It’s a wrap!

This will be my last blog post on Cloud Computing……maybe. At least the last one for my Cloud Computing course. Over the past 3 months I talked about what the Cloud is and some of the top cloud service providers. I looked at how to choose a service provider and service agreements. About who owns your information once it’s in the cloud, and about how to keep that information secure. I also looked at other security issues that come into play when you move to the cloud, including cloud applications and how some apps can create a security risk to your business. I chose these topics mostly based on what we were talking about in class for each week. However, the security issues hold my interest and probably more space in my blog just because (as I mentioned in my first blog post), I am very interested in cyber security in general.

The information I used when creating my blog posts were mostly all other blogs, some on popular technology sites like zdnet, others were just random blogs I found when searching for specific topics. I chose blogs that I agreed with and that seemed to have relevant, useful and correct information. That’s not to say that every blog out there is legit. While I find the State Farm commercial where they imply that if it’s on the internet it must be true (not!) very funny, I do have to say that if it’s on the internet, it may or may NOT be true!

I think this blog may be useful mostly to business organizations who are considering migrating to the cloud. It’s possible that an information security professional may gain some good information from reading my blog and the articles that I linked to the blog. For the most part, it was pretty basic information and didn’t go into depth too much. So, it would depend entirely on the experience and role of information security personnel as to how much they would benefit from my blog. I did enjoy writing it, and I hope that someone out there on the Internet will come across it and benefit from it. Who knows? Maybe I’ll continue to add to it as I come across interesting information regarding cloud computing.

Security as a Service

We’ve talked about Software as a Service, Platform as a Service, and Infrastructure as a Service.  We talked a little about security in the cloud.  What about Security as a Service?  Are there benefits?  What are the risks?

Security as a Service can provide some benefits.  It can provide a dedicated staff that is focused on security management tasks that may allow your in-house staff to focus on higher level security risks.  It can also provide access to some tools that may otherwise require a large investment of time or money.

Security as a Service can offer experts in security that can focus on areas that your organization may not have the resources to focus on otherwise and can assist your organization by allowing you to implement technologies more quickly when a need is recognized.

Security as a Service may also offer technologies in security such as single-sign-on capabilities, faster provisioning, virtual service management, and network layer protections that make security management easier and quicker to implement than it would be in-house.  The concept of cloud computing, sharing larger pools of resources so that they are more accessible at a lower cost applies to security just as it does to the other products that are offered in the cloud.

Of course there are also risks with Security as a Service, just as with any type of cloud computing.  To read more about the risks, you can read more on this topic at:  http://searchsecurity.techtarget.com/magazineContent/Security-as-a-Service-Benefits-and-risks-of-cloud-based-security

References:

Granneman, J.  (September, 2012).  Security as a Service:  Benefits and risks of cloud-based security.  Retrieved from:  http://searchsecurity.techtarget.com/magazineContent/Security-as-a-Service-Benefits-and-risks-of-cloud-based-security

Has the Cloud affected Customer Service?

You know how you call a customer service number and no matter what button you push, or how many buttons you push, you can’t get to a real person?  You hear recording after recording directing you to push a number for this and another number for that?  You finally hang up frustrated and angry because you never spoke to anyone and you feel like you just went on a crazy wild goose chase?  Do you think that customer service in the cloud has taken the same approach?

David Linthicum seems to think so.  In his article; “Cloud computing’s Achilles’ heel:  Poor customer service” he explains how small businesses drove the growth of cloud computing because they have small budgets and the low cost of cloud services is attractive to small business.  However, because of the inexpensive cost of cloud computing, small businesses were willing to accept poor customer service.

Linthicum goes on to explain that large businesses are not willing to accept poor customer service and cloud providers need to provide better customer service if they want to attract and keep large business as clients.

Do you agree?  The article was written in 2o13.  Do you think that customer service has improved in the cloud, or do you think it’s still lacking?  Share your thoughts!

Resources:

Linthicum, D.  (January 8, 2013).  Cloud computing’s Achilles’ heel:  Poor customer service.  Retrieved from:  http://www.infoworld.com/article/2616435/cloud-computing/cloud-computing-s-achilles–heel–poor-customer-service.html

Top Cloud Service Providers for 2014

This week I want to look at some of the top Cloud Service Providers for 2014.  (I know, that’s so last year!  But hey, this year just started!)

