloud providers such as Microsoft, Amazon
and IBM can offer levels of security that far exceed what individual organizations can
provide for themselves. Since the large cloud providers are protecting thousands of
customers, their collective knowledge on how to deal with threats means they have a better
chance to stay ahead of the bad guys. As a result, secure enterprise public clouds are likely to
be more popular as customers become more comfortable with cloud computing.

4.5. On-premises vs. Cloud Computing

Even with these examples of cloud computing, it is worth reviewing the key differences
between traditional “on-premises” computing and cloud computing. The term “on-premises”
is a bit of a misnomer since a corporate data center might be in a different locality and users
access the data center services using remote sessions, web-based sessions or other client-
server technologies such as file sharing over the Internet or a VPN connection. Because some
of these “on-premises” data centers are remote, this type of computing is often confused with
cloud computing which also accesses remote services.

4.5.1. On-premises computing

36 | D i s s e r t a t i o n
On-premises computing involves one or more data centers that are owned and/or controlled
by the organization that they serve. The servers and equipment in the data centers are also
owned or leased by the organization, all of which operates under a capital expenditure model.
That is, the organizations purchase the assets with large upfront outlays of funds. In some
cases, leasing is involved but the equipment is leased regardless of how much of the
equipment resources are used. Organizations typically operate the data center or hire a third
party to run it for them and they fully control the software and data in the data center. This
includes installing operating systems, software and updates and ensuring the data center
buildings and property and software are all properly secured. A firewall is typically used to
prevent unauthorized access to the data center and security software is used to allow
authorized remote access. In other words, operating your own data center can be very
expensive because of large asset purchases, staffing for operations and building costs.

Local users gain access to the data center using the onsite network. Remote users access the
data center services using secure communications over the Internet or in some cases using
dedicated long-haul network connections.

4.5.2. Cloud computing

In cloud computing, unlike on-premises computing, data center operations are all handled by
the cloud service provider. Instead of high capital outlays and the need for data center staff,
the organization operates under an operational expense model where departments and users
are charged for the services they use, in a similar way to how an organization pays for
electricity based on consumption. The cloud provider owns the software and makes it
available as a pay-per-use service. These services can include access to virtual machines,
software services such as email hosting and platform services that allow organizations to
write applications designed specifically for the cloud. Even though the cloud provider
controls the infrastructure, the users still own the data. Techniques such as encryption and
tenant isolation keep data safe from other cloud users and even the cloud provider. This is an
important point for customers in highly regulated markets such as healthcare or financial
services or sensitive data scenarios such as law enforcement. Using the cloud should not

37 | D i s s e r t a t i o n
compromise data protection obligations or requirements. Services can be hosted across a
transparent network of cloud data centers in different countries and when a customer
connects to the service they are typically unaware of which data center they are connected to.
This allows users to get optimal service regardless of where they are connecting from. It is to
be noted that the user experience for both on-premises and cloud computing can be exactly
the same. The main differences are with the backend infrastructure—both operationally and
the funding model.

4.6. Example: On-Premises Email Vs. Cloud-Based Email

To illustrate what this means, let’s look at backend email services, both using an on-premises
model with corporate-owned servers and using a cloud Software-as-a-Service model. In both
cases, the user experience is again exactly the same. The user is running a mail client
application, such as Microsoft Outlook, on his or her corporate PC as well as an email app on
his or her personal mobile device. The user has no idea whether the back-end service is
running on a corporate server or in the cloud.

With the email services running on a server in an organization’s data center, the organization
is responsible for acquiring the server and server software and hosting it in a secure location
as well as managing the operation and updates for the server environment. This server might
also be running other corporate workloads such as database applications. With multiple users
and multiple workloads, the user experience can be variable, meaning high user load results
in worse performance. The organization is also responsible for spam control, malware
prevention and compliance with regulations that impact its business data. Overall, running
this type of operation can be expensive, resource intensive and can provide an uneven user
experience.

In a cloud scenario, the user email client connects to a cloud service instead of an email
service running on a server in the corporate data center. If we look at Office 365 with
Exchange Online as an example, the customer walks through some simple steps to configure
email for his or her organization and the mailboxes for each user are auto-deployed.

38 | D i s s e r t a t i o n
Authenticated access to the mailboxes can be through a cloud-based or on- premises identity
management system. In this case, Microsoft provides access to the back-end resources in the
form of cloud services. It handles the management, patching and updating of the systems and
ensures the environment is secured—with the help of teams of hundreds of engineers,
security experts and legal staff—and data processing is managed in compliance with
applicable regulations and laws. Since Microsoft has a large pool of resources to draw from,
the system automatically scales up or down to handle workloads with consistent
performance. Microsoft also makes the services available transparently through local network
entry points around the world so that the user experience is again as consistent as possible.
The customer is only billed for the services used by each user and is not responsible for the
purchase or maintenance of the back-end equipment and services.

For most organizations—banks, insurance companies, airlines, hospitals and governments—

IT is not their primary focus. Cloud computing allows them to focus on their core business
and lets the cloud provider focus on delivering the service in a secure and compliant way.

4.7. Conclusion

In conclusion, the exploration of cloud computing's fundamental service models—Software

as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)—
reveals a dynamic landscape that caters to diverse user needs while fostering innovation and
efficiency. Each model presents a unique perspective on the delivery of computing services,
allowing users to choose the level of abstraction and control that aligns with their specific
requirements.

The multi-tenant nature of these models, as illustrated in the example, underscores the shared
yet isolated utilization of cloud resources by different companies and users. This paradigm
not only ensures optimal resource utilization but also upholds the paramount principles of
data privacy and security, reinforcing the reliability and trustworthiness of cloud computing
environments.

39 | D i s s e r t a t i o n
Furthermore, the concept of the public cloud emerges as a key facet, highlighting the
accessibility of these services to a broad user base via secure connections over the public
Internet. Whether accessed through web-based applications or rich client interfaces, the
public cloud exemplifies flexibility and convenience for users while maintaining the intricate
backend infrastructure transparent to their experience.

40 | D i s s e r t a t i o n