now the next element of enterprise security that we want to talk about it. It's certainly the buzzword du jour is cloud computing.
Um, and the idea. Cloud computing comes from the way that the Internet has typically been drawn out and illustrations. Whenever you're talking about the Internet, it's usually represented as a cloud, just a kind of, um, illustrate the many details that are sort of obscured or distracted.
Uh, this idea of the cloud means a lot goes on underneath the surface, and we don't need to know about it.
We simply know, need to know that the Internet is a viable tool for VP and access hosting of resource is and so on.
Now, Cloud computing has been around for a long, long time, even if we haven't called it cloud computing. You know, 15 years ago, 10 years ago, if I needed a file and I wanted to access it at home or work or anywhere I was, I'd email it to myself. That's using cloud storage,
so the idea is just expanded.
Ah, and we have all of these different types of resource is from the cloud, and all we're doing essentially is handing this over to a service provider that's accessible from anywhere on the Internet, and it saves me cost it increases. Availability of resource is not without addition, not without risk
It is a means of risk transference because usually the cloud providers gonna provide us with a degree of assurance as far as the redundancy of our data and performance capabilities. But
remember, risk trans transference isn't really risk reduction, and it's certainly not risk elimination.
What we're essentially doing is putting our information, our infrastructure in the hands of someone out. So we want to make sure once again, I don't know if you remember when we talk about third party outsourcing, and we talked about how very important it is to have a right toe audit clause written into your contracts because
Cloud computing really isn't a lot of ways outsourcing.
I'm still liable for the protection of my information in my data.
All right, so when we talk about cloud computing, there are three main types of cloud computing that we would consider. We have software as a service. So capital s lower a lower A capital s. We have platform as a service p a s
and then infrastructure is a service,
and we might implement all of them, depending on the nature of our business and kind of one might build upon the other. But you could also implement them separately as well. So let's talk about software as a service.
So if we talk about software, um, you know, once again, let's look at something like Microsoft Office, for instance. So I've got 300 users and I'm gonna push out Microsoft Office toe all 300 users. Some clients may use, uh, that, uh, that application more than others.
There might be pieces of Microsoft office that folks in my company never touch.
Maybe nobody in my company does presentations. And what new need power point? Or, you know, access has traditionally come with office. Maybe we don't use that tool. So basically what we're doing is we're playing paying a set rate per defiant as it's been defined by Microsoft,
and it's sort of a one size fits all solutions,
a solution, and again, is security updates or release for that product. I've got to test them. I've gotta prove them. I've gotta push them out. I've got to make sure that my clients have the hardware that's required to run this software. So those limitations that we talked about
come into play again. So when we talk about software as a service, one of the things that Microsoft offers now is office 3 65 and you've probably heard about that. So essentially you're connecting into a host O. R to a server that's hosting office 3 65
and you pay on a per use fee.
So that kind of accounts for times of heavy usage and times of very low usage. Ah, once again, we have storage in the cloud. So we create these word Excel documents, whatever they might be, and we have a location to store them in the cloud so that those documents are accessible from anywhere within the organization.
We get the capability of having
then clients paying per use. Ah, the users don't have to worry about upgrades. Neither do we. His network ad men's that's all taken care off this idea. No one too many environment means one copy of the software on the server from the cloud provider, and
users within my organization can access it as needed. So I'm turning over the management of that software. The upgrading off that program of that software generally. Ah, we've got configuration so that we can access that software across many different platforms.
So now I don't need different versions for Apple
or for Android operating systems or for Microsoft or for any of those ideas, so you can certainly see the benefit off. Ah, cloud offering of software is a service. Ideally, it would save me with costs, and it makes things universally acceptable, accessible
now the next step platform As a service, this is geared towards software development companies, companies that build their own applications. Ah, their own proprietary APs that build things in house sometimes perhaps to make accessible unit to make available to the public. So
if we have a team of developers
and their business is to create software applications, well, there are a lot of tools that are necessary necessary to create and develop a software application.
