The Exciting Journey to Annihilation: Existence in the House that Jack Built

The house for everyone’s virtual experience is expected to be a safe space, but it has the potential for dangerous events, which shouldn’t be ignored.

The cloud offers online services that we have all become dependent on for entertainment, supplies, collaboration, business, health, and much more. Our companies build their entire IT stacks in the Cloud, with no need for individual data centers or the purchase of servers or server farms. Consumers prefer apps on their mobile devices, connecting directly to cloud-based services, over personal devices and web browsers. Many new services, such as navigation technologies, don’t even function from a computer, period. These are dedicated cloud-based services designed for person-to-cloud access through mobile devices or wearables, and whatever cellular or Wi-Fi access point is available.

So, “What exactly is the Cloud?”

In this article, I will describe the connections, hardware components, software platforms, and user services that comprise the Cloud in its simplest and most generic form. The virtual space we all love consists of millions of connections and servers in massive data centers worldwide. Some of these servers are private, some public, and all are Internet-connected. I will explain what tenancy and responsibility mean, how networking connections are established, and the difference between cloud providers and users. Examples will also be given explaining the nefarious activities that occur or those that many of us are exposed to through cloud use. Finally, this article aims to provide you with a better understanding of this house that Jack built, a tale of heroes, success, vermin, and an almost comical failure hidden between the lines.

This is the house that Jack built.

You might think this refers to a physical structure or multiple physical structures, such as data centers like the one in the image below. However, that is just the hardware of a trusted platform, providing only the most basic functionality to the Cloud.

The house is where we install and manage resources, develop and deploy code, and use applications and services. This is a virtual space and an ethereal environment where changes occur frequently, and “on” and “off” switches exist for everything. Yet, this virtual space is easily accessible from our physical devices, to the point where our perception is that we are interfacing directly with software in a data center hundreds of miles away, instantly in the palm of our hand. Because of this, we should wonder how the user experience gets translated from the physical interactions on our devices to those data centers and eventually to the virtual hosting environment of the Cloud. Let’s start by exploring the architecture.

Your cloud learning journey begins with a set of terms that will take you on a path from the physical world to the virtual world. As such, know that it takes data centers, networks, storage, physical servers, virtualization, operating systems, databases, applications, and data to enjoy the privileges of using even the simplest cloud applications, including those that are installed on your smartphone. Starting with the physical data center and building through all connections, servers, and application components, we finally arrive at a mechanism to receive, store, process, and transmit data. With the datum being the use case, the user’s interest, and the ultimate prize, regardless of how insignificant it might seem at the genesis of digital creation. As we all know, even browsing history is a form of data worth mining. You’re browsing history is what ties vendors to your likes and needs, it’s a window into your most private wants and desires…And, creating browsing history is effortless! This will be our case as we continue. Let’s start with the components that make up the cloud with a terminology lesson.

Data centers are the physical, brick-and-mortar buildings that house all the physical servers and wires for power and digital communications. These buildings have thousands of square feet, hundreds of server racks, and Heating, Ventilation, and Air Conditioning (HVAC) systems that maintain optimal temperatures and provide enough power to send Marty McFly back in time!

Networks are physical connections, the wires, fibers, or radio frequency (RF) transmissions that allow physical devices to connect to other physical devices. Within the data center, servers and networking devices, such as routers, switches, and firewalls, are connected using Ethernet, which utilizes the IEEE 802 series of protocol standards. These are the only physical communications between devices and with external networks, like leased lines or from internet service providers (ISPs).

Storage refers to physical data storage, but in the context of a cloud data center, these are extremely robust network-attached hard drives called storage area networks (SANs) that can be managed from a virtual hypervisor. SANs are partitioned and mapped to thousands of different virtual resources as needed and on demand. SANs are composed of hard drives and dedicated networking switches, which are installed in server racks and connected to the networking connections alongside all other servers in the datacenter.

