Understanding Third-Party Cloud Providers

Title: COMP3xxxx Service Centered and Cloud Computing URL Source: blob://pdf/9e61a3be-4610-48eb-82ac-aa3323840daf Markdown Content: COMP30231 -8 Third -party cloud providers > Zoheir Ezziane ## COMP 30231 Third -Party Cloud Providers So far.. IS strategy and how cloud computing can help The role of Enterprise Architecture in developing a framework for cloud computing Deciding on a cloud services solution and implementation Governance Cost models for cloud computing The business case for cloud computing Managing risk Today Third -party cloud service providers > 5/3/2025 2 ## COMP30231 - Lectures & seminars 3 May 2025 3 Lecture Subject Week 1 IT Strategy & where Cloud Computing fits Week 2 Adopting Cloud Computing #1 Enterprise Architecture Week 3 Adopting Cloud Computing #2 Gap analysis and implementation Week 4 Adopting Cloud Computing #3 - Governance Week 5 Cost models for Cloud Computing moving from capital to expense Week 6 The business case for moving to Cloud Computing Week 7 Managing risk in Cloud Computing Week 8 Cloud provider business models Week 9 Contracting with a Cloud provider Week 10 Review Week 11, 12 Exam Support drop -ins Types of cloud service providers Recap: Some definitions Cloud computing environments Public cloud : Services made available to a large industry group or the general public. Private cloud : Services one organisation, whether the physical provision is on or off premises. Useful for large organisations that have specific security or resource requirements. Community cloud : organisations that have common business requirements. These requirements are usually driven by the need for shared data, shared services, or shared industry regulations. This means they re typically organizations in the same industry or departments of the same organizational body such as NHS, Ministry of Dfense, etc. Industry cloud are composable building blocks cloud services, applications, and other tools that are built for strategic use cases in specific industries such as retail stores, healthcare organsations , etc. Hybrid cloud : Two or more clouds (i.e., private, industry, or public) make up a hybrid cloud, but each remains a unique entity. Can be used for load balancing across more than one cloud. > 5/3/2025 5 ## Recap: Some definitions Cloud service delivery models DaaS (Data as a Service): Provision of data to end users over the Internet SaaS (Software as a Service): Provision of applications with which customers can carry out particular tasks PaaS (Platform as a Service): Provision of infrastructure and development tools on which customers can program and deliver applications IaaS (Infrastructure as a Service): Provision of hardware on which customers can store data or run applications XaaS (Anything as a Service) or "everything as a service : "X" can be changed: IaaS refers to infrastructure as a service, PaaS a platform for development, SaaS a software as a service, etc. > 5/3/2025 6 ## Categories of cloud service providers Company type Offerings Examples Cloud technology provider Creates cloud technology. Are often also cloud service providers.. AWS (EC2). Nvidia DGX: GCP(Tensor Processing Units), Lambda labs, Oracle > 5/3/2025 7 ## Video Time: What is a PaaS? https://www.youtube.com/watch?v=wjdPQpCzPZ 4 > 5/3/2025 8 ## Categories of cloud service providers Company type Offerings Examples Cloud technology provider Creates cloud technology. Are often also cloud service providers. AWS (EC2). Nvidia DGX: GCP(Tensor Processing Units), Lambda labs, Oracle Cloud service provider Provides cloud products, hosts cloud services (storage, computing, or software). May also be technology providers. Fujitsu, Dell, HP, Rackspace, AWS, Azure, Google Cloud, VMware > 5/3/2025 9 ## Video Time: Cloud service providers https://aws.amazon.com/awstv/watch/ 3059 da 9f36 d/ > 5/3/2025 10 ## Categories of cloud service providers Company type Offerings Examples Cloud technology provider Creates cloud technology. Are often also cloud service providers. AWS (EC2). Nvidia DGX: GCP(Tensor Processing Units), Lambda labs, Oracle Cloud service provider Provides cloud products, hosts cloud services (storage, computing, or software). May also be technology providers. Fujitsu, Dell, HP, Rackspace, AWS, Azure, Google Cloud, VMware Cloud independent software vendor Value -added services for cloud, including managing or monitoring Flexera, Densify, SAP, Salesforce, Citrix, Canonical > 5/3/2025 11 ## Video Time: Can smaller companies compete? https:// www.youtube.com /watch?v =EYxqTayZhQQ > 5/3/2025 12 ## Categories of cloud service providers Company type Offerings Examples Cloud technology provider Creates cloud technology. Are often also cloud service providers. AWS (EC2). Nvidia DGX: GCP(Tensor Processing Units), Lambda labs, Oracle Cloud service provider Provides cloud products, hosts cloud services (storage, computing, or software). May also be technology providers. Fujitsu, Dell, HP, Rackspace, AWS, Azure, Google Cloud, VMware Cloud independent software vendor Value -added services for cloud, including managing or monitoring Flexera, Densify, SAP, Salesforce, Citrix, Canonical Cloud systems integrator / cloud broker Assists companies in implementing cloud services Integrators: Accenture, Wipro Brokers: Boomi, RackNap > 5/3/2025 13 ## Video Time: Cloud Brokers https:// www.youtube.com /watch?v =Hj _-gxVRRIM > 5/3/2025 14 The market for cloud service vendors Cloud service vendors Incredible pace of change in the cloud services market New vendors Mergers Acquisitions Partnerships Closed businesses Increasing consolidation as the major IS providers continue to acquire and partner with new companies to round out their cloud offering Large established companies may offer greater levels of confidence, but new, smaller companies may be able to offer better innovation > 5/3/2025 16 5/3/2025 17 Large IT companies with no history of cloud computing are entering the market through acquisitions and partnerships The challenge for them (and their customers) is how to integrate cloud services into their business and technologies Amazon and its cloud service partners > 5/3/2025 18 5/3/2025 19 Cloud