This list of the top providers is brought to you by Joe Curtis.  His article, “10 Top Cloud Computing Providers for 2014” can be found here:  http://www.cbronline.com/news/cloud/cloud-saas/10-top-cloud-computing-providers-for-2014-4401618

Curtis’ article talks about his top 2 picks for providers in five different categories.  Infrastructure-as-a-service (IaaS).  IaaS is one of the main categories of cloud computing.  In this model, the Cloud Service Provider (CSP) will host hardware, software, servers, storage and other components needed or a client’s infrastructure.  This may include the client’s applications.  The CSP may also provide services such as system maintenance, data backup and resiliency planning.  Clients using an IaaS will pay on a “per-use” basis.  This may be by the hour, week or month.  In addition to that cost, they may also pay for the amount of virtual space they use.  Curtis’ top 2 picks for IaaS providers are Amazon Web Services and Microsoft Azure.

The second model mentioned in the article is Cloud Storage.  This is pretty self-explanatory.  Cloud storage is storage for any kind of data.  Google Drive and Box were Curtis’ top picks for cloud storage.  Google Drive provides unlimited, free storage to students and for other accounts it provides 15 GB of storage.  Box accounts allow for 10 GB of space for free, and includes a service called Workflow that automates the routing of the files and the actions that people need to take on those files.

Desktop-as-a-Service (DaaS) allows clients to provide virtual desktops that can be customized for groups of workers and can be accessed from different mobile devices.  This service can save companies the time it normally spends on customizing desktops within the organization.  The top 2 DaaS providers, according to Curtis, are Citrix and VMware.

Software-as-a-Service (SaaS) is software that is hosted in the cloud, instead of being installed on individual machines.  It appears on individual devices as if it’s installed and it’s fully functional.  Curtis’ top 2 SaaS providers for 2014 are Salesforce.com and Insightly.  which are both Customer Relationship Manager software products.

The last model that the article discusses is Platform-as-a-Service (PaaS).  This cloud service allows clients to develop, run and manage their web applications.  The top two PaaS providers for 2014, according to the article, are Red Hat OpenShift and Heroku.

If you are looking for the perfect CSP for your business and don’t know where to start, maybe just take a look at the providers in this article to start with and see if they meet your needs.  Of course, there are differing view on which providers are best out there I’m sure.  You need to find the one that meets your individual needs.  Sometimes, just having a couple of names to start with is helpful in wading through all the options.

For another Top 10 list, you can also check out this article on TopTen Reviews:  http://cloud-services-review.toptenreviews.com/

Security and Apps in the cloud

Do you know what apps your business is using in the cloud?  Have they all been installed and approved by the IT department?  Do you have policies in place stating what your staff can and cannot store in the cloud?

Cloud applications can pose a huge threat to your organization’s security.  An article on ZDnet.com by Toby Wolpe describes how most IT teams aren’t even aware of how much unsanctioned cloud use is happening inside their company.  He states that in a study of 2 companies in the US, 22.5 percent of business-critical app use was happening and the IT department did not know about it.  The same study showed that 35 percent of data stored in the cloud was also unknown to the IT department.

It is crucial for your IT department to know what apps are being used and how they are being used in your company.  If six departments all purchase the same app, how much extra money is the company paying?  Could the app been purchased under a corporate agreement that cost less?

Developing a policy for cloud usage is as critical today as developing your data security policy and your disaster recovery plan.  Make sure there is a clear policy for not only purchasing apps, but what data may or may not be stored in those apps.  Having data stored on apps that the IT department is unaware of and without the proper SLA to ensure the security of this data, can cost your company money and put your data at risk

Resources:

Wolpe, T. (September 17, 2014).  Cloud apps:  Just how many does your firm use?  Now guess again.  Retrieved from:  http://www.zdnet.com/article/cloud-apps-just-how-many-does-your-firm-use-now-guess-again/

Choosing the right Cloud Service Provider

So, you’ve decided to make the leap to the cloud.  Great!  Where do you start?

It’s important to choose the right Cloud Service Provider so that you don’t run into problems later.  When you choose the service provider, look at things like how long the company has been providing cloud services and how much uptime has there been during this period.  You want to make sure that the provider’s technologies are compatible with your company’s technology.  And you need to make sure you have a list of your requirements to use as you look into whether or not that vendor can meet your requirements.

This article, “10 Questions to Ask When Choosing a Cloud Provider“, provides a list of 10 things you can ask providers as you shop around to find the right provider for your needs.

