AbstractThe concept of Cloud Computing has been around for several years and has emerged as a new field in Computer Science. It provides a means for businesses and companies to increase their Information Technology (IT) capabilities and resources without investing in new infrastructure, training or licensed software.
Cloud Computing has revolutionized the way companies conduct and manage operations delivering host based services such as Platform services, Infrastructure services and Software services over the Internet. It is called Cloud Computing because “the data and applications exist on a cloud of web servers” (unknown, 2009). Major concerns with the implementation of cloud computing are associated with privacy and security.
Businesses and Companies are wary about trusting their essential data with another company and concerned about client privacy being compromised. This purpose of this paper is to discuss in detail what is cloud computing, the services offered, security concerns and mitigation strategies along with the legal and political issues associated with the integration and implementation of Cloud Computing; educating and informing others, ultimately easing their mind about the use of Cloud Computing.
IntroductionCloud Computing has also been referred to as “Internet Computing”. The internet is visualized as clouds and the computation/computing is done through the internet hence the term, “cloud computing”. As mentioned earlier it provides a means for businesses and companies to increase their Information Technology (IT) capabilities and resources without investing in new infrastructure, training or licensed software. Companies are now able to conduct and manage operations by delivering host based services such as Platform services, Infrastructure services and Software services over the Internet.
Unlike utility computing (a service provisioning model that packages computing resources charging its customers based upon need and usage instead of a flat rate), autonomic computing (computer model designed for computers/resources self management) or grid computing (the use of many computers/resources in a network to solve or work on a single problem simultaneously), which are alternatives to cloud computing; cloud computing has its own independent computing platform. It is cost-effective because “initial and recurring expenses are lower than traditional computing” and maintenance cost are reduced since third party companies maintain cloud operations and storage data.
Cloud Computing differentiates from traditional hosting such that it is “sold on demand, typically by the minute or the hour. A user can have as much or as little of a service as they want at any given time. The provider manages the services offered thus all the client needs is internet access and a computer” for access to the services (unknown2, 2009).
“Cloud computing is characterized by features such as platform, location and device independency, which make it easily adoptable for all sizes of businesses” (unknown3, 2009). Google Apps has been mentioned by unknown to be one of the best examples of cloud computing. These applications are accessed via a browser and can be deployed on computers with access to the internet. Zoho offices specializing in business and productivity solutions along with Sales Force, Customer Relationship Management (CRM) Company also use cloud computing for their applications.
The Zoho and Sales Force applications are accessed by their users via an internet browser so that multiple users can have access to their apps from any location. “Amazon.com, IBM and Sun also offer on-demand storage and computing resources” associated with cloud computing, allowing the developers to create large-scale fully featured applications using internet clouds API’s and web services (unknown4, 2009). There are three types of cloud computing: Software as a Service, Platform as a Service and Infrastructure as a service. In a nutshell the software as a service (SaaS) cloud model services offered includes database processing, inventory management and web based email.
The vendor is responsible for providing the software products, hardware infrastructure along producing a means of interacting with the users via front end portal. Thus the “service provider host both the application and the data and the end user is free to use the service anywhere” (unknown4, 2009). In a Platform as a Service (PaaS) the cloud consists of a “set of software and product development tools hosted by the provider’s infrastructure” (unknown4, 2009). The developers are given free range to design applications on its provider’s platform via the internet.
The providers of PaaS can use web portals or API’s installed on their customers computers for the development, examples of PaaS include Google Apps and Sales Force CRM Apps. In a Infrastructure as a Service (IaaS) cloud model providers offer “virtual server instances with unique IP address and blocks of storage on demand” for their customers (unknown4, 2009). Amazon.com, IBM and Sun are examples of IaaS. And the customers are allowed to “use the provider’s API to start, stop, access and configure their virtual servers and storage (unknown4, 2009).
