Thursday, January 19, 2012

Cloud Computing - briefing

Cloud computing is a term used everywhere, even on Microsoft adverts on the TV! So what is it? Would it be useful for my organistaion? This short guide will hopefully make things a little clearer.

So what is cloud computing?
Up until recently, you would have your own email servers, accounting servers, servers to store documents on, etc. Your IT department would provide the hardware, back them up and administer access to them.
Cloud computing means moving some or all of these services out of your organisation into 'the cloud' - the internet. Basically, instead of your IT department running the servers, an outside company does this for you, and charges you. They will look after backup, access and security and you will be able to take advantage of their infrastructure - which will tend to be better specification as they will be looking after many customers and be able to afford more.
Definition from HP - Computing in “the cloud” may refer to a company's own network, but it typically refers to the Internet and the use of Web browser-based or rich client applications. In these applications, the software comes from the Web Servers, and the data may be saved on the servers as well

What are the advantages?
- you don't have to buy and maintain expensive servers
- costs are more predictable and revenue rather than capital
- backup and disaster recovery facilities at large providers will be state of the art
- dispersed locations
- less on-site support required
- access to the latest software and services quickly


What are the disadvantages?
- your internet connection is crucial - you may need a backup link
- loss of control over your data
- issues around Data Protection and where the data is stored
- you may not get the same level of support as your in-house team

Dangers of cloud computing

The concept of cloud computing is quickly changing the future of corporate IT and seems to be the direction in which information infrastructure is moving. The concept, quite simply, is that vast computing resources will reside somewhere out there in the ether (rather than in your computer room) and we’ll connect to them and use them as needed. IBM has become the latest vendor to jump on the cloud computing wagon, unveiling a new initiative to extend its software delivery model towards cloud computing applications for its ISVs and customers. But businesses need to consider the security implications of jumping into the world of cloud computing.

Cloud computing raises a number of security issues for any organisation that implements it. For example, who and where is data being held? Outsourcing of data to a company like IBM or Amazon means business information could end up being stored almost anywhere in the world. The Data Protection Act is pretty clear that you cannot just export data without appropriate controls. The provisions of the Act mandate that companies must clearly state to their customers where they plan to store their data, and how they will use it. The legislation also effectively means that companies must store their data within the European Union. The chances of data being stored anywhere in the world is quite high as vendors providing Cloud Computing services need to replicate the data around the world to maintain their own disaster recovery and data backup plans.

Companies will also have to review their security arrangements on both technical, legal and corporate governance fronts. The traditional description of IT Security was CIA - Confidentiality, Integrity and Availability. Cloud computing still has a number of these issues to address. There will be major issues – what do you do if your ISP goes down? Will service credits really compensate you for the lost productivity?

Our caution here at GSS does not reflect on the integrity of these new cloud computing services in any way. It merely reflects the fact that corporate governance rules and, of course, data protection legislation needs to play catch-up with the real world.

You can’t simply sign the company up to a cloud computing environment and not consider all these points. Policy decisions and security issues need to be carefully considered - even down to discussing the move to cloud computing with your professional indemnity insurer - unless you can prove you have taken the required planning and security steps, your business insurance policy may be invalid if a data breach occurs It would be advisable to carry out a full risk analysis on the technology, and implement a cloud-enabled IT security framework before embracing cloud computing.

Having said this, it’s clear that cloud computing is where the future of corporate data access and computing lies, so companies need to start making the necessary planning now, in order to cope with what will be a sea change in their IT security needs.