Document title. Using Cloud Based Storage Services. Introduction

Similar documents
Cloud Storage Policy (Draft for consultation)

What are the benefits of Cloud Computing for Small Business?

Cloud 101: What is the cloud?

HARNESSING THE POWER OF THE CLOUD

How To Get Cloud Computing For A Fraction Of The Cost

The Cloud. IIA Seminar, York April 30 th

Contents. Introduction. What is the Cloud? How does it work? Types of Cloud Service. Cloud Service Providers. Summary

Our Cloud Offers You a Brighter Future

Securing Your Data In The Cloud: an insiders perspective

Gain the cloud advantage. Cloud computing explained Decide if the cloud is right for you See how to get started in the cloud

Is your business still wasting time and money on PCs and Servers?

The Cloud in your office

What can the. SaaS Whitepaper. Cloud do for You?

Quick guide: Using the Cloud to support your business

CLOUD ATTACHED STORAGE. Protect your data, protect your business

SECURE CLOUD SOLUTIONS FOR YOUR BUSINESS.

ATTERCOPIA MANAGED HOSTING & DOMAIN SERVICES TERMS & CONDITIONS

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

Cloud Computing. What is Cloud Computing?

White Paper: SLASH YOUR SME 1 COMPLIANCE COSTS

G-Cloud iv brightsolid Hosting and Management Services. Service Definition Document

Data Storage And Backup

Cloud Computing - Architecture, Applications and Advantages

Cloud Computing. By the end of 2013, more than 75% of UK businesses will be using at least one type of cloud service. (Source: Cloud Industry Forum)

The evolution of data connectivity

Incident Report CUBE DS 1477 drive failure

T H E E D U C A T I O N C L O U D. Freedom... a true Cloud based solution for education!

ADRA MATCH CLOUD-BASED SOFTWARE

7 Ways a Cloud Phone System Can Improve Your Bottom Line

Saf April Saf Helping your business reach further with hosted at UK based, ISO 27001, Tier 4 data centres.

DNA IT - Business IT On Demand

Simpler. Secure. SilverLining. Edsquare Managed Cloud Backup. 116 West 23rd Street New York, NY

On Premise or Hosted?

How a Cloud Service Provider Can Offer Adequate Security to its Customers

How cloud computing can transform your business landscape

Service Definition MMaaS Mobile Device Management. G- Cloud VII. Service Definition Nine23 MMaaS Mobile Device Management

Tips and Best Practices for Managing a Private Cloud

IT S EASY. Get prepared for an emergency. Prepared Businesses Edition

The rise of the hybrid network model

24/7 Monitoring Pro-Active Support High Availability Hardware & Software Helpdesk. itg CloudBase

White paper. How cloud computing can transform the fortunes of small and mid-sized businesses

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

What You Should Know About Cloud- Based Data Backup

Electronic Records Storage Options and Overview

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

Managed IT Services. Maintain, manage and report

AVLOR SERVER CLOUD RECOVERY

Evaluating SaaS Vendors

Webnet2000 DataCentre

Service Level Standard

PAAS Public Sector Managed Services

PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November

Backup & Disaster Recovery for Business

White Paper: Introduction to Cloud Computing

The cloud: A buyer s guide

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Data Security Policy THE CTA. Guardian Electrical Solutions Ltd DATA SECURITY POLICY. Reviewed and approved by the Company Secretary Richard Roebuck

Cloud Computing Thunder and Lightning on Your Horizon?

Why Plan B DR? Benefits of Plan B Disaster Recovery Service:

EXIN Cloud Computing Foundation

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Your simple guide to cloud computing

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Big Data Analytics Service Definition G-Cloud 7

Cloud models and compliance requirements which is right for you?

White Paper on CLOUD COMPUTING

Online Bookkeeping and Accounting

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

The Modern Online Application for the Internet Economy: 5 Key Requirements that Ensure Success

Invitation to Tender for 3VA

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

White Paper: Introduction to cloud computing

Taking Control of Your Cloud. How to get the best out of cloud providers & ensure cloud success. Powering IT

Providing a quality IT Support & Consultancy service in the South East

Enterprise level security, the Huddle way.