Cloud computing is most commonly used and practical for service providers and their customers because they can “Pay-As-They-Go” or “Pay-As-They-Grow” and there isn’t an upfront investment (unknown4, 2009). Nonetheless, cloud computing is not limited to just providing computing resources and data storage; it is also implemented to provide management services along with application services via the web.
The “Federal Computing Weekly recently reported that the National Institute of Standards and Technology (NIST) has a announced plans to create a cloud computing security group. The goal of the security group team is to “determine the best way to provide security for agencies that want to adopt cloud computing” and assess the security risks associated (unknown5, 2009). Major security and privacy concerns have arisen relating to the implementation of cloud computing.
Thus companies are wary about trusting their essential data with another company (i.e. third party) who will be responsible for managing their data and services along with the risks of client privacy being compromised when accessing cloud computing resources from any location. The confidentiality, integrity and accessibility of companies’ data and resources can become compromised if security professionals are not thoroughly researching and implementing ways to protect companies cloud computing data. Legal and Political Issues
Cloud Computing spans across many borders. One of the major benefits of implementing cloud computing is to have the capability to access services and data via the internet from any location. However although customers and users can access data that can be stored anywhere in the world from any location, providers and vendors must be sure that they are not violating and are applying by country laws in regard to data storage, data transfer, privacy and software license agreements.
Some legal concerns that have arisen associated with cloud computing relating to contractual issues “to be addressed by the parties’ contract or licensing arrangements” (unknown3, 2009) and data lost (what happens if a company’s data is lost?). There are potential e-discovery issues along with regulatory issues (such as privacy to export control issues) that are also raising concerns.
The Affero General Public License version 3 (GPL version 3) was published in November 2007, to close an application service provider loophole in the General Public License (GPL version 2) which is a copyleft (the use of copyright laws to remove restrictions on distributing copies and modified version of work) license requiring works to be available under the same exact copyleft. The Free Software Foundation hopes to have the GPL version 3 considered for all software ran over a network. The United States and China have been reported according to unknown3 to be making laws that may have negative effects on internet cloud computing.
The “Patriot Act (“which increases the ability of law enforcement agencies to search telephone, e-mail communications, medical, financial, and other records; eases restrictions on foreign intelligence gathering within the United States”) is having far reaching consequences to companies operating under its umbrella along with the Electronics Communications Privacy Act (ECPA); ECPA “sets out provisions for use, disclosure, access, interception and privacy protections of electronic communications” (unknown3, 2009).
Canada’s government has recently decided to not use computers in the global cloud network that are operating within US border because the Canadian data stored on those computers could conceivable be negatively impacted by the repercussion of the Patriot Act” (unknown3, 2009). Cloud Computing is an emerging technology that is here to stay. To resolve and/or mitigate many of these political and legal issues associated with clouding computing it is best to get business lawyers involved and attack the issues one at a time. Conclusion
In cloud computing, security is tremendously improved because of its technology security system, which is now easily affordable and available. Also, cloud computing can tackle the issue of scalability by implementing server virtualization. Many companies have raised cloud computing security and privacy concerns which have been previously addressed throughout this paper. To mitigate many of these concerns and establish a strong sense of security, reliability and trust several measures need to be taken in account in order to have an effective cloud computing environment.
To mitigate the legal concerns mentioned it is best to consult with a business lawyer early in the planning phase of the cloud computing implementation. This will help to alleviate legal and political issues that may negatively affect a global cloud computing environment.
Ask the vendor and service providers questions about security issues you might consider such as “what contractual obligation will they assume to protect the company’s data?, what contractual obligation will they assume regarding uptime?, uptime warranties provided, if any?, where will the data be stored?, what remedy limitations, if any, are in their terms?, how to get out of the arrangement with the provider?, what security mechanism are in place to protect the company’s data?” (unknown3, 2009).
Ensure the vendors provide data privacy, are compliant with NIST800-53 compliant solutions, implement data encryption, access controls (know who is accessing your data and who has access) and good management practices. Cloud computing appears to be here to stay so we must take proper measures to make it as safe and secure as possible.