GETTING YOUR HEAD IN THE CLOUD A PRIMER TO THE TYPES OF CLOUD COMPUTING SOLUTIONS



Similar documents
Information Security: Cloud Computing

Cloud Computing Architecture: A Survey

Bringing the Cloud into Focus. A Whitepaper by CMIT Solutions and Cadence Management Advisors

Archiving: To SaaS or not to SaaS?

Cloud Computing; What is it, How long has it been here, and Where is it going?

Overview. The Cloud. Characteristics and usage of the cloud Realities and risks of the cloud

Kent State University s Cloud Strategy

CLOUD COMPUTING An Overview

Customer Security Issues in Cloud Computing

CHAPTER 8 CLOUD COMPUTING

Archiving: To SaaS or not to SaaS?

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

White Paper on CLOUD COMPUTING

Private & Hybrid Cloud: Risk, Security and Audit. Scott Lowry, Hassan Javed VMware, Inc. March 2012

Security & Trust in the Cloud


Where in the Cloud are You? Session Thursday, March 5, 2015: 1:45 PM-2:45 PM Virginia (Sheraton Seattle)

Developing SAP Enterprise Cloud Computing Strategy

Hexaware E-book on Q & A for Cloud BI Hexaware Business Intelligence & Analytics Actionable Intelligence Enabled

High Performance Computing Cloud Computing. Dr. Rami YARED

Security Considerations for Public Mobile Cloud Computing

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012

A Study of Infrastructure Clouds

Cloud Computing. What is Cloud Computing?

Cloud Computing. Key Considerations for Adoption. Abstract. Ramkumar Dargha

Cloud Services Overview

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

Tamanna Roy Rayat & Bahra Institute of Engineering & Technology, Punjab, India talk2tamanna@gmail.com

Cloud Courses Description

On Premise Vs Cloud: Selection Approach & Implementation Strategies

Quick guide: Using the Cloud to support your business

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Cloud Computing in Higher Education: A Guide to Evaluation and Adoption

Cloud Computing Security Issues

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

Electronic Records Storage Options and Overview

Cloud Computing Technology

CHOOSING THE RIGHT CLOUD COMPUTING SOLUTION FOR YOU

Enterprise Governance and Planning

Cloud Computing. Bringing the Cloud into Focus

IJRSET 2015 SPL Volume 2, Issue 11 Pages: 29-33

Market Maturity. Cloud Definitions

See Appendix A for the complete definition which includes the five essential characteristics, three service models, and four deployment models.

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Technology & Business Overview of Cloud Computing

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

Consumption IT. Michael Shepherd Business Development Manager. Cisco Public Sector May 1 st 2014

What Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen

Hybrid Cloud Computing

How To Run A Cloud Computer System

The cloud - ULTIMATE GAME CHANGER ===========================================

Cloud Computing for SCADA

Cloud Computing: Making the right choices

Cloud for Credit Unions Leveraging New Solutions to Increase Efficiency & Reduce Costs Presented by: Hugh Smallwood, Chief Technology Officer

A Strategic Advantage: Cloud

An Oracle White Paper in Enterprise Architecture August Architectural Strategies for Cloud Computing

1. From the CIO Strategic Direction for Cloud Computing at Kent State Cloud Computing at Kent State University 5

Cloud Computing An Elephant In The Dark

Oracle Applications and Cloud Computing - Future Direction

CUMULUX WHICH CLOUD PLATFORM IS RIGHT FOR YOU? COMPARING CLOUD PLATFORMS. Review Business and Technology Series

Top five lessons learned from enterprise hybrid cloud projects

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Is a Cloud ERP Solution Right for You?

THOUGHT LEADERSHIP. Journey to Cloud 9. Navigating a path to secure cloud computing. Alastair Broom Solutions Director, Integralis

SaaS, PaaS & TaaS. By: Raza Usmani

IS PRIVATE CLOUD A UNICORN?

Cloud vision and capabilities

Choosing the Right CRM Why We Recommend Salesforce

Topics. Images courtesy of Majd F. Sakr or from Wikipedia unless otherwise noted.

