The promise of cloud computing is arguable revolutionizing the IT services world by transforming computing into a ubiquitous utility, leveraging on attributes such as increased agility, elasticity, storage capacity and redundancy to manage information assets.
§ Cloud computing has the likely ability to offer enterprise long-term IT savings, including reducing infrastructure costs and offering pay-for-service models. By moving IT services to the cloud, enterprises can take advantage of using services in an on-demand model.
§ Less upfront capital expenditure is required, which allows businesses increased flexibility with new IT services.
- ENHANCE IT RESOURCES WHILE CONTROLLING COST
o Risks and security concerns
§ Added risk with increased dependency on a third-party provider to supply flexible, available, resilient and efficient IT services
§ Changes are required to expand governance approaches and structures to appropriately handle the new IT solutions and enhance business processes.
Cloud model be composed of three service models
| Service Model | Definition | To be Considered |
| Infrastructure as a Service(IaaS) | Capability to provision processing, storage, networks and other fundamental computing resources, offering the customer the ability to deploy and run arbitrary software, which can include operating systems and applications. IaaS puts these IT operations into the hands of a third party. | Options to minimize the impact if the cloud provider has a service interruption |
| Platform as a Service(PaaS) | Capability to deploy onto the cloud infrastructure customer-created or acquired applications created using programming languages and tools supported by the provider | - Availability - Confidentiality - Privacy and legal liability in the event of a security breach (as databases housing sensitive information will now be hosted offsite) |
| Software as a Service(SaaS) | Capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser(e.g., web-based e-mail). | - Who owns the applications? - Where do the applications reside? |
| Deployment model | Description of Cloud Infrastructure | To be considered |
| Private cloud | -operate solely for an organization -may be managed by the organization or a third party -may exist on-premise or off-premise | - Cloud services with minimum risk - May not provide the scalability and agility of public cloud services |
| Community Cloud | -Shared by several organizations -Supports a specific community that has shared mission or interest -May be managed by the organizations or third party -May reside on-premise or off-premise | -same as private cloud, plus -Data may be stored with the data of competitors |
| Public cloud | -Made available to the general public or a large industry group -Owned by an organization selling cloud services | -same as community cloud, plus: -Data may be stored in unknown locations and may not be easy retrievable |
| Hybrid cloud | A composition of two or more clouds(private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability(e.g., cloud bursting for load balancing between clouds) | -aggregate risk of merging different models - Classification and labelling of data will be beneficial to the security manager to ensure that data are assigned to the correct cloud type. |
Cloud Computing Essential Characteristics
| Characteristic | Definition |
| On-demand self-service | The cloud provider should have the ability to automatically provision computing capabilities such as server and network storage, as needed without requiring interaction with each service’s provider |
| Broad network access | According to NIST, the cloud network should be accessible anywhere, by almost any device(e.g, smart phone, laptop, mobile devices, PDA) |
| Resource pooling | The provider’s computing resources are pooled to serve multiple customers using a multitenant model, with different physical and virtual resources dynamically assigned and reassigned according to demand. There is a sense of location independence. The customer generally has no control or knowledge over the exact location of the provided resources. However, he/she may be able to specify location at a higher level of abstraction (e.g, country, region, or data center). Examples of resources include storage, processing, memory, network bandwidth and virtual machines. |
| Rapid elasticity | Capabilities can be rapidly and elastically provisioned, in many cases automatically, to scale out quickly and rapidly released to scale in quickly. To the customer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time |
| Measured service | Cloud systems automatically control and optimize resource use by leveraging a metering capability (e.g, storage, processing, bandwidth and active user accounts) |
