For many still not clear what “cloud” means

There is a very good and detailed article on Wikipedia about what Cloud computing means:

Cloud computing, also known as on-demand computing, is a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on-demand. It is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort.

There are 3 layers of “cloud”, or cloud flavors:

SaaS: Software as a Service

PaaS: Platform As A Service

IaaS: Infrastructure As A Service

 

I don’t want to go through all details (you can find details on Wikipedia) , I just want only to emphasize a few things:

  • IaaS means a bunch of computers (that do various things) which belong to someone: Amazon Web Services, Microsoft Azure, Google Cloud, some ISP…
    • Get your expectations right! You are using somebody’s computers and computing resources.
  • PaaS means that the software that you need runs on someone else’s infrastructure. Think of databases, web servers, web services, compilers, code repositories, etc.
    • Get your expectations right! You are using critical software that runs on somebody’s computers.
  • SaaS means that you are using a software that runs completely on somebody’s computers. Think of Managed Email, CRM, Calendar, Games, etc.
    • Get your expectations right! You are adding data into a software that you don’t own and can’t control because it belongs to someone else and it runs on somebody else’s computers.

 

So, is all this “cloud” “thing” bad ?

No, definitely NOT BAD.

It is actually a great thing! Imagine how much you would need to invest to run your own datacenter (this means availability, security, load balancing, backup, etc.) just to offer a service that might not even work on the long run. IaaS and ultimately SaaS allows you to pay for only what you use and to transfer a big part of this cost to your customers.

 

So, why I am pointing all the “bad” things if “cloud” is a good “thing”?

They are not bad things! Well, not necessarily bad. At least as long as you understand that once you put your data into somebody else’s computers that data is no longer only yours.

From that moment, that data resides on foreign computers.

 

So, what can we do to continue to use “cloud” and continue to own the data?

You can use encryption to make the data really private.

  • For IaaS: you can encrypt the virtual drives where your data is stored.
  • For PaaS: you can encrypt the data whenever possible.
  • For SaaS: you can use only those services that allow you a certain degree of secrecy and privacy. This is not easy at all.

But even with encryption, do not fool yourself: the data is not somewhere where it is accessible to you physically.

You can’t go in the server room and get the hard drive with the data.

Even if it is very unlikely, if the provider disappears (bankruptcy, robbery, sabotage, natural disaster, fire,etc.) then so does your data.

A datacenter might geographically distribute the data it has across multiple datacenters, but not all providers have this capacity.

 

Conclusion

“Cloud”, or better said, distributed computing, is a great thing.

But, before you close your datacenter, think about other things which now you take for granted and you will no longer have as soon as you switch to the cloud computing:

  • you own the data
  • you can do whatever you want with the computing power
  • you don’t have to think in terms of “usage”, “cores” and microcents.
  • you control the costs

Do your planning before you switch to a provider and see what is important for you first.


© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close