All About The Cloud

Uploaded on 2021-09-08 in Directors Reports

Directors Report:  

Cloud computing refers to software and services that run on the Internet, instead of locally on your computer. These include servers, storage, databases, networking, software, analytics and intelligence to offer faster innovation, flexible resources and economies of scale. 

The Cloud actually exists in remote and far-flung data centres and is a collection of networked computer hardware that works together to provide many aspects of computing in the form of online services.  These services are designed to provide easy access to applications and resources, without the need for internal infrastructure or hardware and usually these public and private cloud services allow organisations to reduce their IT infrastructure costs. 

Typically, you only pay for cloud services you use, helping you lower your operating costs, run your infrastructure more efficiently and scale as your business needs change.

A cloud can be private or public. A public cloud sells services to anyone on the Internet. A private cloud is a proprietary network or a data centre that supplies hosted services to a limited number of people, with certain access and permissions settings. 

Cloud Services Are Divided Into Three Main Categories: 

Infrastructure as a Service (IaaS):    IaaS manages IT infrastructures such as storage, server and networking resources, and delivers them to subscriber organisations via virtual machines accessible through the Internet. 

Platform as a Service (PaaS):   PaaS is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. 

Software as a Service (SaaS):   SaaS is a method of software delivery and licensing in which software is accessed online via a subscription, rather than bought and installed on individual computers.

Supporters of public and hybrid clouds note that cloud computing allows companies to avoid or minimise IT costs and  also claim that cloud computing allows organisations to get their applications up and running faster, with improved manageability and less maintenance. 

How does Cloud Computing Work?

Rather than owning their own computing infrastructure or data centres, companies can rent access to anything from applications to storage from a cloud service provider. One benefit of using cloud computing services is that firms can avoid the upfront cost and complexity of owning and maintaining their own IT infrastructure, and instead simply pay for what they use, when they use it.

  • Cloud computing services cover a vast range of options now, from the basics of storage, networking, and processing power through to natural language processing and artificial intelligence as well as standard office applications. 
  • Cloud computing is becoming the default option for many apps: software vendors are increasingly offering their applications as services over the Internet rather than standalone products as they try to switch to a subscription model. 

There is a potential downside to cloud computing, in that it can also introduce new costs and new risks for companies using it. A fundamental concept behind cloud computing is that the location of the service and many of the details such as the hardware or operating system on which it is running, are largely irrelevant to the user. 

History of Cloud Computing

Cloud computing as a term has been around since the early 2000s, but the concept of computing-as-a-service has been around for much, much longer and goes back as far as the 1960s, when computer bureaus would allow companies to rent time on a mainframe, rather than have to buy one themselves. These 'time-sharing' services were largely overtaken by the rise of the PC which made owning a computer much more affordable, and then in turn by the rise of corporate data centers where companies would store vast amounts of data. 

The concept of renting access to computing power has resurfaced again and again, in the application service providers, utility computing, and grid computing of the late 1990s and early 2000s. This was followed by cloud computing, which really took hold with the emergence of software as a service and hyper-scale cloud computing providers such as Amazon Web Services. 

Cloud Computing Benefits

The exact benefits will vary according to the type of cloud service being used but, fundamentally, using cloud services means companies not having to buy or maintain their own computing infrastructure. Cloud computing is not necessarily cheaper than other forms of computing, just as renting is not always cheaper than buying in the long term. If an application has a regular and predictable requirement for computing services it may be more economical to provide that service in-house. However using the cloud means no more buying servers, updating applications or operating systems, or de-commissioning and disposing of hardware or software when it is out of date, as it is all taken care of by the supplier. 

For commodity applications, such as email, it can make sense to switch to a cloud provider, rather than rely on in-house skills. A company that specialises in running and securing these services is likely to have better skills and more experienced staff than a small business could afford to hire, so cloud services may be able to deliver a more secure and efficient service to end users.

