Implementing and Securing Cloud Storage

Cloud computing is defined as a type of computing that takes advantage of sharing computer resources as compared to having in-house servers or personal device applications. Cloud computing and cloud storage can provide users and enterprises with different capabilities to store and process their data through a 3rd party data centre. Cloud computing can also be described as a model for enabling network access to a shared group of configurable computing resources and it has fast become one of the most popular enterprise computing solutions.

Image credit:
Image credit:

This type of computing can be compared to grid computing, where the unused processing cycle of all computers in a network is harnessed to solve issues that are too intense for a stand-alone computer. It relies on sharing resources, coherence and affordability over a network. It can also be said that the foundation of cloud computing is the widely accepted concept of a converged infrastructure over shared services. Supporters of cloud computing state that the process allows companies to avoid most upfront expenditures and focus on projects. They also said that cloud computing allows enterprises to set up their applications faster with improved manageability and less maintenance. Cloud computing also allows for resource adjustments to meet the fluctuating and unpredictable business trends and consumer demands of today.

The present day availability of high-capacity networks, affordable computers, storage devices and the widespread use of service-oriented structures, hardware virtualisation and utility computing have contributed to the recent growth of cloud computing.

Third party service providers manage dedicated servers for businesses, giving them the ability to send and receive emails, operate word processing applications and complex data analysis programs. It can also provide a significant workload shift because local computers will be more focused on core employee applications instead of doing everything on a daily basis. To explain it simply, cloud computing is the means of saving, storing and accessing data and different programs over the Internet instead of using a computer’s native hard drive or in-house servers.

A Short History of Cloud Computing

It all started in the 50s with mainframe computing. Mainframe computing allowed multiple users to access a central computer. Buying and maintaining mainframe computers was costly, thus it was not practical for an organisation to buy one for each employee. It was also not typical for a user to need a large storage capacity and processing power. Providing shared access to a central source was the most economical and sensible solution.

During the 1970s, through virtualisation, it became possible to execute one or more OSs at the same time in an isolated environment. Complete virtual computers can be executed inside a physical hardware that can run a totally different OS. The VM system took the mainframe to another level because it enabled multiple distinct computing environments to be installed and stored into one physical environment. This virtualisation was the spark in the evolution of information and communication.

During the 1990s, many telecommunication companies started offering virtualised private network connections. Traditionally, telecommunication companies only provided single dedicated data connections. These virtualised private network connections had the same service quality as their dedicated service at a lower price. And instead of building and putting up physical infrastructures to allow more users to have their own connections, the Telco companies were able to give users shared access to the same physical infrastructure.

Why Use Cloud Computing?

There are several reasons why you should consider cloud computing for your own business. Although some see it as just a buzzword or a trend that will eventually bite the dust, cloud computing has proven that it makes a good impression among many businesses and industries around the world. Supporters of cloud believe that the technology is one of the more substantial transformative forces that has managed to make an impact on all areas of information technology. It also provides the basis for many mobile, Big Data and social solutions. The International Data Corporation has predicted that the number of new cloud-based solutions will triple over the next 4-5 years. Many industry-specific applications will be the driving force behind these changes as businesses continue to look for solutions that can easily be configured to their unique business requirements.

The IDC also found that:

  • Public cloud computing will reach about $70 billion within this year around the world with banking, manufacturing, process manufacturing, banking and others will account for 45% of the total spend for the cloud market.
  • The opportunities for cloud within the mentioned industries will come from the development of intelligent industry solutions which are created on top of the new platform that will include cloud, Big Data analytics, social and mobile.
  • Cloud service providers that provide long-term benefits will be the most successful.
  • The ease of buying cloud-based solutions has helped transfer buying power of IT to functional lines of business like operation, marketing and finance.
  • Regulations and security still remain the biggest hurdle for complete cloud adoption across many industries like financial services and government while the loss of control over some IT assets and the massive legacy systems are also factors which negatively influence a business when researching cloud solutions.

How Does Cloud Computing Work?

