Cloud Based Framework for E-Governance

The idea of e-government (National e-Governance Plan, 2013) has emerged from e-business and e-commerce in the late 1990s. The use of Information and Communication Technology (ICT) in businesses has tremendous effects on performance of businesses. Keeping the successful implementation of e-commerce and e-business in mind, the governments around were thinking to introduce ICT in public sector. Governments simply wanted to provide information and services using Internet and the Web. The task was not difficult because the concepts of e-commerce were already there. Today almost all countries in the world are efficiently and effectively using ICT for providing public services to the citizens and businesses Advances in computing technology have introduced new concept in e-business and e-commerce. The new evolutionary wave in the space was Service Oriented Architecture (SOA). As a result of Service Oriented Architecture the establishing and running of business functions were outsourced to online services (Bhatnagar, 2004). Cloud Computing (Gupta and Jana, 2003). is the realization of Service Oriented Architecture. Keeping use of „cloud computing in e-business‟ in mind, we can raise a question - would it be possible to use cloud computing services for e- government domain? E-government means delivering government information and services to the citizen (G2C) and businesses (G2B) using modern information and communication technology

Available online at www.ignited.in Page 2

in order to improve the performance of public sector organizations and to facilitate citizens and businesses. This also increases the effectiveness and efficiency of the public sector organizations. The key point is if the governments spend huge amount of money in creating e-government system then it should be effective in terms of reliability, ease of maintenance, cost efficiency, and satisfaction of other non-functional properties (NIST, et. al., 2011). However e-government is facing challenges like budget shrinking for ICT by the governments, increasing demands for information and service by the citizens and continuous advances in technology which puts governments under pressure to be innovative. In order to overcome the above mentioned challenges governments should be innovative and willing to adopt new computing technologies. In the light of current economic situation where governments are under pressure to cut extra spending as a result they are shrinking ICT budget. In a situation like this it is difficult to continue with traditional e-government model. One solution to above problems is the use of cloud computing services for e-government.

E- Governance is facing some challenges and cloud provides the way to cope up with these challenges. So here we provide the challenges and their removal process as described by cloud. • Data Scaling: As we know the e-Governance projects deals with the huge amount of data (of citizens), so, the option of scaling of databases according to the data should be there. Cloud databases support high-end scalability and also distributed scalability. These databases can be used for on-demand scalability of e-Governance applications. • Auditing and logging: In e-Governance services tracing is required at periodic interval. Information Technology Services can be used for controlling corruption in Government Departments. Regular Audits (process as well as security audits) must be done to ensure high security of the system. Cloud can make audit process easier by analyzing huge amount of data and detecting any fraud. With the help of cloud a defense mechanism can be developed to enhance the security. • Rolling out new Instances, Replication and Migration: Government works at different levels to provide services to its citizens. Therefore e-Governance applications should be present at different levels of Government (departments, states, cities, districts and municipalities etc.). A project in a district can be applied for other district also by creating its replication. So, all e-Governance application should have this option available. Cloud offers excellent architecture to support the feature of Replication, new Instances and Migration. • Disaster Recovery: Natural disasters like floods, earthquakes, wars and internal disturbances could cause the E-Governance applications not only loose data, but also make services unavailable. Cloud virtualization technologies give the facilities of backups and restoring. It also gives such application and facilities by which migration and disaster recovery becomes possible. • Performance and Scalability: Commonly e-Governance technologies are required to meet the growing numbers and demand of citizens. If implemented, the E-Governance portals could become the biggest users and beneficiaries of Information Technology. Scalability is inbuilt in Cloud Architecture. E-Governance applications can be scaled to larger extent with the help of Cloud. • Reporting and Intelligence (Better governance): Various factors like data center usage; peak load hours, consumption level, power usage etc. are to be monitored for the better utilization of resources. Different services provided by the Government can become better and citizen friendly if they can be visualized properly. Different frameworks like MapReduce (Apache Hadoop) can process large dataset available on clusters of computers. Cloud computing offers easy integration with these types of frameworks. • Policy management: Government has certain policies in terms of dealing with citizens. E-Governance also adheres to these policies. Along with the infrastructure and data center, policies have to be enforced for day to day operations. Cloud helps in implementing these policies in data centers. Policies like securities, application deployment etc. are too applied on data centers seamlessly. • Systems Integration and Legacy Software: The main advantage of e-Governance can be the data sharing between different applications. This shared data can be used for different purposes in the Government. The information technology empowers e-Governance in co-relating data across application and share messages across

