Businesses in the 21st century are experiencing globalization and economic pressures, and this has prompted business owners to look for information technology solutions that are more efficient, scalable and available. Business leaders have directed their interests to the costs of technology used in delivering these solutions since they affect business activities and overall performance. Cloud computing has been pointed out as an upcoming information technology that can meet the requirement of lower ownership cost, dynamic provisions, increased efficiency and higher returns on investment (Miller & Veiga, 2009). However, many IT professionals claim that cloud computing technology has many risks associated with privacy and confidentiality of using cloud. This paper will explore cloud computing characteristics, models used in offering services, benefits to businesses and risks associated with the technology.
Definition of Cloud Computing
Cloud computing is among the emerging information technologies, and its definition has not yet been agreed upon. According the Cloud Security Alliance and NIST cloud computing is a model that enables convenient, and on-demand access to computing resources such as applications, storage, servers and network services (Mell & Grance, 2009). These resources are provided and released with minimal service provider interaction or management efforts. Cloud computing has been likened to a utility, businesses pay for this service in the same way they pay for water, gas and electricity use; the services are paid on a consumption basis.
Characteristics of Cloud Computing
Cloud computing comes with essential characteristics required by businesses that are operating in more competitive environments, and these characteristics include on-demand service, whereby, providers render automatic computing capabilities, which include network and server storage. This means that customers are able to access the needed service without human interaction.
A cloud network has a broad network access; businesses that use this service can easily access the service using internet enabled devices such as laptops, smart phone, PDA and mobile devices (Mell & Grance, 2009). The services provided by the cloud computing providers have different models that are used to serve multiple customers; the models have different physical as well as virtual resources that are dynamically assigned according to demand.
Could computing is also characterized with location independence; in this case, the customer has no knowledge on location of the resources given by the provider and has no control over the resources as well. However, the customer can specify the level of abstraction in terms of data center, region or country. The resources delivered by the service provider include virtual machines, network bandwidth, memory, processing and storage. These resources are not only provided automatically, but also in unlimited quantities and at any time. The systems providing the resources are controlled automatically, and the resource use is optimized through leveraging of a metering capability, monitoring and controlling, ensuring of transparency for customers as well as the provider of the service (Mell & Grance, 2009).
Benefits of Cloud Computing Services
Businesses in the 21st century enjoy benefits that never existed before cloud computing, most business owners are attracted to cloud computing because of a promise to increase financial savings. According to survey carried out in 2009 by IT executives and CIOs in Asia, 41% of the participants in the survey were considering using cloud solutions in their businesses or are already using cloud solutions, which shows that more businesses believe that cloud computing can solve their IT problems. This service gives many businesses an opportunity to streamline their business processes and increase innovation; business owners experience an increase in productivity as well as a transformation in business processes through ways that were considered expensive before cloud computing (IDC, 2009). Organizations in this era concentrate more on their core business, and not on scalability of infrastructure; the organization's business peak demands to perform well can be easily solved using cloud computing. All the improvements in operation and performance are realized because of the following benefits offered by cloud computing.
a) Cost Containment
Could computing gives business enterprises the opportunity of scalability with less financial commitments for purchasing infrastructure and maintenance, and any organization that needs cloud computing services does not incur any capital expenditure, and services are available on demand. Organizations are also allowed to save by eliminating costs that come with wasted resources, such as unused server space, and experiment with new technologies without a large investment (Qian et al., 2009). Cloud computing also has different models, and organizations have the freedom to compare the costs of using different models, and choose the model they think reduces their costs. According to the research carried out in 2010 by Khajeh-Hosseini and others, changing data centers from organization infrastructure to cloud infrastructure saves close to 37% of a company’s cost over 5 years.
Most business enterprises that use cloud computing in the 21st century highlight that the service is provided and utilized within a day; the services are provided fast when compared to conventional information technology projects that took weeks or months before their actual utilization. Cloud computing reduces costs that are related to the delay in the provision of computing services.
Cloud computing service providers have a well established infrastructure and bandwidth that satisfies businesses’ high speed access, application and storage requirements. The service providers frequently have redundant paths; therefore, they do load balancing to ensure that service systems are not overloaded causing service delay (IDC, 2009). This means that businesses are assured that the service is not interrupted, especially at times when it is much needed; however, businesses are advised to take precautions in case of service interruptions.
The service providers have unconstraint capacity, which means that they have high flexibility and scalability for the ever changing IT needs. Organizations benefit from this feature because they do not worry of purchasing and changing to new applications and requirements; the changes are done by the cloud computing service providers, and are implemented on demand Qian et al. (2009). This also saves organizations from time wasted on implementation of the new services.
