Cloud Computing – Risk or Opportunity
Cloud Computing – Risk or Opportunity
Cloud computing is a term that refers to sources and computer systems available on demand through the network, which can provide a number of computer services integrated without being restricted local resources in order to make it easier for the user and include those resources space for data backup and synchronization self also includes processing capabilities software and scheduling of tasks and push e-mail and remote printing, and the user can control when it is connected to the network in these resources through a simple software interface simplifies and ignores a lot of detail and internal processes.
Cloud computing has become increasingly popular because it offers users the illusion of having infinite computing resources, of which they can use as much as they need, without having to worry about how those resources are provided. It also provides greater scalability, availability, and reliability than users could achieve with their own resource The core property in cloud computing that held computing “in the cloud”; for clarity, the treatment process (and related data) is not confined to the place (places) private and unknown. Thus, this model is the antithesis of the treatment process is located in one or more of the servers are well known. Exposure model cloud of criticism and attack because of privacy advocates, for the ease of large governing the hosting companies for services cloud, and then, can impose censorship and domination, whether legal or illegal, the communication process as well as the data stored in between the user and the host company
Cloud computing has become a ubiquitous term and largely discussed topic in the global information technology (IT) world. Cloud computing has changed dramatically the ways in which organizations and individuals communicate, collaborate and compute. The concept of cloud computing ensures a cost–effective transformation of utility computing principle that allows users and providers a convenient access to resources in a self-service and ‘pay as you go fashion’. Consequently, cloud computing has reduced the cost associated with system administration as well as aided in improving resource utilization and accounting. Since last few years, cloud computing has resulted in a number of positive impacts on the IT ecosystem, thereby giving rise to new markets and widely scattered new user communities (European Commission, 2012).
Contextually, the concept of cloud computing is the outcome of the direct industrial needs to enhance resource utilization without intervening consumer requirements. In other words, the concept ensures the use of the available resources in more efficient manner (European Commission, 2012). The paper intends to critically examine the opportunities and the risks associated with cloud computing and draws a valid conclusion on its adoption by organizations. Cloud Computing: Definition, Models and Services
Cloud computing was initially used in an academic perspective by Prof. Kenneth K Chellapa who illustrated it in 1997 at the Informs Conference in Dallas as “a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits” (Petri, 2010). There are various definitions of cloud computing however the most appropriate and broadly accepted definition is being provided by North America National Institute for Standards and Technology (NIST). According to NIST, “Cloud Computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort to service provider interaction” (Petri, 2010). There are many cloud computing models for business purposes including: Public Cloud: Public cloud model is provided by vendors and can be accessed over the internet or private network. One or more data centers are used by this model which is shared by multiple customers (Weitz, 2010).
Private Cloud: Private cloud model is managed and used internally by the organizations which utilizes ‘shared services model’ and makes variable usage of virtualized computing resources. The data stored in the model are managed within the organization (Weitz, 2010). Hybrid Cloud: As the name suggests, the hybrid model is the mixture of public cloud services and private cloud architecture. The model is designed to meet certain specific needs of customers (Weitz, 2010). Community Cloud: Community cloud model is used across the organizations having similar requirements and objectives. Community cloud model is established using public cloud services in order to ensure collaboration among the companies (Weitz, 2010). Cloud Computing Services
Cloud computing services are provided mostly in the following ways: Software-as-a-Service (SaaS): Software-as-a-Service (SaaS) has been operational in the market since many years. Currently, businesses are more interested in shifting licensing software to subscribe services particularly on the basis of per user and per month among others (Weitz, 2010). Platform-as-a-Service (PaaS): Platform-as-a-Service (PaaS) includes development of such environment that allows developers to build software applications that can be offered as services to customers or to general users (Weitz, 2010). Infrastructure-as-a-Service (IaaS): Infrastructure-as-a-Service (IaaS) provides customers or users with storage, network and other various fundamental resource requirements in order to run arbitrary applications (Weitz, 2010).
According to Etro (2009), cloud computing is a recently evolved internet based technology that stores large information in servers and provides that information as services on demand to clients. Accordingly, its impact is spectacular on both consumers and companies.
Furthermore, he stated that consumers can access all their documents and data from any devices such as laptops, mobile phones and tablets while the companies can rent hardware and software from the service providers and pay as they use the services like other services availed by the companies such as electricity (Etro, 2009). Petri (2010) postulates that, cloud computing is one of the most discussed IT innovations in the last few years. Hence, risk management is the most critical area which draws a serious attention. He emphasized that future is relatively uncertain when associating cloud computing with security factor. He critically points out that cloud vendors should quickly address the security and other related concerns for ensuring better customer satisfaction (Petri, 2010). According to Bein, Bein & Madiraju (2010), cloud computing is a new paradigm of computing that has evolved in the recent times as an expensive way for providing storage and software.
