Cloud computing is a promising technology where computational power is provided over internet as per users demand just like the supplies daily utilities of tap water, electricity and gas provided as pay per use. Here cloud computing and cloud compliance is discussed. An approach has been illustrated for managing compliance in cloud. market players and startups have been stated along with suggestions and key concerns.
2. What is “Cloud”
‘Cloud’ is a term borrowed from telephony
Cloud computing concept dates back to 1960, when John
McCarthy opined that ‘computation may someday be
organized as a public utility’.
Here ‘cloud’ is used as a metaphor for the Internet
Term cloud came into commercial use in the early 1990s
Used in context of large Asynchronous Transfer Mode (ATM)
networks
3. Cloud Computing
Taken as a change in a fundamental model of events
Details are abstracted from the users
Abstraction simplifies control and conceals complexity
Typically involves the provision of dynamically scalable
and often virtualized resources as a service over the
Internet
Cloud computing customers do not own the physical
infrastructure
Instead they avoid capital expenditure on hardware,
software and services, by renting usage from a third-party
provider
4. Cloud computing confusion
Cloud computing is usually confused with:
Grid Computing- a form of distributed computing
Autonomic Computing- packaging of computing resources,
such as computation and storage, as a metered service
Utility Computing- computer systems capable of self-
management.
5. Why Cloud Computing?
Cost reduction
Limitless storage and data safety
Low maintenance cost
Provisioning on-demand, with no more waiting
IT as disposable infrastructure and not a luxury
New levels of collaborations with no geographical or
corporate boundaries
6. Why Cloud Computing
For many of us it is a mature technology and can almost
run all applications
Features of easy accessibility anywhere at any time and
almost no burden of on-going operational expenses
Cloud environment covers services right from the core
infrastructure to software like email at an individual user
level.
By implementing cloud the organizations certainly gets
the benefit of reduced capital investment, faster
implementation cycle with net reduction in hardware-
software procurement and installation
7. Cloud computing interpretations
First academic definition provided by ‘Ramnath K.
Chellappa’ who called it ‘a computing paradigm where the
boundaries of computing will be determined by economic
rationale rather than technical limits’ in 1997.
8. A form of standardized IT-based capability — such as
Internet-based services, software, or IT infrastructure —
offered by a service provider that is accessible via
Internet protocols from any computer, is always
available and scales automatically to adjust to demand,
is either pay-per-use or advertising-based, has Web- or
programmatic-based control interfaces, and enables full
customer self-service.
A style of computing in which massively
scalable IT-enabled capabilities are
delivered “as a service” to multiple
customers using Internet technologies
Self-service provisioning
Shared resources/common versions
Offsite third-party provided
Access via the Internet
Standard usage-based pricing
Essential Characteristics
On-demand self-service Ubiquitous network access
Multi-tenant Elasticity
Pay-per-use
Cloud computing is a pay-per-use model for enabling available, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction.
9. Which industries does this apply to?
Product
Offerings
Security/
Regulatory
Requirements
Low
BitsAtoms
High
• Music/video
• Software/IT
• News/Information
• Financial services
• Telecom
• IT Services
• Dell/electronics
• Wal-Mart/retail
• Commodities
• Defense/aerospace
• Utilities, energy
• Pharma
Mostly disruptive
Potentially disruptiveLatent
Mostly Sustaining
10. Compliance Management
Compliance is about being in accordance to specifications,
guidelines or laws or in process of becoming
Compliance to regulation needs to keep security factors
tight inorder to avoid risk
Compliance management ensures that IT processes,
services and systems comply with organizations policies
and legal requirements
Non-conformance to the regulation might attract huge
penalties and in cases federal agencies can also revoke
the organizations licence to operate
11. The Approach
Organizations need to have a compliance management
policy implemented ahead of time
This policy should be one of the inputs for selecting the
cloud service provider (CSP)
Information security becomes crucial and should be
included in the compliance management policy (CMP)
The process flow and major steps of the approach for
managing the compliance has been represented in the
figure (An Approach for Managing Compliance in Cloud)
This approach is based on the Plan Do Check Act
principle.
12. The Approach
This approach has six phases: focus area layout plan,
implement, monitor, audit and feedback.
13. Focus Area
It covers applicable standards, regulations and even best
practices in Industry
Focus Area should be aligned with organizations strategic
plan, and should cover performance standards, privacy
and security aspects
Compliance requirements of business process, business
units and even employees of the organizations which are
exposed on the cloud
14. Layout Plan
Responsibilities of parties involved (i.e. service provider,
user, customer), the expectations, assumptions and also
the frequency of audits for defined focus area is charted
out
Emphasis here should be on drawing clear lines on the
responsibility and expectations with cloud provider
15. Implement, Monitor, Audit and
Feedback
Implement, Monitor, Audit and Feedback should be
followed as practiced in any standard quality management
principle
The feedback is essential to close the findings of audits
and observations while monitoring the processes
Feedback has to be sent to the layout planning stage as
well as the focus area to make the process robust, error-
free, and stable with scope for further improvement till
perfection
16. Conflicting Aspects
Organizations may adopt different models and approach,
however while designing a compliance management
framework or system special emphasis should be given to
the below mentioned conflicting aspects:
1. Data Collection Limitation and its usage
2. Retention and Destruction of data
3. Limitation of Private and Personal data usage and
transfer
4. Transfer of data with permission and protection
5. Accountability
17. Suggestions
CSP must include compliance as a part of the operational
process in order to ease global integration, avoid vendor
conflicts, support transparency between users and
providers, diverse regulations of countries, and to
efficiently handle risks thus resulting in competitive
advantage
With external parties involved to meet the compliance
there is a need to have the expectations set and assessed
In fact cloud compliance policy (CCP) should be one of the
inputs and considerations for the organizations for
selecting the cloud service provider, while signing an
agreement with the service provider
18. Key Concerns
Which cloud technology would best support the business
strategy of the organization?
Which compliance management process to adopt and
follow?
How much control should be abandoned for benefit and
change?
Which service to purchase for right performance, security,
reliability and customization?
Is it worth the risk and quality of service?
How will it affect the organizations management and
corporate policies?
Major CCM hurdle is data location during audit.
19. Key Concerns
Maintaining proper control over systems and data access
Security and confidentiality of non-public confidential
information
Application designing, security, disaster recovery
mechanism, issues handling and monitoring process are
important while choosing CSPs
20. Important Cloud Players
GOOGLE
MICROSOFT
AMAZON
CSC
HP-EDS
IBM
ORACLE
SUN
CISCO
DELL
21. Cloud Computing Startups to watch
VELOSTRATA
CoreOS
RAVELLO SYSTEMS
BRACKET COMPUTING
DIGITAL OCEAN
22. Future of Cloud Computing
Editors at InfoWorld make two predictions about the future
direction of cloud technology over the next 10 years:
pervasive cloud services standard for assembling business
solutions
cloud-based data with context for better understanding
data
Important points to look for:
Large companies may move to cloud platform
Data and cloud
23. Future of Cloud Computing
Important points to look for:
Easier hybrid cloud strategies
Productivity tools and proactive policies
New security standards to counteract data breech
More focus on Internet of Things (IoT)
24. Summarizing
Proper planning and migration services needed
Scaling up and down is easy
Security and monitoring achievable with planning and
analysis
Hybrid cloud platform easier
Enterprise cloud may become obsolete
Cloud Computing has provided a platform to other
businesses to leverage technology at a reasonable pricing.
25. Summarizing
Compliance management not only would come handy in
meeting the regulatory requirements but will also help
them in managing organizational risks
A well drafted compliance policy when implemented will
create an environment of self-accountability and minimize
risks thus enabling organizations to focus more towards
end products and services resulting in a satisfied customer
and improved business results.