Cloud computing represents a continuing evolution of technology. Most aspects of Cloud computing have been in use in the Business-to-business context for years. In this context, Cloud represents an evolution of technology that has increased in scope, in a geographic spread of services offered as well as the complexity of the back end and value chains that support those services.
In the case of large enterprises there is greater expertise and experience with these issues and related issues as well as greater likelihood of equality in bargaining positions. Furthermore, enterprise Cloud deployments often include customization or other unique services that need to be reflected in individualized contact terms.
It should be noted that established service offerings may provide substantial customization offerings for the end user, but these are choices among defined options rather that options developed. Similarly, applications of mass deployment cannot accommodate customized terms, though there may again be options across the offering of terms and conditions (higher security, service levels or guarantees for increased costs…) In many instances, customization and configuration menus available to Cloud application users without deviating from standard vendors agreements are strongly influenced by end user; in many cases such user-driven development of standard options leads to results comparable to, and often in the end drastically reducing the need for, customer specific changes. Small and Medium Enterprises and consumers can also participate in one of the more current aspects of Cloud computing-enabling consumers and SMEs to provide business and social-based services facilitated by Cloud technology.
SMEs and consumers differ slightly in two main respects. When resorting to Cloud services, SMEs may require more specialization in the offerings they use which may mean that they are more likely to purchase offerings from smaller, more specialized or niche Cloud providers that focus on their sector or vocation. These smaller providers, while having expertise in their services, may be relatively new to the complexity of Cloud practices and contracts. Consumers, on the contrary, may be more likely to adopt highly standardized offerings. The second major difference is that ‘consumer developers of more social-oriented Cloud services may do so on a voluntary, non commercial basis, which may have significantly different legal implications and expectations than services that require payment.
Although the commercial implications of Cloud for SMEs and consumers may be revolutionary, it does not follow that there needs to be revolution in governments regulation of Cloud services contracts. While many issues are and may arise related to Cloud services, many are either well within our experience curve or still evolving and not ripe for detailed guidance. Regulators and governments already have wide ranging powers in respect of Cloud based services, particularly in the consumer arena. The International Chamber of Commerce believes that governments should be encouraged to use the regulatory powers they possess, in order to improve trust and understanding in the Cloud services market. In the meantime, information is needed to help users make more informed choices among service offerings, terms and practices.
Related to the issue of regulation is the desire or concrete plans announced by some governments to develop, operate or commission ‘national Clouds’. While it is understandable that governments want to take advantage of Cloud benefits as a measure towards more effective public administration, it would be counterproductive if public sector Clouds are positioned to compete with private sector initiatives.
Finally, one issue which needs to be raised, but is beyond the scope of this paper to address, is the ability of users to evaluate services being provided. While it is unlikely that most individuals or small users have the ability to evaluate or understand the technical elements of many of the services provided or the complexity of the practices that stand behind them, this is not a new issue and it is unlikely that a unique Cloud solution can be found. Users have previously relied on brand and reputation as barometers of assurance; in some cases, recommendations from the stores where they bought the products or rating services. Cloud services are already offered by branded players and users can translate reputation in those cases, but Cloud has the potential to spawn many new players and users can translate reputation in those cases, but Cloud has the potential to spawn many new players both in terms of technology and business offerings. Those players may have only a web presence and be on other continents. While some ratings evaluation, reputation, engines, services, may develop, we must also consider new means of assessing the reputation, including community-based operations like those employed be E-Bay in rating buyers and sellers.
Cloud computing is this a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet. Users need not have knowledge of, expertise in, or control over technology infrastructure in the “Cloud” that supports them.
The concept generally incorporates combinations of the following : Infrastructure as a service (IaaS)
Platform as a service (PaaS), Software as a service (SaaS), Cloud computing services often provide common business applications online that are accessed from a web browser, while the software and data are stored on the servers.
