For many still not clear what “cloud” means

There is a very good and detailed article on Wikipedia about what Cloud computing means:

Cloud computing, also known as on-demand computing, is a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on-demand. It is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort.

There are 3 layers of “cloud”, or cloud flavors:

SaaS: Software as a Service

PaaS: Platform As A Service

IaaS: Infrastructure As A Service


I don’t want to go through all details (you can find details on Wikipedia) , I just want only to emphasize a few things:

  • IaaS means a bunch of computers (that do various things) which belong to someone: Amazon Web Services, Microsoft Azure, Google Cloud, some ISP…
    • Get your expectations right! You are using somebody’s computers and computing resources.
  • PaaS means that the software that you need runs on someone else’s infrastructure. Think of databases, web servers, web services, compilers, code repositories, etc.
    • Get your expectations right! You are using critical software that runs on somebody’s computers.
  • SaaS means that you are using a software that runs completely on somebody’s computers. Think of Managed Email, CRM, Calendar, Games, etc.
    • Get your expectations right! You are adding data into a software that you don’t own and can’t control because it belongs to someone else and it runs on somebody else’s computers.


So, is all this “cloud” “thing” bad ?

No, definitely NOT BAD.

It is actually a great thing! Imagine how much you would need to invest to run your own datacenter (this means availability, security, load balancing, backup, etc.) just to offer a service that might not even work on the long run. IaaS and ultimately SaaS allows you to pay for only what you use and to transfer a big part of this cost to your customers.


So, why I am pointing all the “bad” things if “cloud” is a good “thing”?

They are not bad things! Well, not necessarily bad. At least as long as you understand that once you put your data into somebody else’s computers that data is no longer only yours.

From that moment, that data resides on foreign computers.


So, what can we do to continue to use “cloud” and continue to own the data?

You can use encryption to make the data really private.

  • For IaaS: you can encrypt the virtual drives where your data is stored.
  • For PaaS: you can encrypt the data whenever possible.
  • For SaaS: you can use only those services that allow you a certain degree of secrecy and privacy. This is not easy at all.

But even with encryption, do not fool yourself: the data is not somewhere where it is accessible to you physically.

You can’t go in the server room and get the hard drive with the data.

Even if it is very unlikely, if the provider disappears (bankruptcy, robbery, sabotage, natural disaster, fire,etc.) then so does your data.

A datacenter might geographically distribute the data it has across multiple datacenters, but not all providers have this capacity.



“Cloud”, or better said, distributed computing, is a great thing.

But, before you close your datacenter, think about other things which now you take for granted and you will no longer have as soon as you switch to the cloud computing:

  • you own the data
  • you can do whatever you want with the computing power
  • you don’t have to think in terms of “usage”, “cores” and microcents.
  • you control the costs

Do your planning before you switch to a provider and see what is important for you first.

© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: