Cloud Computing: The Basics, Benefits and Risks Image: http: //www. dralnux. com/wp-content/uploads/2010/05/cloud. jpg
What is the Cloud? National Institute of Standards and Technology • “Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e. g. , networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. ” National Archives and Records Administration • “Cloud computing is a technology that allows users to access and use shared data and computing services via the Internet or a Virtual Private Network. It gives users access to resources without having to build infrastructure to support these resources within their own environments or networks. ” Cloud Image: http: //bgilmore. net/wp-content/uploads/2009/02/cloud 1. png
Broad network access: Capabilities are available over the network and accessed through standard mechanisms (e. g. , laptops, mobile devices, etc. ) Measured Service: Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e. g. , storage, processing, bandwidth, and active user accounts) Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in On-demand self-service: A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service's provider Resource pooling: The provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand
Through the internet, many services can be accessed, including Software, Platform, or Infrastructure
Software as a Service (Saa. S) Software as a Service is the most common form of Cloud Computing. It is the capability to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e. g. , web-based email).
Platform as a Service (Paa. S) Platform as a Service is the capability to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider.
Infrastructure as a Service (Iaa. S) Infrastructure as a Service is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. With virtualization techniques it is packaged into small units that are delivered like water or electricity
Different Types of Clouds There are several different ways of deploying the Cloud. Each different way has its own group of standard users and service levels.
Levels of Deployment • Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Applications like Gmail are part of the public cloud. • Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e. g. , mission, security requirements, policy, and compliance considerations). A municipality make use of community clouds. • Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Most Used. • Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e. g. , cloud bursting for load-balancing between clouds). Think Google and Amazon.
What is the Cloud Used For? • • Backup Collaboration Distribution Archiving • Email storage is number one.
Cloud Examples • Toyota uses Microsoft for tracking roadside assistance. • LAPD may use Google for email. Problem with Federal Security requirements for storing law enforcement records. • General Services Administration in US uses Iaa. S and is looking at Paa. S and Saa. S. • NARA has directed agencies on how to comply with federal records regulations while using cloud.
Who Gets the Most Out of the Cloud? • A small to medium sized organization/company with small IT budget, or inefficient IT department.
Benefits of the Cloud • Reduce Costs ü No owning of hardware/software, so no huge upfront costs. ü Save energy costs. ü Reduce IT costs, as they don’t have to implement or maintain. Just maintain the cloud, not each computer. This is like in 60 s when had dummy terminals and mainframe. ü Shared so pool resources to get more for lessbetter hardware/software and network.
Benefits of the Cloud • Scalability ü You can get whatever you need, and only pay for what you use. ü Can track use.
Benefits of the Cloud • Reliability ü Always there on demand, big or small. ü Available from anywhere, using a browser.
Benefits of the Cloud • Security ü Security can be robust and more than a company could afford otherwise-both physical and virtual. ü Centralized data easier to secure.
Benefits of the Cloud • Improve Collaboration ü Allows for easy collaboration as all files are in consistent format, viewed in web browser. ü Can collaborate and distribute information over geographic areas. ü Think Google Docs.
Image: http: //www. globalnerdy. com/wordpress/wp-content/uploads/2008/09/grandpa_simpson_yelling_at_cloud. jpg
Risks of the Cloud • Cost Issues ü Calculate transfer, implementation and subscription costs. Can get unexpected license fees (Google/LA City). ü Variability of costs-no set monthly fee.
Risks of the Cloud • Reliability Issues ü Cloud can go bankrupt, disappear or be sold. Documents might be gone. ü Cloud can lose documents, and sometimes can’t get them back or backups fail.
Risks of the Cloud • Security Issues ü You have to trust completely. ü Unauthorized access-cloud, sub contractors, hackers, etc. Are you told? ü Documents can be stored anywhere and can be moved at any time-without you knowing. ü Encryption might not be done-in transit or in cloud. ü Shared server could intermingle information. ü FBI seized servers at Dallas Data Center for 1 person-50 businesses used it, and it took days to get servers back up.
Risks of the Cloud • Integrity/Authenticity ü Chain of custody and control issues. ü How maintain trustworthy electronic document system? ü Tampering possible in cloud, so can one create or maintain authentic electronic documents? ü Can these documents have integrity and admissibility as evidence?
Risks of the Cloud • Privacy Risks ü EU Data Protection Directive deals with privacy. It regulates processing of personal data in EU. Can’t transfer personal information (or process) of EU residents to countries that don’t have similar privacy protection (like the US). • Canada-Federal court ruled that a US organization transferring data to Canada must comply with PIPEDA. Also BC and NS restrict cross border data transfer.
Risks of the Cloud • Legal Risks ü Geographic location of information-jurisdiction issues. ü Trade secrets-are they still secret in cloud? ü Legal privilege-is it still applicable if cloud can access it? ü Patriot Act-FBI gets court order under Section 215. ü HIPAA (US health information) and Gramm-Leach Bliley Act (US financial information) have to be protected through specific agreement.
Risks of the Cloud • E-discovery ü Can you isolate documents for legal hold? ü Are documents preserved properly? Can they be accessed? Are there multiple copies in different locations, and which is used?
Good Contract Avoids Risks Google and LA • Los Angeles will be equipping 34, 000 city employees with Google Apps for email and collaboration in the cloud. ü Unlimited damages for breach. ü Audits allowed. ü Data only stored in 48 states. ü If service down more than 5 min/month-penalty. ü Encrypt documents and break them into pieces. ü Non disclosure agreements on both sides.
Other Important Things • • Do risk assessment. Compare vendors and review policies. Figure out responsibility. Get everyone together-legal, IT, RM. Disaster recovery contingency plan. Read the Cloud Security Alliance Guidelines. Read the Cloud Service Agreement!
Final Thought • Google now has online operating system called Chrome OS-no hard drive needed. • Going back to the 60’s. . . but in this case it isn’t the company mainframe, it is Google!