They further stressed that many companies are moving ahead with an intention to make cloud computing easy to use. They advocated that there are huge potential for consumers to exploit the cloud computing technology (Bein, Bein & Madiraju, 2010). According to Gartner Inc (2012), continuous monitoring of cloud computing technologies and usual updates to the enterprises’ cloud strategies are necessary to prevent any cost related errors for the subsequent few years. It also stated that cloud computing technology will have significant impact on the level of its adoption over a period of time (Gartner Inc, 2012) According to Pokhriyal (2012), cloud computing would contribute towards increasing complexities relating to data storage and users access to applications as well as other frequently conducted processes. She also stated that risk of exposure of critical data is more with the use of cloud computing technology.
She advocated that business firms may also witness security breaches and hacking that shall make the cloud storage relatively ineffective and inefficient (Pokhriyal, 2012). According to Willcocks, Venters, & Whitey (2011), cloud computing technology is changing the ways of IT business services in terms of data delivering and managing. Accordingly, cloud computing has escalated the importance of delivering effective services and for this reason the IT and business services urgently need to raise the level of service competency and should focus on the availability of quality services to meet the customer expectations (Willocks, Venters, & Whitley, 2011). In the words of Horwath, Chan, Leung, & Pili (2012), cloud computing has the potential to bring certain drastic changes in the organizations as witnessed in case of the internet during the last decade of the 20th century.
They emphasized that by applying cloud computing technology without proper care and due-diligence may result in unforeseen problems. Consequently, executives must be aware of risks and other issues of cloud computing in order to derive significant benefits out of the provided services (Horwath, Chan, Leung, & Pili, 2012). According to Santos, Gummadi, & Rodrigues (2012), cloud computing enables organizations to cut costs associated with resource storage, network bandwidth and other relevant data. However, they argued that concerns about the privacy, confidentiality and integrity of the data and computation can be considered to be the major deterrents for those organizations which are looking forward to embrace cloud computing (Santos, Gummadi, & Rodrigues, 2012). According to Hinchcliffe (2009), cloud computing will transform IT business scenario by a large extent and it will have to balance between the
risks and the benefits associated with cloud computing models.
Therefore, he points out certain major risks associated with such transformations including security of organizational data that is stored in the cloud, loss of control over cloud resources and reliability factor. He also stated that the efficient use of cloud computing will enable market validation and prototyping of new approaches at much faster and relatively less expensive rate than ever before (Hinchcliffe, 2009). According to Weitz (2010), cloud computing will be playing a major role in the future of IT and shall bring in enormous opportunities for the organizations. Consequently, he stated that larger organizations will also have an opportunity for cutting the existing costs of IT infrastructure with the use of cloud computing models.
However, he also highlighted the risks related with cloud computing and expressed his deep concerns relating to the security and confidentiality of certain relevant data (Weitz, 2010). Hyek (2011) in his report, ‘Cloud Computing Issues and Impacts’, postulated that, cloud computing models should comply with laws and regulations in each of its operations. The processing of data by the cloud service providers must be in conformity with governments’ requirements (Hyek, 2011). According to Curtis, Heckman, & Thorp (2010), the most important factor related with the cloud computing model is the concern about the security and privacy of data while adopting cloud computing models (Curtis, Heckman, & Thorp, 2010).
According to the Australian Academy of Technological Sciences and Engineering (2010), in its report, ‘Cloud Computing: Opportunities and Challenges for Australia’ considers the importance of government and its roles in encouraging researchers and business sectors to adopt cloud computing models. The report emphasized that government should formulate strategies that initiate business sectors to adopt cloud models for their resource and application requirements. The report precisely described the responsibility of the cloud service providers in terms of proper management of data in order to prevent any situation that may result in loss of vital data (Australian Academy of Technological Sciences and Engineering, 2010).
According to Catteddu & Hogben, (2009) cloud services provide expedient storage accessible by various devices along with other benefits including useful communication and instant multi-point collaboration. They also emphasized that level of risk may tend to vary significantly based on the type of cloud model. It is for this reason that customers should be aware of the probable risks associated with cloud computing models and they should strive to transfer the risks to the providers (Catteddu & Hogben, 2009).
