1. Introduction

Cloud Computing has started becoming more prevalent in many different fields. In the EU, 41% of enterprises use Cloud Computing to a degree in their workflows (mostly in e-mail hosting and data storage). Resulting in a 5% increase as compared to the previous year. Further on, according to these statistics, 73% of the said enterprises use them in a plethora of fields ranging from security software, database hosting, computing platforms, or testing and development (Eurostat, 2021).

Use of cloud computing, by enterprise size (Figure 1)Use of cloud computing, by enterprise size (Figure 1)

Leading to the assumption that the use of cloud computing, in general, is becoming more widespread in all enterprises across Europe. This situation is not limited to big enterprises either. We see that the overall growth of Cloud Computing in the context of small enterprises has gone up by 5% (Figure 1). 

Cloud computing usage by smaller companies, by country (Figure 2)Cloud computing usage by smaller companies, by country (Figure 2)

Though we see an overall increase in Cloud Computing usage across all enterprises, the specific usage case for Cloud Computing itself varies (Figure 2). We can see that overall, 79% of them house their e-mails, 46% of them host their databases, and 66% store their files on cloud systems. This begs the question of just how dependable current security measures against breaches are, and how can the existing ones be improved upon. This very question is the focus of the article: Laying the groundwork for what Cloud Computing is and its components, later focusing on cloud computing security. 

The article will begin with an introduction surrounding cloud computing itself, then move on to the explanation of key concepts such as cloud business model, cloud types, and the difference between on-premises and cloud storage.

2. Cloud Computing

2.1. A Brief Overview of Cloud Computing

Starting with the fundamentals, we must lay out the groundwork of key concepts such as Cloud Computing before we move forward. Cloud Computing in its most fundamental form is the delivery of computing services, i.e., servers, storage, databases, networking, software, analytics, and intelligence, over the internet (The Cloud). It allows enterprises to select what they will utilize and drops the requirement for unnecessary in-house hardware. 

The business model of cloud computing is based on the term on-demand services. Under these, you usually do not have a fixed service that does not budge, but one that is easily scalable according to the needs of your enterprise. For instance, if you need more storage or computing power in your processes, the Cloud service you are using can adjust these accordingly. 

Following the creation of Cloud Computing, another debate has come to the surface. Is it more practical to use cloud services or house your servers in-house? This question will be answered in the following passage, detailing how and where these have their strengths and weaknesses.

2.1.1 Why Cloud Computing?

All types of enterprises require a server in which they can have all their information. As it stands, there are two practical options to go about solving this storage issue. On-premises servers and Cloud. To briefly go over these two essential concepts:

On-premise vs Cloud ComputingOn-premise vs Cloud Computing

  • On-premises: An on-premises server is a physical, on-premises server that a company must manage and keep individually. Here, a company sets up its server environment, employing professionals as required to keep the process running rather than rely on a third party.

  • Cloud-Based: A cloud-based server is a virtual server hosted through cloud computing. It is an on-premises server, however rather than use its capabilities for in-house applications, here it is sold or rented as a service itself, falling in the B2B category.

Having gone over the fundamental meaning of both, we can now compare the two options, starting with Cloud-Based:


  • Anywhere and anytime access – You can access your applications anytime and anywhere via a web browser from any device.

  • Affordable – Cloud needs no upfront costs, instead, you make regular payments which makes it an operating expense. While the monthly cost adds up over time, maintenance and support services are included removing the need for annual contracts.

  • Predictable costs – Benefit from predictable monthly payments that cover software licenses, upgrades, support, and daily back-ups.

  • Worry-free IT – Cloud software is hosted in your stead. So, you do not need to worry about the maintenance of your software or the hardware it resides on, compatibility and upgrades are taken care of by the cloud service provider.

  • Elevated levels of security – Data centres employ security measures beyond the affordability of most businesses; therefore, your data is often safer in the cloud than on a server in your offices.

  • Quick deployment – Cloud-based software is deployed over the Internet in a matter of hours/days compared to on-premises applications which need to be installed on a physical server and each PC or laptop.

