Issuu on Google+

Cloud Computing Strategies This document was prepared as a capstone for IT486 Critical Issues in Information Technology at Central Washington University Dan Achman 3/8/2014 0|Page


Cloud Computing Strategies

Table of Contents

Executive Summary .......................................................................................................................2 Introduction ....................................................................................................................................3 Possible uses for the cloud .............................................................................................................3 Infrastructure as a Service (IaaS) uses .........................................................................................3 Platform as a Service (PaaS) uses ................................................................................................4 Software as a Service (SaaS) uses ...............................................................................................4 What are the risks with cloud computing? ..................................................................................5 Security.........................................................................................................................................5 Vendor operational reliability ......................................................................................................6 Vendor viability ...........................................................................................................................6 Conclusion ......................................................................................................................................7 Works cited .....................................................................................................................................8

1|Page


Cloud Computing Strategies

Executive Summary As part of a capstone project, a group of 24 cohorts comprised of senior students and working professionals participated in a survey to research cloud computing strategies. Respondents were asked to identify possible uses for cloud computing as well as risks associated with its use. A subsequent survey was completed requesting solutions to mitigate the top three risks identified from the earlier surveys. The uses suggested included: 

Virtualization of Corporate Datacenter

Use of cloud service to create a test environment applications and networks

Use of vendor supplied software on a subscription basis

The top three risks which were identified across all cloud platforms were 

Security with an emphasis on data security

Vendor operational reliability

Vendor viability

When attempting to mitigate the risks presented here, businesses must perform due diligence when selecting their cloud services vendor. The business’s disaster recovery and business continuity plan should also address these issues. In addressing the security risk, the business must have policies in place regarding effective governance, risk compliance, privacy, and security. These policies must be addressed with the cloud services vendor as part of the due diligence process.

2|Page


Cloud Computing Strategies

Introduction Companies have begun to utilize the cloud for a greater share of their Information Technology needs. There are currently three main types of cloud computing services. The first is Software as a Service (SAAS), which involves the cloud vendor providing the software, platform and infrastructure for a subscription fee. In the second type of service, Platform as a Service (PAAS), the cloud vendor provides the infrastructure and platform for a subscription fee and the subscribing company provides the software. The third type of service, Infrastructure as a Service (IAAS) involves the cloud vendor providing the virtual hardware infrastructure and the subscribing company installing the operating system and software. In this paper a group of cohorts comprised of senior students and working professionals were surveyed about possible uses for the three types of cloud computing that exist today. In addition to the uses that were identified the group also identified risks associated with each type of service. The top three risks were identified and the cohorts then provided solutions to mitigate those risks. The responses were supported with research which will be cited in this paper.

Possible uses for the cloud The suggested uses are categorized by the type of service that they were associated with as the respondents were surveyed. Infrastructure as a Service (Iaas) uses In IaaS, the cloud computing customer puts their own server software and applications onto virtual machines that are run by the cloud provider. The customer configures the database, web, and application services to meet the needs of the customer's users. Many of the responses involved moving some or all of the corporate datacenter to the cloud. This virtualized data center could be a replacement for your existing datacenter or serve as a hot site in your disaster recovery plan. Features and benefits cited as a result of moving the datacenter to the cloud were:

3|Page


Cloud Computing Strategies

Scalability

Utility style costing

Location independence

Physical security of data center locations

No single point of failure (What is IaaS)

Another use that was suggested for IaaS was to utilize it as a testing environment for your network and server administrators. They could have this environment mirror your production environment and then apply any patches or upgrades there and test them before applying them in the production environment. Platform as a Service In the Platform as a Service (PaaS) environment, the cloud vendor provides the infrastructure and the operating system and the customer provides the application. Many responses from cohorts indicated that this would make a good environment for testing applications either those created in house or ones you may be considering purchasing. Utilizing this platform as a database server was also mentioned several times. Software as a service With Software as a Service (SaaS) the vendor provides everything necessary to operate and the users pays a subscription fee. The responses to the uses of this type of cloud service are summarized as follows; 

Time clock software

Human Resources applications

Corporate Email System

CRM software

Google Apps

Business and Expense Management

Single Sign On Solution 4|Page


Cloud Computing Strategies

What are the risks with cloud computing? When respondents were asked to identify uses across the three types of cloud computing platforms, they also were requested to identify associated risks with those platforms. Three risks were predominant in responses across multiple cloud platforms. 