Here are the ten questions that Kim LaChance Shandrow lists in the article:

“1. Which Cloud Services do you provide?

 2. What is your pricing structure?

3. How secure is your cloud?

4. Where is your data center, and how safe is it?

5. What happens if you lose my data?

6. What customer support services do you offer?

7. Can your cloud scale up to meet my business needs?

8. What’s your downtime history?

9. How will I get set up?

10. How will I access my company’s cloud

There are some very good points in this article.  For Cost: you should only pay for what you use.  That’s the way the Cloud is set up.  Research pricing, make sure you are not being charged for stuff you don’t need.  Also, there should be no big investment to get set up.  There may be set up fees involved, but one of the benefits of cloud computing is that you are not making a huge investment up front for equipment, etc.  If you feel that a provider is asking for an unreasonable amount of money up front, find a different provider!

About Security:  Make sure that the provider you choose has adequate security measures in place to keep your data secure.  Do they have firewalls?  How about Anti-Virus protection?  Do they have user authentication and encryption standards in place?  Do they do regular monitoring/auditing?  Also, where (Physically) is the data being stored?  Physical security is just as important as virtual security – if someone can get to the equipment, they can wreak havoc and cost you money.

I hope if you are reading this, you have a disaster recovery plan in place for your organization.  It’s important to make sure you know what the SLA (Service Level Agreement) says about how they plan act in the case of data loss.   Make sure you ask them about their history of data loss and know what the agreement says.  Do they have a  system in place to recover data?  If there is a loss of data, will they compensate you and how?

Remember, you are giving this company access and charge over your information.  Make sure you research them like you would a caregiver coming into your home to care for your children in your absence.  You want to make sure they are trustworthy and are not going to cause your business to suffer a loss if it can be prevented.

References:

LaChance Shandrow, K.  (June 3, 2013).  10 Questions to Ask when Choosing a Cloud Provider.  Retrieved from:  http://www.entrepreneur.com/article/226845

Pros & Cons of Cloud Computing

If you are thinking about moving your business into the cloud, it’s a good idea to look at the advantages and disadvantages of making the jump.  Only you can decide if the benefits outweigh the risks to your business.  As with all of my posts on this blog, I found a great article that talks about some of the pros and cons of doing your business in the cloud.  Here is what I gleaned from reading the article:

Advantages:

  • Cost – using cloud services such as storage and software can be less expensive then investing in equipment and desktop software for your business
    • Instead of paying for servers for your network, you can pay as you go for only the storage you need
    • Software can be costly.  It requires an initial investment, maintenance, upgrades and licenses for each user.  Using cloud based software can prove to be less expensive, and updates and maintenance typically happens automatically in the cloud.
  • Storage – using storage as a service in the cloud allows you to use only the space you need, and as your needs grow – the space is virtually unlimited
  • Backup & Recovery – no need for nightly tapes or backups on your physical hard drive.  Backing up data in the cloud is easier.  As for recovering data MOST cloud providers are well equipped to recover lost data.  This can save you time and money in case of data loss.
  • Software Integration – in the cloud, software integration usually happens automatically
  • Access to information – as long as you have an internet connection, you can access your data in the cloud from virtually anywhere
  • Deployment – getting set up and started in the cloud is fast.  You can typically get things up and running within minutes.
  • Scalability – many cloud provides offer pay as you go services.  This allows you to pay for only what you need when you need it.  If you anticipate a change in your needs, you can quickly change the services you use.

Disadvantages:

  • Technical Difficulties – if your cloud provider goes down, so do you.  If you don’t have access to the internet, you don’t have access to your services in the cloud.
  • Security – you are giving up control of your data.  Since it is in the hands of your cloud provider, the security of your data is at the mercy of that provider.  Sensitive data may be at risk.
  • At risk of attack – since you have your data out there in the cloud, there is always a chance of your data being compromised.  (Of course, there is also always a chance of your data being compromised within a physical network on site too!)

There are pros and cons of moving your business to the cloud.  However, you can minimize the risks involved if you do your research, make sure you choose a cloud provider who is reputable and has a proven track record of knowing how to deal with the risks and who you trust to keep your sensitive data safe.  In my opinion, the same risks are present if you have your business on a physical network in your building.  It just seems a bit scarier when you are entrusting someone who is less invested in your business than you are to keep that data secure.

References:

http://mobiledevices.about.com/od/additionalresources/a/Cloud-Computing-Is-It-Really-All-That-Beneficial.htm