Cloud Technologies
Cloud computing delivers computing resources — storage, processing, software — over the internet on demand. While offering enormous flexibility, it also introduces risks that must be carefully evaluated.
Learning Objectives
- 11.1.3.5 Evaluate risks of cloud technologies
Conceptual Anchor
The Electricity Analogy
Before the electrical grid, every factory had its own generator. It was expensive and inefficient. Then came the power grid — electricity generated centrally and delivered on demand. You pay only for what you use. Cloud computing does the same for IT: instead of buying servers, you rent capacity from providers like AWS, Google Cloud, or Azure.
Rules & Theory
Cloud Service Models
| Model | What You Get | You Manage | Example |
|---|---|---|---|
| IaaS (Infrastructure) | Virtual machines, storage, networking | OS, apps, data | AWS EC2, Google Compute |
| PaaS (Platform) | Development environment, runtime, tools | Apps, data | Heroku, Google App Engine |
| SaaS (Software) | Ready-to-use application | Nothing (just use it) | Gmail, Google Docs, Dropbox |
Deployment Models
| Model | Description | Best For |
|---|---|---|
| Public cloud | Shared infrastructure, accessible to anyone | Startups, general use |
| Private cloud | Dedicated infrastructure for one organization | Banks, governments |
| Hybrid cloud | Mix of public and private | Organizations needing both flexibility and security |
Benefits vs Risks
| Benefits | Risks | |
|---|---|---|
| Cost | No upfront hardware costs, pay-as-you-go | Ongoing subscription costs add up over time |
| Scalability | Scale up/down instantly as needed | Unexpected costs from uncontrolled scaling |
| Accessibility | Access from anywhere with internet | No internet = no access |
| Security | Professional security teams at providers | Data stored on third-party servers (trust issue) |
| Data sovereignty | — | Data may be stored in another country with different laws |
| Vendor lock-in | — | Difficult to switch providers once committed |
| Reliability | Redundancy, 99.99% uptime SLAs | Provider outage affects all customers simultaneously |
Data Sovereignty
When you upload data to the cloud, it may be physically stored in a data center in another country. That country's laws apply to your data. For example, Kazakh student data stored on US servers could be subject to US law enforcement requests. This is a major concern for governments and organizations handling sensitive data.
Worked Examples
1 Choosing a Cloud Model
Scenario: A startup wants to launch a web app quickly with minimal upfront cost.
Best choice: PaaS (e.g., Heroku) — deploy code without managing servers. Start small, scale automatically as users grow. Pay-as-you-go pricing.
2 Risk Assessment
Scenario: A hospital considers moving patient records to the cloud.
- ✅ Benefit: Access from any hospital branch
- ✅ Benefit: Automatic backups
- ⚠️ Risk: Data privacy (patient confidentiality)
- ⚠️ Risk: Internet outage = no access to records
- ⚠️ Risk: Data sovereignty (where is it stored?)
- Recommendation: Private cloud or hybrid cloud with encryption
Common Pitfalls
"The Cloud Is Just Someone Else's Computer"
While technically true, cloud providers offer much more: automatic scaling, redundancy, global distribution, and professional security that most organizations can't achieve alone.
Ignoring Exit Strategy
Students (and companies) forget to plan for leaving a cloud provider. Vendor lock-in can make migration extremely expensive and time-consuming.
Tasks
Define IaaS, PaaS, and SaaS. Give one example of each.
Explain how data sovereignty could be a problem for a government using cloud services.
A school wants to use cloud services for email and file storage. Recommend a deployment model and service model. Justify your choices.
Compare public cloud vs private cloud for a bank. Evaluate security, cost, and scalability for each option.
Self-Check Quiz
Q1: What does SaaS stand for?
Q2: What is vendor lock-in?
Q3: Which cloud deployment model combines public and private?