Using cloud services means companies can move faster on projects and test out concepts without lengthy procurement and big upfront costs, because firms only pay for the resources they consume. This concept of business agility is often mentioned by cloud advocates as a key benefit. 

The ability to spin up new services without the time and effort associated with traditional IT procurement should mean that is easier to get going with new applications faster. And if a new application turns out to be a wildly popular the elastic nature of the cloud means it is easier to scale it up fast. For a company with an application that has big peaks in usage, for example that is only used at a particular time of the week or year, it may make financial sense to have it hosted in the cloud, rather than have dedicated hardware and software laying idle for much of the time. 

Moving to a cloud hosted application for services like email or CRM could remove a burden on internal IT staff, and if such applications don't generate much competitive advantage, there will be little other impact. Moving to a services model also moves spending from Capex to Opex, which may be useful for some companies.

Some companies may be reluctant to host sensitive data in a service that is also used by rivals. Moving to a SaaS application may also mean you are using the same applications as a rival, which may make it hard to create any competitive advantage if that application is core to your business. 

Cloud Computing Adoption Effects On The IT Budget

Cloud computing tends to shift spending from capital expenditure to operating expenditure as companies buy computing as a service rather than in the form of physical servers. This may allow companies to avoid large increases in IT spending which would traditionally be seen with new projects; using the cloud to make room in the budget may be easier than going to the CFO and looking for more money. 

According to Gartner, global public cloud spending is forecast to reach $332.3 billion in 2021, increasing by 23.1%from $270 billion in 2020 and the rapid growth in cloud spending can be attributed to increased adoption in technologies such as virtualisation, edge computing and containerisation. As organisations mobilise for a massive global effort to produce and distribute Covid vaccination SaaS based applications that enable essential tasks such as automation and supply chain is critical. Such applications continue to demonstrate reliability in scaling vaccine management, which in turn will help CIOs further validate the ongoing shift to cloud.

Cloud Computing Security

Certainly many companies remain concerned about the security of cloud services, although breaches of security are rare. How secure you consider cloud computing to be will largely depend on how secure your existing systems are. In-house systems managed by a team with many other things to worry about are likely to be more leaky than systems monitored by a cloud provider's engineers dedicated to protecting that infrastructure. Concerns do remain about security, especially for companies moving their data between many cloud services, which has leading to growth in cloud security tools, which monitor data moving to and from the cloud and between cloud platforms. 

These tools can identify fraudulent use of data in the cloud, unauthorised downloads, and malware. There is a financial and performance impact however: these tools can reduce the return on investment of the cloud by five to 10% , and impact performance by five to 15% . 

Public Cloud

Public cloud is the classic cloud computing model, where users can access a large pool of computing power over the Internet, whether that is IaaS, PaaS, or SaaS. One of the significant benefits here is the ability to rapidly scale a service. The cloud computing suppliers have vast amounts of computing power, which they share out between a large number of customers, the 'multi-tenant' architecture. 

Their huge scale means they have enough spare capacity that they can easily cope if any particular customer needs more resources, which is why it is often used for less-sensitive applications that demand a varying amount of resources.

Private Cloud

Private cloud allows organisations to benefit from the some of the advantages of public cloud, but without the concerns about relinquishing control over data and services, because it is tucked away behind the corporate firewall.  Companies can control exactly where their data is being held and can build the infrastructure in a way they want, largely for IaaS or PaaS projects, to give developers access to a pool of computing power that scales on-demand without putting security at risk. 

That additional security comes at a cost, as few companies will have the scale of AWS, Microsoft or Google, which means they will not be able to create the same economies of scale. 

