The use of
the word “Cloud” to describe hosted IT
services is somewhat of a misnomer. Even though its origin is from a diagram on
paper it still conjures a vision of this floating entity over which you have no
control and it may not be there in the morning.
However it is a very pervasive marketing term and has strong
acceptance.
Cloud is not so much a technology as a
convergence of multiple streams of technology into a new service layer. It is
categorised into three major service offerings which require different security
considerations:
Infrastructure As A Service (IaaS) is the delivery of computer infrastructure
(typically a platform virtualization environment) as a service. Rather than
purchasing servers, software, data centre space or network equipment, clients
instead buy those resources as a fully outsourced service. The service is
typically billed on a utility computing basis and amount of resources consumed
(and therefore the cost) will typically reflect the level of activity. Storage
as a Service (remote backup) is often cited as a subset of IaaS.
Platform As A Service (PaaS) provides all of the facilities required to
support the complete life cycle of building and delivering web applications and
web services with no software downloads or installation for developers, IT
managers or end-users.
Software As A Service (SaaS) is a model of software deployment whereby a
provider licenses an application to customers for use as a service on demand.
SaaS software vendors may host the application on their own web servers or
download the application to the consumer device, disabling it after use or
after the on-demand contract expires.
For SaaS and PaaS the primary security focus is around
data integrity, availability and confidentiality whilst with IaaS the focus is
on technical controls.
The Move to Cloud
Every
day more organisations are moving their data into the Cloud, with increasing reliance on web applications and hosted
services as core components of their business operations.
More
often than not the move to cloud services is driven by business divisions
identifying a new solution they want now which is not dependant on internal IT
resourcing or constraints. Unfortunately at times the value of the data or the
issues around integration of cloud and on-premises data is overlooked. This can
result in much post-implementation ad-hoc activities that can compromise data
and system security.
Just as important the risks cannot be
entirely outsourced. Servers go down, hardware fails, and networks lose
connectivity. Underlying all these potential issues is the general risk of a business
losing control over their own data and not being able to account for it if
things go wrong.
Look out for Part 2...
Greg Starkey
Business Development Manager, Government & Commercial
No comments:
Post a Comment