+1(978)310-4246 credencewriters@gmail.com
  

PFA 

2 pagesC11-1

CASE STUDY 11

CLOUD COMPUTING (IN)SECURITY

Cloud computing is reshaping enterprise network architectures and

infrastructures. It refers to applications delivered as services over the

Internet as well as the hardware and systems software in data centers that

provide those services. The services themselves have long been referred to

as Software as a Service (SaaS) which had its roots in Software-Oriented

Architecture (SOA) concepts that began shaping enterprise network

roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS

(Platform as a Service) are other types of cloud computing services that are

available to business customers.

Cloud computing fosters the notion of computing as a utility that can be

consumed by businesses on demand in a manner that is similar to other

services (e.g. electricity, municipal water) from traditional utilities. It has the

potential to reshape much of the IT industry by giving businesses the option

of running business software applications fully on-premises, fully in “the

cloud” or some combination of these two extremes. These are choices that

businesses have not had until recently and many companies are still coming

to grips with this new computing landscape.

Security is important to any computing infrastructure. Companies go to

great lengths to secure on-premises computing systems, so it is not

surprising that security looms as a major consideration when augmenting or

replacing on-premises systems with cloud services. Allaying security

C11-2

concerns is frequently a prerequisite for further discussions about migrating

part or all of an organization’s computing architecture to the cloud.

Availability is another major concern: “How will we operate if we can’t access

the Internet? What if our customers can’t access the cloud to place orders?”

are common questions [AMBR10].

Generally speaking, such questions only arise when businesses

contemplating moving core transaction processing, such as ERP systems,

and other mission critical applications to the cloud. Companies have

traditionally demonstrated less concern about migrating high maintenance

applications such as e-mail and payroll to cloud service providers even

though such applications hold sensitive information.

Security Issues and Concerns
Auditability is a concern for many organizations, especially those who must

comply with Sarbanes-Oxley and/or Health and Human Services Health

Insurance Portability and Accountability Act (HIPAA) regulations [IBM11].

The auditability of their data must be ensured whether it is stored on-

premises or moved to the cloud.

Before moving critical infrastructure to the cloud, businesses should do

diligence on security threats both from outside and inside the cloud

[BADG11]. Many of the security issues associated with protecting clouds

from outside threats are similar to those that have traditionally faced

ceC11-1

CASE STUDY 11

CLOUD COMPUTING (IN)SECURITY

Cloud computing is reshaping enterprise network architectures and

infrastructures. It refers to applications delivered as services over the

Internet as well as the hardware and systems software in data centers that

provide those services. The services themselves have long been referred to

as Software as a Service (SaaS) which had its roots in Software-Oriented

Architecture (SOA) concepts that began shaping enterprise network

roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS

(Platform as a Service) are other types of cloud computing services that are

available to business customers.

Cloud computing fosters the notion of computing as a utility that can be

consumed by businesses on demand in a manner that is similar to other

services (e.g. electricity, municipal water) from traditional utilities. It has the

potential to reshape much of the IT industry by giving businesses the option

of running business software applications fully on-premises, fully in “the

cloud” or some combination of these two extremes. These are choices that

businesses have not had until recently and many companies are still coming

to grips with this new computing landscape.

Security is important to any computing infrastructure. Companies go to

great lengths to secure on-premises computing systems, so it is not

surprising that security looms as a major consideration when augmenting or

replacing on-premises systems with cloud services. Allaying security

C11-2

concerns is frequently a prerequisite for further discussions about migrating

part or all of an organization’s computing architecture to the cloud.

Availability is another major concern: “How will we operate if we can’t access

the Internet? What if our customers can’t access the cloud to place orders?”

are common questions [AMBR10].

Generally speaking, such questions only arise when businesses

contemplating moving core transaction processing, such as ERP systems,

and other mission critical applications to the cloud. Companies have

traditionally demonstrated less concern about migrating high maintenance

applications such as e-mail and payroll to cloud service providers even

though such applications hold sensitive information.

Security Issues and Concerns
Auditability is a concern for many organizations, especially those who must

comply with Sarbanes-Oxley and/or Health and Human Services Health

Insurance Portability and Accountability Act (HIPAA) regulations [IBM11].

The auditability of their data must be ensured whether it is stored on-

premises or moved to the cloud.

Before moving critical infrastructure to the cloud, businesses should do

diligence on security threats both from outside and inside the cloud

[BADG11]. Many of the security issues associated with protecting clouds

from outside threats are similar to those that have traditionally faced

ce

  
error: Content is protected !!