services vendor competition This industry flux and consolidation also means that cloud service providers are increasingly competing on price. > 5/3/2025 20 Google charges 2 while Amazon charges 2.3 per GB per month for standard storage, however archiving is 0.12 vs 0.4. The cost for an AWS EC2 instance is approximately $0.0154 per second Video Time: Cloud Service Providers https://www.youtube.com/watch?v=UQ5tG1sFNF8 > 5/3/2025 21 Selecting a cloud service provider Evaluating cloud service vendors Some key aspects to consider: Try to determine their commitment to the cloud model Check the existing customer base of the vendor Check for levels of configurability and flexibility (particularly for SaaS) Consider integration needs and fit with your target architecture Evaluate the vendors upgrade and maintenance strategies Consider proposed Service Level Agreements (SLAs) Examine the vendors security plans Check the vendors back -up and disaster recovery plans > 5/3/2025 23 5/3/2025 24 A framework for evaluation User & Device Service Data Business Legal > 5/3/2025 25 ## A framework for evaluation - data Encryption in transit Are SSL / TLS protocols used for data encryption in transit? Encryption at rest Is data stored using AES 256 -bit encryption? Who controls the encryption keys can the cloud service provider decrypt your data? 5/3/2025 26 > User & > Device > Service > Data > Business > Legal A quantum computer would take 2.29*10^32 years to crack, longer than the age of the Universe A framework for evaluation - data Encryption in transit Are SSL / TLS protocols used for data encryption in transit? Encryption at rest Is data stored using AES 256 -bit encryption? Who controls the encryption keys can the cloud service provider decrypt your data? Data multi -tenancy How is data for multiple tenants separated? Data retention on termination Terms and conditions related to how long and in what form data is retained by the cloud service provider after the contract is terminated. > 5/3/2025 27 > User & > Device > Service > Data > Business > Legal ## A framework for evaluation - business Data centre hosting locations Are the locations aligned with your data privacy obligations? Can the cloud service provider offer to restrict data movement? Third -party certifications Has the cloud service provider gone through rigorous third -party certifications (e.g. ISO 27001 or SAS 70 ). IS 0 27001:2013 is a UK/EU quality standard for information security management. SAS 70 : Focused on auditing internal controls of service organizations, particularly those managing or processing third -party data 5/3/2025 28 > User & > Device > Service > Data > Business > Legal ## A framework for evaluation - legal Jurisdictional location Is the provider located in a favourable jurisdiction in the event of legal disputes? Dispute resolution Make sure that the terms of service do not limit legal remedies such as arbitration or other settlement methods Prohibited from third -party disclosure Ensure that the provider does not share data in response to suit or subpoena without notifying the customer that their data has been shared Copyright controls The service meets the requirements governing IP including Digital Millennium Copyright Act (DMCA) IP Ownership Clear statement that all information uploaded is owned by the customer and not the cloud provider > 5/3/2025 29 > User & > Device > Service > Data > Business > Legal ## A framework for evaluation user ## and device Anonymous use policy Services are only provided to authenticated users with correct credentials, not anonymous users without an account Identify the federation method Authentication methods for identity federation such as SAML or OAuth are used Multi -factor authentication In addition to username/password controls, the service supports the use of two -factor authentication, using tokens or biometrics Device access control Access to the service can be based on approved device operating systems or registered devices, limiting exposure to unsecured devices 5/3/2025 30 > User & > Device > Service > Data > Business > Legal ## A framework for evaluation ## service Penetration testing Does the provider perform regular penetration testing according to CSA and OWASP recommendations? 5/3/2025 31 > User & > Device > Service > Data > Business > Legal CSA is the Cloud Security Alliance which aims to promote best practice in security assurance within cloud computing. OWASP is the Open Web Application Security Project, an open group of more than 36,000 participants, who produce a code of conduct for development organisations (The OWASP Gray Book ). The code of conduct includes recommendations and requirements related to security risks, training, controls etc. A framework for evaluation ## service Penetration testing Does the provider perform regular penetration testing according to CSA and OWASP recommendations? Not compromised in last 12 months No security breach in the last 12 months across all production tenants IP filtering It helps to control what IP traffic will be allowed in and out Audit trails All actions - logins, uploads, downloads, views etc. are tracked in a full audit trail, allowing identification of suspicious activity. 5/3/2025 32 > User & > Device > Service > Data > Business > Legal Summary Summary The market for cloud services is changing rapidly, with new entrants, different roles (broker, technology provider, service provider etc.) and consolidation between companies. Selecting a provider of cloud services should be a methodical and detailed process covering subject areas such as: > Data issues > The business of the cloud provider > Legal considerations > How access for users and devices is controlled > Service provision > 5/3/2025 34 ## Seminar Overview An ongoing topic this term is the need to select an appropriate Cloud Computing or Service -Centric provider Small companies will browse provider sites and review sites on the Internet. Larger enterprises will engage more actively with the suppliers This seminar provides a structure to allow you to think about how to interact with suppliers You will create a structured questionnaire for a Cloud provider for a particular case study.