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

Information security controls. Briefing for clients on Experian information security controls

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Your complete guide to Cloud Computing

Business process efficiency is improved with task management, alerts, notifications and automated process workflows.

SNAP WEBHOST SECURITY POLICY

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Computing: Public, Private, and Hybrid. You ve heard a lot lately about Cloud Computing even that there are different kinds of Clouds.

SGX Proximity Hosting Services

INFRASTRUCTURE SOLUTIONS OVERVIEW

The benefits of Cloud Computing

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Addressing Cloud Computing Security Considerations

White Paper The simpro Cloud

DOING BUSINESS IN THE CLOUD

WHY TRUE SAAS ITSM BEATS ON-PREMISE AND HYBRID DELIVERY OPTIONS

Market Data + Services. Advanced outsourcing solutions. IT Hosting and Managed Services

Business Continuity Planning

Auditing Software as a Service (SaaS): Balancing Security with Performance

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

White Paper. Are SaaS and Cloud Computing Your Best Bets?

Ensuring security the last barrier to Cloud adoption

Hosted vs On-Site IP-PBX A Guide for SMEs

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Transcription:

Document title ICE s Geospatial Engineering Panel has published a series of reports concerned with various subjects such as A civil engineers guide to GPS and GNSS and many others. Designed to be both informative and contemporary, the reports are updated regularly and are intended to provide accurate information to a varied audience. This paper considers the use of cloud storage services and how to ensure that the data remains secure and available. This is one of two briefing papers to be issued concerning cloud services; the other considers the use of cloud based applications [Ref 1]. Introduction Cloud computing has become a ubiquitous term for holding data or accessing applications over the internet. Services primarily targeted at the personal storage market such as icloud from Apple, Dropbox, Google Cloud Storage, Rackspace have made the cloud an everyday experience for many and these services can also be used in the corporate world. In addition, companies such as IBM, Amazon, and HP offer cloud storage services targeted at the corporate market, whilst some vendors such as Business Collaborator, 4Projects, and Conject offer a collaboration environment and not just storage space. These latter examples and other similar services are best considered as applications and assessed as such, as described in the companion briefing paper [Ref 1]. 1 The term cloud is used to describe the provision of a number of different things ranging from data storage space, computing power, through to full blown business applications. In many respects cloud is becoming the norm for new IT environments and expanding existing ones. This briefing paper considers the use of cloud data storage services, primarily in the context of geospatial applications. Cloud data storage is defined as:- Cloud data storage is a method of data storage where the digital data is stored in physical storage environments owned and managed by a hosting company that provides the storage as a service to its customers. The customers do not need to be aware of the physical construction of the storage. The cloud storage providers are responsible for keeping the data available and accessible, and the physical environment protected and running. Customers buy or lease storage capacity from the providers to store their data. The key consideration with moving to cloud storage is that you will be purchasing a service rather than setting up your own infrastructure. You need to ensure that you get the service you require rather than understanding how it is delivered. This means that your focus needs 1 The services listed are intended as examples. No indication of the ability ofany of the services to meet any particular requirement is intended. Other similar services are available. 1

to be on what the services needs to be and ensuring that it is delivered through contract definition, performance testing and monitoring. This is fundamentally different from the traditional set up where you have control of the IT system, its purchase, design and implementation. For the simplest services this means reading and understanding the terms and conditions, not just accepting them on the computer screen and continuing. The requirements of the storage service will vary within an organisation depending on the type of data and there is unlikely to be a one size fits all solution. For example an organisation could decide to maintain all its confidential HR data within its own IT environment, but to hold its less sensitive operational data within the cloud. Similarly, an organisation could elect to store its project data on the cloud, with the exception of projects which are deemed to have a security or defence component that it might store in house. The volumes of digital data to be stored are growing exponentially. Geospatial applications will constitute a big part of this, with tools and initiatives such as Smart Cities and Smart Infrastructure having potential to create large amounts of automatically captured data. This growth in data is already beginning to happen with automated surveys, laser-scan pointcloud surveys, and real time capture of ground and infrastructure movements being prime examples. Some vendors of these services are now offering cloud storage as part of the overall application package and removing the need for users of the software to have large storage arrays, e.g. Faro s SCENE Webshare service [Ref 2]. Cloud storage is unlimited as far as the user is concerned. Using cloud services allows additional storage space to be acquired to meet demands and, conversely, removed to cope with potential fluctuations. Why Consider Cloud Storage Cloud storage can have many advantages to an organisation, both big and small:- Speed of set up; It is likely to be much faster to acquire a cloud based data storage service rather than to build your own data storage, especially where large volumes of data are concerned or additional facilities, such as resilience or disaster recovery, are deemed necessary. You are purchasing a service, so the time taken for set up is largely governed by purchasing processes rather than the need to procure hardware, configure it and to train staff etc. There may however be some need to locally open firewalls, to configure drive letters or to improve networks etc. Avoidance of capital investment; Cloud data storage will be charged in the form of a subscription, Gigabytes of data per day/week etc. As such, it may be possible to account for the costs as an operational expense rather than as a capital charge. This may also help with cash flow. Work concerned with the initial set up could be regarded as a capital cost. No need for detailed technical knowledge; The construction and running of data storage, especially large facilities, can be complex and need staff with specialist knowledge. By purchasing a cloud service the purchaser can avoid the costs associated with employing, training or upskilling staff. Cost saving; Overall a cost saving may be expected in purchasing a cloud data storage service. This may arise partly from the fact that the service will be charged on the basis of either the amount of data stored or the storage space contracted. This 2

can be tailored to exact short term requirements with the storage space being flexed up or down as required. In addition, the service provider will be leveraging much of the service, hence common components will be used across multiple clients. It is likely that data for multiple clients will exist on one set of hardware. You may even avoid the need to obtain new premises to accommodate in house storage. Potential users need to establish their own benefit model which may include allowances for the other benefits listed here, Enabler for Collaboration; Storing data within the cloud, external to one s own IT environment, can allow easier sharing of data without the need to provide third parties access to your IT environment (see Fig 1). It could allow access to the same data from an office, for homeworkers, from a construction site or from a partner s office; indeed anywhere with an internet connection with suitable bandwidth. Service Providers Storage Infrastructure Other Customers access Ring network structure Office Location Resilient Internet Connection ( by Service Provider) Diverse network connections Internet Diverse means separate breakout points and connections to the internet, separate connecting circuits with completely separate routes Multiple Broadband Connections with multiple suppliers Site Office Partner Office Resilient Internet Connection Commercial Broadband Connection with SLA Homeworker Firewalls not shown for simplicity Figure 1 Conceptual Cloud Storage Usage Requirements to be Considered The following requirements should be considered when acquiring your cloud storage service. If they are not considered then the service adopted could fail to make the data available as required or could make the data vulnerable to theft, corruption or misuse. Some of these considerations may be considered to be disadvantages or shortcomings, but provided they are considered and appropriate action taken they should not stop the use of cloud in many circumstances. A simple way of addressing this is to use a risk management approach as set out in ISO 31000 [Ref 3]. Availability; Do you require access to the data 24 hours a day or perhaps a lower level of service would suffice? In practice most service providers will offer 24/7 3

