Chapter 4 - Facilitators and relevant factors

4.4 The future is already here

4.4.3 Cloud computing and services - Overview

Cloud computing is defined as a model for ubiquitous on-demand network access to a shared pool of configurable resources such as data storage, applications and network infrastructure that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing provides a dynamic and scalable infrastructure to support the distributed storage and processing of data and the virtualisation of hardware and associated infrastructure. This results in what is called elasticity, entailing a frequent reconfiguration of resources.

Cloud computing offers different service models or Cloud Services, including Software-as-a-Service (SaaS) e.g. web-based e-mail, Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) as well as other services that sit on top of these service models. Cloud computing together with Cloud Services form what is usually called the Cloud. There are different deployment models ranging from private to community to public Clouds as well as hybrid models that combine two or more of these deployment models.

The Cloud is an enabler for IoE and Big Data by providing the distributed and scalable resources needed to handle the data growth and provide the necessary processing services.

The Cloud represents a paradigm shift in the delivery of resources and services but also in terms of security and traceability. Developments such as bring-your-own-cloud (BYOC) to bring-your-own-everything (BYOX) add to these security challenges as employees not only introduce their own devices to the corporate environment but also their data, applications, etc., thereby essentially creating a ‘shadow IT’ [191].

As cybercriminals recognise the business benefits and opportunities that the Cloud offers, their activities are migrating to the Cloud, often abusing legitimate services [192]. The Cloud is used to launch new attacks such as virtual machine-based malware (e.g. virtual machines infected by a preloaded rootkit or malware attempting to infect the hosting machine from within the virtual environment), control Botnets [193], and to store and distribute illegal material [194]. Moreover, the Cloud is a valuable target for cybercriminals for stealing or mining personal or business data. Indeed, it can be said that the Crime-as-a-Service (CaaS) model has already adopted the different Cloud service models by offering, e.g. infrastructure as a service or software as a service, for instance in the form of counter antivirus (AV) services or to launch DDoS attacks.