Title: COMP3xxxx  Service Centered and Cloud Computing

URL Source: blob://pdf/9e61a3be-4610-48eb-82ac-aa3323840daf

Markdown Content:
COMP30231 -8  Third -party cloud providers

> Zoheir Ezziane

## COMP 30231   Third -Party Cloud Providers

So far..

IS strategy and how cloud computing can help

The role of Enterprise Architecture in developing a framework for cloud

computing

Deciding on a cloud services solution and implementation

Governance

Cost models for cloud computing

The business case for cloud computing

Managing risk

Today

Third -party cloud service providers

> 5/3/2025 2

## COMP30231  - Lectures & seminars

3 May 2025  3

Lecture  Subject

Week 1  IT Strategy & where Cloud  Computing fits

Week 2  Adopting Cloud Computing #1   Enterprise  Architecture

Week 3  Adopting Cloud Computing #2   Gap analysis and  implementation

Week 4  Adopting Cloud Computing #3  - Governance

Week 5  Cost models for Cloud Computing   moving from  capital  to expense

Week 6  The business case for moving  to Cloud Computing

Week 7  Managing  risk in Cloud Computing

Week 8  Cloud provider business models

Week 9  Contracting with  a Cloud provider

Week 10  Review

Week 11, 12  Exam Support drop -ins Types of cloud service providers Recap: Some definitions

Cloud computing environments

Public cloud : Services made available to a large industry group or the

general public.

Private cloud : Services one organisation, whether the physical provision

is on or off premises. Useful for large organisations that have specific

security or resource requirements.

Community cloud : organisations that have common business

requirements. These requirements are usually driven by the need for

shared data, shared services, or shared industry regulations. This means

they re typically organizations in the same industry or departments of the

same organizational body such as NHS, Ministry of Dfense, etc.

Industry cloud   are composable building blocks cloud services, applications, and

other tools that are built for strategic use cases in specific industries such as retail

stores, healthcare  organsations , etc.

Hybrid cloud : Two or more clouds (i.e., private, industry, or public) make

up a hybrid cloud, but each remains a unique entity. Can be used for load

balancing across more than one cloud.

> 5/3/2025 5

## Recap: Some definitions

Cloud service delivery models

DaaS  (Data as a Service): Provision of data to end users over the Internet

SaaS  (Software as a Service): Provision of applications with which

customers can carry out particular tasks

PaaS  (Platform as a Service): Provision of infrastructure and development

tools on which customers can program and deliver applications

IaaS  (Infrastructure as a Service): Provision of hardware on which

customers can store data or run applications

XaaS  (Anything as a Service) or "everything as a service : "X" can be

changed: IaaS refers to infrastructure as a service, PaaS   a platform for

development, SaaS   a software as a service, etc.

> 5/3/2025 6

## Categories of cloud service providers

Company type  Offerings  Examples

Cloud technology

provider

Creates cloud technology.

Are often also cloud service

providers..

AWS (EC2). Nvidia DGX:

GCP(Tensor Processing

Units), Lambda labs,

Oracle

> 5/3/2025 7

## Video Time: What is a PaaS?

https://www.youtube.com/watch?v=wjdPQpCzPZ 4

> 5/3/2025 8

## Categories of cloud service providers

Company type  Offerings  Examples

Cloud technology

provider

Creates cloud technology.

Are often also cloud service

providers.

AWS (EC2). Nvidia DGX:

GCP(Tensor Processing

Units), Lambda labs,

Oracle

Cloud service

provider

Provides cloud products,

hosts cloud services

(storage, computing, or

software). May also be

technology providers.

Fujitsu, Dell, HP,

Rackspace, AWS, Azure,

Google Cloud, VMware

> 5/3/2025 9

## Video Time: Cloud service providers

https://aws.amazon.com/awstv/watch/ 3059 da 9f36 d/

> 5/3/2025 10

## Categories of cloud service providers

Company type  Offerings  Examples

Cloud technology

provider

Creates cloud technology.

Are often also cloud service

providers.

AWS (EC2). Nvidia DGX:

GCP(Tensor Processing

Units), Lambda labs,

Oracle

Cloud service

provider

Provides cloud products,

hosts cloud services

(storage, computing, or

software). May also be

technology providers.

Fujitsu, Dell, HP,

Rackspace, AWS, Azure,

Google Cloud, VMware

Cloud independent

software vendor

Value -added  services for

cloud, including managing or

monitoring

Flexera, Densify, SAP,

Salesforce, Citrix,

Canonical

> 5/3/2025 11

## Video Time: Can smaller companies compete?

https:// www.youtube.com /watch?v =EYxqTayZhQQ

> 5/3/2025 12

## Categories of cloud service providers

Company type  Offerings  Examples

Cloud technology

provider

Creates cloud technology.

Are often also cloud service

providers.

AWS (EC2). Nvidia DGX:

GCP(Tensor Processing

Units), Lambda labs,

Oracle

Cloud service

provider

Provides cloud products,

hosts cloud services

(storage, computing, or

software). May also be

technology providers.

Fujitsu, Dell, HP,

Rackspace, AWS, Azure,

Google Cloud, VMware

Cloud independent

software vendor

Value -added services for

cloud, including managing or

monitoring

Flexera, Densify, SAP,

Salesforce, Citrix,

Canonical

Cloud systems

integrator  / cloud

broker

Assists companies in

implementing cloud services

Integrators: Accenture,

Wipro

Brokers: Boomi,

RackNap

> 5/3/2025 13

## Video Time: Cloud Brokers

https:// www.youtube.com /watch?v =Hj _-gxVRRIM

> 5/3/2025 14

The market for cloud service vendors Cloud service vendors

Incredible pace of change in the cloud services market

New vendors

Mergers

Acquisitions

Partnerships

Closed businesses

Increasing consolidation as the major IS providers continue to

acquire and partner with new companies to round out their cloud

offering

Large established companies may offer greater levels of confidence,

but new, smaller companies may be able to offer better innovation

> 5/3/2025 16 5/3/2025 17

Large IT

companies with

no history of

cloud computing

are entering the

market through

acquisitions and

partnerships

The challenge for

them (and their

customers) is

how to integrate

cloud services

into their

business and

technologies Amazon and its cloud service partners

> 5/3/2025 18

5/3/2025  19 Cloud services vendor competition

This industry flux and consolidation also means that cloud service

providers are increasingly competing on price.

> 5/3/2025 20

Google charges 2

while Amazon charges

2.3 per GB per

month for standard

storage, however

archiving is 0.12 vs

0.4.

The cost for an AWS

EC2 instance is

approximately

$0.0154 per second Video Time: Cloud Service Providers

https://www.youtube.com/watch?v=UQ5tG1sFNF8

> 5/3/2025 21

Selecting a cloud service provider Evaluating cloud service vendors

Some key aspects to consider:

Try to determine their commitment to the cloud model

Check the existing customer base of the vendor

Check for levels of configurability and flexibility (particularly for

SaaS)

Consider integration needs and fit with your target architecture

Evaluate the vendors upgrade and maintenance strategies

Consider proposed Service Level Agreements (SLAs)

Examine the vendors security plans

Check the vendors back -up and disaster recovery plans

> 5/3/2025 23

5/3/2025  24 A framework for evaluation

User &

Device

Service

Data

Business

Legal

> 5/3/2025 25

## A framework for evaluation  - data

Encryption in transit

Are SSL / TLS protocols used for data encryption in transit?

