Jeffrey Ziplow, MBA, CISA, CGEIT
The term “cloud computing” is the new buzz word and hot topic among many businesses and professionals. Unfortunately, many people do not truly grasp its capabilities, limitations and benefits.
What can cloud computing do for your business? Is it a good fit for your business needs? Is the cloud secure enough to transact business?
There are many factors to consider before moving into cloud technology.
Architecture of the Cloud
Many businesses typically have physical servers (hardware) and application software solutions that are located on-premise within the company. Typically, a company also has IT staff that oversees the computer hardware and helps maintain the overall support of these servers and software applications.
Now let’s change the paradigm. Suppose instead of physical on-premise servers, we utilized the Internet and used someone else’s hardware, software and support services. Suppose we didn’t have to worry about backing up data or having our own disaster recovery/business continuity solution. Suppose we have outside personnel responsible for the upkeep of our “cloud-based” computer operations. In fact, this is what cloud computing is all about. An outside service organization that can provide a myriad of services including: infrastructure, hardware, software and ongoing support services, all based on the needs of the company.
Cloud computing has become a hot topic based primarily on two factors:
- Enhanced speed/performance of the Internet
- The ability to virtualize servers (e.g. the ability to run multiple virtual servers on a single physical server)
To meet the varying needs of all businesses, cloud-based solutions come in a number of flavors, including:
Infrastructure as a Service (IaaS) – an opportunity for an organization to outsource the equipment used to support operations, including data storage, hardware, servers and networking equipment. The cloud service provider (CSP) owns the equipment and is responsible for housing, running and maintaining it all. The client typically pays the provider on a per-use basis.
Platform as a Service (PaaS) – a form of renting hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones.
Software as a Service (SaaS) – a software distribution model in which applications are hosted by a service provider and made available to customers over a network, typically the Internet. SaaS usually includes all of the infrastructure and backup/recovery capabilities as well.
Benefits of the Cloud
The cloud has the ability to save your company money. Rather than paying for on-premise servers, other hardware and software applications, the SaaS model provides a fixed annual fee per user. This fee includes the use of the software application(s) and provides 24/7 technical support and disaster recovery/business continuity capabilities. Cost savings are realized by the reduction of up-front hardware and software investments.
With a cloud-managed solution, businesses can avoid paying unexpected costs for new/additional hardware, software upgrades (both application and operating system), fixes and patches. These upgrades and updates are all now the responsibility of the service provider. The cloud can also reduce the number of on-premise IT staff required since much of your technical support needs can now be handled off-site.
The cloud is also ideal for businesses that need to quickly adjust to a changing environment. For example if a business hired a number of new employees, cloud computing could quickly and easily add personnel to the cloud solution. With cloud services, a business pays for the services needed, when they’re needed. As a result, the cloud provides greater business agility and flexibility.
Concerns About the Cloud
Although the cloud may offer many benefits, each company will need to consider the risks associated with the cloud to determine if it is right for them. Security, privacy and control are some of the most common concerns associated with cloud computing. No longer is a company’s data locked up inside the four walls of the server room; instead, company data now exists within the service provider’s cloud environment on the Internet. It may not even reside within the United States. Reliance is placed on the security and controls of the service provider and their cloud computing environment. Ensuring that the service provider recognizes and implements strong security procedures (both external and internal) is extremely important to the success of the cloud and business relationship.
Another factor that most businesses do not consider is that many cloud-computing solutions are in a multi-tenant environment – several customers sharing the same infrastructure and software application. Company data is segregated from one business to another through either security parameters or virtualization. Again, a good service provider should ensure that strong security measures have been adopted by all tenants.
The cloud may provide a great opportunity for your business and save you money and resources and enhance your business agility, but performing due diligence regarding the selection of your Cloud Service Provider is extremely important. Establishing a specific, documented service level agreement (SLA) and ensuring that the selected CSP fully understands and adheres to their business objectives (security, privacy, regulatory, availability) is critical.
Stay tuned for the next article in our cloud series: SSAE 16 and The Cloud