Technology & Business Overview of Cloud Computing

Similar documents
Cloud Computing. Course: Designing and Implementing Service Oriented Business Processes

IS PRIVATE CLOUD A UNICORN?


Cloud definitions you've been pretending to understand. Jack Daniel, Reluctant CISSP, MVP Community Development Manager, Astaro

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Cloud Computing; What is it, How long has it been here, and Where is it going?

The NIST Definition of Cloud Computing (Draft)

White Paper on CLOUD COMPUTING

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

The NIST Definition of Cloud Computing

Capability Paper. Today, aerospace and defense (A&D) companies find

OVERVIEW Cloud Deployment Services

Business Intelligence (BI) Cloud. Prepared By: Pavan Inabathini

Legal Issues in the Cloud: A Case Study. Jason Epstein

Managing Cloud Computing Risk

The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government

Cloud Computing. Chapter 1 Introducing Cloud Computing

CLOUD COMPUTING DEMYSTIFIED

CSO Cloud Computing Study. January 2012

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

A white paper from Fordway on CLOUD COMPUTING. Why private cloud should be your first step on the cloud computing journey - and how to get there

Kent State University s Cloud Strategy

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

An Introduction to Cloud Computing Concepts

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. Chapter 1 Introducing Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing

CLOUD COMPUTING GUIDELINES FOR LAWYERS

East African Information Conference th August, 2013, Kampala, Uganda. Security and Privacy: Can we trust the cloud?

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1

SURVEY OF ADAPTING CLOUD COMPUTING IN HEALTHCARE

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Chapter 1 Introducing Cloud Computing

Cloud Computing. What is Cloud Computing?

Enterprise Governance and Planning

Cloud Computing Service Models, Types of Clouds and their Architectures, Challenges.

AN OVERVIEW ABOUT CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING

6 Cloud computing overview

Cloud Computing: The Next Computing Paradigm

Soft Computing Models for Cloud Service Optimization

Security Issues in Cloud Computing

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Analysis and Strategy for the Performance Testing in Cloud Computing

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

Cloud Computing in a Regulated Environment

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Private Cloud 201 How to Build a Private Cloud

Getting Familiar with Cloud Terminology. Cloud Dictionary

What is Cloud Computing? First, a little history. Demystifying Cloud Computing. Mainframe Era ( ) Workstation Era ( ) Xerox Star 1981!

ITSM in the Cloud. An Overview of Why IT Service Management is Critical to The Cloud. Presented By: Rick Leopoldi RL Information Consulting LLC

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

Strategies for Secure Cloud Computing

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Security & Trust in the Cloud

Cloud Security Introduction and Overview

Cloud Models and Platforms

Radware Cloud Solutions for Enterprises. How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper

Perspectives on Moving to the Cloud Paradigm and the Need for Standards. Peter Mell, Tim Grance NIST, Information Technology Laboratory

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

The HIPAA Security Rule: Cloudy Skies Ahead?

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Federal Cloud Computing Initiative Overview

Tutorial on Client-Server Architecture

agility made possible Steven Romero Robert E Stroud

ADOPTING CLOUD COMPUTING AS AN ICT DEPLOYMENT STRATEGY FOR DELIVERING SERVICES IN THE GOVERNMENT

NCTA Cloud Architecture

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

50x Zettabytes*

Session 2. The economics of Cloud Computing

CLOUD TECHNOLOGY IMPLEMENTATION/SECURITY

Clinical Trials in the Cloud: A New Paradigm?

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

Module 1: Facilitated e-learning

How To Understand Cloud Computing

Moving from Legacy Systems to Cloud Computing

Cloud Computing for SCADA

Strategies for assessing cloud security

Enhancing Operational Capacities and Capabilities through Cloud Technologies

Essential Characteristics of Cloud Computing: On-Demand Self-Service Rapid Elasticity Location Independence Resource Pooling Measured Service

The Magical Cloud. Lennart Franked. Department for Information and Communicationsystems (ICS), Mid Sweden University, Sundsvall.

Transcription:

Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta, GA 2014 Janine Anthony Bowen. All Rights Reserved.

TABLE OF CONTENTS I. Objective of Paper II. Definition of Cloud Computing A. Essential Characteristics: B. Service Models: C. Deployment Models: III. Technological Underpinnings Virtualization and Multi-tenancy A. Virtualization B. Multi-tenancy IV. A Cloud User s Viewpoint Risk-related Issues A. Maintaining Data Integrity B. Accessibility and Availability of Data/SLAs C. Disaster Recovery V. Conclusion

I. Objective of Paper In the cloud computing environment businesses have essentially outsourced the development, hosting, or running of applications and data to a third party; that part is not new and is no longer a challenging scenario. What continues to challenge is the combination of: (a) cloud-based service models, (b) relegation of system control to third parties, (c) use of virtualization, (d) the potential for multi-vendor integration, and (e) the increasingly borderless nature of Internet globalization. Technologically, it s complicated. But from a business perspective, cloud computing simply capitalizes on the need of a business to manage costs, stick to its core competencies and outsource the rest. The business case is easy to grasp, but the technology raises some interesting business and legal issues that are relevant for both the cloud provider and the cloud customer. II. Definition of Cloud Computing The definition below is a summary of the definition of cloud computing 1 set forth by the National Institute of Standards and Technology 2, an agency of the United States Government. Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released. This cloud model is composed of five essential characteristics, three service models, and four deployment models. A. Essential Characteristics: On-demand self-service. A consumer can provision computing capabilities, such as server time and network storage, as needed automatically. Broad network access. Capabilities are network accessible by various client platforms (e.g., mobile phones, tablets, and desktops). Resource pooling. The provider s computing capabilities are pooled to serve multiple consumers using a multi-tenant model. Resources are dynamically assigned and reassigned according to consumer demand. In most cases the customer generally has no control or knowledge over the exact location of the provided resources. Rapid elasticity. Capabilities can be rapidly and elastically provisioned, in some cases automatically. The consumer capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time. Measured Service. Cloud systems automatically control and optimize resource use by leveraging a metering capability. B. Service Models: Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider s applications running on a cloud infrastructure. The applications are accessible through a web browser (e.g., web-based email). Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumercreated or acquired applications created using programming languages and tools supported by the provider (e.g. Salesforce.com). 1 Full text of the cloud Computing definition can be found at http://csrc.nist.gov/groups/sns/cloud-computing/index.html 2 National Institute of Standards and Technology, www.nist.gov.

Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications (e.g. Amazon S3). C. Deployment Models: Private cloud. The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together to allow data and application portability (e.g., cloud bursting for load-balancing between clouds). III. Technological Underpinnings Virtualization and Multi-tenancy A. Virtualization Computer virtualization in its simplest form is where one physical server simulates being several separate servers. For example, in an enterprise setting, instead of having a single server dedicated to payroll systems, another one dedicated to sales support systems, and still a third dedicated to asset management systems; virtualization allows one server to handle all of these functions. A single server is able to simulate being all three. Each one of these simulated servers is called a virtual machine. Some benefits of virtualization are the need for less hardware and less power consumption across the virtualized enterprise. Virtualization also provides greater utilization and maximization of hardware processing power. Because of these benefits, virtualization should lower expenses associated with operating a data center. Further, because the emphasis in the virtualized environment is on maximizing usage of available resources no matter where they reside, virtualization across a single or multiple data centers makes it difficult for the cloud user or the cloud provider to know what information is housed on various machines at any given time. B. Multi-tenancy Multi-tenancy refers to the ability of a cloud provider to deliver software as-a-service solutions to multiple client organizations (or tenants) from a single, shared instance of the software. The cloud user s information is virtually, not physically, separated from other users. The major benefit of this model is cost-effectiveness for the cloud provider; however, the cloud provider must be careful with respect to the manner in which it licenses software for intended multi-tenant use. Some risks or issues with the model for the cloud user include: a) the potential for one user to be able to access data belonging to another user; and b) difficulty to back up and restore data. 3 IV. A Cloud User s Viewpoint Risk Minimization 3 German Goldszmidt and Indrajit Poddar, Develop and Deploy Multi-Tenant Web-delivered Solutions using IBM middleware: Part 1: Challenges and architectural patterns http://www.ibm.com/developersworks/webservices/library/wsmiddleware/index.html, 2009.

As potential cloud users assess whether to utilize cloud computing there are several commercial and business considerations that may influence the decision-making. Many of the considerations presented below may manifest in the contractual arrangements between the cloud provider and cloud user. A. Maintaining Data Integrity Data integrity is ensuring that data at rest is not subject to corruption. Multi-tenancy is a core technological approach to creating efficiencies in the cloud, but the technology, if implemented or maintained improperly, can put a cloud user s data at risk of corruption, contamination, or unauthorized access. A cloud user should expect contractual provisions obligating a cloud provider to protect its data, and the user ultimately may be entitled to some sort of contract remedy if data integrity is not maintained. That being said, contract remedies are of little solace if data integrity is compromised, so cloud users should have their own plans in place in the event of a loss of integrity at the cloud provider level. B. Accessibility and Availability of Data/SLAs The service level agreement (SLA) is the cloud provider s contractually agreed-to level of performance for certain aspects of the services. The SLA, specifically as it relates to availability of services and data, should be high (i.e., better than 99.7%), with minimal scheduled downtime (scheduled downtime is outside the SLA). Regardless of the contract terms and the provider s willingness to agree to a high service level, the cloud user should get a clear understanding of the cloud provider s performance record regarding accessibility and availability of services and data. A cloud provider s long term viability will be connected to its ability to provide its customers with almost continual access to their services and data. The SLAs, along with remedies for failure to meet them (e.g., credits against fees) if any, are typically in the agreement between the cloud provider and cloud user. The cloud user may find that many cloud providers offers relatively low SLAs. That means that SLAs may provide little assurance of quality to the user, and little likelihood of SLA default by the provider. The cloud user may also find that it bears the burden of establishing the occurrence of and requesting whatever remedies are available for a default. This approach is allowable (though not desirable) because there is no law, for the most part, requiring or mandating SLAs. The service level agreement is borne out of a business need that outsourcing service providers faced long before cloud computing. The service providers customers were asking for certain contractual levels of quality. The response over time was the creation of the SLA to incent the provider to perform at high levels and to compensate the user when the service quality did not reach that level. The SLA is a contractual creation and is borne out of contract, not out of the law itself. Because of this reality, cloud providers have no legal requirement to use SLAs, create robust SLAs, or to police them. Cloud users should diligence cloud providers prior to contracting to understand both the contractual and actual service quality level. Additionally, analysis before moving to the cloud ensures that the business process to be moved can tolerate the cloud provider s SLA. C. Disaster Recovery For the cloud user that has outsourced the processing of its data to a cloud provider, a relevant question is what is the cloud provider s disaster recovery plan? What happens when the unanticipated, catastrophic event affects the data center(s) where the cloud services are being provided? It is important for both parties to have an understanding of the cloud provider s disaster recovery plan. More importantly, the cloud user must have its own disaster recovery plan (of which the cloud provider s plan is only a part) to support its business needs. V. Conclusion This paper was intended to provide a general overview of Cloud Computing and some of the commercial and risk-related issues associated with Cloud. It set forth the technical framework and some business items to consider.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information