Cloud computing is one of the hottest topics in business today. This technology lets companies utilize massively scaled information technology infrastructure at a remote site instead of their own data center, resulting in increased redundancy, security and significant cost savings.
“The cost of purchasing and maintaining the infrastructure internally and the salaries of people to operate the infrastructure continues to increase, while the cost of obtaining it on a larger scale from cloud service providers continues to decrease,” says Michael Dickson, CPA, CISA, CISM, CRISC, director, business technology services at GBQ Partners LLC. “The result of these two trends is an intersection of the cost models for computing.”
Smart Business spoke with Dickson about how the cloud works and how to select the right cloud service provider.
What is cloud computing?
There is much confusion about what cloud computing is, because there are so many different kinds of cloud service offerings. Cloud computing is nothing more than a new name for an old concept (time sharing).
Cloud services enable you to connect to a provider’s application (Software as a Service — SaaS), deploy, run and manage your own applications on a provider’s computing resources (Infrastructure as a Service — IaaS), or you can deploy, run and manage your own applications that were created using programming languages, databases and tools supported by the provider (Platform as a Service — PaaS). In each of these models, the provider and management have different responsibilities as it relates to owning and managing the operating and application systems.
Remotely hosted applications, like Office 365 and SalesForce.com are perfect examples of using SaaS. The applications are developed, owned and hosted on providers’ infrastructure, and users subscribe to the services they need and connect over any network (company or home network, WiFi, Cellular, etc.).
Examples of IaaS are products like Amazon’s Web services and Rackspace’s cloudfiles. Subscribers pay for the amount of computing or storage they need, relying on the provider to manage and maintain the infrastructure.
What companies are best suited to take advantage of a cloud?
A company that is looking to replace legacy software or hardware or is planning a significant expansion is in an ideal position to take advantage of cloud service offerings.
Some companies are driven to look at cloud solutions simply because they are having trouble retaining an IT staff with appropriate technical skills and/or are driven by cost reduction measures to look at the options.
What are some key items you need to understand about cloud computing?
You need to understand the benefits and risks, because they will vary for each company depending on which service type you are considering. The key is to understand your specific risk posture by assessing the application landscape, the type of data processed and understanding the unique accessibility, confidentiality, security and compliance requirements of your specific situation. This will drive the decision on what should be ‘put in the cloud.’ Moving into the cloud doesn’t have to be an all-or-nothing proposition. You can start by putting a low risk commodity application in the cloud, and keep your high-risk core business applications on site until you get more comfortable with how it works for you.
What are some keys to making cloud computing safe?
It’s safe if you choose your provider carefully and structure your agreement properly. The biggest misconception is that you don’t know what’s happening to your data when they are in the cloud. If you select the right service partner, they will have implemented the appropriate security and physical and logical access controls to prevent others from gaining access to your computing environment.
A reputable data center will have engaged an independent auditor to express an opinion on the appropriateness and effectiveness of controls put in place to ensure the availability, reliability, security and processing integrity of their data center environments. These reports used to be called SAS 70s but are now referred to as SOC (Service Organization Controls) reports.
What are the benefits and risks associated with cloud computing?
The big benefits are cost savings and increased reliability/availability resulting from economies of scale. If a business has a peak time, it can take advantage of extra processing capabilities for that peak period, but doesn’t have to maintain and own all of the computing capabilities all year round. Computing is becoming a utility. Like electricity or natural gas, you pay for what you use.
Another benefit is having access to new applications and technologies that the cloud service providers can purchase, implement and leverage over multiple customers as they update their service offerings.
For risks, the biggest concerns are related to access to data and being locked into a service provider for a multi-year term. You need to look carefully at the terms and conditions to know how your data are stored and how they might be made available back to you or to a successor provider in the event of a dispute.
People also fear they will lose control of their computing capabilities, and that can be good or bad, but it needs to be addressed. They’re fearful that if they get into a fee dispute with their provider, or become unhappy the level of service provided, the service provider holds all of their eggs in their basket. You can mitigate these risks by structuring the agreement to address users’ rights to data in the event of a dispute and by implementing solutions that provide real time back-up outside of the cloud.
Make sure your data are encrypted, access controls are strong, and you know who owns the data.
Michael Dickson, CPA, CISA, CISM, CRISC, is director, business technology services at GBQ Partners LLC. Reach him at (614) 947-5259 or [email protected].
