Freely subscribe to our NEWSLETTER

So what is Cloud Computing? For many it is the natural evolution of the Internet. The Internet has provided a major shift in the way we work. Less than 20 years ago, there was a comment, by Ray Noorda, the CEO of Novell, I think – “if you don’t have an email address on your business card, you will be considered a nobody” , and most people did not believe it. 20 years later and it seems pretty much has an email address, if not one at work, then a Hotmail, Gmail or Yahoo! account. And these email accounts are the first example of Cloud Computing!
Cloud Computing gets its name from network diagram’s where the Internet is always shown as a cloud, as the route taken through the Internet can not normally be defined and is unknown. The route is irrelevant. The concept of Cloud Computing is that the central computer system, or systems are hosted in the Internet and their actual location is irrelevant to the application, and it’s successful deployment. The architecture is relatively simple – a data store and server are hosted on the Internet, and the client can access the server from anywhere. Normally the client will have a web based front end, to make access even easier. The first major examples are the email services from Hotmail and the like’s mentioned above.

The concepts of Cloud Computing have evolved to the concept being promoted today where there will be no need to purchase software, but it will be rented either on an annual basis or on a pay per use model. And now the model has added the concept of free use of software, in return for receiving adverts.

The major benefit of Cloud Computing for a user is financial. There is no need to invest in hardware infrastructure, or software. However there are a number of issues that need to be considered.

The old definition of security is as valid today as it ever was – CIA. Confidentiality, Integrity and Availability. And these three areas need to be addressed by any potential user of Cloud Computing. The major issue is confidentiality. If you are giving your data to a third party, you have no control over it. So who have you given it to? What is the access to the data? Who sees it? Can it be taken and used by someone else? Who administers this? What assurance do you have that your data is confidential? Are you happy with a contractual warranty? If so, what is your recourse if the contract is breached?

Are you convinced as to the integrity of your data? Can it be tampered with? If it was tampered with, would you know – most people would not. Are you satisfied with the segregation of data? What is the chance of “leakage” and how is this protected and tested?

And finally availability. If your data is not available to you, for whatever
reason, then it is no good to you. Cloud Computing may actually provide much stronger back up and provision for disaster recovery than a private enterprise. Most solution will provide at least one back up resource, maybe more. Any subscriber should check what provisions are made. However access is required to the Internet to access your data. If for any reason an ISP failed then all access fails with it. So redundancy in Internet access is a most. There are a number of products which offer offices small and large the ability to bind multiple ISP’s to provide a virtual single access to the Internet. The other issue with availability that needs to be considered is the transfer of data. There are two major areas of concern. Firstly, one service offered in the Cloud is remote back up. If you need to get your data back from a remote data store, how long will it take to download everything in the event of an emergency? And when was this last tested. Almost certainly this will be a major issue, as the size of most people’s Internet connection is relatively small compared to their LAN. The second issue is moving service providers. If you wish to use a service like Salesforce.com for outsourced CRM, you may be limited to the data being stored in a proprietary format. If you were unhappy with the service and wanted to move to an alternative, how would you get your data back? And would it be useable?

In recent years, as well as CIA, three other areas are of major concern to business – Compliance, Policy, Risk. Compliance is now a major business issue. The data being stored by in the Cloud must be considered carefully. What type of data is it? Is it confidential? Are there regulations to control how and where it is stored? In the UK we have the Data Protection Act which is very strict on data storage. If the data is being stored in the Cloud do you know where it is being stored? Are you breaking legal requirements? Your policies on data storage must address these legal issues, and any Cloud Computing must be considered very carefully.

And finally risk. We have spoken about concerns with the data and Confidentiality, Integrity and Availability – but what if your service provider goes bust? How would you get your data back? What if the ownership changes and their policies change?

One risk often not considered, is that by putting your data with a major provider, actually creates a bigger target for hacker’s. If the service provider is hacked, or suffers some virus or security breach, how will your data be affected? Service providers have suffered already from hackers. Whilst they will argue they can invest more in security than many people, they are without a doubt a bigger prize. Some say there is much to be said for security by obscurity.

All these issues apply when outsourcing computing. Currently a lot of enterprise outsource their computing to save money. And the outsourcer is providing a private Cloud to give the relevant service. But all the questions we have raised apply equally, however the answers may be easier to get with an outsourcer and contracts can be drawn up to ensure compliance with your policies.