Cloud Computing Security and its Leading Companies
Certainly many companies remain concerned about the security of cloud services, although breaches of security are rare. How secure you consider cloud computing to be will largely depend on how secure your existing systems are. In-house systems managed by a team with many other things to worry about are likely to be more leaky than systems monitored by a cloud provider’s engineers dedicated to protecting that infrastructure.
However, concerns do remain about security, especially for companies moving their data between many cloud services, which has leading to growth in cloud security tools, which monitor data moving to and from the cloud and between cloud platforms. These tools can identify fraudulent use of data in the cloud, unauthorised downloads, and malware. There is a financial and performance impact however: these tools can reduce the return on investment of the cloud by five to 10 percent, and impact performance by five to 15 percent. The country of origin of cloud services is also worrying some organisations
What is public cloud?
Public cloud is the classic cloud computing model, where users can access a large pool of computing power over the internet (whether that is IaaS, PaaS, or SaaS). One of the significant benefits here is the ability to rapidly scale a service. The cloud computing suppliers have vast amounts of computing power, which they share out between a large number of customers — the ‘multi-tenant’ architecture. Their huge scale means they have enough spare capacity that they can easily cope if any particular customer needs more resources, which is why it is often used for less-sensitive applications that demand a varying amount of resources.
What is private cloud?
Private cloud allows organizations to benefit from the some of the advantages of public cloud — but without the concerns about relinquishing control over data and services, because it is tucked away behind the corporate firewall. Companies can control exactly where their data is being held and can build the infrastructure in a way they want – largely for IaaS or PaaS projects – to give developers access to a pool of computing power that scales on-demand without putting security at risk. However, that additional security comes at a cost, as few companies will have the scale of AWS, Microsoft or Google, which means they will not be able to create the same economies of scale. Still, for companies that require additional security, private cloud may be a useful stepping stone, helping them to understand cloud services or rebuild internal applications for the cloud, before shifting them into the public cloud
What is hybrid cloud?
Hybrid cloud is perhaps where everyone is in reality: a bit of this, a bit of that. Some data in the public cloud, some projects in private cloud, multiple vendors and different levels of cloud usage. According to research by TechRepublic, the main reasons for choosing hybrid cloud include disaster recovery planning and the desire to avoid hardware costs when expanding their existing data center.
Cloud computing migration costs
For start-ups who plan to run all their systems in the cloud getting started is pretty simple. But the majority of companies it is not so simple: with existing applications and data they need to work out which systems are best left running as they, and which to start moving them to cloud infrastructure. This is a potentially risky and expensive move, and migrating to the cloud could cost companies more if they underestimate the scale of such projects.
A survey of 500 businesses that were early cloud adopters found that the need to rewrite applications to optimise them for the cloud was one of the biggest costs, especially if the apps were complex or customised. A third of those surveyed said cited high fees for passing data between systems as a challenge in moving their mission-critical applications.
The report by Forrester also found that the skills required for migration are both difficult and expensive to find – and that even when organisations could find the right people they risked them being stolen away by cloud computing vendors with deep pockets. One third of those surveyed said their software database license costs drastically increased if they moved applications.
Beyond this the majority also remained worried about the performance of critical apps and one in three cited this as a reason for not moving some critical applications.
Is geography irrelevant when it comes to cloud computing?
Actually it turns out that is where the cloud really does matter; indeed geopolitics is forcing significant changes on cloud computing user and vendors. Firstly, there is the issue of latency: if the application is coming from a data center on the other side of the planet, or on the other side of a congested network, then you may find it sluggish compared to a local connection. That’s the latency problem.
Secondly, there is the issue of data sovereignty. Many companies — particularly in Europe — have to worry about where their data is being processed and stored. European companies are worried that, for example, if their customer data is being stored in data centers in the US or (owned by US companies) it could be accessed by US law enforcement. As a result the big cloud vendors have been building out a regional data center network so that organizations can keep their data in their own region.
In Germany, Microsoft has gone one step further, offering its Azure cloud services from two data centers, which have been set up to make it much harder for US authorities — and others — to demand access to the customer data stored there. The customer data in the data centers is under the control of an independent German company which acts as a “data trustee”, and Microsoft cannot access data at the sites without the permission of customers or the data trustee. Expect to see cloud vendors opening more data centers around the world to cater to customers with requirements to keep data in specific locations.
And regulation of cloud computing varies widely elsewhere across the world: for example AWS recently sold a chunk of its cloud infrastructure in China to its local partner because of China’s strict tech regulations. Since then AWS has opened a second China (Ningxia) Region, operated by Ningxia Western Cloud Data Technology.
Cloud security is another issue; the UK government’s cyber security agency has warned that government agencies need to consider the country of origin when it comes to adding cloud services into their supply chains. While it was warning about antivirus software in particular, the issue is the same for other types of services too.
Consultants Accenture have warned that ‘digital fragmentation‘ is the result as different countries enact legislation to protect privacy and improve cyber security. While the aims of the laws is laudable, the impact is to raise costs for businesses. Three quarters of the 400 CIOs and CTOs surveyed expect to exit a geographic market, delay their market-entry plans or abandon market-entry plans in the next three years as a result of increased barriers to globalization.
More than half of the business leaders surveyed believe that the increasing barriers to globalization will compromise their ability to: use or provide cloud-based services (cited by 54 percent of respondents, versus 14 percent that disagree); use or provide data and analytics services across national markets (54 percent versus 15 percent); and operate effectively across different national IT standards (58 percent versus 18 percent).
Over half said these increasing barriers will force their companies to rethink their: global IT architectures (cited by 60 per cent) physical IT location strategy (52 per cent); cybersecurity strategy and capabilities (51 per cent); relationship with local and global IT suppliers (50 per cent); and geographic strategy for IT talent (50 per cent).
Cloud computing and power usage
Those data centers are also sucking up a huge amount of power: for example Microsoft recently struck a deal with GE to buy all of the output from its new 37-megawatt wind farm in Ireland for the next 15 years in order to power its cloud data centers. Ireland said it now expects data centers to account for 15 percent of total energy demand by 2026, up from less than two percent back in 2015.
Which are the big cloud computing companies?
When it comes to IaaS and PaaS there are really only a few giant cloud providers. Leading the way is Amazon Web Services, and then the following pack of Microsoft’s Azure, Google, IBM, and Alibaba. While the following pack might be growing fast, their combined revenues are still less than those of AWS, according to data from the Synergy Research Group.
Analysts 451 Research said that for many companies the strategy will be to use AWS and one other cloud provider, a policy they describe as AWS + 1. These big players will dominate the delivery of cloud services: Gartner said two thirds of the spending on cloud computing services will go through the top 10 public cloud providers through to 2021.
It’s also worth noting that while all these companies are selling cloud services, they have different strengths and priorities. AWS is particularly strong in IaaS and PaaS, but has designs on moving up towards databases. Microsoft in contrast has a particular emphasis on Saaa thanks to Office 365 and its other software largely aimed at end user productivity, but is also trying to rapidly grow its IaaS and Paas offering through Azure.
Google (which also offers office productivity tools) is somewhere between the two. IBM and Oracle’s cloud businesses are also made up of a combination of Saas and more infrastructure based offerings.
There are vast numbers of companies who have are offering applications through the cloud using a SaaS model. Salesforce is probably the best known of these.