Cloud computing is here and has been embraced by many organizations. Cloud computing, as defined by the National Institute of Standards and Technology (NIST) in the United States, is "a model for convenient, on-demand network access to a shared pool of configurable computing resources (eg , networks, servers, storage, applications and services.) that can be provisioned and released quickly with minimal effort of management or interaction from the service provider. [1] Cloud computing is basically the outsourcing of computing resources, as well as that would outsource utilities such as electricity or water through a shared public network. Cloud service options include:
Software as a service (SaaS): whereby the consumer uses cloud provider applications running on a cloud infrastructure and applications are accessed from various client devices through a thin client interface such as a web browser ( for example, webmail).
Platform as a service (PaaS): here the consumer deploys their own applications on the provider's infrastructure. This option allows the customer to create business applications and get them online quickly, include services such as email campaign management, sales force automation, employee management, supplier management. etc.
Infrastructure as a Service (IaaS): The consumer has access to critical computing, storage, networking, and other resources where the consumer can implement and run arbitrary software, which may include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure, but rather controls the operating systems; storage, deployed applications, and possibly limited control of certain network components (for example, host firewalls).
Cloud computing has become popular as companies are constantly looking to cut costs by outsourcing storage and software (as a service) to third parties, allowing them to focus on their core businesses. With cloud computing, companies save on setting up their own IT infrastructure, which would otherwise be costly in terms of initial investment in hardware and software, as well as ongoing maintenance and human resource costs.
According to the Gartner Cloud Security Report [2], organizations need new skills and face the challenges of cloud security. Businesses should ensure that their cloud service provider has most of the "boxes checked" and that their security concerns are addressed. Since cloud computing is a somewhat new area of IT with no specific standards for data security or privacy, cloud security continues to pose several challenges for managers. Your provider needs to be able to resolve some of the issues that arise, including the following:
User Authentication / Access Control: How Does Your Cloud Service Provider Manage Access Control? To be more specific, do you have options for role-based access to cloud resources? How is the password management process managed? How does this compare to your organization's information security policy on access control?
Regulatory compliance: How do you balance compliance issues around data in a completely different country or location? What about data logs, events, and options to monitor your data? Does the vendor allow audit trails, which could be a regulatory requirement for your organization?
Top comments (0)