The goal of cloud computing is to apply high performance computing power that is normally used by research and military facilities to perform millions of computations per second in consumer-oriented applications like financial portfolios, delivery of personalised information, data storage for small to large enterprises and to power large and impressive online computer games.

The first element is the infrastructure where the cloud will be rolled out. The physical infrastructure will support the different types of cloud services like IaaS, SaaS, BPaaS and PaaS. The cloud computing environment also needs to provide the UI and tools for the users and service creators. This is the role of cloud service components and cloud service creators. In general, you log in to a portal on either a private or public cloud and you order your needed services through the Cloud Service Consumer. This type of service was created by your cloud service provider and can be a simple VM (or Virtual Machine) based on an image, several network components or an application service. This will depend on your cloud service provider as well as the type of resources and services needed by your organisation. The cloud service provider will then validate, through BSS, the request and if the validation is approved the service provider will provision the request through the operating system services. You will receive your credentials to gain access your requested services. You will normally receive a monthly invoice for your cloud usage.

Cloud Service Models

Cloud service providers offer their services depending on the needs of the user. There are three main models of cloud computing solutions:

1. Infrastructure-as-a-Service or IaaS

This model refers to the underlying hardware resources like storage, network and computing resources with some virtualisation technology in the loop. The development of IaaS has opened new opportunities for businesses in enhancing their IT management costs, which somehow put developers in a challenging position. These developers will be responsible for more of the operational work during the development and testing before cloud implementation. Developers have to create skills to provision, configure, manage and update hardware resources which they would not have done when working with a traditional model. IaaS service providers like Amazon Web Services provide a virtual server instance and storage, as well as an application program interface or APIs that let users migrate workloads to a virtual machine. Cloud providers normally bill IaaS services on a utility computing basis where the cost reflects the amount of resources allocated and used by the client.

2. Platform-as-a-Service or PaaS

In the PaaS models, the cloud service provider provides a computing platform which includes the operating system, programming language execution environment, database and the web server. In this type of environment, the cloud service provider is responsible for managing and provisioning the lower level infrastructure resources, managing the application development and platform deployment. PaaS provides the developers with the appropriate operating systems, database, middleware, managed services and software tools in a multitenant environment. The biggest added value of this service is that the developers are completely abstract from the lower level details of the environment, thus they can focus on their core duties and tasks and not worry about things like scalability, security and more. PaaS is usually used for general software development and many PaaS service providers will host the software after it is created. Popular PaaS services include Google App Engine,’s and Amazon Elastic Beanstalk.

3. Software-as-a-Service or SaaS

This model provides software applications over the Internet (often called web services). One good example is Microsoft Office 365 which offers productivity software and email services. In this model, users can gain access to application software and databases from any location using a computer or a mobile device as long as there is an Internet connection

In this service, the cloud service provider manages the infrastructure and platforms that run all applications. The service is priced on a pay-per-use through a subscription fee basis, (monthly or yearly flat fee per user), thus the prices become flexible if users are added or removed at any point. In this model, the cloud provider installs and operates application software in the cloud and the cloud users access the software from the cloud client. Because the users do not manage the cloud infrastructure, it removes the need to install and run the application on the user’s own computer. This simplifies the support and maintenance of the system. Supporters of SaaS have stated that it provides businesses the potential to cut down on IT operational costs by outsourcing hardware and software management, maintenance and support to the cloud service provider. This will enable the business organisation to reallocate the IT operational costs from software/hardware spending to other core processes in meeting the business goals.

Cloud computing can be categorised into 3 types:

  1. Private cloud services. Private services are delivered from a business’ data centre to the internal users or client users. This type of cloud service offers versatility and convenience while preserving security and management control. Internal customers may or may not be billed for services through an IT chargeback.
  2. Public cloud services. In this cloud service, a 3rd party service provider delivers the cloud service via the Internet. Public cloud services are billed on-demand, usually every minute or every hour. The customers only pay for the CPU cycle, storage or bandwidth they use. Some of the best examples of public cloud providers are Amazon Web Services, Google Computer Engine, Microsoft Azure and IBM/Softlayer.
  3. Hybrid cloud service. This is a combination of private and public cloud services with added automation. Companies can run mission-critical workloads in the private cloud while using the public cloud for spiked workloads that must scale on-demand. The goal of a hybrid cloud is to create an automated, scalable and unified environment which takes advantage of what the public cloud infrastructure has to offer while maintaining control over critical data.

