What is cloud computing?

Cloud news - RSS feed

Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Users or clients can submit a task, such as word processing, to the service provider, without actually possessing the software or hardware. The consumer's computer may contain very little software or data (perhaps a minimal operating system and web browser only), serving as little more than a display terminal connected to the Internet. Since the cloud is the underlying delivery mechanism, cloud based applications and services may support any type of software application or service in use today.

In the past, both data and software had to be stored and processed on or near the computer. The development of Local Area Networks allowed for a system in which multiple CPUs and storage devices may be organized to increase the performance of the entire system. In an extension to that concept, cloud computing fundamentally allows for a functional separation between the resources used and the user's computer, usually residing outside the local network, for example, in a remote datacenter. Consumers now routinely use data intensive applications driven by cloud technology which were previously unavailable due to cost and deployment complexity. In many companies employees and company departments are bringing a flood of consumer technology into the workplace and this raises legal compliance and security concerns for the corporation.

The term "software as a service" is sometimes used to describe programs offered through "The Cloud".

A common shorthand for a provided cloud computing service (or even an aggregation of all existing cloud services) is "The Cloud".

An analogy to explain cloud computing is that of public utilities such as electricity, gas, and water. Centralized and standardized utilities freed individuals from the difficulties of generating electricity or pumping water. All of the development and maintenance tasks involved in doing so was alleviated. With Cloud computing, this translates to a reduced cost in software distribution to providers who still use hard mediums such as DVDs. Consumer benefits are that software no longer has to be installed and is automatically updated but savings in terms of dollars is yet to be seen.

The principle behind the cloud is that any computer connected to the Internet is connected to the same pool of computing power, applications, and files. Users can store and access personal files such as music, pictures, videos, and bookmarks or play games or do word processing on a remote server rather than physically carrying around a storage medium such as a DVD or thumb drive. Even those who use web-based email such as Gmail, Hotmail, Yahoo, a company owned email, or even an e-mail client program such as Outlook, Evolution, Mozilla Thunderbird or Entourage are making use of cloud email servers. Hence, desktop applications which connect to cloud email can also be considered cloud applications.

Download Bessemer's Top 10 Laws of Cloud Computing and SaaS PDF

Security issues associated with the cloud

There are a number of security issues/concerns associated with cloud computing but these issues fall into two broad categories: Security issues faced by cloud providers (organizations providing Software-, Platform-, or Infrastructure-as-a-Service via the cloud) and security issues faced by their customers. In most cases, the provider must ensure that their infrastructure is secure and that their clients’ data and applications are protected while the customer must ensure that the provider has taken the proper security measures to protect their information.

Dimensions of cloud security

While cloud security concerns can be grouped into any number of dimensions (Gartner names seven while the Cloud Security Alliance identifies thirteen areas of concern) these dimensions have been aggregated into three general areas: Security and Privacy, Compliance, and Legal or Contractual Issues.

Security and privacy

In order to ensure that data is secure (that it cannot be accessed by unauthorized users or simply lost) and that data privacy is maintained, cloud providers attend to the following areas

Data protection

To be considered protected, data from one customer must be properly segregated from that of another; it must be stored securely when “at rest” and it must be able to move securely from one location to another. Cloud providers have systems in place to prevent data leaks or access by third parties. Proper separation of duties should ensure that auditing and/or monitoring cannot be defeated, even by privileged users at the cloud provider.

Identity management

Every enterprise will have its own identity management system to control access to information and computing resources. Cloud providers either integrate the customer’s identity management system into their own infrastructure, using federation or SSO technology, or provide an identity management solution of their own.

Physical and personnel security

Providers ensure that physical machines are adequately secure and that access to these machines as well as all relevant customer data is not only restricted but that access is documented.

Availability

Cloud providers assure customers that they will have regular and predictable access to their data and applications.

Application security

Cloud providers ensure that applications available as a service via the cloud are secure by implementing testing and acceptance procedures for outsourced or packaged a application code. It also requires application security measures (application-level firewalls) be in place in the production environment.

Privacy

Finally, providers ensure that all critical data (credit card numbers, for example) are masked and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must be protected as should any data that the provider collects or produces about customer activity in the cloud.

Compliance

Numerous regulations pertain to the storage and use of data, including Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act, among others. Many of these regulations require regular reporting and audit trails. Cloud providers must enable their customers to comply appropriately with these regulations.

Business continuity and data recovery

Cloud providers have business continuity and data recovery plans in place to ensure that service can be maintained in case of a disaster or an emergency and that any data lost will be recovered. These plans are shared with and reviewed by their customers.

Logs and audit trails

In addition to producing logs and audit trails, cloud providers work with their customers to ensure that these logs and audit trails are properly secured, maintained for as long as the customer requires, and are accessible for the purposes of forensic investigation (e.g., eDiscovery).

Unique compliance requirements

In addition to the requirements to which customers are subject, the data centers maintained by cloud providers may also be subject to compliance requirements.

Legal and contractual issues

Aside from the security and compliance issues enumerated above, cloud providers and their customers will negotiate terms around liability (stipulating how incidents involving data loss or compromise will be resolved, for example), intellectual property, and end-of-service (when data and applications are ultimately returned to the customer

Public records

Legal issues may also include records-keeping requirements in the public sector, where many agencies are required by law to retain and make available electronic records in a specific fashion. This may be determined by legislation, or law may require agencies to conform to the rules and practices set by a recorecords-keeping agency. Public agencies using cloud computing and storage must take these concerns into account.