Westchester Not-for-Profit Technology Council
Home About Us Resources Case Studies Join Contact Us
Software Purchasing
Hardware Purchasing
Technology Planning
Professional Development
Funding Opportunities
Helpful Web Sites
Web Design
PC Training
Resources

CLOUD COMPUTING

DEFINING THE CLOUDS

The National Institute of Standards and Technology (NIST) defines cloud computing as "a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."

NIST defines cloud deployment models as follows:

  • Private cloud - operated solely for an organization. May be managed by the organization or a third party and may exist on- or off-premise.
  • Community cloud - an infrastructure shared by several organizations, supporting a specific community with shared concerns (e.g. mission, security requirements, policy). May be managed by the organizations or a third party and may exist on- or off-premise.
  • Public cloud - made available to the general public or a large industry group and is owned by an organization selling cloud services.
  • Hybrid cloud - a composition of two or more clouds (private, community, or public) that remain unique but are bound by standardized or proprietary technology that enables data and application portability, such as cloud bursting for load-balancing between clouds.

CLASSIFYING CLOUDS

Categorized into service models, cloud computing service models are defined by NIST as follows:

  • Software as a Service (SaaS) - the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage or even individual applications, with the exception of limited user-specific application configuration settings.
  • Platform as a Service (PaaS) - the capability provided is the ability to deploy onto the cloud infrastructure consumer-created or acquired applications developed using programming languages and tools supported by the provided. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage but has control over the deployed applications and possibly application hosting environment configurations.
  • Infrastructure as a Service (IaaS) - the capability provided is to provision processing, storage, networks and other fundamental computing resources. The consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications and possibly limited control of select networking components, such as host firewalls.

CLOUD MIGRATION ADVICE FROM NIST

NIST recently issued draft guidance on cloud computing, including the first set of guidelines for managing security and privacy in the cloud. Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) provides an overview of the security and privacy challenges for public cloud computing and presents recommendations that organizations should consider when outsourcing data, applications and infrastructure to a public cloud environment. The key guidelines recommended to federal departments and agencies, and applicable to the private sector, include:

  • Carefully plan the security and privacy aspects of cloud computing
  • Understand the public cloud computing environment offered by the cloud provider and ensure that a cloud computing solution satisfies organizational security and privacy requirements.
  • Ensure that the client-side computing environment meets organization security and privacy requirements for cloud computing.
  • Maintain accountability over the privacy and security of data and applications implemented and deployed in public cloud computing environments.

COMPARING CLOUD OPTIONS

Whether to select a public, private or hosted cloud computing environment is a multifaceted decision. One convenient contracting option is a 'hosted managed service'(HMS) designed for organizations that don't want the expense of building an internal private cloud but are wary of the openness of public cloud solutions. HMS private clouds allow costumers greater control than hosted public cloud services. When compared to internal private options, HMS private clouds deliver the benefits of infrastructure cost avoidance and place no additional management burden on internet IT staff. Ultimately, however, when application, infrastructure and security controls are not negotiable, using an internally controlled private cloud is less risky than any other private cloud alternatives.

When it comes to cloud infrastructure hosting there are many options to choose from including traditional service providers, hosting companies and outsourcers, Web 2.0 enterprises and boutique suppliers. First examine the business plan of any potential cloud services provider. It also makes sense to consider the experience of the management team and the depth of expertise throughout the ranks.

Also, the organization must determine whether the cloud hosting provider maintains its own cloud infrastructure end-to-end, or collaborates with other outsourcers on its infrastructure. Currently, many cloud hosting companies supplement their infrastructures. This makes it necessary for an organization to learn more about all partners involved.

NEEDS ASSESSMEMT

Answer the following questions Yes or No:

  • Are your servers approaching maximum capacity?
  • Can you afford new capital investments?
  • Does your application(s) is/are widely accessible?
  • Do you have frequent or sudden spikes of application demand?
  • Are new skills and capabilities required to support future hosting and storage requirements?
  • Do you run applications that require minimum or no integration with other applications?
  • Do you have data that is free from high security, privacy or regulatory requirements?

If you answered Yes to 6 or 7 questions, you are a strong candidate for cloud computing. If you answered Yes to 3 or 5 questions, carefully consider factors that limit cloud computing benefits. If you answered Yes to 1 or 2 questions, you will receive limited cloud computing implementation benefits.

TEN KEY CLOUD PROVIDER QUESTIONS

To help organizations in their decision process, here are ten specific questions to ask public cloud providers:

  1. Does the service provider help with application integration? How so?
  2. How much, if any, customization is allowed to the applications delivered via the cloud?
  3. Where will the organization's data reside? (If not by specific data center, a public cloud service provider should at least be able to provide geographic information.)
  4. Who will perform the migration in and out of the cloud?
  5. What kind of dashboard access is offered and can it be customized by user profile?
  6. What sort of service level agreemeans (SLAs) are provided?
  7. What are the disaster recovery processes and how will replication of data be done?
  8. What kind of help desk services are offered?
  9. What if the organization decides that the cloud model doesn't work? Does the provider offer traditional hosting services? How would the transition from one model to the other take place?
  10. Does the provider have customer references to share?