The Benefits of the Cloud
Assessing and mitigating the risk posed by application vulnerabilities deployed in the cloud
Jul. 7, 2010 05:45 AM
Cloud computing is immensely popular with companies and government agencies in search of revolutionary cost savings and operational flexibility. According to industry research firm IDC, cloud computing's growth trajectory is, at 27% CAGR, more than five times the growth rate of the traditional, on-premise IT delivery/consumption model. 
Cloud computing practitioners cite numerous benefits, but most often point to two fundamental benefits:
Other benefits of the cloud include collaboration, scaling and availability, but revolutionary cost savings and the almost "instant gratification" offered by the agility of the cloud will be the key contributors to adoption of the cloud.
What Is the Cloud?
The U.S. National Institute of Standards & Technology (NIST) defines four cloud deployment models:
NIST's definition of cloud computing not only defines how infrastructure is shared, but also outlines what will be shared. These service models shift the burden of security accordingly between provider and user:
Software-as-a-Service, or "SaaS," is the most mature of the cloud services. SaaS offers a "soup to nuts" environment for consumption of a common application on demand via a browser. Typically, the customer controls little or nothing to do with the application, or anything else for that matter, and is only allowed to configure user settings. Security is completely controlled by the vendor. Examples of providers include Salesforce.com, Workday, and Mint.com.
Platform-as-a-Service, or "PaaS", is an emerging cloud service model. The customer is able to develop applications and deploy onto the cloud infrastructure using programming languages and tools supported by the cloud service provider. They are not able to control the actual infrastructure - such as network, OS, servers or storage - the platform itself. Because the customer controls application hosting configurations as well as development, responsibility for software security shifts largely to their hands. Examples include Google App Engine and Amazon Web Services.
Infrastructure-as-a-Service, or "IaaS," is where even more of the infrastructure is exposed to multi-tenant users. The cloud service provider provisions processing, storage, networks and other fundamental computing resources. The customer is able to deploy and run arbitrary software, which can include operating systems and deployed applications. Software security in this deployment model is completely in the customer's hands, including such components as firewalls. Examples include Amazon Elastic Compute Cloud and Rackspace Cloud.
While SaaS gained popularity as an alternative to on-premise software licensing, the models that are driving much of the current interest in cloud computing are the PaaS and IaaS models. Enterprises are especially drawn to the alternative development infrastructure and data center strategies that PaaS and IaaS offer. At this point in time, smaller enterprises seem to have more traction with PaaS, enabling them to rapidly bring websites to market; whereas larger enterprises are more comfortable beginning their cloud deployments with an existing application moved to an IaaS cloud service.
How Do We Fully Realize the Benefits of the Cloud?
Recommended Approaches to Cloud Software Security
The key to achieving the benefits of the cloud and to putting the above recommendations into practice is Software Security Assurance, or "SSA." Recognized by leading authorities such as CERT and NIST, SSA is is a risk-managed approach to improving the inherent security of software, from the inside. There are three steps to a successful SSA program:
To realize the full benefits of cloud computing, organizations must assess and mitigate the risk posed by application vulnerabilities deployed in the cloud with equal vigor as those within their own data center. It is only then that they will be able to take full advantage of cloud computing to save cost and increase the efficiency of their business.
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week