Cloud Computing Implementation Requires Strategy            

It’s never too late for a business to consider getting into cloud services and taking advantage of the benefits. Before you implement cloud computing, many decisions must be made. Any questions should be laid out on the table which can be daunting at first. Questions like:

  • What hardware to use?
  • Which operating system is needed?
  • How much virtualisation is needed?
  • What kind of management software is required?
  • What services (including security, backup and restore and patching) will be provided?
  • Should labour services be added or kept as a one-of-a-kind option?
  • Should infrastructure be set up for general function or built for a specific function (like analytics, system development or desktop virtual workloads)?

One way of handling the challenges of cloud implementation is to break the effort into different activities. 3 key areas for a cloud computing roll out include analysis, planning and implementation. Each of the following are factors to consider:

1. Analysis

The analysis main focus should be the benefits and risks. The potential benefits include a pay-for-what-you-use pricing model, rapid provisioning and flexible scaling of computing resources. After listing the cloud benefits, list the potential impacts based on what you know about your business characteristics and the potential for cloud adoption. Knowing the potential risks is also important. These may include servers being open to possible attacks, flexibility loss due to standardisation and the uncertainty of market pricing. Knowing these factors is essential for a seamless cloud adoption.

2. Planning

The planning stage should focus on understanding alternatives, the technology scope and the business model. You can start with the alternatives by looking for the best options, check out private and public IaaS and PaaS options. What are your best technology scopes? Once you have understood the possible alternatives and the workload involved, you need to consider the scope of the technology you need to deploy. Choose the specific technology and services which will be closely linked to the platforms and infrastructure your business needs. Make the selection carefully because if you leave something out, it will surely delay your project. You have to remember that if something important is left out, it will be added later, which will delay the implementation and will add more cost at the end. You also have to take note of business model for your cloud implementation. It will include the cost of the model that includes pay-as-you-go for customers of the service, resource scaling, business expansion and the service level agreement like provision time and support availability.

3. Implementation

This last step involves many project management practices. You can start with developing a detailed implementation plan for the service based on your analysis and planning. After that, acquire the needed hardware and software and then perform installation and tests. You also need to test the new services that come with them like backup and recovery. If needed, revise the design, software, hardware and services. Take charge before the services run into production after the setup and testing, go live and report on the progress of the cloud implementation.

Key Considerations for Implementation

Cloud computing is a sound solution – it’s affordable, scalable and provides on-demand access, but moving to a cloud and making the cloud work for your business are two different things. Why? Because all cloud and cloud providers are not created equal. Choosing the right service provider, the right features and the right scenario is a hard job but one that can yield positive benefits when implemented correctly.

1. The Right Service Provider

There are so many cloud service providers out in the market today and many think that these providers are all the same. You have to remember that every service is unique, although they provide a common type of service. The feature set and the general approach by one provider may be different from another provider. CEOs and upper level management should itemise the features and functions that are critical to the business and make sure that the service provider will be able to support them.

Some cloud service providers may offer advanced security features, others may offer firewalls in front of every virtual machine. Some can be more flexible on how long data will remain in the virtual machine. Some cloud providers wipe out data every time a virtual machine is stopped. Other providers provide choices of data saving, putting the virtual machine into standby mode or completely deleting all the related data. There are other unique features that cloud providers may offer, but the most important thing is knowing what your business need and what is out there. This will help you ensure the cloud provider you choose will meet your business needs.

2. Price

Price will always be an important factor and comparing prices between different cloud providers may confuse you. The first thing you need to do is evaluate cloud providers based on the total price for a specific time period or a specific project. This may lead to huge miscalculations because each vendor has their own pricing for specific services. Your business should decide what kind of services and what quantities are required before seeking a provider. Once you have narrowed down a list of cloud providers, ask them to bid on a specific set of services. Take your time, ask the right questions and insist on comparing and soon, the right vendor will rise from the rest.

3. Lock-in and Future Migration

If you can, avoid any vendor lock-in to prevent any issues if you want to migrate elsewhere later on. Some providers offer very useful and unique features that provide value, but it can be very difficult to leave the service if you ever need to. Businesses should evaluate before implementing what steps are needed to make sure that users can extract themselves from the solutions provider easily.

4. Security

Another thing to consider as enterprises rely more and more on cloud-based services, is that it can be easy to lose track of which provider is providing a particular service. For example, a primary cloud service provider may be depending on other cloud services for specific services. This is pretty important when your business is targeting SaaS procurements. Generally, enterprises are only as secure as their weakest link. It means you need to ask the right questions beforehand about which organisations are getting access to data, what vendors are providing services to the primary cloud service provider and whether there are other data centres involved in data storage. Cloud security must be discussed early in the evaluation cycle and every level of the system architecture. It is essential to understand the service provider’s security and operational practices and how they align with your business security policies. Also potential consumers of these cloud services need to make sure that they maintain service level isolation with other cloud users as well as data confidentiality in transit, on the storage drive and through the use of strong encryption methods.

Image credit:

Critical Security Considerations for Implementation

Despite the many technological advances, there are still many reports of hacker attacks and security breaches on many public and private servers around the world. What really is surprising is that many current practices and technologies could have prevented these things from happening. Many of the affected enterprises fell into a very common trap referred to as “compliance=security mindset”. Many of these business organisations believe that if  a provider complies with industry regulations and standards, they are already secured. Unfortunately, this is not always the case. Although legal compliance is important, it really represents the least amount of effort. Even with the best efforts, getting 100% security is not guaranteed. If you want to get the best chance of avoiding any hassles that come with a major security breach, follow the best practices outlined below:

1. Visibility

Continuous visibility should be 100% all through the technology assets and services of the business. You cannot secure what you cannot see. It may seem pretty basic but given the on-demand nature of modern automated and virtual infrastructures, visibility can be a challenge. Once you understand what is going on with your infrastructure, data, applications and users, you will be able to understand how to enhance your defence and prevent or mitigate internal or external attacks.

2. Managing Exposure

This means taking transparency and visibility, plus context. After achieving transparency, business organisations should eliminate the obvious vulnerabilities that are known within the networks. Continuous monitoring plus strong security and vulnerability, configuration management technology and practices will surely mitigate exposure at this level.

3. Access Control

Many companies implement access control, but they often give more access than what is necessary. In some of the most recently reported security breaches, valid access control IDs were used to hack into systems that had nothing to do with the individual job within the organisation. Make sure you have the right privilege monitoring and access management in place.

4. Encryption and Data Protection

After you have established continuous visibility, strong access control and have worked on the known vulnerabilities, your next step is to encrypt all the sensitive data that you have. Check on the breaches that you have experienced as good examples and from there, you can see the kinds of data that needs high protection. It also means that you need to protect data in motion and data at rest and establishing technologies like data loss prevention to make sure that if your system is compromised, the sensitive data cannot be sent outside your network.

5. Compromise Management

Even if you have prepared and followed through with every security protocol that you have, something could still go wrong. Internal and external attacks will always be an issue. It’s not a matter of “if” but “when”.  For you to be completely prepared, you need to put the processes and technologies in place to react quickly and lessen the impact of any security breach. This means that you need to have the ability to understand that your system and your business have been compromised and what things you can do to limit the impact. You should have an action plan in place before breaches happen and then follow it once an attack has been detected.

Image credit:
Image credit:

Cloud computing provides many benefits, but it pays to evaluate your business situation carefully and decide if cloud computing is for you and what should remain in-house. Analyse and find the best vendor that will fit your business requirements and the one that will provide all requested services and keep the enterprise’s best interests.


Please enter your comment!
Please enter your name here