Available online at www.ignited.in Page 3

different systems for the betterment of the end user (citizen). Service Oriented Architecture (SOA) of Cloud provides awesome solution for integration of various applications. Also, the applications which are already built can be easily moved onto cloud. • Obsolete Technologies and Migration to New Technologies: Software and platforms becomes obsolete on the arrival of their newer versions. Moving to newer version of software is never an easy task, lots of security patches exist in between the shifting, which must be dealt with great care. Cloud deal with this requirement very effectively. The different versions of software exist in parallel at the same time. Firstly, the versions are tested and then the application can be migrated into the newer one. • Going Green: E-Governance provides facilities to the citizen to the root level. Therefore, large data centers and massive hardware support are to be provided by the Government to fulfill the need of large number of citizens. The power usage, air-conditioning and electronic waste could create bio-hazard. An AT&T-sponsored report from research firm Vedantic announced that cloud computing could allow companies to save an estimated $12.3 billion off their energy bills, annually. This energy savings would directly translate into carbon emission savings of 85.7 million metric tons per year by 2020 (Kumar, 2010).

“Cloud computing will significantly speed up design and roll out of services, enable social networking and participative governance and e-Commerce on a scale which was not possible with traditional technology solutions.” Various e-Governance Services that can be run with Cloud are: 1. Employee management 2. E-Health 3. E-District 4. E-Procurement 5. E-Learning 6. E-Citizen Charter, etc Most of the above services requires large amount of citizen‟s information. There is also duplicity of such information at various levels, due to limited centralized (interconnected) IT systems. There are many difficulties in updating the data due to lack of collaboration between different departments of Government. Government bodies across India including central and state Government, SPV‟s, local Governments, usually operate with moderate to low level of IT involvement – many departments having undertaken computerization in the past decade. These difficulties can be overcome by the opportunities provided by virtualized processes and network-dependent services. Responsiveness, information sharing and coordination between different areas and levels of government can also be augmented by the potential for scalable and shared resources in the Cloud. Not only will this result in a significant reduction in capital expenditure, it will also enable building transparent systems and robust reporting and information records systems which will ultimately help in improved governance and bring efficiency to citizen services.

The figure 1 shows visual model of cloud computing definition and this model composed of five essential characteristics, three service models, and four deployment models as described by NIST (Tripathi, et. al., 2011).

1. Essential characteristic: There are five essential characteristics of cloud computing. These are: (Peter et al. 2009). 1.1 Ubiquitous Network Access: Ubiquitous network access means that the cloud provider‟s capabilities are available over the network and can be accessed through standard mechanisms by both thick and thin clients. 1.2 Rapid Elasticity: Elasticity is defined as the ability to scale resources both up and down as needed. To the consumer, the cloud appears to be infinite, and the consumer can purchase as much or as little computing power as they need. This is one of the essential characteristics of cloud computing in the NIST definition. 1.3 Measured Service: In a measured service,

Available online at www.ignited.in Page 4

aspects of the cloud service are controlled and monitored by the cloud provider. This is crucial for billing, access control, resource optimization, capacity planning and other tasks. 1.4 On-Demand Self-Service: The on-demand and self-service aspects of cloud computing mean that a consumer can use cloud services as needed without any human interaction with the cloud provider. 1.5 Resource Pooling: Resource pooling allows a cloud provider to serve its consumers via a multi-tenant model. Physical and virtual resources are assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). 2. Delivery Models: There are different categories of Cloud Computing such as infrastructure, platform, application etc. These services are delivered and consumed in real time over internet. These delivery models are: (Tewari and Sharma, 2011) 2.1 Software as a Service (SaaS): The consumer uses an application, but does not control the operating system, hardware or network infrastructure on which it's running. (Peter et al. 2009). 2.2 Platform as a Service (PaaS): The consumer uses a hosting environment for their applications. The consumer controls the applications that run in the environment (and possibly has some control over the hosting environment), but does not control the operating system, hardware or network infrastructure on which they are running. The platform is typically an application framework. 2.3 Infrastructure as a Service (IaaS): The consumer uses "fundamental computing resources" such as processing power, storage, networking components or middleware. The consumer can control the operating system, storage, deployed applications and possibly networking components such as firewalls and load balancers, but not the cloud infrastructure beneath them. 3. Deployment models: Clouds are classified into four models based on their infrastructure and these are distinguished by their architecture and functionality. 3.1 Public Cloud: In simple terms, public cloud services are characterized as being available to clients from a third party service provider via the Internet. The term “public” does not always mean free, even though it can be free or fairly inexpensive to use. A public cloud does not mean that a user‟s data is publically visible; public cloud vendors typically provide an access control mechanism for their users. Public clouds provide an elastic, cost effective means to deploy solutions. 3.2 Private Cloud: A private cloud offers many of the benefits of a public cloud computing environment, such as being elastic and service based. The difference between a private cloud and a public cloud is that in a private cloud-based service, data and processes are managed within the organization without the restrictions of network bandwidth, security exposures and legal requirements that using public cloud services might entail. In addition, private cloud services offer the provider and the user greater control of the cloud infrastructure, improving security and resiliency because user access and the networks used are restricted and designated. 3.3 Community Cloud: A community cloud is controlled and used by a group of organizations that have shared interests, such as specific security requirements or a common mission. The members of the community share access to the data and applications in the cloud. This is cooperation between users who share some concerns like security, application types, legislative issues and efficiency demands. In other words, a Community Cloud is a closed Private Cloud for a group of users (Tewari and Sharma, 2013). 3.4 Hybrid Cloud: A hybrid cloud is a combination of a public and private cloud that interoperates. In this model users typically outsource non business- critical information and processing to the public cloud, while keeping business-critical services and data in their control. This setup is typically used for larger companies.

