Cloud computing offers undeniable benefits to businesses, such as cost optimization, improved service levels and the use of on-demand services. However, cloud computing also entails significant security issues, such as the confidentiality of information.
According to the National Institute of Standards and Technology (NIST), cloud computing is defined as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction 1”.
There are various cloud computing environments, including private cloud computing for the exclusive use of a company, public cloud computing available to the general public or a large business sector and hybrid cloud computing composed of private and public cloud.
Here are the main cloud computing service models, amongst others:
- SaaS « Software as a service » SaaS allows the use of the provider’s applications, which run on the cloud infrastructure.
- IaaS « Infrastructure as a service » IaaS allows the provision of patches, networks and other fundamental computing resources by providing the client with the ability to deploy and run the software of their choice.
- PaaS « Platform as a service » PaaS allows the deployment of clients’ applications on the cloud infrastructure.
Main benefits for businesses
- Flexibility and quick start-up (e.g. rapid deployment of new services, ready-to-use software, etc.).
- Optimization of financial resources (e.g. eliminate or reduce investment costs associated with the acquisition and installation of technologies, on-demand usage does not require the purchase of equipment with additional power and capacity required during peak periods, cost control, etc.).
- Reliability and availability (e.g. location independence technology, redundant telecommunication and infrastructure links, data replication, failure-resistant systems, switching capacity, high bandwidth, etc.).
- Scalability (e.g. on-demand service and capacity available through additional funding).
Main risks for businesses
Compliance and regulations (e.g. difficulty or impossibility to request an audit from a supplier or conduct on-site audits to meet certain regulations or to investigate improper or illegal activities).
Privacy and data protection (e.g. Is data encryption and isolation guaranteed? Is the data being properly deleted? Are access privileges restricted to reliable system administrators?).
Compliance with service levels (e.g. Do agreements guarantee the recovery time objectives, backup copies, the impacts related to the merger or bankruptcy of a cloud provider, supplier dependence, etc.?)
Jurisdiction (e.g. the laws of a country may not prevail if the information is stored on servers located in another country, where the law may differ. Where is the data actually stored?)
The facts discussed clearly demonstrate why cloud computing is an attractive service for businesses looking to improve their IT resources all while controlling costs. However, it is important to find a balance between risks and opportunities in order to reap the expected benefits.
For more information, please view the following websites:
1 National Institute of Standards and Technology, The NIST Definition of Cloud Computing: Special Publication 800-145, 2011, www.nist.gov/itl/cloud
By Patrick Paradis, Information Security Advisor