Most organizations using cloud computing services relocate their information management operations to cloud and focus their efforts on research and development, and innovation. This allows a business to grow in its products and business activities, and this might be more beneficial to an organization than financial advantages (Qian et al., 2009). Through product growth and development, an organization improves its public image and earns customer confidence, which leads to increase in sales and thus increasing profits.
Organizations in the 21st century require a service that is reliable, a service that will ensure that business information remains untouched, and activities are not completely paralyzed in the event of a disaster. Cloud computing providers have come up with solutions for disaster scenarios and for load balancing traffic, and in situations of a natural disaster or heavy traffic the service providers have resiliency and capacity to sustain their services through an unexpected event.
Potential Costs Savings
Organizations that have embraced cloud computing have managed to overcome the challenge of finding right employees for the jobs offered, this has mostly been realized by SMEs, which compete for potential employees with bigger companies, and do not have enough resources for recruiting employees. Most recruitment processes take time and effort; organizations have to advertise for positions, do screening and conduct interviews, all these processes are expensive for small businesses. With cloud computing, the recruitment process is made easier and affordable, this started with the launch of Zartis, a start-up that provides a cloud-based recruitment process, where employees are recruited online (Miller & Veiga, 2009). After recruiting, the program also stores information about employees in the cloud store; this means that the company that recruits using this process need only to retrieve information about the recruits and check on their answers to the interview question, and choose the qualified candidates.
Cloud computing also reduces costs related to the amount of carbon emission to the environment. The organization that uses service provider’s infrastructure reduces the fuel used by the organization; consequently, the organization reduces the amount of carbon emission to the environment (Miller & Veiga, 2009). This means that the organization will pay less for carbon emissions. Less carbon emissions do not only reduces organization costs, but also conserves the environment, which boosts the image of the organization as an organization that cares about the environment.
Organizations that use infrastructure installed by service providers save on the cost of buying and installation of the equipment, as well as its maintenance. Costs of having more employees for information management and an extra room for storing information are also reduced.
Models of Cloud Computing
- Service Models
a) Infrastructure as a Service Model
This is a service that provides network transfer capabilities, storage, processing, and other fundamental computing resources. Customers that use this model do not have the full control of the underlying hardware infrastructure; they are only given the ability to deploy as well as run arbitrary software; this includes using operating systems and applications. Capabilities are delivered either as a part of a server integrated collection or a single server in a private data center. According to Lin et al. (2009), this model is suitable for administrators and infrastructure providers, and Amazon Web Services is an example of a model in this category.
b) Platform as a Service
This model develops an environment for installing new applications on the cloud. In this case, customers are offered platforms as solution stacks and tools that are supported by the provider. Customers using this model have no control over the infrastructure but have limited control over installed applications. According to Lin and others (2009), the target group for this model includes internet application developers, and examples are Force.com application development platforms and Google App Engine.
c) Software as a Service
In this model, the customer is allowed to use applications provided on the cloud infrastructure of the provider. The applications are accessed using a client interface, for instance, a web browser is used to access applications such as Microsoft Word, Excel among others. The cloud infrastructure is not managed or controlled by the customer. This service model is divided into applications and application services, and according to Lin and other (2009), this service model suites IT and application users. Examples of SaaS service model include customer relationship management software of Salesforce.com and Google Docs office suite
- Deployment Models
a) Public Cloud
This is a traditional cloud computing model; it is available either to a large industry group or to the general public, and owned by cloud computing service providers. In this model, resources are provided from a third party provider‘s site, the third party provider shares the resources with a large industry or the general public (Qian et al., 2009).
b) Private Cloud
This is a model that is exclusively for an organization; it can be controlled by a third party or organization. This model might be situated on the premise or off the premise.
c) Hybrid Cloud
This model has a cloud infrastructure with more than one cloud with unique identities; however, the clouds are bound together by proprietary or standardized technology that ensures data and application portability (Qian et al., 2009). The providers in this model are multiple external and/or internal.
d) Community Cloud
Community cloud model has several organizations sharing a cloud infrastructure; it can be managed by the provider or organizations, and can be installed on the premise or off the premise.
Concerns with Cloud Computing
More business enterprises are continuing to embrace cloud computing, however, some are shying away from this new technology of computing. According to the research carried out by ISACA in 2010, most of the people shy away from cloud computing cite security concerns, and according to them there are more risks than benefits associated with cloud computing . In the 21st century, the business environment has become more dynamic, and more focus is on globalization, this means that many enterprises are outsourcing some of the business function.
When an organization chooses to involve a third party in through cloud computing, it uses the service provider’s services as well as technology. The business has to cope with the provider’s way of running the organization, organizational culture and policies, as well as the architectures put in place; therefore, the business owner’s first challenge is choosing a provider. Some of the factors considered are history, reputation and ability to provide sustainable services, however, ability to provide sustainable services is of more importance to ensure that services are available, and data is tracked (IDC, 2009). Therefore, many organizations do not value other factors when choosing a cloud computing service provider, and this might affect the future performance of an organization.