Also, we've got to think about integration. Maybe this software app is going to be a front, an application for our back in customer database,
so we would have to provide that integration. We've got to consider multiple platforms once again, we've got to think about the tools that would be necessary. We've got to find some way to share this code so that multiple developers can work using the same tools on the same code at the same time.
Well, that's a solution. Where platform is a service would work.
So if you're familiar with Google APS, for instance, it provides the platform for software development. Ah, that again, you get a built in set of tools that capabilities for testing for development. You get integration. You have,
uh, tools. That air in Web service is based on common standards.
Again, the idea is we have to do a minimum to our internal structure, and we're taking advantage of what a cloud service provider already has in place and we're using. Their resource is from our local systems. That's what the clouds all about.
We connect to the Internet and take advantage of systems that are already in place.
Another alternative is infrastructure as a service, so let's go beyond just software. Let's go beyond just software development. Let's talk about hosting service is across the Internet. Whether their Web service is, uh or other internal network service is you know, Security Service's. Perhaps
you know, in an internal environment is I'm hosting the service is I have to think about scale, ability, you know? And if my company has a has a a quick growth spurt, I'd have to spend a lot of money upgrading the hardware. I may not have that money up front. You know, one of the things a lot of times
is companies have to be ableto leverage new business opportunities
without having the cash in hand to do so. So rather than me having to go out and purchase new equipment for Web service is or other mechanisms that I might host, I can take advantage of. Infrastructure is a service and getting Google and many of the other providers offer this.
Often we have multiple users accessing a single server
variable costs. That's a big thing dynamic scaling. We can grow, we can shrink. We can grow and and shrink. Ah, lot of this cloud pricing. The idea is it's based on a per use structure, so we're paying Maur if we use more, will pay less if we use less
Now there are security considerations. We have to think about, especially if we're in an industry that's guided by federal regulations. You know, for instance, if we're healthcare provider HIPPA, if we're in the federal government, we often have many legal standards and requirements for
systems that can house confidential or private information.
We've got to think about when we're storing things up on the cloud again, we have the potential for added risks. We've gotta look at the privacy that they provide, and in many instances, that's where we talk about a private cloud. You know, Public Cloud means I'm going to Ah, cloud provider
provider like Google is a service.
We could have a private cloud under our manor ship management in our ownership
that still allows access to resource is from across the Internet. But we have direct control of the security functions. So a lot of times in the government, when they talk about the cloud, it's more of a private cloud than it is a public cloud. We can do the same things in house and have more direct control over the security. So not
always does cloud service is, does that always imply that I'm going to a provider
most the time When we talk about that, that's what we're doing. But we can house in house clouds because we have to think about often what happens certainly with storing data in the clouds. Thes cloud service providers, least hard drive space, too many different clients. They may give us our own virtual machine, but that virtual machine resides on a hard drive with other clients.
You know, we've already talked about the idea of Ian Escape
and how it's not impossible to jump from one V. M to the next. How if, um,
evidence needed to be seized? Maybe one of the other organizations that they host at a four eyes involved in some sort of illegal activity the FBI comes in and sees is the hard drive. Well, I've got a virtual machine on there. Don't have a real physical machine. So there goes my dad and my infrastructure.
I need to find out things like how often is the data backed up?
Would sort of disaster recovery plan, business continuity plan do they have in place? Remember, I'm every bit as responsible for the protection of that data as I waas, regardless, cloud or no cloud public or private doesn't matter.
So cloud computing is certainly on the horizon. It really gets back to the idea, then clients management at a central location. And because we're outsourcing that to a provider kind of is taken out of our hands. We don't eliminate risk, though Sometimes we increase risk.
So we want to be very careful with the cloud service is we provide. We want to make sure we have a well written contract that we audit that contract and, of course, that we choose a reputable, reputable provider and make sure that any decisions we make still keep us within legal compliance. The cloud is just another means of risk transference.
It's a perfectly viable option, given particular circumstances.
There are no one size fit, all solutions.