Available online at www.ignited.in Page 5

Figure 2: Cloud computing deployment model (Tewari and Sharma, 2013).

The advantages of cloud computing can be categories into four different categories.

a) Elastic scalability and pay-as-you-go: We can add and subtract the services and infrastructure support as we need. Pay per use and pay for only services used concepts can be applied. b) Always the latest software: As updates are automatic we will get the latest software without paying new purchase cost to vendor.

d) Power Management: From the aspect of Power Management it is easier to manage Virtual Servers in comparison to physical servers. e) Data Recovery: Natural disasters like floods, earthquakes, wars and internal disturbances could cause the regular e-Governance applications not only loose data, but also make services unavailable. Multiple installations in geographically separated locations with complete backup and recovery solutions are required. Cloud virtualization technologies allow backups and restoring. It offers application migration seamlessly compared to traditional data center.

a) Cost Reduction: The software and hardware available at cloud are updated easily and a consumer does not need to take the stress about that. They also need not to worry about the configuration and resource allocation as that can be automatically done by the server management. The customers only have to pay for the services they use and only for the time they want to use. Available at a fraction of the cost of traditional ICT services; upfront capital expenditures eliminated, dramatically reduced ICT administrative burden as you can hire the infrastructure from clouds (Youseff, et. al., 2008).

a) Cost Reduction: Organizations can save the cost involved in building infrastructure and data center. In longer run this will help in growing the company as they can concentrate more on improvements of their core competencies (NIST).

a) Go Green: E-Governance provides facilities to the citizen to the root level. Therefore, large data centers and massive hardware support are to be provided by the Government to fulfill the need of large number of citizens. The power usage, air-conditioning and electronic waste could create bio-hazard. An AT&T-sponsored report from research firm Verdantix announced that cloud computing could allow companies to save an estimated $12.3 billion off their energy bills, annually. This energy savings would directly translate into carbon emission savings of 85.7 million metric tons per year by 2020 (Kumar, 2010).

1. Deletion of data: The customer cannot delete its data after being uploaded to the cloud server as per the agreement policy decided by the vendor. We also know the data cannot be fully erased from the hard disk until we format it and replace it with new data many times, which cannot be done in the cloud scenario. So even after deletion there is a risk for customer of using their data by third party. 2. The Offline cloud: By now we know that Cloud computing is fully dependent on network connection (internet). If there is a problem in network connection then user will not be able to access cloud resulting in offline cloud.

Available online at www.ignited.in Page 6

3. Privacy: The data owner in the cloud environment cannot check the security assurance before using any service. Data from the user‟s local system will be transmitted to cloud server. During this procedure data might not be adequately protected. Data confidentiality and control of data are the main issues when another party is housing your data. All service providers must ensure the privacy concern of the customers by checking:

4. Data Lock-In: When customer stores their data in cloud data centers after gone through agreement with service provider, they cannot easily get that data and programs back. They also cannot change their providers if they found some problem with the old one. That means there is complete customer Lock-in with the Cloud Computing providers. From Cloud Computing provider‟s point of view Data lock-in or Customer lock-in is very beneficial, but for customer problem arises if there is a price hike, reliability problem, or when provider goes out of services (business shutdown). For example, an online storage service called The Linkup closes its business on August 8, 2008 after losing access as much as 45% of customer data. The Linkup, in turn, had relied on the online storage service Nirvanix to store customer data, and now there is finger pointing between the two organizations as to why customer data was lost. Meanwhile, The Linkup‟s 20,000 users were told the service was no longer available and were urged to try out another storage site. 5. Data Confidentiality and Auditability: Data in the Cloud environment is always shared and in the same environment with other customers, so, it is possible for other customers to get access to data belonging to other (accidently or intentionally). As well as Service provider can also get unauthorized access to customer‟s data, if the data is not encrypted. Similarly, Auditability could be added as an additional layer providing facilities arguably more secure than those built into the applications themselves and centralizing the software responsibilities related to confidentiality and auditability into a single logical layer. 6. Network: The network failure or delay in response can result in heavy loss for a company (NIST). Most parts of the world are not in a condition of providing high bandwidth network connection. There is a need of high speed network connection for the proper utilization of cloud computing services/applications. Lack of speed and low bandwidth can result in not accessible cloud services. 7. Software Licensing: The licensing structure of currently running software does not fit with cloud structure. Currently, software license strict the computers on which the software run. Users pay at the time of purchase and then pay an annual maintenance charge as decided by the software vendor. This structure is incompatible with cloud computing, so almost cloud computing providers rely on open source software.

Security is the major issue in most of the survey conducted about cloud computing. There are lots of network attacks that can be occur on data like a) Denial of Service: When hackers overflows a network server or web server with frequent request of services to damage the network, the denial of service cannot keep up with them, server could not legitimate client regular requests. b) Man in the Middle Attack: This is another issue of network security that will happen if secure socket layer (SSL) is not properly configured. c) Network Sniffing: Another type of attack is network sniffer, it is a more critical issue of network security in which unencrypted data are hacked through network for example an attacker can hack

Available online at www.ignited.in Page 7

passwords that are not properly encrypted during communication. d) Port Scanning: There may be some issues regarding port scanning that could be used by an attacker as Port 80(HTTP) is always open that is used for providing the web services to the user. e) SQL Injection Attack: SQL injection attacks are the attacks where a hacker uses the special characters to return the data. Cross Site Scripting: It is a type of attack in which user enters right URL of a website and hacker on the other site redirect the user to its own website and hack its credentials.

Following are the top cloud computing providers of 2013 who are dominating the cloud computing field: Amazon, Rackspace, Microsoft, Google, Salesforce.com, Red hat, VMware, Citrix, Linode, IBM Cloud-Foundry, Cloud9, OpenShift, App Fog etc., Just Cloud, Shift edit etc.

We found that the in India cloud is in its infancy stage. Present scenario in India is forcing the Cloud to be adopted in e-Governance despite some of its drawbacks. Lots of public/private organizations are moving to cloud because of its benefits like cost reduction, data storage, scalability, speed, sharing of resources etc. There are some issues also in adopting cloud and security is the main concern. We have proposed the cloud architecture of e-Governance with hybrid deployment model, which secure the sensitive data and other government information at private end (government own infrastructure) and provide a safer side of using cloud. The main aim of our research is to develop a new model of cloud computing based e-governance services to offer a cost effective, easily implemented, secured and highly available platform. To achieve this objective we have studied and analyzed the benefits and issues of cloud computing if adopted in e-Governance services. Analysis of pre-requirement is done to offer e-governance through cloud computing.

Aprna Tripathi et. al. (2011). / VSRD International Journal of CS & IT Vol. 1 (1). Bhatnagar, S.C. (2004). E-government: from vision to implementation; a practical guide with case studies. New Delhi : London : Sage Publications David C. Wyld (2009). Robert Maurin Professor of Management and Director of the Strategic e-Commerce/e-Government Initiative, Southeastern Louisiana University , ”Moving to the Cloud: An Introduction to Cloud Computing in Government”, Copyright © 2009 by IBM Dr. Sanjay Kumar Dwivedi, Ajay Kumar Bharti (2010). “E-governance in india – problems and acceptability”, Journal of Theoretical and Applied Information Technology, © 2005 - 2010 JATIT & LLS. All rights reserved. Gupta, M.P., Jana, D., (2003). E-Government evaluation: a framework and case study. Government Information Quarterly 20, pp. 365–387. L.Youseff, M.Botrico, and D. D Silva (2008). Towards a unified Ontology of Cloud Computing, Proc. Of Grid Computing Enviornments Workshop. National e-Governance Plan (2013). Available at http://india.gov.in/govt/national_egov_plan.php [online] accessed on November 2013 National Institute of Standards and Technology (NIST) Definition of Cloud Computing, http://csrc.nist.gov/groups/SNS/cloud-computing/ Naveen Tewari and M. K. Sharma (2011) “Towards e-Governance Framework in INDIA using Cloud Computing”, Proceedings of the 5th National Conference; INDIACom-2011 Naveen Tewari and M. K. Sharma (2013). “Cost of Traditional and Cloud Framework for e-Governance (Comparative Case Study)”, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 3, Issue 10, October 2013, ISSN: 2277 128X, page 662-666 NIST, Mell, P. & Grance, T. (2011). The NIST Definition of Cloud Computing, 2011. p.2 at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf. S. Prem Kumar (2010). “E-Governance Applications for citizens- Issues and Framework”, (IJCSE) International Journal on Computer Science and Engineering Vol. 02, No. 07, 2010, pp. 2362-2365

Available online at www.ignited.in Page 8

Assistant Professor, MCA Program E-Mail – bca.laxmi@gmail.com