A community cloud is a service shared between multiple organizations, but not available publicly.

4.3.4 Community clouds

Community clouds are distributed systems created by integrating the services of different clouds to address the specific needs of an industry, a community, or a business sector. The National Institute of Standards and Technologies (NIST) [43] characterizes community clouds as follows:

The infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.

Figure 4.6 provides a general view of the usage scenario of community clouds, together with reference architecture. The users of a specific community cloud fall into a well-identified community, sharing the same concerns or needs; they can be government bodies, industries, or even simple users, but all of them focus on the same issues for their interaction with the cloud. This is a different scenario than public clouds, which serve a multitude of users with different needs. Community clouds are also different from private clouds, where the services are generally delivered within the institution that owns the cloud.

From an architectural point of view, a community cloud is most likely implemented over multiple administrative domains. This means that different organizations such as government bodies, private enterprises, research organizations, and even public virtual infrastructure providers contribute with their resources to build the cloud infrastructure.

Candidate sectors for community clouds are as follows:

Media industry. In the media industry, companies are looking for low-cost, agile, and simple solutions to improve the efficiency of content production. Most media productions involve an extended ecosystem of partners. In particular, the creation of digital content is the outcome of a collaborative process that includes movement of large data, massive compute-intensive rendering tasks, and complex workflow executions. Community clouds can provide a shared environment where services can facilitate business-to-business collaboration and offer the horsepower in terms of aggregate bandwidth, CPU, and storage required to efficiently support media production.

Healthcare industry. In the healthcare industry, there are different scenarios in which community clouds could be of use. In particular, community clouds can provide a global platform on which to share information and knowledge without revealing sensitive data maintained within the private infrastructure. The naturally hybrid deployment model of community clouds can easily support the storing of patient-related data in a private cloud while using the shared infrastructure for noncritical services and automating processes within hospitals.

Energy and other core industries. In these sectors, community clouds can bundle the comprehensive set of solutions that together vertically address management, deployment, and orchestration of services and operations. Since these industries involve different providers, vendors, and organizations, a community cloud can provide the right type of infrastructure to create an open and fair market.

Public sector. Legal and political restrictions in the public sector can limit the adoption of public cloud offerings. Moreover, governmental processes involve several institutions and agencies and are aimed at providing strategic solutions at local, national, and international administrative levels. They involve business-to-administration, citizen-to-administration, and possibly business-to-business processes. Some examples include invoice approval, infrastructure planning, and public hearings. A community cloud can constitute the optimal venue to provide a distributed environment in which to create a communication platform for performing such operations.

Scientific research. Science clouds are an interesting example of community clouds. In this case, the common interest driving different organizations sharing a large distributed infrastructure is scientific computing.

The term community cloud can also identify a more specific type of cloud that arises from concern over the controls of vendors in cloud computing and that aspire to combine the principles of digital ecosystems7 [44] with the case study of cloud computing. A community cloud is formed by harnessing the underutilized resources of user machines [45] and providing an infrastructure in which each can be at the same time a consumer, a producer, or a coordinator of the services offered by the cloud. The benefits of these community clouds are the following:

Openness. By removing the dependency on cloud vendors, community clouds are open systems in which fair competition between different solutions can happen.

Community. Being based on a collective that provides resources and services, the infrastructure turns out to be more scalable because the system can grow simply by expanding its user base.

Graceful failures. Since there is no single provider or vendor in control of the infrastructure, there is no single point of failure.

Convenience and control. Within a community cloud there is no conflict between convenience and control because the cloud is shared and owned by the community, which makes all the decisions through a collective democratic process.

Environmental sustainability. The community cloud is supposed to have a smaller carbon footprint because it harnesses underutilized resources. Moreover, these clouds tend to be more organic by growing and shrinking in a symbiotic relationship to support the demand of the community, which in turn sustains it.

This is an alternative vision of a community cloud, focusing more on the social aspect of the clouds that are formed as an aggregation of resources of community members. The idea of a heterogeneous infrastructure built to serve the needs of a community of people is also reflected in the previous definition, but in that case the attention is focused on the commonality of interests that aggregates the users of the cloud into a community. In both cases, the concept of community is fundamental.

