HARNESSING THE POWER OF THE CLOUD
Demystifying “Cloud Computing”
Everyone is talking about the “cloud” nowadays. What does it really means?
Indeed, cloud computing is the current stage in the Internet evolution. In simple terms, cloud computing refers to the use of a network of remote servers hosted on the Internet to store and process data, information, programs and applications instead of on a local computing device like local servers or personal computers. Google’s popular Gmail and Apple’s iCloud are common examples of cloud-based applications. Cloud computing provides users with the means through which everything from computing power to computing infrastructures, applications, business process to personal collaboration can be delivered to users as and when needed.
Demystifying “Cloud Service Models” and its Deployment Methods
There are basically three main cloud service models, which are summarized in the table below.
Software as a service (SaaS)
• Provides integrated access to a provider’s software applications.
• This means that customer subscribes to an application which is accessed over the Internet. Examples: Dropbox, Xero
• Provider is usually responsible for almost all the controls.
Platform as a Service (PaaS)
• Provides access to basic operating software and services to develop and use customer-created software applications.
• This means customers can create/customise their own applications for use by all within the organisation. Examples: Google App Engine
• Control responsibility may vary as this is shared between the customer and the provider.
Infrastructure as a Service (IaaS)
• Provides access to a server hardware, storage, network capacity and other fundamental computing resources. Examples: Rackspace, Google Compute Engine
• Control in this instant lies significantly in the hands of the customer.
Demystifying “Cloud Service Models” and its Deployment Methods (continued)
These cloud service models are generally deployed in four types of settings: – public, hybrid, community and private clouds.
• This is accessible from the Internet, externally hosted and used by the general public.
• This is a combination of two or more clouds.
• This allows access to a specific community, group or organisation.
• This is accessible from the Intranet and is hosted from within and used by a single organisation.
Demystifying the Pros & Cons of Cloud Computing
There are advantages as well as risks associated to cloud computing. If used properly and to the extent necessary, working with the cloud can vastly benefit all types of businesses. The following set forth the pertinent considerations in implementing cloud computing for any businesses.
Advantages of Cloud Computing
Cloud computing provides a scalable online environment which enables the handling of the increasing volume data without affecting system performance. It offers significant computing capability and economy of scale that might not otherwise be affordable. Some of its benefits include:
(1) Lower capital and operating costs outlay
With cloud computing, small and medium size enterprises reap the benefits of not having to invest in any physical IT infrastructure or engage the services of an IT consultant while still gaining access to sophisticated technology.
There is no longer a need to invest in proprietary servers and hardware which requires maintenance and upgrade from time to time. Cloud computing can be significantly cheaper as it usually encumbers a one-off fee with scalable options available which makes it much more reasonable.
Advantages of Cloud Computing (continued)
(2) Improved operations
The need for companies to handle hardware and software installation and maintenance is greatly reduced. Most importantly, cloud computing provides companies with the advantages of quick deployment. Companies opting for this method of functioning can have the entire system to be fully functional in a matter of minutes.
(3) Unlimited storage
Storing of information in the cloud provide businesses with unlimited storage capacities. Hence, there is no longer a need to worry about running out of storage space and increasing capital cost.
(4) Backup and recovery
Since all data and programs are stored in the cloud, the entire backup and recovery procedures are relatively much simpler than other traditional method of data storage. Businesses can therefore leverage the process to create a more robust disaster recovery plan and business continuity features as a contingent plan.
(5) Automatically software implementation and upgrades
For SaaS, software implementation and upgrades are usually taken care of by the service providers. This means that companies, which have paid the subscription costs for usage of such applications, do not need to take further steps to upgrade and/or customise such applications. Hence, cloud users inevitably enjoy up-to-date application available in the market.
(6) Easy access of information
Users can access information and applications wherever they are so long as they are connected to the Internet. This provides convenience and allows businesses to access information and applications beyond different time zone and geographical locations.
