Cloud computing is an essential part of the ‘digital revolution’ driving sweeping changes through society and the way enterprises operate, and a huge opportunity for organisations of all sizes. To some the risks may appear daunting, but there’s plenty of good guidance available to successfully negotiate the path to the cloud.
Cloud computing can seem very complex, so let’s first define what we mean. There are three main broad categories of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).
IaaS: When you use infrastructure as a service you dispense with your own IT infrastructure. Instead it’s made available on demand by a global or local provider. Essentially you’re renting rather than owning your own virtual infrastructure ‘in the cloud’ that you can use for anything you would have on your own servers. There’s no capital expenditure involved.
PaaS: Platform as a service involves using a cloud provider rather than your own system as a platform to develop, run and manage web applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an application. There are a number of well-known global providers, but local players are also emerging – potentially interesting for organisations concerned about having their service hosted abroad.
SaaS: Software as a service will be familiar to most people from their use of social media: platforms such as Facebook and LinkedIn all run on this basis, with the software sitting in the cloud rather than on the user’s device. The same principle applies in the corporate context, where many organisations are using CRM (customer relationship management) or ERP (enterprise resource planning) software provided ‘as a service’. As a user you simply consume the software, without knowing where it’s located.
All three flavours of cloud computing can be delivered either completely by a third-party provider (‘public cloud’), internally by an organisation (‘private cloud’) or in combination (‘hybrid cloud’). Large global enterprises that are big enough to get the scale benefits themselves are investing in building their own private cloud infrastructure. However, most organisations are not large enough to justify this and tend to use either public or hybrid cloud services.
Cloud computing services have cost benefits − the potential to significantly reduce IT costs and move expenditure from capex to opex − and flexibility, with the ability to scale the service up or down as desired.
Compelling reasons for the cloud
Organisations will find compelling reasons for all three categories of cloud service, IaaS, PaaS and SaaS. What they have in common is cost benefits – the potential to significantly reduce IT costs and move expenditure from capex (capital expenditure) to opex (operational expenditure) − and flexibility, with the ability to scale the service up or down as desired.
Infrastructure as a service has the added advantage of enabling you to provision additional services a lot more quickly, which is especially beneficial, for example, for sporting or major entertainment events. It also frees up the IT department to concentrate on adding value to the business rather than getting bogged down in managing the various infrastructure ‘boxes’.
Software as a service removes the need to continually upgrade software or keep up with the latest releases and patches: because you are paying to use the software rather than owning it yourself, you’re always sure of having the latest version. Many SaaS packages are also very flexible and allow you to configure the software to meet your needs without having to customise it or develop additional functionality yourself.
SaaS is also a very powerful tool for a mobile workforce, because all your people need for access to software is internet access. Many organisations also find the associated services often bundled with the software very attractive. For example, accounting software combined with monthly accounting services provided by a reputable firm can be a great option for many small businesses, as they can dispense with their own software and hardware as well as the need to have an in-house accounting function. In general, the cloud makes a lot of sense for companies not big enough to have their own specialist departments (such as IT) and staff.
The benefits of PaaS are very similar to those of SaaS, and it also gives you a platform for developing additional functionality on top of it. In other words, you can customise the solution for your own organisation much more than is possible with SaaS.
The cloud in action
What kinds of organisations are taking advantage of the cloud?
A good example is companies that source analytics services. To cope with a heavy load in the run-up to Christmas, for example, you can now take out a temporary contract with an analytics provider to spin up an analytics database in the cloud. Go to the cloud provider’s website with a credit card, and you have the infrastructure available in only an hour or two. In many cases a remotely provided service is often the only way of solving the problem – an instance of a new approach that wasn’t even possible before the advent of the cloud.
The public sector is also embracing cloud computing in a big way. The UK government, for example, has had the G-Cloud (Government Cloud) in place for a number of years, a strategy that makes it almost compulsory for public bodies to procure services via the cloud. In Australia state governments also have strategies where procurers have to consider the cloud first and justify the business case [1] if they decide against it. The Swiss government also has a cloud computing strategy in place, complementing its eGovernment policy, and aimed primarily at the Confederation, the cantons, municipalities and enterprises affiliated with the Confederation. The challenges here are essentially the same as for the private sector, but with a slightly different emphasis: the most important issues for government and the public sector are how cloud services are contracted, and how data privacy risks are managed.
[1] The business case sets out the economic rationale and impact in the run-up to an outsourcing project. It contains an outline of the processes involved and the organisation that will work with these processes following outsourcing. It also compares the costs of the outsourced portion of the business with the status quo, and forecasts the point within a timeframe of five years at which the outsourced process will be profitable.
Another group that is reaping huge benefits from the cloud is project-based organisations such as construction firms, consulting engineers and infrastructure providers. They used to have to provision for each project, spending valuable time and resources equipping every new site with hardware, cabling and so on. With a cloud model, all the project team now needs is access to the internet (for example with their SIM card) and they’re productive from day one. And there’s no hardware to dispose of once the project is completed.
Useful cloud computing resources
Cloud Security Alliance (CSA)
The CSA, present in every continent except Antarctica, is the world’s leading organisation dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the expertise of industry practitioners, associations, governments and its corporate and individual members to offer cloud security-specific research, education, certification, events and products.
Website: cloudsecurityalliance.org
General enquiries: info@cloudsecurityalliance.org
Membership: membership@cloudsecurityalliance.org
CSA Security, Trust & Assurance Registry (STAR)
CSA operates the most popular cloud security provider certification programme, the CSA Security, Trust & Assurance Registry (STAR), a three-tiered provider assurance programme of self-assessment, third-party audit and continuous monitoring.
Website: cloudsecurityalliance.org/star
Cloud Security Alliance Switzerland Chapter (CSACH)
Klaus Gribi from Swisscom, President of the Cloud Security Alliance Switzerland Chapter (CSACH), describes its mission as follows: “CSACH focuses on information and data protection as well as legal aspects relevant to Swiss law to support and assist cloud consumers and cloud service providers in Switzerland. To achieve this goal, CSACH runs a series of research initiatives to compile and provide guidelines and best practices, organises cloud security events throughout Switzerland, and creates cloud security expert platforms for the exchange of information, know-how and experience in regard to cloud security in Switzerland.”
Website: cloudsecurityalliance.ch
General enquiries: board@cloudsecurityalliance.ch
Membership: chapters.cloudsecurityalliance.org/switzerland/about/membership-form
Swiss Federal Data Protection and Information Commissioner (FDPIC)
The Swiss Federal Data Protection and Information Commissioner has a supervisory and consultative role with respect to data protection and information-related issues. His function in the private sector is primarily consultative: explaining the legal provisions governing data protection, and advising on the registration of data files and trans-border data flows and enquiries relating to the right of access. The commissioner also advises on legal and technical matters, and acts as an intermediary in conflict situations.
Website: www.edoeb.admin.ch/index.html?lang=en
Guide to cloud computing: www.edoeb.admin.ch/datenschutz/00626/00876/01203/index.html?lang=en