Physical servers are the backbone of the computing infrastructure in the Cloud computing environment. If a smartphone is the equivalent of a normal human, a single datacenter server would be the equivalent of Superman. Servers are composed of central processing units (CPUs), which can be mapped to nearly 200 virtual CPUs per server. Also, many of these individual servers can support an unbelievable amount of random-access memory (RAM), upwards of 24 tebibytes (TiB), or 26,388,279,066,624 bytes of memory that can be virtually allocated as needed. That is, 26 trillion three hundred eighty-eight… and so on bytes! In addition to processors and memory, these servers are optimized for input/output (I/O) of data, elastic storage, network interfaces, intensive graphics, and compute-intensive workloads. They must generate a significant amount of heat!

Virtualization is a first-order software that emulates physical server hardware within a software environment for the redistribution of resources. Virtualization emulators are known as hypervisors, which are also specialized operating systems. These hypervisors allow the division of CPUs, RAM, storage, networking interfaces, graphics, and I/O, resulting in a virtual data center, essentially all within each physical server. One data center-spec physical server can house 100s of virtual computers if needed, and all because of virtualization.

Operating systems are another first-order of software, and the interactive user environments that allow for the installation of software for development or services, applications on top of physical or virtual computer hardware. Operating systems allow users to access hardware components using drivers for data I/O, video, or printing and to provide an interactive software experience. Most of us understand that our smartphones must boot up when turning them on, but we don’t think twice about the background operating system. For iPhone, that is known as the iPhone Operating System (iOS), for other mobile devices, it is typically called Android, including Google Chrome. You should know that Google owns the Android software development environment, and Android apps are installed through Google Play. For legacy computing, the standard operating systems are Microsoft Windows or some variant of Unix/Linux. In many cloud data centers, the physical servers typically use open-source Linux to host the hypervisor virtualized infrastructure.

Notice in the drawing below that the user is at the top, the hardware is at the bottom, and the operating system (the kernel) is in the middle. Also, cloud users do not have direct access to the physical server operating systems or hypervisors, they may access a virtual operating system.

Databases are second-order software, as these applications are specifically designed to organize and store data for access at a later time than when it's initially stored. These are second-order software because they need an operating system environment to allow user and hardware interaction. Databases can be dedicated backends for file stores, dedicated to a single application, or provide data storage for many applications or digital services. Finally, databases are similar to storage in that they are used to store data; they differ in that they define the software, not the hardware capabilities. Here is an example of a database management system (DBMS) displaying the database administrators (DBAs), users, and applications at the top, with the data files accessible through the DBMS functions in the middle box.

Applications provide a user experience that we all know and love. As second-order software, applications (apps) rely on an operating system for user and hardware interaction, and in many cases, use databases behind the scenes (on the backend) to store user information and records of events. A typical example of an application with a backend database is the web search engine. As we search using the application, the history of our search text and the responses provided by the search engine are all collected in a database.

Most modern applications use web server and web client technologies and connections to function in a user’s browser or on a mobile device. For example, if an app cannot be used without an internet connection, it's considered a web app, regardless of whether a browser is used. We recognize it as a web app because it employs the ports and services associated with the secure version of the Hypertext Transfer Protocol, known as “HTTPS.” The following image will help you visualize a Java app that runs on both web browsers and mobile devices.

Data are not hardware or software; they're what all of our technologies are built to process, store, transmit, receive, and even create! If that sentence seems strange to you, it's probably because you were not aware that the word data is plural. That’s right, data is plural for datum, a phrase referring to a basis for calculating or measuring. In this context, these are more than information; data includes all of the use cases for technologies, these are information, they are commands, they are files, operations, functions, visualizations, and so much more.  When a device is powered on, the screen lights up, it displays a time, a temperature, a login prompt, and it might even vibrate; all of that stuff that happens then is because of data.

When you search for something on the Internet, your words are saved as data. When that search result returns a list of websites or answers using Artificial Intelligence (AI), those are data. The mobile device you are using to perform that search, including its location and user information, is also considered data. It’s all about the data, and companies that provide free web search engines and email accounts are the best at mining it all!

When it comes to data and the Internet, I envision the most accurate model looks a little like the following image.

… Now that is the house that Jack built. That is the Cloud.