  • Scalability – Cloud technologies supply greater flexibility as you only pay for what you use and can easily scale to meet demand, for example adding and scaling back licenses.

  • Lower energy costs – When you move to the cloud, you no longer must pay to power on-premises servers or keep their environment. This significantly reduces the amount you pay on your energy bills.


  • Connectivity – Cloud solutions require reliable internet access for you to remain productive.

  • Long-term costs – Although requiring a lower upfront investment, cloud applications can be more costly over the course of the system’s life cycle, increasing the total cost of ownership (TCO).

  • Less customizable – Cloud software is typically configurable but depending on how it is hosted a cloud solution may not be able to cope with complex development.

Now, going over the benefits and drawbacks of on-premises servers.


  • Total Cost of Ownership – Since you are only paying for your user licenses once, an on-premises solution can have a lower Total Cost of Ownership than a cloud system.

  • Complete control – Your data, hardware, and software platforms are all yours. You decide on the configuration, the upgrades, and system changes.

  • Uptime – With on-premises systems, you do not rely on internet connectivity or external factors to access your software.


  • Large capital expenditure – On-premises systems usually require large upfront purchases which means capital expenditure is often needed. On top, you need to include maintenance costs to ensure support and functionality upgrades.

  • Responsibility for maintenance – With an on-premises system, you are responsible for keeping server hardware and software, data backups, storage, and disaster recovery. This can be an issue for smaller companies that have limited budgets and technical resources.

  • Longer implementation times – On-premises implementations take longer due to the time needed to complete installations on servers and each computer/laptop.

Now comparing the two based on the extended list of benefits and drawbacks we have provided, it can safely be assumed that both have strengths on their own merits. However, an objective overview into which would be more practical, the following comments would have to be made. 

On-premises servers offer fundamental benefits such as being physically close to the data, allowing for hardware access and upgrades also after the operation is set up the costs of running will be fixed to a certain degree. 

However, when we look at what Cloud Computing could offer in this case would be that it is easily scalable, requires no in-house maintenance to run, the servers are 24/7 checked, and the means to choose which services you want. On-premises servers, as previously said, require physical space, hardware failures, and later data losses must be accounted for and while the costs are fixed, the power consumption is high. 

When the cloud counterpart to such servers is analysed, two main cons are clear, ongoing fees for the usage of the service and data transfer are highly circumstantial issues. Supplying the downsides for both highlights just how demanding it is to set up a server and have it run. This requires not only first hardware but also professionals to keep it running overall. 

This brief example sets the premise for most cloud services. It is quicker, more efficient, and can be changed according to the needs of the specific business that it aims to cater to. Having laid out the groundwork for why it is practical to choose cloud services as an enterprise, the detailed terminology, and key concepts will be, now, analysed.

2.1.2. Cloud Service Models

The Cloud offers solutions to all kinds of enterprises, however, what these are based on are usually branched out in the more intrinsic side of it, namely in Cloud Service Models. To fully understand the surrounding circumstances, the three sub-branches of the cloud service models will be explained.

Cloud Service ModelsCloud Service Models Infrastructure as a Service

Infrastructure as a Service, or IaaS, is also known as Hardware as a Service (PaaS). IaaS is a type of cloud computing service that offers essential compute, storage, and networking resources on-demand, on a pay-as-you-go basis. In brief, it is a computing infrastructure managed over the internet. The main advantage of using IaaS is that it helps users to avoid the cost and complexity of buying and managing the physical servers.

There are a plethora of different benefits that IaaS offers:

  • Resources are available as a service

  • Services are highly scalable

  • Dynamic and flexible

  • GUI and API-based access

  • Automated administrative tasks

Under IaaS, enterprises can rent out or lease servers for computing or storage on the cloud. The service users can always access these servers and maintenance is not needed. One other benefit of such a service would be that it is not location-based. Also, these supply the flexibility of having servers that are in geographically preferable locations. As the rented server is close to the end-user when they are doing an action, i.e., entering a website, the data can be pulled much faster. Also, this service category is usually flexible, in that it allows an enterprise to pay for the amount they use rather than having a fixed plan. Allowing for a more cost-effective solution for the storage.