VMware vcloud Powered Services

International Research Journal of Engineering and Technology (IRJET) e-issn: Volume: 02 Issue: 05 Aug p-issn:

Radware Cloud Solutions for Enterprises. How to Capitalize on Cloud-based Services in an Enterprise Environment - White Paper

Cloud SingularLogic:

Cloud Courses Description

Research Paper Available online at: A COMPARATIVE STUDY OF CLOUD COMPUTING SERVICE PROVIDERS

Risks of Hosting Practice Data on the Cloud Vs. Locally

SaaS the new normal. Service-now.com, Terry Brown

Commercial Software Licensing

OVERVIEW Cloud Deployment Services

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

Hadoop in the Hybrid Cloud

1 Introduction. 2 What is Cloud Computing?

Awareness, Trust and Security to Shape Government Cloud Adoption

Cloud Computing: What IT Professionals Need to Know

Module 1: Facilitated e-learning

Infopaper. Demystifying Platform as a Service

Transcription:

GETTING YOUR HEAD IN THE CLOUD A PRIMER TO THE TYPES OF CLOUD COMPUTING SOLUTIONS

2 On June 3, 2009 Plante & Moran attended the Midwest Technology Leaders (MTL) Conference an event that brings together top technology professionals in the Midwest to share trends, best practices, and opportunities. With the help of MTL, Table Sponsors, CIOs, and additional conference attendees, we conducted 12 roundtable discussions on a variety of timely and important IT topics. As an outgrowth of the roundtable discussions, we produced a series of educational white papers. Contents Abstract 2 Introduction 2 Service Layers 3 Deployment Models 4 Why Choose SaaS 4 Security Risks 5 What the Shift Means 7 Conclusion 8 ABSTRACT Cloud computing is talked about extensively in the IT world. It enhances collaboration, agility, scaling, and availability, and provides the potential for cost reduction through optimized and efficient computing. However, there are many aspects of it that aren t completely understood, and there are important factors to consider based on specific business needs or requirements. Gaining a better understanding of cloud computing is the first step in knowing if it s right for you. INTRODUCTION Cloud computing ( cloud ) is an evolving term that describes the development of many existing technologies and approaches to computing into something different. Cloud separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them. More specifically, cloud describes the use of a collection of services, applications, information, and infrastructure comprised of pools of computing, network, information, and storage resources. These components can be rapidly orchestrated, provisioned, implemented and decommissioned, and scaled up or down providing for an on demand utility like model of allocation and consumption. The U.S. National Institute of Standards and Technology (NIST) defines cloud computing by describing five essential characteristics, three cloud service models, and four cloud deployment models.

3 ARCHITECTURAL SERVICE LAYERS OF CLOUD COMPUTING While the first evolution of the Internet saw the three tier (or n tier) model emerge as a general architecture, the use of virtualization in clouds has created a new set of layers: applications, services, and infrastructure. These layers don t just encapsulate on demand resources; they also define a new application development model. Within each layer of abstraction, there are a myriad of business opportunities for defining services that can be offered on a payper use basis. Software as a Service (SaaS): SaaS is at the highest layer and features a complete application offered as a service, ondemand, via multitenancy meaning a single instance of the software runs on the provider s infrastructure and serves multiple client organizations. The most widely known example of SaaS is Salesforce.com for customer resource management (CRM), but there are now many others, including Plex for enterprise resource planning (ERP) or Google Apps offering basic business services such as e mail. Of course, Salesforce.com s and Plex s multitenant application has preceded the definition of cloud computing by a few years. On the other hand, like many other players in cloud computing, Salesforce.com now operates at more than one cloud layer with its release of Force.com, a companion application development environment, or platform as a service. Platform as a Service (PaaS): The middle layer, or PaaS, is the encapsulation of a development environment abstraction and the packaging of a payload of services. The archetypal payload is a Xen image (part of Amazon Web Services) containing a basic Web stack (for example, a Linux distro, a Web server, and a programming environment such as Pearl or Ruby). PaaS offerings can provide for every phase of software development and testing, or they can be specialized around a particular area, such as content or document management. Commercial examples include Google App Engine, which serves applications on Google s infrastructure or Microsoft SharePoint 2010, which provides document management capabilities. PaaS services such as these can provide a great deal of flexibility but may be constrained by the capabilities that are available through the provider. Infrastructure as a Service (IaaS): IaaS is at the lowest layer and is a means of delivering basic storage and computing capabilities as standardized services over the network. Servers, storage systems, switches, routers, and other systems are pooled (through virtualization technology, for example) to handle specific types of workloads from batch processing to server/storage augmentation during peak loads. The best known commercial example is Amazon Web Services, whose EC2 and S3 services offer bare bones computing and storage services (respectively). Another example is Joyent whose main product is a line of virtualized servers which provide a highly scalable on demand infrastructure for running websites, including rich Web applications written in Ruby on Rails, PHP, Python, and Java.

