Skip to main content

What is the cloud?

In the tech world, you may hear the phrase "the cloud" quite often. But what is the cloud? Cloud computing refers to a network of servers that act as storage or processing power and are accessed through the Internet, rather than as local resources. Use of cloud resources can be beneficial in a variety of ways. Not only does it allow users to access their data or software from wherever they are, but it can also be cost effective. Cloud computing may refer to several types of services, which are often seen with an 'aaS' extension (for 'as-a-service'). The 'as-a-service' industry has grown significantly in the last few years, expanding to include things such as RaaS (Robots-as-a-Service). However when talking about cloud computing, there are three primary cloud computing solutions: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).

  • Infrastructure-as-a-Service is a form of cloud computing that offers virtualized computing resources over the Internet. Examples include Amazon Web Services (AWS), Microsoft Azure, and Google Compute Engine (GCE).
  • Platform-as-a-Service is a form of cloud computing that offers virtualized platform environments for efficient application development and deployment. Examples include Google App Engine and Apprenda.
  • Software-as-a-Service is a subscription-based model for licensing and delivering software. Usually the software applications will be accessed through a web browser. Salesforce.com, Microsoft Office 365, and Dropbox are all examples of Software-as-a-Service.

Cloud computing comes with both benefits and risks, so do your homework before moving to the cloud.

Why are some companies moving to the cloud?

Companies know that growth and development come with a cost. Cloud computing may be one solution to add resources or software capabilities at a cost-efficient price point. Not only can cloud computing be an efficient way to cut down on resource expenditures, the accessible nature of cloud hosting is ideal for businesses whose employees work from remote locations. As the cloud model dictates that the resources being purchased are hosted on the Internet, they can be accessed from anywhere in the world.

Pros and cons of using cloud solutions

With all the advantages of cloud solutions, there are also some potential disadvantages to hosting data on the Internet. Potential benefits include:

  • Cost-effective software solutions
  • Remote access to the software or data - anytime, anywhere
  • Quick and easy scalability - both up and down - as your needs change
  • Less overhead in terms of infrastructure cost and maintenance

There are also some risks to cloud hosting:

  • Access to data, software, and resources is dependent on the user's Internet connection and the reliability of the cloud provider. If the provider experiences an outage, users cannot access their data and services.
  • Cloud hosting may offer limited control over the functionality and customization of the services purchased. With local machines and locally-hosted software solutions, companies may utilize customization options that may not be available with a cloud-hosting solution.
  • Cloud computing leans towards a subscription/per-use pricing model. In some cases, this may be costlier over the long-term than the initial costs involved in setting up an alternative infrastructure.
  • Security and privacy are major cloud-computing concerns.

Questions to ask when vetting cloud service providers

Cloud storage can be a convenient, cost effective way to ensure that your company has access to the resources that it needs, from anywhere in the world. However when your information is located on another organization's servers, it's necessary to verify that you are not opening yourself up to a potential attack or data breach. When vetting third-party cloud providers, it is important to ask questions and consider multiple options.

Here are some questions to ask before purchasing a service from a cloud provider.

Compliance

If your company is required to adhere to a standard of compliance, your cloud provider must also adhere to that standard to ensure compliance. For example - if your organization is required to operate under HIPAA, inquire as to whether or not the cloud provider is willing to sign a business associate agreement (BAA). A BAA ensures that a third-party will protect electronic protected health information (ePHI) according to the HIPAA guidelines.

Tracking Data in the Cloud

Some information may not be appropriate for cloud storage, regardless of the cloud provider's security. It is important to identify and classify sensitive information, prior to moving your data to the cloud. Gauge what type of risks your organization faces. After choosing a cloud provider, update your information classification policy, and ensure that users understand what information is authorized for cloud storage. Consider using tools to search cloud storage for personally identifiable information (PII) in order to ensure that sensitive data isn't being stored in an unauthorized location.

Additional precautions include tracking uploads, downloads, modification times, access times, deletions, and other changes that occur within the cloud. This will require enabling logs on the cloud storage solution. The specifics of enabling logs will vary, depending on the cloud provider; but many logging tools can also be utilized. Keep in mind that these logs should be stored in a secure location. Implement minimal and restrictive access to individuals involved in the cloud-hosting environment, and make sure to utilize multi-factor authentication.

If your cloud provider does not have integrated logging, you may need to contract an external source to assist in maintaining useful logs. Solutions like Datadog and LogDNA may assist your company in ensuring that their logging process is thorough and reliable.