Encryption at rest

Is data stored using AES 256 -bit encryption? Who controls the

encryption keys   can the cloud service provider decrypt your

data?

5/3/2025  26

> User &
> Device
> Service
> Data
> Business
> Legal

A quantum

computer would

take  2.29*10^32

years to crack,

longer than the

age of the

Universe A framework for evaluation  - data

Encryption in transit

Are SSL / TLS protocols used for data

encryption in transit?

Encryption at rest

Is data stored using AES  256 -bit encryption?

Who controls the encryption keys   can the cloud service

provider decrypt your data?

Data multi -tenancy

How is data for multiple tenants separated?

Data retention on termination

Terms and conditions related to how long and

in what form data is retained by the cloud service

provider after the contract is terminated.

> 5/3/2025 27
> User &
> Device
> Service
> Data
> Business
> Legal

## A framework for evaluation  - business

Data centre hosting locations

Are the locations aligned with your data privacy obligations?

Can the cloud service provider offer to restrict data movement?

Third -party certifications

Has the cloud service provider gone through rigorous third -party

certifications (e.g. ISO  27001  or SAS 70 ).

IS 0 27001:2013  is a UK/EU quality standard for information security

management.

SAS  70 : Focused on auditing internal controls of service

organizations, particularly those managing or processing

third -party data

5/3/2025  28

> User &
> Device
> Service
> Data
> Business
> Legal

## A framework for evaluation  - legal

Jurisdictional location

Is the provider located in a favourable jurisdiction in the event of legal

disputes?

Dispute resolution

Make sure that the terms of service do not limit legal remedies such as

arbitration or other settlement methods

Prohibited from third -party disclosure

Ensure that the provider does not share data in response to suit or

subpoena without notifying the customer that their data has been

shared

The service meets the requirements governing IP including Digital

Millennium Copyright Act (DMCA)

IP Ownership

Clear statement that all information uploaded is owned by the

customer and not the cloud provider

> 5/3/2025 29
> User &
> Device
> Service
> Data
> Business
> Legal

## A framework for evaluation   user

## and device

Anonymous use policy

Services are only provided to authenticated users with correct

credentials, not anonymous users without an account

Identify the federation method

Authentication methods  for identity federation such as SAML or

OAuth are used

Multi -factor authentication

In addition to username/password controls, the service supports

the use of two -factor authentication, using tokens or biometrics

Device access control

Access to the service can be based on approved device

operating systems or registered devices, limiting exposure to

unsecured devices

5/3/2025  30

> User &
> Device
> Service
> Data
> Business
> Legal

## A framework for evaluation

## service

Penetration testing

Does the provider perform regular penetration testing according

to CSA and OWASP recommendations?

5/3/2025  31

> User &
> Device
> Service
> Data
> Business
> Legal

CSA  is the Cloud Security Alliance which aims to promote best practice in

security assurance within cloud computing.

OWASP  is the Open Web Application Security Project, an open group of

more than  36,000  participants, who produce a code of conduct for

development organisations (The OWASP  Gray Book ). The code of conduct

includes recommendations and requirements related to security risks,

training, controls etc. A framework for evaluation

## service

Penetration testing

Does the provider perform regular penetration testing according

to CSA and OWASP recommendations?

Not compromised in last  12  months

No security breach in the last  12  months across all production

tenants

IP filtering

It helps to control what IP traffic will be allowed in and out

Audit trails

All actions  - logins, uploads, downloads, views etc.   are

tracked in a full audit trail, allowing identification of suspicious

activity.

5/3/2025  32

> User &
> Device
> Service
> Data
> Business
> Legal

Summary Summary

The market for cloud services is changing rapidly, with new

entrants, different roles (broker, technology provider, service

provider etc.) and consolidation between companies.

Selecting a provider of cloud services should be a methodical and

detailed process covering subject areas such as:

> Data issues
> The business of the cloud provider
> Legal considerations
> How access for users and devices is controlled
> Service provision
> 5/3/2025 34

## Seminar Overview

An ongoing topic this term is the need to select an appropriate

Cloud Computing or Service -Centric provider

Small companies will browse provider sites and review sites on the

Internet.

Larger enterprises will engage more actively with the suppliers

This seminar provides a structure to allow you to think about how to

interact with suppliers

You will create a structured questionnaire for a Cloud provider for a

particular case study.

Transcript for:Understanding Third-Party Cloud Providers

Transcript for:
Understanding Third-Party Cloud Providers