Security



Vendor operational reliability



Vendor viability

In the information that follows, the risks are detailed and solutions are put forward in an effort to mitigate them. Security Security with an emphasis on data security was a risk that clearly rose to the top of the list of risks when it came to cloud computing. In approaching solutions to mitigate this risk, one would be advised to follow the advice given by The Cloud Standards Customer Council as they list the following steps; 1. Ensure effective governance, risk and compliance processes exist 2. Audit operational and business processes 3. Manage people, roles and identities 4. Ensure proper protection of data and information 5. Enforce privacy policies 6. Assess the security provisions for cloud applications 7. Ensure cloud networks and connections are secure 8. Evaluate security controls on physical infrastructure and facilities 9. Manage security terms in the cloud SLA 10. Understand the security requirements of the exit process (Security for cloud computing)

5|Page


Cloud Computing Strategies

Vendor operational reliability The risk that the cloud service would not be available when needed due to system maintenance, software quality issues, or other issues on the cloud service provider’s end was a risk that showed up fairly often. Analyst Al Sadowski describes this best when he writes “A service outage can affect brand reputation, future prospects and employee productivity, as well as the potential loss of existing customers. Recovery time is also a major impact to an ongoing business.� In addressing a solution to this issue, two themes were repeated by respondents; 1. Due diligence in selecting a cloud provider will help mitigate this risk.

This is the most important step you can take to mitigate this risk. This should involve verifying the reliability of the vendor and an ongoing monitoring of their reliability.

2. Be sure that your disaster recovery / business continuity (DR/BC) plan addresses this. Loss of service from your provider should be addressed in your BC/DR plan and a level of redundancy put in place that makes sense for your company.

Vendor viability The risk that your cloud services vendor should go out of business is a concern that needs to be addressed. The risk here is similar to the vendor operational liability risk addressed previously except this loss of service would not be temporary. The challenge is to eliminate or mitigate the risk and the solutions are the same as those put forth to mitigate the vendor operational reliability risk.

6|Page


Cloud Computing Strategies

Conclusion As your company looks to move to the cloud, it is likely that one of the three service models (IaaS, PaaS, or SaaS) will meet your requirements. As you do your due diligence and work through the issues involved, it is important to keep all levels of the company informed of the risks and rewards of this new computing paradigm. To keep the cloud in perspective, it may help to remember this quote from Michael Kanellos; “The cloud isn’t a puffy white thing in the ether, after all. It’s a large, tan building near a freeway exit stuffed with blinking boxes."

7|Page


Cloud Computing Strategies

Works Cited

Kanellos, Michael. “The Key to Success in Cloud Computing? Good Plumbing”. Forbes. 2012. Web. 01 Mar 2014. < http://www.forbes.com/sites/michaelkanellos/2012/11/02/the-keyto-success-in-cloud-computing-good-plumbing/ Sadowski, Al. “Quantifying the impact and minimizing the risk of datacenter service downtime”. The 451 Group. 2012. 1 Mar 2014. < http://boundary.com/blog/2013/05/31/quantifyingthe-impact-and-minimizing-the-risk-of-datacenter-service-downtime/> “Security for Cloud Computing 10 Steps to Ensure Success”. Cloud Standards Customer Council. 2012. Web. 01 Mar 2014. <http://www.cloudcouncil.org/Security_for_Cloud_Computing-Final_080912.pdf>

“What is IaaS”. Interoute Communications Limited. Web. 01 Mar 2014 <http://www.interoute.com/what-iaas>

8|Page


Cloud computing strategies