Cloud computing has been receiving a lot of press in the IT mainstream media lately and all indications points to it continuing to be a hot topic for some time. Gartner.com stated in an article “Significant innovations in virtualization and distributed computing, as well as improved access to high-speed Internet and a weak economy, have accelerated interest in cloud computing.
The concept of cloud computing pertains to an entity that involves delivering hosted services over the Internet. These services can be private or public and are divided into three categories:
- Infrastructure-as-a-Service (IaaS)
- Platform-as-a-Service (PaaS)
- Software-as-a-Service (SaaS)
Infrastructure as a Service (IaaS) is a service in which an organization outsource the equipment used to support operations, including storage, servers and networking components. The service provider owns the equipment and is responsible for the operation and maintenance of it.
Platform as a Service (PaaS) is a service for which the development tool itself is hosted in the cloud and accessed through a browser. Developers can build web applications without installing any tools on their computer and then deploy those applications without any specialized systems administration skills.
Software as a Service (SaaS) is a software service application that allows users to purchase a software service to be used over the Internet that is developed and managed by an independent or third party. The software is not downloaded onto the user's computer, but is simply accessed via an Application Programming Interface (API) over the World Wide Web with a login and a password.
Due to the nature of cloud computing, many security concerns have been raised as researchers, security professional and management examines the models. Cloud computing does not allow the organization to physically possess their data on site unless it is backed up on a secondary storage device. Customers of the cloud-computing model need to be aware the service provider is conducting regular backups, have an incident response plan and have a disaster recovery plan in place. This is for continuity of business functions as well as the need for meeting regulatory compliance such as FISMA and HIPPA to name a few.
Cloud computing has the ability to assist many organizations, but intensive research, review and audits should be conducted before doing so. The organizations that choose to rely on using a cloud service model will have to consider additional responsibility to be able to understand the services being offered in order to understand the effects on their operations and security.