Security Considerations

Community clouds present a special set of circumstances when it comes to security because there will be multiple organizations accessing and controlling the environment.

Community Clouds

The promise of community clouds is that they allow multiple independent entities to gain the cost benefits of a shared nonpublic cloud while avoiding security and regulatory concerns that might be associated with using a generic public cloud that did not address such concerns in its SLA. This model has tremendous potential for entities or companies that are subject to identical regulatory, compliance, or legal restrictions. Different kinds of community clouds are being considered in the United States and the European Union by governments at the national and local levels. This makes great sense since there are multiple benefits to both the individual entities as well as collectively. For instance, when multiple government agencies that transact business with each other have their processing colocated in a single facility, they can achieve both savings and increased security in terms of reducing the amount of traffic that would otherwise need to traverse the Internet. Continuity of operations can also be enhanced at a lower overall cost to all parties when multiple data centers are used to implement such a community cloud.

2.1 Cloud computing infrastructure

In cloud computing, there are four deployment models (i.e., private cloud, public cloud, community cloud, and hybrid cloud) and three architectures (i.e., Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)) (Mell and Grance, 2011).

Buyya et al. (2013) explained that the underlying cloud computing infrastructure consists of several cloud stacks (see Figure 1). The lowest stack or system infrastructure, Cloud Resources, consists of hundreds to thousands of nodes to form a datacentre. Virtualization technology is deployed in the core middleware to create the distributed infrastructure, and the Cloud Hosting Platform supports main functions of infrastructure management such as usage metering, billing, and accounting. IaaS is formed from the underlying system infrastructure and core middleware. In user-level middleware, cloud service is offered as a development platform, referred to PaaS, and CSU develops applications to run on the core middleware infrastructure. The top stack represents user applications, or referred to SaaS, that deliver cloud applications to CSU.

One of the key differences between cloud and “traditional” (or in-house) infrastructure is the scope of user control as the roles and responsibility over cloud resources are segregated between the CSP and CSU (Pearson, 2013; Jansen and Grance, 2011). In Figure 1, we adopted the cloud stack architecture from Buyya et al. (2013) and the scope of control from Jansen and Grance (2011) to explain the control scope between the CSP and CSU, for each stack of the cloud architecture.

The range of scope and control over the stack of resources is represented by the arrows. The CSU will have more control over the resources as the stack gets lower. For example, the CSU will have less control over the resources in SaaS but more control in IaaS; and conversely the CSP will have more control in SaaS but less control in IaaS. The control over resources determines the scope of the capability of the entity (CSU or CSP) to implement and manage security mechanisms. In PaaS, for example, the CSU is responsible for their application security protection (e.g., secure coding, and encryption) while the CSP is responsible for hypervisor protection (e.g., hypervisor vulnerability management). The shared responsibility of security control implementation and management needs to be taken into consideration in planning cloud incident handling strategies.

11.3 Fog/edge analytics through device clouds

Typically cloud computing prescribes centralized, consolidated, and sometimes federated processing through a variety of cloud models ranging from public, private, hybrid, and community clouds to fulfill new-generation computing needs. Now with the accumulation of distributed and dissimilar devices emerging as the new viable source for data generation, collection, storage, and processing, the cloud idea is getting expanded substantially and skilfully toward the era of edge or fog clouds, which is a kind of distributed yet local clouds for proximate processing. That is, the growing device ecosystem of resource-constrained as well as powerful fog devices (smartphones, device and sensor gateways, microcontrollers such as Raspberry Pi, etc.) in close collaboration with the traditional clouds are emerging as the venerable force for accomplishing the strategic goal of precision-centric data analytics.

That is, the next-generation data analytics is being expected to be achieved through extended clouds, which is a hybrid version of conventional and edge clouds. That is, the sophisticated analytics happens not only at the faraway cloud servers but also at the edge devices so that the security of data is ensured, and the scarce network bandwidth gets saved immeasurably. The results of such kinds of enhanced clouds are definitely vast and varied. Primarily insights-filled applications and services will be everywhere all the time to be dynamically discoverable and deftly used for building and delivering sophisticated applications to people. There are convincing and captivating business, technical and use cases for edge clouds and analytics for discovering and disseminating real-time knowledge.

1.1.6 Challenges ahead

As any new technology develops and becomes popular, new issues have to be faced. Cloud computing is not an exception. New, interesting problems and challenges are regularly being posed to the cloud community, including IT practitioners, managers, governments, and regulators.

Besides the practical aspects, which are related to configuration, networking, and sizing of cloud computing systems, a new set of challenges concerning the dynamic provisioning of cloud computing services and resources arises. For example, in the Infrastructure-as-a-Service domain, how many resources need to be provisioned, and for how long should they be used, in order to maximize the benefit? Technical challenges also arise for cloud service providers for the management of large computing infrastructures and the use of virtualization technologies on top of them. In addition, issues and challenges concerning the integration of real and virtual infrastructure need to be taken into account from different perspectives, such as security and legislation.

Security in terms of confidentiality, secrecy, and protection of data in a cloud environment is another important challenge. Organizations do not own the infrastructure they use to process data and store information. This condition poses challenges for confidential data, which organizations cannot afford to reveal. Therefore, assurance on the confidentiality of data and compliance to security standards, which give a minimum guarantee on the treatment of information on cloud computing systems, are sought. The problem is not as evident as it seems: even though cryptography can help secure the transit of data from the private premises to the cloud infrastructure, in order to be processed the information needs to be decrypted in memory. This is the weak point of the chain: since virtualization allows capturing almost transparently the memory pages of an instance, these data could easily be obtained by a malicious provider.

Legal issues may also arise. These are specifically tied to the ubiquitous nature of cloud computing, which spreads computing infrastructure across diverse geographical locations. Different legislation about privacy in different countries may potentially create disputes as to the rights that third parties (including government agencies) have to your data. U.S. legislation is known to give extreme powers to government agencies to acquire confidential data when there is the suspicion of operations leading to a threat to national security. European countries are more restrictive and protect the right of privacy. An interesting scenario comes up when a U.S. organization uses cloud services that store their data in Europe. In this case, should this organization be suspected by the government, it would become difficult or even impossible for the U.S. government to take control of the data stored in a cloud datacenter located in Europe.

15.2.4 NIST deployment models

There are several different ways cloud computing is made available for use. The deployment models are as follows [4]:

Private cloud: A cloud operated solely for one organization.

Community cloud: A cloud data center shared by several organizations in a community with common concerns.

Public cloud: A cloud data center owned by an organization selling cloud services to the general public.

Hybrid cloud: A cloud infrastructure made from two or more types of clouds, such as private, public, or community, that are bound together by standardized or proprietary technology that enables data and application portability.

There is some debate on how a private cloud differs from a traditional enterprise. While data center architecture is evolving to be more supportive of cloud applications and virtualization (see Section 15.4), a private cloud will have particular emphasis on self-service, pooling of resources, multitenancy, and metering [17].

Hybrid clouds have the advantage that jobs can be allocated on either a private cloud or a public cloud on a pay per use basis. This extends the capacity of the private resources [18].

2.2 Cloud Computing Deployment Models

A Cloud Computing deployment model is a model that describes the environment where cloud applications and services can be installed, in order to be available to consumers. By the deployment environment, we mean the physical location, the infrastructure facilities, the platform constraints, as well as anything that can affect the access mechanisms of the deployed applications. There are four main Cloud Computing deployment models: public, private, hybrid, and community cloud:

Public cloud: A public cloud or external cloud is an open model, in which the infrastructure facilities are provided by a third party (the cloud providers). The infrastructure and platform services are provided to the public based on the service level agreement between the provider and the consumer. This type of infrastructure resource sharing between multiple organizations or consumers, is referred to as the multi-tenancy model. Public cloud is the least expensive choice for application hosting. However, the lack of a trust model between the cloud providers and consumers is the main obstacle for this model.