service, but there could be downtime for backups or maintenance activities. The requirements need to be defined and the service providers offering established. Speed of access; How quickly do you require to access the data? This will be particular important if you require to download a large amount of data, a complete BIM model say. However, note that access speeds may be constrained by factors other than the supplier s service. Disaster recovery; Do you require this? How long can you accept the data not being available should a disaster occur at the service provider s data centre? How often do you want the supplier to demonstrate his capability in this respect? The supplier is likely to want paying for this test and also there will be direct costs to the customer. Amazon, for example offer two cloud storage services, one with disaster recovery and one without. [Ref 4]. Potential users need to define their requirements. Data confidentiality; Is the data sensitive and should extra precautions be taken to protect the data from inadvertent or malicious corruption or theft? The first two could be overcome by requesting frequent backups, the latter through access controls. Is data encryption required to ensure confidentiality especially as the data passes over the internet (this would be the customer s responsibility)? User Access; You will need to decide which users can access the data and whether they are able to write, read or change it. How will you control who has access and what will be the procedures for authorising access? Is password protection all that is required and is any special password management required? You must ensure that any legal requirements are met. In your own company environment there is likely to be sophisticated security tools, for example Microsoft Active Directory, and possible some additional tools such as Microsoft FIM, These will not be available to help with the cloud storage. The cloud storage should be considered to be part of a company s IT infrastructure and as such should adopt the same security standards e.g. BS 27001 [Ref 5] or PAS 1192:5 [Ref 6]. Location; Given the sensitivity of the data do you have any constraints on where the data may be held and who else may be using the same infrastructure. In some jurisdictions the ability to encrypt the data may be restricted or governments may demand details of encryption keys. In addition, some restrictions can be imposed on the use of the data and organisations could find themselves with overseas tax liabilities, especially if work is also carried out overseas. Resilience requirements; Do you have any requirements for special resilience of the storage system? For example, in the event of hardware failure how long can a down time last and be acceptable. This should be part of the service provider s service agreement. Buyers should seek to determine all the critical service points including those above and ensure they are backed up in a service level agreement. Sophisticated cloud storage service providers will provide detailed SLAs and real-time metrics of uptime, etc. Don't just look at the infrastructure issues but also undertake due diligence on the service provider - as well as network stability and reliability, you should be looking for service providers with reliable management and stable finances. 4

Other Considerations Long Term Data Availability Once cloud services have been established an organisation s data will be located on the service provider s infrastructure. Potential purchasers should consider what could happen if the storage contract is terminated, either at a natural conclusion or through early termination. In both cases the parties should agree before the storage contract is awarded how this will be tackled and the responsibilities of both parties. Failure to do this could mean that the data become inaccessible for a time. More complex is allowing for something unexpected happening to the service provider. It may be prudent to ensure routine backups are taken and held by a separate party. Network Requirements Once data is placed within cloud storage, there becomes a higher reliance on the computer network to access this data. Except in special cases, there will be a reliance placed on the internet both in terms of speed and availability and also on the connections to the internet. Those aspects which relate to the internet cannot be solved other than by purchasing dedicated network circuits as the provider of a cloud service will be unwilling to commit to SLAs beyond the infrastructure for which he has control. Purchasers of cloud services may need to consider how to mitigate this risk through purchase of dedicated network circuits. However the connections to the internet at both the purchasers and the service provider s end could be made larger and robust. Figure 1 shows how one organisation with high performance and critical resilience requirements made its networks suitable for using cloud storage. Initial Set Up If you are placing large volumes of data into the cloud as an initial implementation then this may take time. It may not be possible to load large quantities of data over the computer network in a sensible time or without adversely impacting the use of the system. If practical do not forget the large bandwidth that can be achieved by physically moving disk drives about. Conclusions Cloud storage is likely to have a part to play in most organisations IT Strategy. However this must only be done with full consideration of the requirements and the status of the data together with appropriate risk mitigation actions. 5

References 1 Geospatial Engineering Briefing Sheet : Using Cloud Based Application Services., Geospatial Engineering Panel 26 October 2015 2 Faro SCENE Webshare http://www.faro.com/faro-3d-app-center/stand-alone-apps/scene-webshare-server 3 ISO 31000 Risk Management, International Standards Organisation 2009; http://www.iso.org/iso/home/standards/iso31000.htm 4 Amazon storage, http://aws.amazon.com/products/ -storage, Amazon S3 and Amazon Glacier 5 ISO/IEC 27001 - Information Security Management, International Standards Organisation 2013 http://www.iso.org/iso/home/standards/management-standards/iso27001.htm 6 BIM Task Group announcement re BSI Public Available Specification 1192:5 http://www.bimtaskgroup.org/pas-1192-5-specification-for-security-minded-buildinginformation-management-digital-built-environments-and-smart-asset-management-iscurrently-in-development/ 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information