Jack, the rat, and everything in between

At this point, you are probably wondering, “How will he tie this all together?” What I’ve been defining includes the components of the cloud responsibilities model, sometimes referred to as the shared responsibilities model. You see, each of the elements — data centers, networks, storage, physical servers, virtualization, operating systems, databases, applications, and data—is controlled, managed, accessed, or lost by people. Just like Jack is responsible for his house, we are all responsible for some part of the Cloud.

To better understand these concepts, let’s start by defining some key roles. For simplicity, our discussion will focus on cloud providers and cloud users. We’ll then explore the different cloud services and add a visualization to help clarify each service’s responsibilities directly related to those services.

Cloud Providers invest heavily in the facilities, physical hardware, and connections necessary to build out computing, storage, and application capabilities that cloud users consume and virtually occupy. This is a virtual rental property, and cloud providers are the landlords, and users are the tenants. These virtual properties are often referred to as cloud services, which providers offer remotely accessible infrastructure, platforms, or software as a service. You’ve probably heard these terms: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). If that’s the case, you’ve already heard about the services they provide. We’ll explore these shortly.

Jack built the house, but he needs you to bring the data.

Cloud Users are consumers who purchase SaaS, PaaS, or IaaS from a cloud provider and occupy these virtual environments. These users are referred to as cloud tenants. When a service is purchased, the user has a tenancy with the provider. In the shared responsibility model, the cloud user assumes more responsibility for each computational resource, depending on the exact service being purchased within their virtual environment. For example, for SaaS, the user only has access to the application, thereby leaving the provider responsible for everything but the data. Alternatively, if IaaS is purchased, the user is accountable for managing and controlling the virtual computers and devices that are set up, not the provider.

You like Jack’s house, so you carry your data through the front door, over the threshold, into your new room, and go about your business.

Let’s explore these services in more detail next.

Infrastructure as a Service, or IaaS, is what I refer to as a virtualized data center. A cloud provider manages the physical infrastructure while providing a service interface that allows users to set up virtual servers, networking devices, domain controllers, and even application hosting.

In IaaS, the user is responsible for the virtual infrastructure and all software installed on it.

Platform as a Service, or PaaS, is that in-between space, not virtual infrastructure, but more than just access to an application. This is primarily where software development, application management, and container management reside. (Think of containers as a stripped-down virtual operating kernel that runs as applications on top of other operating systems.)

In PaaS, the user is responsible for the software code and the application.

Software as a Service, or SaaS, is basically just a user interface to an application that is completely hosted, developed, maintained, and managed by the provider. This means the user relinquishes control over all cloud components to the provider, retaining only control over the data.

In SaaS, the user is solely responsible for their own data.

Now, each of the responsibilities of these services can be thought of as a more miniature doll in a set of matryoshka dolls. In this order, SaaS can be inside PaaS, which can be inside IaaS. Let’s depict it like this image below.

See how the green SaaS box is contained within the purple PaaS box, which in turn is housed within the blue IaaS box. IaaS users can therefore serve PaaS and SaaS. PaaS users can serve SaaS. SaaS users, on the other hand, cannot serve anything; they are only users.

Consider that most of the apps you download on your smartphone operate as Software as a Service (SaaS). Now, you can see that the only control you have is over the data you input or output. You’ve relinquished control over everything else to the Cloud, to Jack.

Here is a Cloud Responsibility model using the terminology in this article, in its simplest form.

As anyone can see, the majority of the responsibilities for managing the Cloud fall on the cloud providers. Therefore, all users should be able to depend on the providers for security and support, right? Subsequently, if data are controlled, managed, accessed, or lost by people, who would be accountable if the technology's security breaks down and the data is breached?

…Remember that in the Cloud, the data is the sole responsibility of the user!

Heroes, success, vermin, and failure

Do you remember that application image you saw earlier in this article? You know the one - it features a server-side component on the right, a client-side component in the center, and smartphone and browser users on the left. Now, for all intents and purposes, that is an accurate depiction of a cloud app. To make that function using our responsibility model, the primary cloud provider (think Azure or AWS) sells a tenancy to a cloud user, including the server-side functionality (i.e., filesystem, database, web server, etc.). In turn, that cloud user sells the application to the final end user. The end user interacts with the application from their phone.

To the end user, everything behind the scenes is invisible; they are in the dark, ignorant of what lies in the shadows. As long as the app functions and entertains, everything else is not essential.