Disadvantages of Cloud Computing
Besides its advantages, there are also risks associated in adopting cloud computing.
First of all, a company has to determine if its current IT system is cloud compatible. Though it is accepted that cloud computing works out to be the most efficient option, the problem arising from the fact that the company may have to replace much of its existing IT infrastructure in order to make its systems compatible to be on the cloud. In this process it may result in additional costs and if not properly managed, certain data may be lost.
The concentration of computing resources and users in a cloud computing environment represents a concentration of security threats. Being based entirely on the Internet, the cloud environments are often vulnerable to hacking and attacks.
Hence, it is prudent to assess and examine the provider’s security policies, practices as well as their vulnerability to determine if they are adequate in protecting the systems and your data.
(3) Data Privacy & Security
Hosting confidential information and data in the cloud would translate to the significant transfer of a company’s control over data security to a service provider.
As such, it would be necessary, before implementation, to ensure that the service provider understands your data privacy and security needs. It will be prudent to ensure that the service provider is aware of the relevant data and privacy rules and regulations that are applicable in the jurisdiction that you operate in.
(4) Data Management
It is difficult to manage data in the cloud because many companies, which host their data in the cloud, are unaware of where their data are and where the data flow. Subcontract arrangements amongst service providers further increase the complexity of managing and controlling these processes.
(5) Disaster Recovery
The disaster recovery capabilities of a service provider are of utmost importance to any companies which host their resources with these service providers. It is important for companies to understand the service provider’s disaster recovery capabilities and determine if these are effective and compatible with the companies’ disaster recovery plans.
(6) Change of Provider
In the event that companies decide to cease or change a service provider, companies ought to understand their ability to get back their data and information as well as the costs associated to this process.
There are many cloud providers available and each has its unique risks. It is therefore important to evaluate the vendor of your choice by considering the following:
Be diligent in understanding the controls that the cloud provider is responsible for as well as those parts of the controls they would expect you to be responsible for.
Providers are usually reluctant to produce third party audit reports unless it is included in the service contract. It is therefore necessary to work with the provider to include audit clauses and other relevant service level conditions in your contract.
Some internal audit organisations perform control reviews of cloud providers in addition to receiving and analysing third party audit reports. This is due to certain controls not being tested and the exclusion of pertinent systems or other factors that require on-site testing.
Evaluate the capabilities of your service provider for problems resolution. This includes:
How will your provider work with you to resolve issues?
Is there a nominated individual assigned to assist you or will you be subject to the normal helpline through the services of a call centre that may not address your needs?
Typically, audit reports do not include vulnerability/penetration testing results. Providers are reluctant to allow scanning, as they believe this may compromise their infrastructure.
Cloud computing have completely changed the way companies use technology to operate their business. Businesses such as Google and Amazon with most of their IT resources in the cloud have indeed concluded that it can eliminate many complex constraints from the traditional computing environment including space, time, power and cost. Hence, cloud computing is here to stay.
For many businesses, we understand that the core of its IT challenges is a perennial cycle where maintaining the existing IT resources would consume a substantial amount of a company’s budget leaving little to invest in growing the business. This is precisely why most IT organisations have leveraged cloud technology to break this cycle so as to assist their customers in unlocking their resources to fuel innovation. All said and done, when engaging cloud services, a company must be mindful of managing the risks associated with housing sensitive data on the cloud. If this can be managed, one can then reap the advantages presented by the cloud.
Indeed, cloud computing has reinvented the role of IT and when aligned with a company’s strategy, it can provide any business with the competitive edge in the fast-evolving environment.
Click here to view the full article in pdf format.
DISCLAIMER: This article is issued exclusively for the general information of clients and staff of Acutus. The material should not be relied upon without appropriate professional advice. Acutus will not be liable for any loss or damage arising out of or in connection with the material contained in this publication.
© July 2014. This article is contributed by Acutus Advisory Pte Ltd. All rights reserved.