Providers of the service are as follows: Amazon EC2, DigitalOcean, Compute Engine, Azure Virtual Machines, Linode, Vultr, Virtual Machine Manager, Azure Linux Virtual Machines, OVHcloud and Alibaba Elastic Compute Service. Platform as a Service

Platform as a service (PaaS) is a cloud computing model where a third-party provider delivers hardware and software tools to users over the cloud, the internet. The usage of said tools is usually in the context of application development. The provider of the service runs both the hardware and the software on their own infrastructure. 

The flexibility this offers for enterprises is that it frees them from the costs of installing in-house hardware and software to develop or run applications. How the provided service is offered is either through a browser itself or through an application that is run by the user. There are a plethora of uses that PaaS allows, the most common ones being mentioned below:

  • Development team collaboration, application design, and development

  • Application testing and deployment

  • Web service integration

  • Information security

  • Database integration

Some providers for this service are as follows: AWS Elastic Beanstalk, Azure, Heroku, Google App Engine, and Apache Stratos. Software as a Service

Software as a Service (SaaS) is the delivery of applications over the internet. Instead of using on-premises hardware and software, these allow you to use an application with only an internet connection allowing enterprises to save on such costs. 

It allows for easy access to the required tools and usually allows them to be used on multiple different platforms. Here, the user both uses the software itself as an application and can also store the data produced in the endeavour at the same location. There is a multitude of applications that these are used for, however, the mainstream ones would be:

  • Email services

  • Auditing functions

  • Automating sign-up for products and services

  • Managing documents, including file sharing and document collaboration

  • Shared company calendars, which can be used for scheduling events

  • Customer relationship management (CRM) systems are a database of client and prospect information. SaaS-based CRMs can be used to hold company contact information, business activity, and products bought as well as track leads.

Example: BigCommerce, Google Apps, Salesforce, Dropbox, Zendesk, Cisco WebEx, ZenDesk, Slack. Use Case Comparison 

SaaS, PaaS, and IaaS are not mutually exclusive; most organizations use more than one, and many larger organizations today use all three, often in combination with traditional IT.

The as-a-service solution a customer chooses depends first on the functionality the customer needs, and the ability it has on staff. For example, an organization without the in-house IT ability for configuring and running remote servers is not well matched to IaaS; an organization without a development team does not need PaaS. 

But in some cases, any of the three 'as-a-service' models will offer a practical solution. In these cases, organizations typically compare the alternatives based on the management ease they offer, vs. the control they give up. 

For example, suppose a large organization wants to deliver a customer relationship management (CRM) application to its sales team. It could:

  • SaaS: Offloading all day-to-day management to the third-party vendor, but also giving up all control over features and functionality, data storage, user access, and security.

  • PaaS: In this case, the company would offload the management of infrastructure and application development resources to the cloud service provider. The customer would keep complete control over application features, but it would also assume responsibility for managing the application and associated data.

  • IaaS: Build out backend IT infrastructure on the cloud using IaaS and use it to build its development platform and application. The organization's IT team would have complete control over operating systems and server configurations, but also manage and keep everything, along with the development platform and applications that run on them.

So, the cloud service you choose to deploy for your enterprise is usually dependent on to what degree you have in-house IT experience. The different models offer varying degrees of customizability and ready-to-use ability. 

2.1.2. Components of Cloud Computing

Bringing the cloud to reality is not done through the mere touch of a button. There is a multitude of intermediaries that go into making this a reality. These are as follows:

Cloud Computing ComponentsCloud Computing Components

  • Cloud Consumer: An individual or organization that keeps up a business association with and uses services from the cloud provider.

  • Cloud Provider: An individual or organization for creating service accessible to interested parties.

  • Cloud Auditor: A party that can conduct an autonomous appraisal of cloud administrations, data framework operations, performance, and security of the cloud usage.