Characteristics of Cloud Computing
A few of the relevant characteristics of cloud computing are elaborated below: On-Demand Self Service: Cloud computing providers offer various computer services such as applications, e-mail and network without involving human interaction with various service providers engaged in certain specific services only. Currently, there are multiple organizations that provide cloud computing services based on on-demand self services such as Google, Amazon Web, Microsoft and IBM among others (Information System Audit and Control Association, Inc, 2012). Broad Network Access: Cloud services are available over the network, specifically over the internet and are accessed through certain standard mechanisms such as personal laptops, mobile phones, tablets and iPads among others (Information System Audit and Control Association, Inc, 2012). Resource Pooling: The cloud computing models of the providers are shared with various resources in order to serve multiple clients. The resources united together may consist of processing, network bandwidth, storage of data, memory, virtual machines and email service (Information System Audit and Control Association, Inc, 2012).
Rapid Elasticity:The capacities of cloud services can be swiftly and elastically provisioned, in a few instances robotically as well to quickly balance out and release to scale in quickly. Furthermore, the capacities accessible for provisioning frequently emerge to be infinite and can be procured in any amount at any time (Information System Audit and Control Association, Inc, 2012). Measured Services: The resource usage of cloud computing can be measured and reported to both providers and customers related to the amount of services utilized. Hence, cloud computing service providers charge the customers for the resources that they have actually used i.e. ‘pay as you use’. Considering the fact, more the customers utilize the cloud computing services, more they have to pay and vice-versa (Information System Audit and Control Association, Inc, 2012). Multi-tenacity: Multi-tenacity is one key characteristics related to cloud computing which is being advocated by Security Alliance. Multi-tenacity is related with the requirement for segmentation, ‘policy-driven enforcement’, control, service levels, billing models and isolation for the different consumer requirements (Information System Audit and Control Association, Inc, 2012).
Cloud Computing: Opportunities and Risk Assessment Cloud Computing Opportunities Opportunities derived from cloud computing are related with cost reduction to increase flexibility and decrease complexity which benefits the customers in terms of higher returns on their investments. Certain vital opportunities and benefits provided by cloud computing comprise: Cost Saving: Cloud computing customers are liable to pay merely for computing services and resources that they use rather than making permanent investments on resources or leasing equipments that may or may not be utilized fully at all times. Cloud computing enables to share IT resources with multiple organizations and facilitates them to access as per their requirements which can be related as operating expenses (OPEX) and not as capital expenses (CAPEX) (Petri, 2010). Speed of Deployment: Cloud service providers can meet the needs of the organizations for computing resources quickly and efficiently than other internal information technology functions. The customers do not have to wait for months for crunching large data.
They can simply rent resources for limited period and can avail huge benefits at considerably reduced time (Petri, 2010). Scalability and Better Alignment of Technology Resources: An organization is able to scale up as well as down its capability from a single server to multiple numbers of servers with no capital expenses through the use of cloud service models. An organization is also able to deploy additional storage capacity over the web (Petri, 2010). Decreased Efforts in Managing Technology: Owning and operating of IT functions are often costly and time consuming. However, cloud computing enables an organization to concentrate more time on its purposes and goals (Petri, 2010). Environmental Benefits: Cloud computing also results in environmental benefits. If all the organizations replace their private data centers with cloud computing, it will significantly reduce the overall power consumption and carbon emissions (Petri, 2010). Higher Value Added: Cloud computing does not only provide software functionality but it also provides the customers with relevant information and data which was traditionally
supposed to be created by the customers themselves (Petri, 2010).
Cloud Computing Risks
Risk is an event that prevents the organizations from achieving their determined purposes and objectives. Certain risks associated with cloud computing are stated below: Disruptive Force: Facilitating innovation and cost saving aspects can itself be viewed as risk to the existing cloud computing organizations. By lowering the barriers to entry, new competitors may pose a serious threat to certain cloud computing business models (Horwath, Chan, Leung, & Pili, 2012). Residing In the Same Risk Ecosystem as the Cloud Service Provider (CSP) and Other Tenants of the Cloud: Organizational reliance on third party involved in managing cloud solutions will increase legal responsibility and incident escalation among other core areas. By following the actions of CSP may impact the organizations in certain direct and indirect ways (Horwath, Chan, Leung, & Pili, 2012). Lack of Transparency: A cloud computing service provider does not facilitate complete information regarding its processes and operations.
