Information assurance and business continuity managers realize all too well that technology disasters come in all shapes and sizes. While “in the cloud” solutions exist to help with disaster recovery, business continuity, and an ever-growing number of intruder/malware prevention practices, it’s apparent that in-house IT professionals are overwhelmed by the sheer volume of choices and complexity of integration.
Cloud Computing and Information Assurance
Fri, 04/30/2010 - 8:00pm
Everybody’s talking about “cloud computing,” but has this approach simplified information assurance, or have we woven an even more tangled web? Are cloud solutions too new to trust, or are the concepts and methods mature enough to match or even enhance information assurance planning and practice?
Just as there is no shortage of cloud “solutions,” there are also plenty of definitions of the term. In addition to the solutions that already exist, different models have been proposed or are under development. To some, cloud computing is a services platform upon which developers can write applications through an application programming interface (API), such as Amazon’s Elastic Compute Cloud and Microsoft’s Azure. To others, cloud computing is an application suite delivered user-ready via the web-browser, such as Google Apps and Salesforce.com. Still others would classify any software-as-a-service (SaaS) offering as a cloud solution. And as long as SaaS is part of the cloud, what about desktop-as-a-service (DaaS) or backup-as-a-service (no one ever says BaaS)?
As with many other evolutionary moves in information technology, there are as many providers as there are definitions, and everyone wants to capitalize on a new trend. Breaking through all the hype, cloud computing is nothing more than taking advantage of ubiquitous global networking that allows service providers to economically deliver network-based computing services to meet even more elements of business computing needs. The reality is there is no “computing” done by “the cloud.” The cloud is the mechanism for connecting users to computing resources, which are, in the end, still “computers.”
It took more than a decade to achieve nearly universal use of e-mail, web browsing, and EDI (electronic data interchange). The last several years produced refinement of these models, development of the threats to the models, and a lot of wasted time trying to define Web 2.0 and evolving social networks. All the while, the physical network grew and gained in reliability and performance.
Digital information and, by extension, information systems, have simultaneously evolved into one of the most valuable assets and most vulnerable facets of nearly any business entity. Perhaps the most powerful value of the cloud computing trend is the potential to secure these assets, maximize their value, and shore up vulnerabilities. Cloud-based services of any type offer the potential for businesses to delegate responsibility for highly technical tasks to specialist organizations, which may be able to better meet the information assurance needs of those companies they serve.
One of the greatest challenges in information systems management is the pace with which technology changes. Businesses that don’t remain current with technology advancements may lose the opportunity to compete for new customers, develop new products and services, and improve their operating margins. But adopting technological change too rapidly introduces its own risks such as overspending and creating a cycle of tech-nology churn that distracts from the primary business goals. There is no simple formula for achieving balance, but cloud computing is one option that can help.
Cloud-based solutions provide the means for organizations to adopt new technologies without investing capital in technology infrastructure or having to hire or develop additional technical specialists. Disruptive technology—new practices or tools that may enable an organization to leap past its competitors—are possibly the most cost-effective when the details of implementation are left to specialists who are expertly trained and treat such technologies as their core business. The evolution of technology services delivered in the cloud is a perfect example of this.
Any business that comes to rely on its digital information for competitive advantage, or simply to maintain efficiency, eventually recognizes the risk of the loss of its information resources. Losses can come in many forms, including equipment failure, natural disaster, man-made disaster, data theft, privileged information leakage, and data espionage—all legitimate concerns. The risks have become so high that many organizations choose to substantially increase their budgets to protect their digital assets, which has the net effect of reducing the overall competitive and cost benefits of those assets. By seeking the expertise and safety of experienced and proven cloud-based solutions providers, companies can put a lid on some of those added costs.
Legitimate and proven service providers offer specific attention to the details of risk mitigation for digital information management. Best practices for every consideration from hardware redundancy to hacker and malware prevention are essential to the survival of any company offering cloud computing services. Quite simply, the provider’s business model depends upon safely managing digital risks. Cloud service providers know they must equip and train for the worst-case scenario.
The rapid advancements in hardware capability and network performance that first made the notion of cloud computing possible will continue to accelerate. To remain competitive, many businesses will look to the cloud computing model to allow them to refocus their internal resources on core business objectives and the human resources that directly support their products. Organizations seeking cloud computing solutions should look for experienced providers with documented success, proven and documented attention to information technology management best practices, and service offerings that align with the core business need.
Many questions have yet to be answered for the future of cloud-based services. Will customers feel comfortable with data housed by Google, the data-mining megalith? Will Microsoft attract developers to its Azure platform, or will Jeff Bezos’ perceived thought leadership propel Amazon to the upper atmosphere of the cloud community? Will single solution software-as-a-service offerings be priced in a manner that is economically sensible for organizations to subscribe to individual applications, and if so, how will all the data interact to create new values and insights? Will desktop-as-a-service or cloud desktop offerings help companies leverage existing software and data assets with more convenient and effective application delivery and desktop management? Or, will virtual desktop solutions relying on local PC resources short circuit the cloud movement and re-focus the IT world on locally delivered but remotely “managed” application assets?
Perhaps by the middle of this decade business technologists will have a clear understanding of which forces in cloud computing are most dominant. Until then, organizations of all sizes will continue to seek specialist providers to manage their digital resources. Applications, data, and entire desktop infrastructures will be increasingly managed outside the firewall. However, more than any other reason, improvements in management of disaster, malware, data theft, and threats yet to be revealed may be the most important driver in the adoption of the cloud computing model. CI