For companies that require additional security, private cloud may be a useful stepping stone, helping them to understand cloud services or rebuild internal applications for the cloud, before shifting them into the public cloud. A Forrester survey of 500 businesses that were early adopters found that the need to rewrite applications to optimise them for the cloud was one of the biggest costs, especially if the apps were complex or customised. The surveyalso found:-

  • A third of those surveyed said cited high fees for passing data between systems as a challenge in moving their mission-critical applications. 
  • The skills required for migration are both difficult and expensive to find, and that even when organisations could find the right people they risked them being stolen away by cloud computing vendors with deep pockets. 
  • One third of those surveyed said their software database license costs drastically increased if they moved applications. 

Another Report from Virtustream said, "While many businesses associate the cloud with cost savings, underestimating the resources involved in cloud migration can quickly cause costs to spiral out of control." 

Geography and Cloud Computing

Geography does have an impact on Cloud services.

  • There is the issue of latency: if the application is coming from a data centre on the other side of the planet, or on the other side of a congested network, then you may find it sluggish compared to a local connection. 
  • There is also the issue of data sovereignty. Many companies, particularly in Europe, have to worry about where their data is being processed and stored. European companies are worried that, for example, if their customer data is being stored in data centres in the US or, owned by US companies, it could be accessed by US law enforcement. 

As a result the big cloud vendors have been building regional data centre networks so that organisations can keep their data in their own region. 

In Germany, Microsoft has taken another step and is offering Azure cloud services from two different data centres, which have been set up to make it much harder for US authorities to demand access to the customer data stored there. The customer data in the data centres is under the control of an independent German company which acts as a "data trustee", and Microsoft cannot access data at the sites without the permission of customers or the data trustee. It seems likely that cloud vendors will continue to open more data centres around the world to cater to customers with requirements to keep data in specific locations. 

  • Regulation of cloud computing varies widely elsewhere across the world: for example AWS recently sold a chunk of its cloud infrastructure in China to its local partner because of China's strict tech regulations. 
  • Cloud security is a significant issue. The UK government's cyber security agency has warned that government agencies that they need to review the country of origin when it comes to adding cloud services into their supply chains. 

More than half of the business leaders surveyed believe that the increasing barriers to globalisation will compromise their ability to: use or provide cloud-based services (cited by 54% of respondents, versus 14% that disagree); use or provide data and analytics services across national markets (54% versus 15% ); and operate effectively across different national IT standards (58% versus 18%). 

Over half said these increasing barriers will force their companies to rethink their: global IT architectures (cited by 60%) physical IT location strategy (52%); cybersecurity strategy and capabilities (51%); relationship with local and global IT suppliers (50%); and geographic strategy for IT talent (50%).

Google has similar models, dividing its cloud computing resources into regions which are then subdivided into zones, which include one or more datacenters from which customers can run their services.  It currently has 15 regions made up of 44 zones: Google recommends customers deploy applications across multiple zones and regions to help protect against unexpected failures.

Microsoft Azure offers regions which it describes as is a "set of datacentres deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network".  It also offers 'geographies' typically containing two or more regions, that can be used by customers with specific data-residency and compliance needs "to keep their data and apps close". It also offers availability zones made up of one or more data centres equipped with independent power, cooling and networking.

Cloud Computing Benefits

Cloud computing boasts several attractive benefits for businesses and end users. Some of the main benefits of cloud computing are:

  • Cost savings: Using cloud infrastructure can reduce costs, as organisations don't have to spend massive amounts of money buying and maintaining equipment. This reduces their capital expenditure costs, as they don't have to invest in hardware, facilities, utilities or building large data centers to accommodate their growing businesses. 

Additionally, companies don't need large IT teams to handle cloud data center operations because they can rely on the expertise of their cloud providers' teams. 

Cloud computing also cuts costs related to downtime. Since downtime rarely happens in cloud computing, companies don't have to spend time and money to fix any issues that may be related to downtime.

  • Mobility: Storing information in the cloud means that users can access it from anywhere with any device with just an Internet connection. That means users don't have to carry around USB drives, an external hard drive or multiple CDs to access their data. 

Users can access corporate data via smartphones and other mobile devices, enabling remote employees to stay up to date with co-workers and customers. 

End users can easily process, store, retrieve and recover resources in the cloud. In addition, cloud vendors provide all the upgrades and updates automatically, saving time and effort.

  • Disaster recovery: All organisations worry about data loss. Storing data in the cloud guarantees that users can always access their data even if their devices, e.g., laptops or smartphones, are inoperable. 

With cloud-based services, organisations can quickly recover their data in the event of emergencies, such as natural disasters or power outages.

Cloud Computing Challenges

Despite the clear upsides to relying on cloud services, cloud computing carries its own challenges for IT professionals:

Cloud Computing:  Often considered the greatest challenge facing cloud computing. When relying on the cloud, organisations risk data breaches, hacking of APIs and interfaces, compromised credentials and authentication issues. Furthermore, there is a lack of transparency regarding how and where sensitive information entrusted to the cloud provider is handled. 

Cost management:   Pay-as-you-go subscription plans for cloud use, along with fluctuating workloads, can make it tough to define and predict final costs.  

Lack of Resources & Expertise:   With cloud-supporting technologies rapidly advancing, organisations are struggling to keep up with the growing demand for tools and employees with the proper skill sets and knowledge.

IT Governance:   Cloud computing can make IT governance difficult, as there is no control over provisioning, de-provisioning and management of infrastructure operations. 

Compliance With Applicable Law:   When transferring data from on-premises local storage into cloud storage, it can be difficult to manage compliance with industry regulations through a third party. 

Management of Multiple Clouds:   Multi-cloud deployments can disjoint efforts to address more general cloud computing challenges.

Performance:   Largely beyond the control of the organisation contracting cloud services with a provider. Outages can interfere with productivity and disrupt business processes if organisations are not prepared with contingency plans.

Cloud Migration:   The process of moving applications and other data to a cloud infrastructure often-times causes complications. Migration projects frequently take longer than anticipated and go over budget.

Vendor Lock-In:    Switching between cloud providers can cause significant issues. This includes technical incompatibilities, legal limitations and incurring substantial costs.

The Future of Cloud Computing

Cloud computing is still at a relatively early stage of adoption, despite its long history. Many companies are still considering which apps to move and when. However, usage is only likely to climb as organisations get more comfortable with the idea of their data being somewhere other than a server in the basement. Some estimates suggest that only 10% of the workloads that could be move have actually been transferred across. Those are the easy ones where the economics are hard for CIOs to argue with. 

For the rest of the enterprise computing portfolio the economics of moving to the cloud may be less clear cut. As a result cloud computing vendors are increasingly pushing cloud computing as an agent of digital transformation instead of focusing simply on cost. 

Moving to the cloud can help companies rethink business processes and accelerate business change. Some companies that need to boost momentum around their digital transformation programmes may find this argument appealing; others may find enthusiasm for the cloud waning as the costs of making the switch add up.
 

References: 

ZDNet:   ZDNet:        How It Works Daily:          MS Azure:         InfoWorld:        Techtarget:     

Vox:     Citrix:        Comsoc.org:         Forrester:        Virtustream

You Might Also Read: 

Directors Report June 2017: Cloud Security Analysed For Management (£):

 

« Employee Cyber Security Training Is Vital To Reduce Attacks
Microsoft Will Invest $20Billion In Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Trustelem

Trustelem

Trustelem offers European and global companies a ready-to-use access management service that respects the principles of sovereignty, territoriality and privacy.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Deepnet Security

Deepnet Security

Deepnet Security is a leading vendor in Multi-Factor Authentication (MFA) and Identity & Access Management (IAM).

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

eCentre@LindenPointe

eCentre@LindenPointe

The eCenter@LindenPointe provides assistance to the development, management and promotion of STEM (Science, Technology, Engineering, Mathematics) related business ventures.

VinCSS

VinCSS

VinCSS Internet Security Services JSC is a leading organization working in the field of researching, developing, producing products as well as providing cyber security services.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.