XaaS, Part 1: Demystifying "The Cloud"

Jul 16, 2019 6:30:00 AM |

Brigitte Baucke

Social Share:

Laying the Foundation


Cloud computing is here to stay, and businesses of all sizes are strategizing to catch up and keep up. In this multi-part series, we will demystify cloud computing by first defining what "the cloud" is. Future blog posts in this series will evaluate the unique advantages and challenges related to various cloud computing as a service - "aaS" models. 

Cloud Computing Blog - Tech Cloud [Converted]-01

Full disclosure, this is a judgment-free zone. So, if it is 2019 and you are still not sure how “the cloud” works, this post is for you. As a businessperson, your time is best spent strategizing and growing your organization rather than toiling over which initialism (SaaS, PaaS, or IaaS) is key to improved operations. Here, we will gradually define cloud computing and give you the knowledge necessary to keep a simple conversation or evaluate the merits of potential proposals.

Before we begin, there are five key terms we must get out of the way. 

  • Cloud Architecture – The components (computers, servers, storage, network), and sub-components needed for cloud computing.
  • Deploy – The processes (installation, configuration, testing) involved in getting a new software or hardware up and running.
  • Infrastructure – The physical or virtualized foundation (hardware and software) that supports a system.
  • Platform – The base upon which other applications and processes are developed in computing. The hardware device and an operating system from which software is executed.
  • Software – A program that enables a computer to perform a certain task.

What Is "The Cloud"? And How Big Is It, Exactly?

Cloud computing refers to shifting computing services from traditional on-premises to the internet using third-party providers of hardware, software, development, and analytics. “The cloud”, therefore, does not refer to any one destination. With that in mind, strategic planning is essential when determining which cloud types, services, and providers will reduce operating costs while achieving business goals.

What Can I Send to the Cloud?

Before delving into the four cloud architecture types, it is helpful to know about the primary cloud services available. Your choice of deployed services significantly influences the cloud computing architecture considerations. Keep in mind this is a brief glimpse into the services. Future posts will dissect the nuances associated with each service and examples of industries where we are seeing deployment.

There are three standard cloud service models to consider when shifting operations to the cloud. The National Institute of Standards and Technology (NIST) recognizes these models as the highest-level categorizations of cloud services based on the type of computing capability provided.

  • Software as a Service (SaaS) – The most commonly used cloud computing service. Refers to a model of software delivery and licensing that gives organizations web-based access to fully functional applications. The only thing the organization handles is application configuration to meet business needs. Three examples of SaaS are Microsoft Office 365, Salesforce.com, and Google G Suite. Through SaaS, organizations can access cheaper enterprise applications regardless of their size.
  • Platform as a Service (PaaS) – Enables organizations to configure and manage applications and servers. Typically, this service is useful for organizations wanting more control over their applications and data without the hassle of supporting on-premises data centers. Organizations are not only able to develop, test, and deploy applications, but also analyze their data quickly through on-demand access to the latest middleware (software components). The outcome is increased developer productivity. Three examples of PaaS are Google App Engine, Amazon Web Services (AWS) Elastic Beanstalk, and Oracle Cloud Platform.
  • Infrastructure as a Service (IaaS) – Involves shifting equipment off-premises to remotely access, monitor, and manage pre-configured hardware through a third-party data center. A significant benefit to organizations who choose IaaS is the flexibility of paying based on consumption. Additionally, the third-party cloud infrastructure provider manages maintenance and upgrading of hardware like computers, servers, storage, networking, firewalls, and/or other services. Three examples of IaaS are Amazon Web Services (AWS) EC2, Microsoft Azure, and Rackspace.

Now you know what can be deployed to the cloud. Each of these options offers scalability and potential cost savings against traditional capital expenditures.

How Is There More Than One Cloud?

We have discussed the three standard cloud computing services. Next comes the process of assessing which architecture makes sense based on your industry and risk tolerance. As of the time of this post, there are four types of cloud computing architectures to choose from. Each deployment model has its purpose - part of your organization’s strategic planning process should involve determining whether one or more of the following architectures are suitable.

  • Private Cloud – Used by a single organization and its associated business units. It can exist on or off-premises and be managed by the organization, a third-party, or both. Organizations have the greatest control over the security and data location.
  • Public Cloud – Open to the public and exists on the cloud service providers premises. Organizations do not have control over the number of users sharing resources on a public cloud.
  • Community Cloud – Shared by multiple organizations with common concerns such as strategic goals, security, privacy, and compliance policy. Management of the community cloud can be the responsibility of the organizations or a third-party. Though the cost savings are more on a community cloud than on a private cloud, the costs are still distributed across fewer users than a public cloud.
  • Hybrid Cloud – Exists when two or more of the cloud infrastructures above are used by an organization. Depending on which cloud type is used, resources may be limited to one or more organization and maintenance may be left with the organization, a third-party, or a combination of the two.

Regardless of whether you choose a single cloud architecture or a hybrid of available options, strategic planning will be important if long-term cost savings is one of your business goals.

Cloud Security Considerations

While there are tremendous benefits to moving to the cloud, your organization is not relieved of all responsibility when it comes to securing information. Depending on your industry, there may be regulatory compliance requirements and general security best practices to keep in mind. Three considerations to plan around:

  • Reliability – Reasonable assurance that your provider can give you failure-free service should be high on the list of priorities. Additionally, the ability to independently assess whether expectations continue to be met is key.
  • Compliance – Ensure the cloud service provider runs in a way that keeps you compliant with all relevant regulations. There may be added requirements because of the operational changes, remain informed.
  • Information Security – Ensure the level of encryption in use is proper for the level of security your organization requires. You do not have to abandon your stricter standards when shifting to the cloud.

Requesting and reviewing System and Organization Controls (SOC) reports for all third-party service providers is one of the ways organizations of all sizes stay informed about a service organization’s controls over its system relevant to financials, security, availability, processing integrity, confidentiality, or privacy. Incorporating the SOC report review process into due diligence work is a recommended best practice. Often, there are controls in the report that the service provider considers the responsibility of the organization. Without an annual review, one could be left shouldering the impact of any security breach or service failure.

XaaS (Anything as a Service)

The scalability of cloud computing services is among the leading motivators behind the big leap for organizations large and small. In most cases, you pay only for what you use and have the flexibility to broaden or reduce your services with your business demands. It should be clear by now the disruptive impact of the XaaS (anything as a service) phenomenon we find ourselves in. Through strategic planning, an organization can significantly streamline operating costs by investing in one or more cloud computing services.

We have defined cloud computing, the three standard cloud services models, and four cloud computing architectures. In future posts we will delve deeper into each cloud services model and evaluate the advantages and disadvantages of deploying hardware or software to the cloud.

Stay tuned.

Sources:

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-146.pdf

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.500-322.pdf

https://azure.microsoft.com/en-us/overview/what-is-the-cloud/

https://www.aicpa.org/soc

COMMENTS

THIS POST WAS WRITTEN BY Brigitte Baucke

Brigitte serves as a cyber risk analyst at HORNE LLP where she specializes in IT risk related assurance services for the HORNE Cyber Assurance group. She provides analytic expertise regarding policy design and implementation as well as IT compliance. Brigitte also consults on information systems environment compliance and management for public and middle market clients.