While much, if not all, of the technology related to Cloud is familiar, the scope and type of use is new. Previous Cloud-type applications usually required people to be in corporate or university settings to gain access to these benefits. Today’s Cloud applications can be accessed not only from individual personal computers, but more and more from mobile devices as well. Today’s Cloud represents democratization in terms of access to and use of Cloud services. Some types of Clouds also represent opportunities for individual developers to tap large potential user pools. Thus the Cloud is both old in the sense of the fundamental nature of the services on the offer and new in the sense of which parts of the market now have access to these services.
The Computer Security Division of Us National Institute of Standards and Technology (NIST) defines Cloud computing as a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This Cloud model promotes availability and is composed of five essential characteristics:
On demand service a user can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
Broad network access capabilities are available over the network and accessed through standard mechanism that promote use by heterogeneous thin and thick client platforms (e.g mobile phones, laptops, …)
The providers computing resources are pooled to serve multiple users using a multi tenant model, with different physical and virtual resources dynamically assigned and reassigned according to user demand. There is a sense of location of the provided resources but may be able to specify location at a higher level of abstraction (e.g country, state, or data centre). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. To meet the user’s short term needs, the allocated resources may see themselves expanded automatically, to quickly scale out, and rapidly released to quickly scale in. To the user, the capabilities available for provisioning thus often appear to be unlimited and can be purchased in any quantity at any time.
Cloud Systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g storage, processing, bandwidth and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
Benefits, advantages of Cloud Computing
The benefits of Cloud are wide ranging, and reach different sectors of the market in different ways. They include: -Path management, up to date software, professionally managed; -Low threshold for entry;-Consumer access to all apps;-Possible market opportunity for SMEs;-Centralization may improve security where Cloud vendor is reliable and less expertise existed in company individual;-Create new business opportunities and new markets by offering high computing power at lower cost;-Eliminate the need to build infrastructure for infrequent peak periods by making extra capacity available on demand;-Increase productivity by allowing businesses to focus on their core competencies and customer offerings rather than IT infrastructure and maintenance;-Enable faster and cheaper innovation by providing and existing platform for developers to build on;-Create economies of scale through use of data centers that are more energy efficient and environmentally sustainable;-reduce operating and capital cost;-Improve speed to market by reducing solution deployment time by leveraging Cloud infrastructure;-Dynamically increase capacity and ability to cater to business peaks without investing in infrastructure;-leverage on Cloud computing for reliable and scalable backup and recovery facilities for Disaster Recovery (DR);-Low barrier to entry-foster innovation and entrepreneurship;-Scalable infrastructure-virtually infinite compute and storage resources;-Turn Organization fixed cost into variable cost.
General risks of Cloud Computing
Cloud computing is not a new concept; rather, it is the natural evolution of the continued growth and advancement of the Internet. As such, the discussion of “risks” within Cloud space are also not new; they are risks which are familiar to larger organizations who have contracted for Internet based outsourced services similar to Cloud type offerings. Those risks have been successfully addressed for many years in an outsourcing context. There is no reason to believe that they cannot also be addressed by a wider audience as the Internet is rebranded as “Cloud”.
Security in Cloud computing by definition involves accessing services over the Internet. Today many services already include global information flows facilitate by the Internet, whether obvious to the end user or not. Cloud will however, broaden and accelerate the movement of data from Internal networks, (local server or hard drive) to the Cloud due to greater consumer and SME adoption of Cloud services. Therefore, keeping data secure is of critical importance for all user-governments, organizations, and individuals. Concerns about privacy and security are often used as key justifications for not migrating to Cloud-based IT services. However, in many ways Cloud computing services offer increased date security, privacy, and reliability. With the PC based computing model when a PC is lost, stolen destroyed, or compromised, data can be permanently lost or worse, extracted to reveal personal or proprietary information. In addition, many organizations, especially consumers and SMEs, don’t have technical staffs to assure that systems are patched, tested and appropriately backed up. Furthermore for many computer users with limited technical support and capacity, security is accomplished by locks and doors and imperfect passwords. The laptop or server under desk is not match for a level 4 date centre. The Cloud model provides enhanced reliability because date is backed-up over the network at multiple locations hosted by the Cloud. Computing service provider eliminating the single point of failure concern. This added reliability is essential for individual users and organizations that hold sensitive and personal data, such as health care providers, financial institutions, and governments.
