It’s a wrap!

This will be my last blog post on Cloud Computing……maybe. At least the last one for my Cloud Computing course. Over the past 3 months I talked about what the Cloud is and some of the top cloud service providers. I looked at how to choose a service provider and service agreements. About who owns your information once it’s in the cloud, and about how to keep that information secure. I also looked at other security issues that come into play when you move to the cloud, including cloud applications and how some apps can create a security risk to your business. I chose these topics mostly based on what we were talking about in class for each week. However, the security issues hold my interest and probably more space in my blog just because (as I mentioned in my first blog post), I am very interested in cyber security in general.

The information I used when creating my blog posts were mostly all other blogs, some on popular technology sites like zdnet, others were just random blogs I found when searching for specific topics. I chose blogs that I agreed with and that seemed to have relevant, useful and correct information. That’s not to say that every blog out there is legit. While I find the State Farm commercial where they imply that if it’s on the internet it must be true (not!) very funny, I do have to say that if it’s on the internet, it may or may NOT be true!

I think this blog may be useful mostly to business organizations who are considering migrating to the cloud. It’s possible that an information security professional may gain some good information from reading my blog and the articles that I linked to the blog. For the most part, it was pretty basic information and didn’t go into depth too much. So, it would depend entirely on the experience and role of information security personnel as to how much they would benefit from my blog. I did enjoy writing it, and I hope that someone out there on the Internet will come across it and benefit from it. Who knows? Maybe I’ll continue to add to it as I come across interesting information regarding cloud computing.


Security as a Service

We’ve talked about Software as a Service, Platform as a Service, and Infrastructure as a Service.  We talked a little about security in the cloud.  What about Security as a Service?  Are there benefits?  What are the risks?

Security as a Service can provide some benefits.  It can provide a dedicated staff that is focused on security management tasks that may allow your in-house staff to focus on higher level security risks.  It can also provide access to some tools that may otherwise require a large investment of time or money.

Security as a Service can offer experts in security that can focus on areas that your organization may not have the resources to focus on otherwise and can assist your organization by allowing you to implement technologies more quickly when a need is recognized.

Security as a Service may also offer technologies in security such as single-sign-on capabilities, faster provisioning, virtual service management, and network layer protections that make security management easier and quicker to implement than it would be in-house.  The concept of cloud computing, sharing larger pools of resources so that they are more accessible at a lower cost applies to security just as it does to the other products that are offered in the cloud.

Of course there are also risks with Security as a Service, just as with any type of cloud computing.  To read more about the risks, you can read more on this topic at:


Granneman, J.  (September, 2012).  Security as a Service:  Benefits and risks of cloud-based security.  Retrieved from:

Has the Cloud affected Customer Service?

You know how you call a customer service number and no matter what button you push, or how many buttons you push, you can’t get to a real person?  You hear recording after recording directing you to push a number for this and another number for that?  You finally hang up frustrated and angry because you never spoke to anyone and you feel like you just went on a crazy wild goose chase?  Do you think that customer service in the cloud has taken the same approach?

David Linthicum seems to think so.  In his article; “Cloud computing’s Achilles’ heel:  Poor customer service” he explains how small businesses drove the growth of cloud computing because they have small budgets and the low cost of cloud services is attractive to small business.  However, because of the inexpensive cost of cloud computing, small businesses were willing to accept poor customer service.

Linthicum goes on to explain that large businesses are not willing to accept poor customer service and cloud providers need to provide better customer service if they want to attract and keep large business as clients.

Do you agree?  The article was written in 2o13.  Do you think that customer service has improved in the cloud, or do you think it’s still lacking?  Share your thoughts!


Linthicum, D.  (January 8, 2013).  Cloud computing’s Achilles’ heel:  Poor customer service.  Retrieved from:–heel–poor-customer-service.html

Top Cloud Service Providers for 2014

This week I want to look at some of the top Cloud Service Providers for 2014.  (I know, that’s so last year!  But hey, this year just started!)

This list of the top providers is brought to you by Joe Curtis.  His article, “10 Top Cloud Computing Providers for 2014” can be found here:

Curtis’ article talks about his top 2 picks for providers in five different categories.  Infrastructure-as-a-service (IaaS).  IaaS is one of the main categories of cloud computing.  In this model, the Cloud Service Provider (CSP) will host hardware, software, servers, storage and other components needed or a client’s infrastructure.  This may include the client’s applications.  The CSP may also provide services such as system maintenance, data backup and resiliency planning.  Clients using an IaaS will pay on a “per-use” basis.  This may be by the hour, week or month.  In addition to that cost, they may also pay for the amount of virtual space they use.  Curtis’ top 2 picks for IaaS providers are Amazon Web Services and Microsoft Azure.

The second model mentioned in the article is Cloud Storage.  This is pretty self-explanatory.  Cloud storage is storage for any kind of data.  Google Drive and Box were Curtis’ top picks for cloud storage.  Google Drive provides unlimited, free storage to students and for other accounts it provides 15 GB of storage.  Box accounts allow for 10 GB of space for free, and includes a service called Workflow that automates the routing of the files and the actions that people need to take on those files.

Desktop-as-a-Service (DaaS) allows clients to provide virtual desktops that can be customized for groups of workers and can be accessed from different mobile devices.  This service can save companies the time it normally spends on customizing desktops within the organization.  The top 2 DaaS providers, according to Curtis, are Citrix and VMware.

Software-as-a-Service (SaaS) is software that is hosted in the cloud, instead of being installed on individual machines.  It appears on individual devices as if it’s installed and it’s fully functional.  Curtis’ top 2 SaaS providers for 2014 are and Insightly.  which are both Customer Relationship Manager software products.

The last model that the article discusses is Platform-as-a-Service (PaaS).  This cloud service allows clients to develop, run and manage their web applications.  The top two PaaS providers for 2014, according to the article, are Red Hat OpenShift and Heroku.

If you are looking for the perfect CSP for your business and don’t know where to start, maybe just take a look at the providers in this article to start with and see if they meet your needs.  Of course, there are differing view on which providers are best out there I’m sure.  You need to find the one that meets your individual needs.  Sometimes, just having a couple of names to start with is helpful in wading through all the options.

For another Top 10 list, you can also check out this article on TopTen Reviews:

Security and Apps in the cloud

Do you know what apps your business is using in the cloud?  Have they all been installed and approved by the IT department?  Do you have policies in place stating what your staff can and cannot store in the cloud?

Cloud applications can pose a huge threat to your organization’s security.  An article on by Toby Wolpe describes how most IT teams aren’t even aware of how much unsanctioned cloud use is happening inside their company.  He states that in a study of 2 companies in the US, 22.5 percent of business-critical app use was happening and the IT department did not know about it.  The same study showed that 35 percent of data stored in the cloud was also unknown to the IT department.

It is crucial for your IT department to know what apps are being used and how they are being used in your company.  If six departments all purchase the same app, how much extra money is the company paying?  Could the app been purchased under a corporate agreement that cost less?

Developing a policy for cloud usage is as critical today as developing your data security policy and your disaster recovery plan.  Make sure there is a clear policy for not only purchasing apps, but what data may or may not be stored in those apps.  Having data stored on apps that the IT department is unaware of and without the proper SLA to ensure the security of this data, can cost your company money and put your data at risk


Wolpe, T. (September 17, 2014).  Cloud apps:  Just how many does your firm use?  Now guess again.  Retrieved from: