Cloud computing – what is it exactly and what benefits does it bring? A new white paper from ISACA describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing.
According to the paper, the definition of cloud computing runs along these lines: “A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
A simpler way for understanding the concept is to think of it as a utility. An enterprise pays for water, gas and electricity according to the amount they use. Cloud computing offers the same – payment on a consumption basis, and that also means less initial capital spending.
The cloud can offer Infrastructure as a Service, Platform as a Service or Software as a Service. It can be private, community, public or hybrid. It’s characteristics are:
- On-demand self-service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service.
Benefits and risks differ according to the selected choices.
The key benefits of cloud computing are:
- Cost according to use and savings because of lack of wasted resources
- Immediate availability
- Round-the-clock availability
- Efficiency – enterprises can focus on innovation and R&D
- Resiliency – sustainability through natural disasters or heavy traffic.
The risks are also many. Cloud computing implies outsourcing at least a part of the enterprises’ IT services, so the risk of depending on a third-party provider is great. When choosing said provider, businesses should be very careful and check its reputation and capabilities – he will be in charge of information providing and handling, so this is a crucial step when an enterprise is considering migration to the cloud. He is also responsible of keeping confidential information safe.
Another risk is the possibility that the information won’t be readily available due to disasters or even because there could be confusion about the whereabouts of certain information.
Because of all this things, a clear and sturdy risk management program must be put in place, and a straightforward service level agreement must be agreed upon – explicit expectations regarding the managing, utilization, storage and availability of information and requirements for business flow and disaster recovery must be defined in the agreement.
After the implementation of cloud services, the entire business must pass through an adjustment period that will see the employees turning to the cloud for information and services. That means that an information security policy must be enforced and additional security training must be made available.
All these issues must be addressed, including compliance, privacy, certification, legal obligations and transparency.
In short, it isn’t as simple as it seems in the diagrams: there is the cloud, and stuff is flowing in and out of it without complications. It only remains to be seen if the benefits outweigh the risks and the additional work.
To read the report in detail, go here.