Cloud computing is here and virtually every organization is using it in some way, shape, or form. Educating yourself and your people on the opportunities and risks associated with this technology is of the utmost importance. Let’s look at the opportunities presented by cloud computing, managing the risks associated with housing your sensitive data offsite, using virtual computing environments, and vendor management considerations as you explore your cloud options.
But there’s another, more precise meaning of cloud computing the virtualization and central management of data center resources as software-defined pools. This technical definition of cloud computing describes how public cloud service providers run their operations. The key advantage is agility: the ability to apply abstracted compute, storage, and network resources to workloads as needed and tap into an abundance of pre-built servicesFrom a customer perspective, the public cloud offers a way to gain new capabilities on demand without investing in new hardware or software. Instead, customers pay their cloud provider a subscription fee or pay for only the resources they use. Simply by filling in web forms, users can set up accounts and spin up virtual machines or provision new applications. More users or computing resources can be added on the fly—the latter in real time as workloads demand those resources thanks to a feature known as auto-scaling.
Infrastructure as a service (IaaS) provides access to server hardware, storage, network capacity, and other fundamental computing resources.
Platform as a service (PaaS) provides access to basic operating software and services to develop and use customer-created software applications.
Software as a service (SaaS) provides integrated access to a provider’s software applications.
Private cloud is accessible from an intranet, internally hosted, and used by a single organization.
Community cloud has infrastructure accessible to a specific community.
Public cloud is accessible from the internet, externally hosted, and used by the general public.
Hybrid cloud is a combination of two or more clouds.
Cloud computing provides a scalable online environment that makes it possible to handle an increased volume of work without impacting system performance. Cloud computing also offers significant computing capability and economy of scale that might not otherwise be affordable, particularly for small and medium-sized organizations, without the IT infrastructure investment. Cloud computing advantages include:
Lower capital costs — Organizations can provide unique services using large-scale computing resources from cloud service providers, and then nimbly add or remove IT capacity to meet peak and fluctuating service demands while only paying for actual capacity used.
Lower IT operating costs — Organizations can rent added server space for a few hours at a time rather than maintain proprietary servers without worrying about upgrading their resources whenever a new application version is available. They also have the flexibility to host their virtual IT infrastructure in locations offering the lowest cost.
No hardware or software installation or maintenance
Optimized IT infrastructure provides quick access to needed computing services
Environmental security — The concentration of computing resources and users in a cloud computing environment also represents a concentration of security threats. Because of their size and significance, cloud environments are often targeted by virtual machines and bot malware, brute force attacks, and other attacks. Ask your cloud provider about access controls, vulnerability assessment practices, and patch and configuration management controls to see that they are adequately protecting your data.
Data privacy and security — Hosting confidential data with cloud service providers involves the transfer of a considerable amount of an organization’s control over data security to the provider. Make sure your vendor understands your organization’s data privacy and security needs. Also, make sure your cloud provider is aware of particular data security and privacy rules and regulations that apply to your entity, such as HIPAA, the Payment Card Industry Data Security Standard (DCI DSS), the Federal Information Security Management Act of 2002 (FISMA), or the privacy considerations of Gramm-Leach-Bliley Act.
Data availability and business continuity — A major risk to business continuity in the cloud computing environment is loss of internet connectivity. Ask your cloud provider what controls are in place to ensure internet connectivity. If a vulnerability is identified, you may have to terminate all access to the cloud provider until the vulnerability is rectified. Finally, the seizure of a data-hosting server by law enforcement agencies may result in the interruption of unrelated services stored on the same machine.
Record retention requirements — If your business is subject to record retention requirements, make sure your cloud provider understands what they are and so they can meet them.
Disaster recovery — Hosting your computing resources and data at a cloud provider makes the cloud provider’s disaster recovery capabilities vitally important to your company’s disaster recovery plans. Know your cloud provider’s disaster recovery capabilities and ask your provider if they been tested.