Consequently, cloud customers have only little knowledge about the storage locations and algorithms that are implemented or used by the cloud service providers in relation to computing and controlling resources of customers’ data (Horwath, Chan, Leung, & Pili, 2012). Reliability and Performance Issues: Even though efficiency of cloud computing may get disrupted due to risk events such as system failure that may occur without any early alerts to the end users. Hence, system failure may be viewed as a distinctive challenge posed to cloud computing (Horwath, Chan, Leung, & Pili, 2012). Security And Compliance Concerns: Cloud computing supports various processes that may tend to evolve security and retention concerns in relation to its compliance with certain specific laws such as Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The cloud service providers may have no obligation to reveal such information associated with privacy of certain laws such as US Patriot Act and EU Data Protection Directives among others (Horwath, Chan, Leung, & Pili, 2012). High Value Cyber Attack Targets: The over-dependence of multiple organizations on single cloud service providers may tend to create vulnerability of cyber attacks then those used by a single organization (Horwath, Chan, Leung, & Pili, 2012). Risk of Data Leakage: The risk of data leakage is also more where multiple organizations share their resources through cloud environment. Consequently, cloud service providers do not provide adequate data privacy and confidentiality of resources which the organizations intend to secure from intruders (Horwath, Chan, Leung, & Pili, 2012).
Cloud computing has changed dramatically the ways in which the organizations communicate, collaborate and compute. In general, cloud computing refers to delivery of scalable IT resources over the web particularly internet. An organization can purchase or rent software on need basis or according to usage which results in less investment and consumption on the part of the organization. Cloud computing facilitates the organizations to manage their IT requirements remotely, at much lowered costs. It further enables organizations to share resources in a single place or through a single cloud service provider. The organizations do not have to make heavy investments on establishment of their own IT infrastructure as cloud computing models provide organizations with established database for fulfillment of their IT demand. Moreover, organizations and users are charged or billed on the basis of their resource consumption.
Despite having numerous benefits of adopting cloud computing models, there also exist certain risk factors which restrict the scope of cloud computing. Security and privacy are the prime issues restricting the adoption of cloud computing. Since multiple organizations will be consolidated on single cloud computing, there exists more vulnerability of data hacking. Consequently, cloud computing service providers do not guarantee the adequate safety for data losses and leakages which at times deters organizations from adopting cloud computing solutions. Nonetheless, if organizations cautiously consider the risk factors associated with cloud computing related solutions then these risk events can be overcome efficiently. Considering this aspect, it can be stated that organizations should adopt cloud computing solutions. By adopting cloud computing solutions, they can avail numerous opportunities that shall help them to grow and sustain their business profitably. References
Australian Academy of Technological Sciences and Engineering. (2010). The
roles of government in cloud computing. Cloud computing: opportunities and challenges for Australia, pp. 13-19.
Bein, D., Bein, W. & Madiraju, P. (2010). Web applications and cloud computing. The impact of cloud computing on web 2.0, pp. 1-6.
Curtis, W. B., Heckman, C. & Thorp, A. (2010). Security and Privacy Considerations. Cloud computing: e-discovery issues and other risk, pp. 1-5.
Catteddu, D. & Hogben, G. (2009). Top security risks. Cloud Computing: Benefits, Risks And Recommendations For Information Security Cloud Computing, pp. 2-125.
Etro, F. (2009). Features and implications of cloud computing. The economic impact of cloud computing on business creation, employment and output in Europe, pp. 2-33.
European Commission. (2012). Introduction & background. Advances in clouds, pp. 1-7. Gartner Inc. (2012). Gartner outlines five cloud computing trends that will affect cloud strategy through 2015. Retrieved from http://www.gartner.com/it/page.jsp?id=1971515
Horwath, C., Chan, W., Leung, E. & Pili, H. (2012). COSO enterprise risk management for cloud computing. Enterprise Risk Management For Cloud Computing, pp. 1-20.
Hyek, P. (2011). Security and privacy. Cloud computing issues and impacts, pp. 12-46.
Hinchcliffe, D. (2009). Eight ways that cloud computing will change business. Retrieved from http://www.majorcities.org/generaldocuments/pdf/zdnet_eight_ways_that_cloud_computing_will_change_business.pdf
Information System Audit and Control Association, Inc, (2012). Essential
characteristics of Cloud Computing. Retrieved from http://www.isaca.org/Groups/Professional-English/cloud-computing/GroupDocuments/Essential%20characteristics%20of%20Cloud%20Computing.pdf
Pokhriyal, R. (2012). Cloud computing myths explained: part 1. Retrieved from http://www.cloudtweaks.com/2012/10/cloud-computing-myths-explained-part-1/
Petri, G. (2010). Risks of cloud computing. Shedding light on cloud computing, pp. 25-30.
Santos, N., Gummadi, K. P. & Rodrigues, R. (2012). Towards trusted cloud computing. Retrieved from http://www.mpi-sws.org/~gummadi/papers/trusted_cloud.pdf
Willcocks, L., Venters, W. & Whitley, E. A. (2011). Clear view of the cloud: The business impact of cloud computing. Cloud computing, (1).
Weitz, C. (2010). Barriers of cloud computing. A Balancing Act What Cloud Computing Means For Business, And How To Capitalize On It, pp. 1-9.