Private cloud: A private cloud or internal cloud is a datacenter owned by a cloud application provider, in which the infrastructure and platform are operated entirely by the application provider on premises. This eliminates the need for a trust model and provides more flexibility. Organizations can implement their own policies with regards to privacy, security, and access mechanisms. However, this option is expensive in terms of resources, and the manpower needed to manage the resources.

Hybrid cloud: A hybrid cloud is a combination of a public and private cloud. A hybrid cloud is less expensive than a private cloud; it also eliminates the need for a trust model. However, having both public and private clouds working together requires interoperability and portability of both applications and data to allow communication between the models.

Community (cooperative) cloud: A community cloud is similar to extranets, but with virtualization and on-demand capabilities. In a community cloud, a number of organizations, which usually share some common goals or belong to a specific community, build a shared cloud datacenter that can be used by all of the members. The goals are to alleviate deficiencies in the individual IT infrastructures, reduce the cost of administration, and lower the cost per unit [9]. The community can be created between a professional community (i.e., organizations with business relationship), a geographic community, or some other well-defined community group. Community cloud is based on the trust relation between all the members, which is driven by their mutual benefits [10,11]. As a result, this model is more trusted than the public cloud, and less expensive on participating members than having a private cloud. This model also provides more controllability over the shared infrastructure resources. However, a community cloud still needs to enforce strong security and privacy policies. Furthermore, regulatory compliance is a main obstacle facing community cloud adoption.

Table 1 shows a comparison between the different cloud deployment models, based on the initial cost of building the cloud datacenter or the capital expenses (CapEx) on the consumer, the operating expenses (OpEx) and maintenance cost of the datacenter, the size of the datacenter, controllability and flexibility, the level of trust, the location of the infrastructure, and who owns the infrastructure.

Table 1. A Comparison Between the Different Cloud Deployment Models.

As shown in Table 1, there is no initial cost associated with adopting public cloud by consumers [12]. Consumers need not worry about creating the cloud infrastructure. Instead, they can request the services and resources on-demand and pay just for what they use. Conversely, a private cloud requires a big initial capital investment in order to build the private datacenter [12]. Unlike the private model, the hybrid model builds a relatively small private datacenter for sensitive and important tasks and information, and uses the public cloud for other jobs. For this reason, the cost of adopting the hybrid cloud model is between that of public and private clouds. Finally, the community cloud model shares the cost of building the required datacenter with the cooperatives. For this reason, the initial cost can vary; the larger the community the smaller the share and the lower the cost.

Table 1 also shows that the operating cost (i.e., power consumption, man power expenses, rent, maintenance, upgrades, etc.) of public cloud is lower than the other models. This is due to the economies of scale, as well as the high level of automation and optimization in public cloud. Production costs drop significantly as the number of units produced increase1[13]. This allows public cloud providers to enjoy favorable prices for IT equipment and needed resources, since they purchase them in bulk. According to Jon Moore’s blog, a private datacenter should have on average 10,000 servers to get an economically feasible marginal cost that is comparable to what current public cloud providers charge [14]. On the other hand, public providers tend to invest more in automation and optimization, which results in fewer administrative staff. For example, while the ratio between IT staff to servers is (1:100) [15] in traditional datacenters, this ratio goes to (1:1000) [15] and even (1:5000) in public cloud datacenters.

It is clear from Table 1 that consumers can have full control over a private cloud infrastructure, whereas in a public cloud, controllability is limited to tuning some configuration parameters. On the other hand, while community cloud consumers can have access and control over the infrastructure, this controllability is bounded by the community policies and agreements.

The level of controllability and flexibility can also affect the level of trust. This explains why consumers trust the private cloud model more than the other models. However, it is important to note that the level of trust is not related to the actual security level. Public cloud providers tend to implement best practices and try to ensure security at every level of the security stack. However, the Cloud Computing paradigm introduces new security threats that did not exist in traditional datacenters, such as threats related to sharing resources through virtualization [16]. Most of these threats are equally applicable to both public and private models. Some of the cloud security myths assume that all clouds are created equally [17], while others assume that public and private cloud providers have the same experience and capabilities to implement security measures [18] for data protection, identity management, compliance, access control rules, and other security capabilities. If these assumptions are true, then public cloud is the least secure, while private cloud is the most secure.