The migration of data over the internet and into the Cloud does not make data any more vulnerable that it was when secured internally; however, this movement and remote storage does not make data in the Cloud a target from attack vectors that differ from what organizations and individuals are typically familiar with, and by virtue of its scale a more attractive target to attack. However, the reputational risk to Cloud vendors that might result from data loss of compromise makes them strongly incentivized, in addition to their technical expertise, to address these risks well. Furthermore, we should recall that Cloud providers may provide much more better managed, patched and secured information systems that current users have in their homes.
Cloud computing allows users ubiquitous access to computing power, storage, and applications. This universal access means that users are no longer tied to a specific device. Since applications and data are stored in the Cloud, any device that can connect to the Internet can also access data stored in the Cloud from any location. Also, universal access means that multiple users can access the same applications simultaneously regardless of their location, which can increase productivity, collaboration, and information sharing.
However, a broadband connection is required to connect to the Cloud. Because applications and data are hosted in the Cloud and not stored locally, when the network fails users cannot access the Cloud. Potential users may view migrating to the Cloud as a risky proposition if broadband networks are non-existent or unreliable. Lastly, when users are considering migrating mission critical data or applications, they must always consider the potential for a failure of communications, potentially due to external catastrophic events. Strategies for cloud migration of critical resources should consider issues of disaster preparedness and recovery.
Contracts with major Cloud computing providers are similar in scope and negotiability to contracts that are found in other areas of the information technology ecosystem. The three broad categories are as follows:
Contracts for office based services for Cloud based services (e.g services like email, word processing, spreadsheets and the like) are quite similar, conceptually, to licensing contracts found in the non-Cloud environment (e.g “shrink wrap” agreements for software bouth and installed on a personal computer) or for the ise of services in the Internet (e.g, “web wrap” and click through” agreements found on websites). Because of the scale of the services provided, there is often very little opportunity to negotiate agreements individually. That should not be confused with a lack of choice. Small and medium sized businesses have “menu options” they can choose from in the course of selecting their contract (as to security standards for example, or hours of support, or nature of date transfer activities on exit), but these will typically be in the form of largely standardized modular offerings, as in the software licensing industry today. Small and medium-sized business should be, therefore, expect about the same limited level of negotiation ability for service agreements for office based Cloud products as they do in these other contexts.
In the additional office context, companies and users rely on the intergrity of their hard drives and related back up systems. These systems, like other contexts, are governed by warranties that my guarantee the replacement of the hardware, but which do nothing to guarantee the intergrity of date. This one area where Cloud computing offers significant contracts benefits. While contracts for data storage are often not negotiable (any more than warranties are in the computing ecosystems), there is a highly competitive market for data preservation. Companies should look for contracts that allow for: data portability and export and that provide redundancy and secure data in diversified ways to facilitate data recovery.
As noted above, Cloud computing services depend heavily on fast and stable connectivity to the Internet. Purchasers of Cloud services can often purchase different tiers of service from ISPs that assure different levels of speed, latency, and connectivity. Cloud providers often provide guidance to their customers as to the minimum technical expectations required in this regard, and businesses should be sure to contract with their ISP for the appropriate level of service.
While large providers can do little to customize mass offerings beyond providing menu driven choices, users should consider that smaller providers and providers seeking to serve niche markets may provide services more tailored to specific needs. Issues related to selecting these providers will revolve around evaluating the services offered and the reputation and capabilities of the new entrants. Reputation and other third party evaluation and certification services may emerge to help users of these services make more informed decisions.