4 CLOUD COMPUTING DEPLOYMENT MODELS Regardless of the service model used (SaaS, PaaS, or IaaS), there are four deployment models for cloud services, with derivative variations that address specific requirements: 1. Public Cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. 2. Private Cloud: The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or a third party, and may exist on premises or off premises. 3. Community Cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or a third party and may exist on premises or off premises. 4. Hybrid Cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). It s important to note that there are derivative cloud deployment models emerging due to the maturation of market offerings and customer demand. An example is virtual private clouds a way of using public cloud infrastructure in a private or semi private manner and interconnecting these resources to the internal resources of a consumers datacenter, usually via virtual private network (VPN) connectivity. WHY CHOOSE SOFTWARE AS A SERVICE (SAAS) The benefits of Software as a Service (SaaS) from ease of use to lower cost of ownership have been well publicized over the past few years, due in part to the success of companies like Salesforce.com. This increased attention has resulted in the SaaS model growing in both awareness and popularity among North American businesses. In fact, analyst firm Gartner Inc. is projecting a compound annual growth rate of 22.1 percent for the SaaS market as a whole through 2011. Despite this trend, not all applications are appropriate for the ondemand model, and IT departments should be aware of the downsides of SaaS as well as the benefits. The benefits of SaaS: To accurately assess the value that Software asa Service can offer, an understanding of the potential benefits and drawbacks of SaaS is required. When considering a specific solution, it s important to review each of these benefits and drawbacks against the solution under evaluation, as they won t apply in every case. A breakdown of common SaaS benefits follows: 1. Faster, less expensive deployments: With no underlying infrastructure to purchase and install, and minimal customization required, SaaS deployments typically take much less time to implement than in house solutions. 2. Lower up front capital investment: Acquiring software traditionally required significant infrastructure purchases (hardware, middleware, networks, etc). Through a SaaS

5 model, much of this investment is unnecessary and can be eliminated. SaaS solutions can also be treated as an operating expense, making it easier for departments to remain within their budgets. 3. Lower total cost of ownership (TCO), pay asyou go: SaaS solutions are typically less expensive than in house solutions for at least the first few years. When you take into consideration the considerable cost of software upgrades, a lower TCO can often be maintained for much longer periods of time. SaaS also allows companies to purchase only those services that are immediately required, with the option to expand services whenever needed. This can prevent big, up front purchases that often end up as shelf ware, going unused. 4. Reduced management overhead: SaaS solutions allow IT departments to offload time consuming operational activities, allowing them to focus on higher value added, more missioncritical tasks. 5. On demand access to powerful infrastructure: By sharing computing resources among customers, SaaS providers can provide a high level of computing performance ondemand, regardless of how frequently the customer requires access. Potential drawbacks of SaaS solutions: Though the benefits are great, the Software asa Service model can suffer from some serious drawbacks that are often overlooked. A quick overview of these drawbacks includes: 1. Limited customization and basic functionality: Since SaaS delivers the same general functionality to every customer, customization can sometimes be limited. As a result, there are fewer opportunities to use SaaS solutions to provide a competitive advantage. 2. Hidden costs: When evaluating SaaS solutions, be aware that some have hidden, add on costs for items such as testing, support, storage and integration that may not be apparent during the initial sales process. 3. Usage commitments: SaaS solutions often price in bundles, requiring the customer to commit to paying for a certain volume over a period of time, regardless of whether or not the actual volume usage goes down. 4. Less control for IT: With up to 85 percent of SaaS solutions being sold directly to business units today without the input of IT, there is a potential for businesses to make software decisions that cause problems in the long run in terms of integration with other systems, availability, and corporate security requirements. SECURITY RISKS FOR CLOUD COMPUTING Though cloud computing is often touted as a cost saver for companies, IT pros still have lingering concerns about the safety and security of working in the cloud. Around 45 percent of IT professionals recently surveyed by the ISACA (formerly known as the Information Systems Audit and Control Association) said the risks involved in cloud computing outshine any benefits. Questioning more than 1,800 IT professionals in the U.S. who are members of the group, the ISACA found that only 10 percent of them plan to use cloud computing for mission critical IT services, 15 percent will use it only for low risk services,