In reality, our simple human brains cannot even calculate or comprehend the vastness of the Cloud in the background. Let’s shed some light on the subject and see what’s lurking in the dark.

Now that’s a mess! Jack is not a tidy housekeeper.

The good

Every layer in our cloud responsibility model can be built to provide safe and dependable spaces for our data, regardless of how complex it all seems. If people know their place and do their part, the Cloud can be successful. Here is how.

1. Cloud providers must build and maintain data centers to ensure the physical security and availability of everything contained within.

   
   

2. Cloud providers must deploy, maintain, secure, and track all physical networks, including every connection, both within and outside their data centers.

   
   

3. Cloud providers must deploy, maintain, secure, and track all physical storage area networks, including every drive and every connection.

   
   

4. Cloud providers must deploy, maintain, secure, and track all physical servers, including every connection to and from those servers.

   
   

5. Cloud providers must deploy, maintain, secure, and track all virtualization hypervisors, including the installation details for every physical server and connections to storage area networks (SANs) and physical networks.

   
   

6. For SaaS and PaaS, cloud providers must deploy, maintain, secure, and track all operating systems, including the connections to and from those operating systems. For IaaS, the user assumes these responsibilities.

   
   

7. For SaaS and provided PaaS databases, cloud providers must deploy, maintain, secure, and track all databases, including the connections to and from those databases. For IaaS and leased PaaS databases, the user assumes these responsibilities.

   
   

8. For SaaS, cloud providers must deploy, maintain, secure, and track all applications, including access to and from those applications. For IaaS and PaaS, the user assumes these responsibilities.

   
   

9. Cloud users must use these services wisely, as they are entirely responsible for their data and no one else.

…and by following these rules, heroes are made.

The bad

When it comes to online activities, who do you think is using whom? Funny question, but in a world of cloud providers and cloud users, where do search engines fit in? People interface with their smartphones and the online virtual world (i.e., the Internet) using written conversational logic. An example of this is when you search for the latest news, or information on a topic, or even the best deal on a product or service. What you are doing is asking a question like this: “What is the latest news?” In return, your online pal (i.e., the search engine) is replying, “Here is the latest news.”

To make this conversation work, you enter data into another user’s tenancy. That’s right. You are giving your questions to someone else to get an answer in return. In doing so, you are also identifying yourself and your device to that user who establishes a new identity for you as the person who asked a question and got an answer. This happens in the physical world, too. You ask someone for directions, per se. In return, that person tells you the way. Through that correspondence, you identify a friendly face, that person speaks to you with instructions, and then you go about your business. What’s different in the virtual space could be comparatively seen as opaque espionage.

Let me explain.

If, instead of providing directions and walking away immediately thereafter, that person required your contact information and recorded your appearance information (e.g., approximate age, race, body type, brand of shoes, visual impairments, etc.) before providing you with directions, then saved all of that information in a database designed to feed into a contextualization and large language model for immediate use, then they would be comparable. I’ll bet that in the physical world, if you met that person, you would immediately run away!... But they still collected as much about your appearance as possible.

You would run away in the real world because your defenses are up.

Now, if you are thinking to yourself that you aren’t giving your identity to everyone, then you are mistaken. You set up an account on your smartphone. You set up an email account. You logged into your web browser. You have an account on your online marketplace. You have an account for your photos, your files, and your data. You’ve set up accounts everywhere. You also store your addresses, your credit cards, and your online payment systems, which are linked to your bank accounts. Your name is all over all of it! …And I didn’t include social media, but that’s just the obvious.

The bad news is that Jack built his house to sell things to you, and you don’t know Jack!

If you’ve made it this far, I’d like to thank you for reading this and my other articles on the Cloud. This was more technical than some because it was intended to help teach about the technologies and terminology that comprise the Cloud. With this information, many of you can start to gain a better understanding of what it takes to build, secure, and stabilize this incredible virtual space that nearly 7 billion of us share. With this knowledge, you can begin to develop even stronger defenses in the virtual world. Stay tuned as I continue in this series, diving deeper into how threat actors take advantage of vulnerabilities in the Cloud, both in technologies and people.