Once the cloud provider is allowed to offer computing services, it takes the organization’s responsibility of handling information, which is a critical part of the organization. If the chosen service provider does not offer services as per the agreed level, then the confidentiality of the business, and the availability of the service might be affected, and this might severely affect the business operations. Cloud computing is a service that is dynamic in nature, and sometimes it might create confusion, especially on the side of those using the service; the user might be confused on the information storage, and this might create delay in the retrieval of information (Kim et al., 2009).
One of the services offered by cloud computing providers is storage of information, and this might include the organization’s sensitive information. The third party access to such information might compromise the confidentiality of the organization’s sensitive information; this might create a threat to the intellectual property protection, and secrets of the trade. If this information is made available to the competitors of an organization, it can be used against the organization.
It is impossible to create private data networks for the organizations that choose to use public clouds unless they agree to pay for an extra cost; systems that are used in public clouds use systems that are highly available, and this might lead to commingling of the organization’s information assets with other customers of the cloud provider, which include the organization’s competitors (Kim et al., 2009).
Cloud computing comes with its laws and regulations, and this is according to the geographic regions; these can become challenging because there is little legal precedent on cloud computing liability. The customers have to incur an extra cost on legal advice before engaging in any contract with the cloud provider; this is to seek clarity on areas that the cloud provider is liable and responsible for ramification in case issue arise later.
The dynamic nature of cloud computing services makes businesses doubt the availability of the stored information, especially in the case of disaster (Kim et al., 2009). This means that cloud computing providers need to improve on their storage and application services to assure business owners of continuity and recovery of lost documents.
Concerns and risks presented by cloud computing services can be controlled by the business, and the cloud computing service providers for this technology to be the benefits that come with new technology to be fully enjoyed. The risks can be controlled through the following ways:
1) Changing Issues with Cloud Computing and Governance
Businesses that use cloud computing to provide its IT services should ensure that the cloud model they choose aligns with the business activities, the systems they are using are secure, and risk is minimized. This might be difficult when dealing with cloud service providers, therefore, the business should align their governance activities in order to cope with the cloud technology and the providers; these activities include defining roles and responsibilities, policy and standard development and goals of the organization (Khajeh-Hosseini et al., 2010). For instance, an organization should change its old ways of processing data and the way they develop and retrieve information, and adopt the new ways used by cloud computing providers. The organization should also realize that data security conditions are changed after adopting cloud computing services; therefore, information security policies should change to fit the security conditions presented by the cloud computing service providers.
2) Assurance for Cloud Computing
The service provided by cloud computing service providers are prone to changes, and this makes it difficult for the service providers to convince the customers on the quality of their services (Kim et al., 2009). The service providers should improve their assurance by providing infrastructure and software services that constitute the cloud. The service providers should ensure transparency by providing effective and strong security controls, assuring their customers that their information would not be accessed, destructed or changed by unauthorized people by placing controls that would prevent, detect and react to any attempt to access the information (Khajeh-Hosseini et al., 2010).
Privacy concerns are increasing among those using cloud computing services around the globe, and the service providers should prove that they are able to provide privacy of the information stored using cloud computing (Kim et al., 2009). Cloud providers should put in place privacy control measure to prevent and detect such cases in time, as well as reporting lines of communication; this should be affected before provision of services commences. The controls should be checked periodically for proper functioning.
The cloud computing providers should comply with litany laws and regulations, which demand that data should be kept in one place and it should be easily received. This will ensure that the information demanded by customers is easily retrieved from the cloud store without any delay. The issue of trans-border information flow should also be clarified. The physical location of data stored in a cloud is not always known; this might be an issue because country laws on personally identifiable information are different, and what is legal in one country might not be the same in another one (Mell & Grance, 2009). Providers should clarify this issue to their customers to clear their worries of breaking the country laws. Providers should also assure their customers by showing them that they are certified, therefore, they are doing the right thing; providers should endow the customers with an auditor report, which is essential in assurance programs.
Cloud computing is a technology that offers many benefits such as a reduction in cost of information management operations, infrastructure for computing services, among others; it also has different models that enable the user to choose according to the requirements, cost and benefits. However, it has been cited with risks associated to information security, and this has affected its use by business owners. There are different ways to reduce information risks, which include changing governance and aligning organizational policies on information security, roles and responsibilities, and goals to suite cloud computing services offered by the providers. Again, it should be understood, this technology is still new; therefore, it should not be quickly dismissed, and researchers should be given a chance to look for more efficient ways of reducing or eliminating the information security risk and other risks.