  • Cloud Broker: An entity that deals with the use, performance, and delivery of cloud services and negotiates relationships between cloud consumers and providers.

  • Cloud Carrier: A medium that supplies network and transport of cloud services from cloud providers to cloud consumers. (Alam, 2017)

2.1.3. The four types of Cloud: Public, Private, Community & Hybrid

There are four distinct types of cloud that in turn decide the overall costs and environment of the operation. These each have their distinct benefits and downsides, and an in-depth analysis of such would thwart us from the here subject. Which made the usage of a table highlighting the overall pressure points for each type relevant for the study at hand. 

Types of CloudTypes of Cloud

However, before delving into the overall comparison of the four, a detailed explanation of each will be supplied to contextualize the information given in the table itself.

Public Cloud: Public clouds are cloud environments typically created from IT infrastructure not owned by the end-user. Some of the largest public cloud providers include Alibaba Cloud, Amazon Web Services (AWS), Google Cloud, IBM Cloud, and Microsoft Azure.

Traditional public clouds always ran off-premises, but today's public cloud providers have started offering cloud services on clients’ on-premises data centres. This has made location and ownership distinctions obsolete. All clouds become public clouds when the environment is partitioned and redistributed to different tenants.

Private Clouds: Private clouds are loosely defined as cloud environments solely dedicated to a single end-user or group, where the environment usually runs behind that user or group's security system. All clouds become private clouds when the underlying IT infrastructure is dedicated to a single customer with completely isolated access.

But private clouds no longer must be sourced from on-prem IT infrastructure. Organizations are now building private clouds on rented, vendor-owned data centres found off-premises, which makes any location and ownership rules obsolete. 

Hybrid Clouds: A hybrid cloud is a single IT environment created from multiple environments connected through local area networks (LANs), wide area networks (WANs), and/or virtual private networks (VPNs).

The characteristics of hybrid clouds are complex. For example, a hybrid cloud may need to include, at least 1 private cloud and at least 1 public cloud, 2 or more public clouds, etc. But every IT system becomes a hybrid cloud when apps can move in and out of multiple separate—yet connected—environments.

Community Clouds: A community cloud is a cloud infrastructure in which multiple organizations share resources and services based on common operational and regulatory requirements. The concept of a community cloud is akin to a community garden, where different individuals grow produce on a single piece of shared land.

Members of a community cloud are organizations that have common business requirements. These requirements are usually driven by the need for shared data, shared services, or shared industry regulations. This means they are typically organizations in the same industry or departments of the same organizational body. In other words, a community cloud is an integrated setup that combines the features and benefits of multiple clouds to address the needs of a specific industry.

2.2. How Cloud Computing Works

All the above information was given on the ground of building the required knowledge to get across how cloud computing itself works, and the fundamentals it strives to achieve. Before delving into the issue, a key concept in the field will have to be explained, namely Cloud Computing Reference Architecture (CCRA). CCRA is a concept that has been coined by IBM and is used as a guide to flesh out cloud usage for enterprises. It was released first in March 2010 and has evolved many times during its, now, 12-year run. 

Cloud Computing ArchitectureCloud Computing Architecture

The IBM CCRA supplies a set of complementary architecture patterns to build cloud-computing solutions that are organized into four main adoption patterns. The adoption patterns categorize the cloud-computing business models and technical goals. They also are the way most customers approach cloud-computing solutions. For each of these cloud adoption patterns, the CCRA finds common patterns that describe the technologies that underlie each implementation. The CCRA also includes common architecture patterns for security, resiliency, performance, and governance. These common patterns enable a consistent base to support a broad set of business and technical goals that are realized through different cloud deployments. The following cloud adoption patterns are found by the CCRA:

  • Cloud-Enabled Data Centre adoption pattern: The Cloud-Enabled Data Centre adoption pattern is typically the entry point into the cloud solutions space. It guides the definition, design, and deployment of cloud-computing solutions that deliver IaaS typically within the enterprise boundaries.