Cloud deployment models differ based on the infrastructure’s owner, location, or operators and their policies. One model does not fit all business types. The selection of a cloud deployment model depends on the consumers’ needs and budget, and on whether they favor price reduction and control delegation over flexibility, control, and customization.

9.3.4 Different cloud management services

Fig. 9.7A represents the default cloud service models. In general, the models of cloud computing operation are:

Software as a service (SaaS): This model, along with any appropriate software, operating system, hardware, and network resources, delivers a fully prepared application.

Platform as a service (PaaS): Hardware and network resources along with operating system are supported by this model, while the user can configure or build their own software applications.

Infrastructure as a service (IaaS): Only the hardware and network resources are supported by this model, and the user produces or builds his or her own system software and applications. The various cloud deployment models are illustrated in Fig. 9.7B. Traditionally, cloud services are offered via private, public, community, or hybrid clouds.

Public cloud: Managed and operated by a cloud service provider, the public cloud offers Internet-based services (like email, online image storage services, communal networking sites, etc.) publicly.

Private cloud: The cloud platform is controlled and deeply committed to a specific company in a private cloud and is directed by the company or a mediator.

Community cloud: Here, for the provision for sharing information between various organizations and resources is not only available to those organizations, the infrastructure may be managed and controlled by the organizations themselves or by a cloud service provider.

Hybrid cloud: This is a combination of two or more private, public, or community clouds that remain as single units but are linked together and provide the benefits of scalability, reliability, quick response, and potential cost savings of public cloud storage and with the security and complete control of private cloud storage.

Based on these basic service models, different cloud management services have been presented (Biswas & Sarddar, 2018; Sarddar, Biswas, & Sen, 2017; Biswas & Sarddar, 2019; Biswas, Sarddar, & Chakraborty, 2020), where all the service models are self-regulatory models and they work as a third party between the consumers and providers of cloud services. The proposed service models (Biswas et al., 2020; Sarddar et al., 2017; Biswas & Sarddar, 2018, 2019) provide a new computing environment including “Verification as a Service” (Biswas & Sarddar, 2018), “Safety as a Service” (Sarddar et al., 2017), “Power Management as a Service” (Biswas & Sarddar, 2019), and “Environmental Viability as a Service” (Biswas et al., 2020) which not only guarantees data accountability and authentication, but also data protection, as well as lower carbon emissions with minimum power consumption, also making a balance between all clients and the CSP since user pays for their usage. Therefore safeguards are needed to avoid any unfairness.

Classifying Data and Systems

Knowing what you have and having a formal structure for it is a great advantage when planning for how to protect it. To begin, one can identify categories of information that can be processed with lesser security concern and fewer controls than other kinds of data. That sort of information classification would lend itself to a public cloud, to hybrid cloud processing, or to a community cloud.

Various types of data bring with them the need for higher security concern, regulatory handling requirements, and even national security level processing requirements (you know who you are). National security information, be it Federal, military, or intelligence data will generally fall under the following hierarchical classification levels: Unclassified, Sensitive But Unclassified, Confidential, Secret, and Top Secret. These levels are hierarchical in terms of entailing increasing levels of security and additional handling requirements. Users are vetted before they can obtain a clearance to access data at a given classification level, and then access is generally granted on a need-to-know basis. Additional subcategories of classification can be as sedimented within a classification level and entail the need to maintain separation even from users who are cleared at the same, say Top Secret level but who have not been read into the category in question. The national security information classification scheme is very mature and quite effective in managing control over and access to classified information. However, it also tends toward overclassifying information based on the consequences of data exposure.

In the commercial world, different categories generally apply, but these tend not to be hierarchical.

If data falls under the need for PCI or other regulatory requirements, then it could still be processed in a public cloud, but the cloud provider would need to be compliant with the regulatory requirements…It is most likely that as time progresses, more cloud providers will architect for higher security and will invest in the compliance testing necessary to support managing and processing data for customers whose regulatory compliance needs could not formerly be met by the public cloud model. In a sense, the solution is more of a community cloud than a public cloud.