Home » Story
You have been granted access to this page through First Click Free. Subsequent use of TabbFORUM will require logging in. If you don't have an account, registration is free.

Videos

  • Rail_thumb_adam_honore_david_etue-finqloud-safenet-cloud_security_in_financial_services

    Debunking the Cloud Security Myth

    The idea that the cloud is not secure is a misperception, says David Etue, SafeNet. While the cost and agility gains that come with moving to the cloud also come with a loss of some...
     
  • Rail_thumb_steve_phillips-nasdaq_omx-latam

    Latin America's Quest for Liquidity

    Brazil no longer is the only game in town when it comes to trading in Latin America. According to Steve Phillips, senior managing director, Latin America and Caribbean, NASDAQ OMX...
     
  • Rail_thumb_adam_will_screen_shot

    What Will Nasdaq Do With eSpeed?

    Following several failed cross-border exchange mergers, Nasdaq’s acquisition of the electronic fixed income trading platform eSpeed provides the exchange with a way to diversify...
     
 

More Video | Podcasts

Advertisement
Original_original_300x250_12493_0
Original_eu-13284_300x250-banner_2
Original_equityjune_300x250
Missing
Marvin Sauer

Lightspeed Data Solutions, Inc.

More From
Marvin Sauer

Related

The Technology Buying Process: What’s Really Happening Behind Closed Doors?

Reviving Change-the-Bank Innovation Video

Certified Security in the Cloud

SAP takes step into cloud computing sector

Spotlight-blackInnovations in Trading and Technology (more stories)

02 February 2011

To the Cloud!?!

Sauer breaks down the cloud into its various parts and says firms worried about security should not lose sleep over it.

Many companies have turned to the cloud for a wide variety of reasons such as ease of deployment, flexibility and decreased dependency on internal IT staff. Some simply want to keep up with the competition and don’t want to be left behind.

On the other side of the fence, a large number of companies are not moving to the cloud, with the primary reason being fear or concern for security. While security should be a top concern, as it pertains to the cloud, these concerns have been exaggerated by some, particularly for the small- to medium-sized business.

First, let’s define what the cloud actually is. The National Institute of Standards and Technology has presented the most clear and comprehensive definition of cloud computing. The institute says there are five key features of cloud computing: on-demand self-service, ubiquitous network access, location-independent resource pooling, rapid elasticity and measured service.

  • On-demand self-service – users can quickly get additional computing resources without human interaction from the provider. For example, if you are using the cloud for email then you can add email users without talking with the provider.
  • Ubiquitous network access – resources can be accessed over the network by a wide variety of computing devices such as laptops, smartphones, tablets, etc. This means that you don’t need a particular or specific computer to access your files.
  • Location-independent resource pooling – the provider’s computing resources are grouped to allow them to serve multiple clients without input, knowledge or control of the user. This allows the provider to reassign resources based on user demand and those computing resources could be located in multiple data centers.
  • Rapid elasticity – resources and/or services can be increased or decreased quickly to meet the user’s changing needs. Some of these additional resources can be deployed automatically
  • Measured service – users are charged based on usage. This allows both the provider and the client’s IT staff to monitor usage.

This translates into providing a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (networks, servers, storage, applications and services). We will assume that these services are delivered over the public network where security would be more of a concern.

Cloud computing can take the form of Infrastructure-as-a-Service (relying on remote data storage networks), Platform-as-a-Service (using a suite of applications, programming languages and user tools), or Software-as-a-Service (running specific applications through a cloud).

  • IaaS – examples of this are Rackspace, Amazon and IBM where they offer servers, storage and network connectivity. 
  • PaaS – examples of this are Google and Force.com where they provide the development environment so the company does not have to maintain the hardware or upgrade the software.
  • SaaS – This is the most popular cloud computing services offering with email being the most common use. Saleforce.com is one example and other applications are moving to this delivery model as well.

While each of these service offerings have various levels of security – and many articles have been written about security breaches – you shouldn’t be as concerned as the hype would lead you to believe:

  1. The companies deploying cloud services have far greater skills in security solutions than most small- to medium-sized companies. If you choose the right provider, they have teams of people dedicated to security and a variety of options for protecting your data, application and overall environment. Most small- to medium-sized businesses cannot afford to maintain a dedicated staff that stays up-to-date with technology and security challenges.
  2. Cloud service providers are also able to leverage the most advanced hardware, software and data center technology since they are serving so many clients through their single investment. Companies cannot afford to make the same level of capital investment in technology.
  3. Most small- to medium-sized business do not store the kinds of sensitive data that hackers are going after. Again, if you do then you would need to deploy some security measures internally or potentially not take this data to the cloud.
  4. One of the biggest risks for security is social engineering, which is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. An example of this is someone who gets a fake identification to get into an organization and then convinces an employee to let him or her into the data center because of a task that upper management has asked him or her to do. Statistics show internal security breaches run anywhere from 30 to 35 percent of total security incidents. Most of those are accidental, which can be attributed to social engineering techniques. Since this relies on getting someone to compromise a network’s security, it is not effective in a cloud environment where the network is controlled and accessed by the cloud vendor’s staff and not the company’s staff.

Cloud computing is the most talked about technology trend and likely the most misunderstood. In its simplest form, the cloud allows a company to deploy software, server, and storage technologies by leveraging a provider’s technology investment. There are a variety of options to consider for outsourcing parts of or your entire internal IT infrastructure. These range from network (IaaS), to hardware/operating software (PaaS), to complete software suites (SaaS).

If you’re uncomfortable moving to the cloud, consider that these providers have highly skilled security personnel and large investments in technology infrastructure. In addition, most small- to medium-sized businesses do not have the kind of sensitive data that is attractive to hackers. Finally, the number one method of security breaches is related to social engineering, which is reduced substantially since the data center is at a location controlled by the provider.

Cloud computing is projected to be a $150 billion industry by 2014. With more and more companies moving to some form of cloud services in the near future, there are several steps you can take to ensure a smooth transition:

  • Understand cloud computing and your options
  • Know the costs and the ROI – review all costs over a three- to five-year time horizon
  • Develop a holistic strategy – include things such as migration, communications, long term implications and integration with business strategies
  • Ask questions and learn from others – ask the providers and their references
  • Address security and other concerns but don’t go overboard – there are many security service offerings available but some of these are unnecessary depending on your environment
  • Thoroughly research potential providers/due diligence – as with any purchased service, “buyer beware” still applies
  • Monitor performance and availability of data – don’t hand over the keys to your entire technology environment without keeping tabs on performance
  • Make sure your infrastructure will support a cloud – before you leap to the Cloud you need to make sure your internal environment is ready

Marvin Sauer is the President of Lightspeed Data Solutions, a leading software development firm focused on providing greater value for clients by improving execution of operations and data management. More at: www.lightspeeddatasolutions.com 

Spotlight-white-trans For more stories in the Innovations in Trading and Technology Spotlight Series click here.

Add a Comment

You must log in to comment.