  • Platform-as-a-service (PaaS) adoption pattern: The PaaS adoption pattern describes how to design cloud-computing solutions that deliver ready-to-execute runtime environments or middleware stacks onto which applications can be deployed. It also describes how to tie together application development and application deployment processes into a single continuous delivery process.

  • Cloud Service Providers adoption pattern: The Cloud Service Provider adoption pattern defines cloud-based solutions that supply cloud services through a service provider model. A service provider is an organization that supplies the cloud usually for external customers. A service provider manages and supplies cloud services as a general provider, rather than running a computing facility for its organization.

  • Software-as-a-service (SaaS) adoption pattern: The SaaS adoption pattern defines the architecture for the definition and operation of SaaS applications. The Cloud Service Provider adoption pattern supplies the architecture that enables SaaS applications to be managed and offered by the cloud service provider. The cloud service provider also supports systems that supply the environment in which SaaS business models are realized.

Now that the fundamentals of CCRA are out of the way, the brief system of how the cloud works will be discussed. 

To be able to supply these services you will need Operating System Services (OSS), which will oversee the deployment of the requested service, and Business System Services (BSS), used to validate the request and create the invoice for the requested services. Any metrics could be used to create the invoice (for example, number of users, number of CPUs, memory, usage hours/month). It is very flexible and depends on the service provider.

A cloud computing environment will also need to supply interfaces and tools for the service creators and users. This is the role of the Cloud Service Creator and Cloud Service Consumer components.

You log in to a portal (enterprise or public wise) and you order your services through the Cloud Service Consumer. This service has been created by the cloud service provider and can be a simple virtual machine (VM), some network components, an application service such as a WebApp environment, etc. It depends on the provider and type of resources and services.

The cloud provider will confirm your request and if the validation is successful (credit card, contract), it will supply the request through the OSS. Allowing you to receive, in one way or another, the credentials to access your requested services and you will usually receive a monthly invoice for your consumption.

3. Conclusion

In this article, we aimed to give a series of fundamental information about the status quo of cloud computing itself and its underlying themes. The aim was here to create awareness and knowledge into topics that go undetected for the regular user, which usually results in distrust towards Cloud Computing as a whole.

By highlighting all the processes that go into the creation of Cloud Computing in general and explaining how it is established overall.

While this article itself does not bring an innovative approach to the definition of cloud computing itself, it utilizes the current literature to contextualize just where we are when it comes to the technology and methodology of Cloud Computing.

4. Bibliography

Alam, M. (2017). Cloud Computing-Architecture, Platform and Security Issues: A Survey. World Science News 86, 253-264.

Babyk, I. (2020). Learning in Big Data: Introduction to Machine Learning. E. Bouchefry, & S. De Souza, Knowledge Discovery in Big Data from Astronomy and Earth Observation (s. 225-243). Amsterdam, Netherlands: Elsevier.


Elzamly, A., Hussin, B., & Basari, H. (2017). Classification of Critical Cloud Computing Security Issues for Banking Organizations: A Cloud Delphi Study. International Journal of Grid and Distributed Computing Vol. 9, No. 8, 137-158.

Eurostat. (2021, December). Cloud computing - statistics on the us by enterprises. Retrieved from europa.eu: https://ec.europa.eu/eurostat/statistics-explained/SEPDF/cache/37043.pdf

Khan, A. (2016). A survey of security issues for cloud computing. Journal of Network and Computer Applications Vol. 71, 11-29.

Odun-Ayo, I. M. (2018, July). Cloud Computing Security - Issues and Development.

Sarddar, D., Roy, S., & Bose, R. (2018, March). Exploring the Fundamentals of Cloud Computing.

Sayantan, G., Stephen, Y., & Arun-Balaji, B. (2016). Attack Detection in Cloud Infrastructures Using Artificial Neural Network with Genetic Feature Selection. IEEE 14th International Conference on Dependable, Autonomic and Secure Computing, 414-419.

Tamilselvan, L., & Subramanian, E. (2019). A focus on future cloud: machine learning-based cloud security. Service Oriented Computing and Applications 13, 237-249.