6 and 26 percent don't expect to tap into the cloud at all. "The cloud represents a major change in how computing resources are utilized, so it's not surprising that IT professionals have concerns about risk vs. reward," said Robert Stroud, vice president of ISACA, in a statement. "If cloud computing is treated as a major initiative involving many stakeholders, it has the potential to yield benefits that can equal or outweigh the risks." Cloud computing is fraught with security risks. Smart customers will ask tough questions and consider getting a security assessment from a neutral third party before committing to a cloud vendor. Cloud computing has "unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e discovery, regulatory compliance, and auditing. Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Here are seven of the specific security issues customers should raise with vendors before selecting a cloud vendor. 1. Privileged user access: Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the "physical, logical, and personnel controls" IT departments exert over in house programs. Get as much information as you can about the people who manage your data. Ask providers to supply specific information on the hiring and oversight of privileged administrators and the controls over their access. 2. Regulatory compliance: Customers are ultimately responsible for the security and integrity of their own data, even when it s held by a service provider. Traditional service providers are subjected to external audits and security certifications, such as a SAS 70. Cloud computing providers who refuse to undergo this scrutiny are "signaling that customers can only use them for the most trivial functions. 3. Data location: When you use the cloud, you probably won't know exactly where your data is hosted. In fact, you might not even know what country it will be stored in. Ask providers if they will commit to storing and processing data in specific jurisdictions, whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers, and if they abide by federal government requirements, such as PCI, HPAA, etc. 4. Data segregation: Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isn't a cure all. Find out what is done to segregate your data from the rest of their customers. The cloud provider should provide evidence that encryption schemes were designed and tested by experienced specialists. Encryption accidents can make data totally unusable, and even normal encryption can complicate availability. 5. Recovery: Even if you don't know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure. Ask your provider if it has the ability to do a complete restoration and how long it will take.

7 6. Investigative support: Investigating inappropriate or illegal activity is very challenging in cloud computing. Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co located and may also be spread across an ever changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible. 7. Long term viability: Ideally, your cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data and perhaps the software will remain available even after such an event. Ask potential providers how you would get your data back and if it would be in a format that you could import into a replacement application. WHAT DOES A SHIFT TOWARD CLOUD COMPUTING MEAN? So who is affected by a paradigm shift in the computing industry? The shift would affect companies in a few different sub industries, including software companies, Internet service providers, and hardware manufacturers. Companies in each of these industries will face significant change if cloud computing is to be the next step for the industry. While it s relatively easy to see how the main software and Internet companies will be affected by such a shift, to know how other Internet companies and hardware manufacturers will be affected, it is slightly more difficult. Who gains? Consulting/Software/Hardware and Services companies that could gain from a shift towards cloud computing include: IBM Software producers that could gain from a shift toward cloud computing include: NetSuite (Financial) Salesforce.com (CRM) Taleo (TLEO) RightNow Technologies (RNOW) Concur Technologies (CNQR) Omniture (OMTR) Plex (ERP) Hyperic Quest Software (QSFT) Disney (DIS) Internet based companies that could gain from a shift towards cloud computing include: Cloud Technology Partners SAVVIS (SVVS) Who loses out? Traditional software producers that could have some catching up to do if cloud computing ultimately wins out include: ORACLE (ORCL) SAP AG (SAP) Blackbaud (BLKB) Lawson Softwares (LWSN)

8 CONCLUSION Cloud computing is attractive, seductive, and perhaps irresistible. The benefits are compelling, particularly the pay as you go model that has been likened to buying electricity (or, if you prefer, buying your drinks by the glass rather than the bottle). Enterprises that have been considering the use of the cloud in their environment should determine whether the solution meets their current and future business needs, calculate what cost savings the cloud can offer them, and consider what additional risks are incurred. Once potential cost savings and risks are identified, enterprises will have a better understanding of how they can leverage cloud services. There s a powerful business case for buying computational power, disk storage, collaboration, application development resources, ERP, CRM, and on demand. Rather than buying more servers and disks or expanding or deploying expensive infrastructure and programs, cloud computing is flexible and scalable. It can meet short term initiatives and requirements and deal with peaks and valleys in business cycles. Sources Cited 1 Take Your Business to a Higher level http://www.cloudsrus.net/upload/cloud_computing_primer.pdf 2 CSA Guidance http://www.cloudsecurityalliance.org/csaguide.pdf 3 Cloud Computing Business Benefits with Security Governance and Assurance Perspectives http://www.isaca.org/contentmanagement/contentdisplay.cf m?contentid=53060 4 Email Archiving: To SaaS or Not to SaaS? http://www.proofpoint.com/id/email archivingsaas/index.php 5 Cloud Computing risks outweigh reward http://news.cnet.com/8301 1001_3 20001921 92.html 6 2010 ISACA IT Risk/Reward Barometer US Edition http://www.isaca.org/amtemplate.cfm?section=20102&templa te=/contentmanagement/contentdisplay.cfm&contentid=5665 6 7 Seven Cloud computing security risks http://www.infoworld.com/d/security central/gartner sevencloud computing security risks 853?page=0,0 THANK YOU Plante & Moran would like to thank Pat McQueen, Table Sponsor from Salesforce.com, Joe Drouin, CIO from Kelly Services, Inc., and all roundtable participants for their contributions. For more information, please contact: Doug Wiescinski 248.223.3208 Doug.Wiescinski@plantemoran.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information