We are witnessing the emergence of an extensive set of application and computing capabilities running in the "cloud," – that is, on systems outside traditional corporate walls. Cloud computing represents a more utility-oriented computing platform based on capabilities provided by the Internet. The move to cloud computing is similar to the earlier shift from mainframe systems onto PC-based client-server systems.
Utility-oriented systems offer ease of use and maintenance. Similar to plugging an appliance into a power outlet, turning it on, and operating the device, the same concept and capability is driving the efforts to transform IT into a utility-based model.
Using the Internet as a backbone, cloud-based systems provide users with access to various applications stored on servers in a data center in a remote location. Users are generally unaware of where these servers are located and are isolated from the need to manage those computing resources.
Many managers with unpleasant experiences in managing IT upgrade and maintenance projects welcome any opportunity for freedom from dealing with such non-value added activities. There is no doubt that cloud computing offers an array of benefits, including increased scalability and standardization, self-service capabilities, and reduced operational and maintenance costs.
Moving towards a cloud-based environment, however, requires careful planning and analysis. It also has significant security implications that your organization needs to ensure it fully understands and manages:
- Identity management. Manage personal identity information so access to computer resources, applications, data, and services are properly controlled.
- Detection and forensics. Businesses must separate legitimate and illegitimate activities, since there is a greater chance of unauthorized access in the cloud.
- Encryption. Code to protect your information assets since cloud-based systems are shared by a variety of users.
- Manageability. You need a consistent view across your on-premises and cloud-based environments. After all, your organization is one entity, and therefore your systems also must be integrated as one.
- Standards. A standard is an agreed-upon approach for doing something. Cloud standards ensure interoperability, so you can use tools, applications, virtual images, and more in another cloud environment without having to do any rework.
- Governance and compliance. Governance defines roles and responsibilities, as well as policies and procedures that your personnel or groups need to follow. Cloud governance should include your own infrastructure as well as infrastructure you do not completely control.
- Storing data in the cloud. Managing data stored in the cloud requires data security and privacy, including controls for moving data from point A to point B. It also includes managing data storage and the resources for data processing.
There is no doubt that cloud-based applications and services should be considered as part of any organization’s IT solution portfolio. However, any emerging technology involves increased security risks and implementation complexities. Planning and executing a well-thought-out cloud security approach will reduce operational costs and improve your organization’s operational capabilities.
You may also like: