Cultural Studies and Arts

Executive Summary
Cloud computing allows organizations in multiple sectors to maximize their resources. Individual consumers have already shifted their email and data storage to the cloud, as with web-based email and file sharing applications like Dropbox. Enterprise-level cloud computing presents additional benefits that allow companies of all sizes to remain flexible in their use of IT services. Cloud-based computing also precludes heavy investment in initial technologies or proprietary systems, shifting to a pay-per-use model. The fears related to security of enterprise data and potential impediments to service can be mitigated by choosing the right cloud computing provider and securing all client-side devices.
Introduction: What Is Cloud Computing?
The essence of cloud computing is sharing critical resources. Convenience and cost-effectiveness are the cornerstones of cloud computing, which is why cloud computing services have become ubiquitous. Other core components of cloud computing include its on-demand nature, self-serve features, rapid and easy scaling (elasticity), optimization of resources like bandwidth, and accessibility on multiple devices and platforms (Mell and Grance). Cloud infrastructure includes both hardware (such as servers or storage) and software. Cloud computing clients pay for the services, such as through a subscription fee. Clients do not need to worry about maintaining servers or storage systems. Likewise, the cloud provider handles all maintenance, troubleshooting, and support issues.
There are three types of cloud computing models: Software as a service (SaaS), Platform as a service (PaaS), and Infrastructure as a service (IaaS). Software as a service means the client runs the proprietary software as a stand-alone application or as a software accessible on a web browser. Web-based email is probably the most common SaaS.
Platform as a service is primary useful for clients that develop their own software applications. The client benefits from reduced resources spent on maintaining the underlying platform, while still being able to develop the products and services they sell. Google’s App Engine is an example of PaaS.
Finally, IaaS is for clients who need actual infrastructure including data storage and networking. The client benefits from IaaS by not needing to make the costly up-front investment in the actual infrastructure. Likewise, the client can also reduce or expand IaaS serves as needed to more efficiently manage variable costing. Many of the most established cloud computing companies like Sales Force, Amazon Web Services, and Microsoft Azure offer both IaaS and PaaS.
Costs and Benefits
Cloud computing presents far more benefits than costs for most companies. The primary benefits include improved cost management, as there are no up-front costs associated with investment in either hardware or software, allowing you, the client, to focus on developing your business. Also, cloud computing services are fully scalable. When any cloud-based software or hardware system is no longer needed, it can be removed from the list of services. An analogy would be cellular phone service; a customer only pays for the plan that suits their needs. With cloud computing, the client only pays for the products and services they need. This benefits companies that rapidly expand, as well as companies that plan on diversifying or changing their focus regularly. The client does not need to perform regular maintenance on software or hardware systems, or be concerned about upgrades. Most of the risks involved with hardware and software management are transferred to the cloud provider (Zhang, Cheng and Boutaba). Finally, employees enjoy cloud computing because of the flexibility it affords in accessing their work remotely and on multiple devices including their mobile phones (Franklin, Bowler, and Brown).
However, the drawbacks of cloud computing should be included in any sensible risk assessment. One risk is service reliability and availability. The client depends on the cloud provider for essential business services including email. If the provider’s own systems fail, then the client suffers. This risk can be mitigated easily by purchasing cloud based services only from reputable providers. Another risk is data lock-in, which essentially means that once you, the client, commits to working with a specific cloud provider, your data might not be easily transferable to other software systems should you decide to switch cloud providers (Armbrust, Fox, Griffith, et al). Confidentiality and privacy are commonly voiced concerns with cloud computing, particularly those that run on public networks like the Internet. Each of these risks can be mitigated by making educated and informed decisions about cloud computing services.
Examples
Amazon Web Services (AWS) offers some of the most extensive cloud computing options. Its primary competitors include Microsoft Azure and Google App Engine. Few other cloud computing services offer as extensive an array of SaaS, PaaS, and IaaS under one rubric. This does not mean that clients are conscripted to centralizing SaaS, PaaS, and IaaS, just that if centralization proves cost-effective and relevant, it is possible. Moreover, each of these cloud providers are established and reliable with a substantial amount of redundancy built in to mitigate many of the primary risks associated with cloud computing.
Security Considerations
Security considerations should be among the most important for any company interested in using cloud computing services. Almost all security considerations can be resolved through effective risk management. One of the advantages to using a cloud computing service is that the provider is responsible for security management, and the cloud provider has a vested interest in continual upgrades to its security architecture to remain competitive, to offer additional value-added services, and to safeguard its own data.
The Cloud Security Alliance is an organization dedicated to improving the security of the cloud and communicating best practices to all cloud clients and providers. Two of the most recent measures for improving security in the cloud are quantitative: reducing Elapsed Time to Identify Failure (ETIF) and Elapsed Time to Identify Threat (ETIT) (Walker 1). The National Institute of Standards and Technology (NIST) also discusses the additional security concerns when clients access cloud computing services on multiple platforms including mobile devices and their operating systems. An attacker or malicious user could access client’s sensitive data if sufficient security precautions are not taken, either by the cloud provider in their own ETIF and ETIT protocols, or by the client in being proactive and safeguarding their devices. Denial of service attacks, traffic hijacks, and accidental data loss are also security considerations.
Understanding ideal cloud computing security measures will help reduce all risks. It is important to remember also that cloud computing does not necessarily pose additional risks to alternative utilities management, as even storing all data and systems in house presents some security concerns.
Risk Management Recommendations
When using any cloud computing services, the enterprise should take several precautions. Moreover, the security precautions should be ongoing and proactive. In some cases, the security itself will be outsourced to a cloud computing specialist. Risk management is not just about improving the security of data but also managing risk associated with the quality of the service itself. Relying on cloud computing services presents its own risks, evident mostly when those services experience problems like downed servers or data transfer problems. The following recommendations will help to reduce risk.
· Opt for Private Cloud or Hybrid Cloud whenever possible. A private cloud reduces risk significantly by eliminating public access. Private cloud services are available through most IaaS providers like AWS. It is also important to ensure that the cloud provider offers confidential access and transfer services, allows for auditing, and provides physical security measures too for safeguarding the servers (Zhang, Cheng, and Boutaba).
· Configure all devices using the cloud computing software systems to prevent unauthorized access and/or encrypt data.
· Using multiple factor authentication.
· Thoroughly vet the cloud computing service provider, and trust established ones only. Be sure to ask about their security protocols and procedures.
· Ideally, use AWS or a similar single sign-on cloud computing provider. While “all eggs in one basket” seems frightening for some users, this method is preferable to maintaining multiple log-ins with multiple authentication credentials.
· However, create redundancy by opting for additional backup solutions whenever possible.
· Inquire about and verify encryption methods used by the cloud service providers.
· Never offer account authentication by persons outside the enterprise.







Works Cited

Armbrust, Michael, Fox, Armando, Griffith, Rean, et al. “Above the Clouds: A Berkeley View of Cloud Computing.” Feb 10, 2009. Retrieved: http://home.cse.ust.hk/~weiwa/teaching/Fall15-COMP6611B/reading_list/AboveTheClouds.pdf
Franklin, Joshua, Bowler, Kevin, Brown, Christopher, et al. “Mobile Device Security: Cloud and Hybrid Builds.” NIST/CSRC. Nov 2015: https://csrc.nist.gov/publications/detail/sp/1800-4/draft
Mell, Peter and Grance, Timothy. “The NIST Definition of Cloud Computing.” September 2011. http://faculty.winthrop.edu/domanm/csci411/Handouts/NIST.pdf
Walker, Kari. “Cloud Security Alliance Announces Release of Newest Report on ‘Improving Metrics in Cyber Resiliency” Cloud Security Alliance. Retrieved: https://cloudsecurityalliance.org/media/news/cloud-security-alliance-announces-release-of-newest-report-on-improving-metrics-in-cyber-resiliency/
Zhang, Qi, Cheng, Lu, and Boutaba, Raouf. “Cloud Computing.” J Internet Serv Appl (2010) 1: 7–18. https://link.springer.com/content/pdf/10.1007%2Fs13174-010-0007-6.pdf