Cloud Computing Goes beyond Virtualisation
Opportunities and risks associated with cloud computing for small and medium-sized enterprises
SMEs are faced with the challenge of making computing more secure and more effective without access to the resources or experts needed. This is where cloud computing presents itself as a cost-effective alternative to local IT infrastructures. The various advantages and disadvantages of cloud computing must be taken into consideration. Recent studies have shown that compliance with data protection laws and high security standards are possible with cloud computing. We will discuss important parts of the SLA (service level agreement) and how they can be monitored. The article will cover technical and organisational issues which will have to be addressed by the ICT industry in the upcoming years in order to meet the market requirements.
The economic crisis has made competing in the global marketplace more difficult. Being able to adapt quickly to changing market conditions has become vital for businesses, which is why IT must provide optimal support for business processes. IT systems are designed to not only assist with operational business processes such as order management, warehousing, and production control, but also with support processes like accounting and human resources planning. Each one opens up possibilities for using the various deployment models of cloud computing, such as private cloud, public cloud, and community cloud. Each cloud architecture type has its own special characteristics which, if used to their full potential, can create a true win-win situation for operators and users.
At the same time, cloud computing is a modern business model for marketing IT services. These services come in various forms: IaaS, PaaS, DaaS, SECaaS, SaaS, and XaaS. Virtualisation technology makes pay-as-you-go financing and on-demand use possible and makes the whole system more flexible and effective.
Cloud computing customers expect an „all-round package“ which meets, at the very least, the following demands: no need for administration or dedicated personnel, safety and availability in line with legal and operating requirements, low costs, high-quality software, quick response to any issues, ability to respond to changes in customer needs, and comprehensive support and consulting. On top of all these benefits, users expect to pay only for services they actually use.
On the other hand, virtualisation makes cost calculation and accounting of services more difficult for the operator and requires additional safety measures in order to allow the service provider to offer this “all-round package” to the client. The following factors also apply to operators: high hardware utilization efficiency, energy savings, high availability, routine tasks are automated, resources can be flexibly distributed, easy maintenance and migration, easy introduction and testing of new applications, automatic billing and metering of service usage, error management and use of sandboxes for better security.
Operators face the challenge of making sure the cloud computing system is running smoothly and that all usage is registered. Moreover, security must be guaranteed for the cloud itself as well as for cloud users’ data. This means an extensive back-up system, effective data management, and hardware/software development are needed. Network providers must make sure sufficient bandwidth is in place and QoS parameters such as jitter and bit error rate are kept at an acceptable level.
The tasks that computer specialists are charged with are so diverse that the small teams employed in SMEs (two to three people) are not able to cover all the bases, which include security, networks, software, databases, operating systems, backup systems, etc. This leads to loss in availability, efficiency, and security.
Moreover, the law sets high standards (data protection, tax laws, etc.) for IT systems and their operators. But even an IT support team of only two to three employees may exceed SME budgets.
This is where cloud computing business models come in to provide a sound solution for SMEs. Care should be taken in selecting a cloud provider: The German Federal Office for Information Security has passed a new ordinance on certification for data processing centres. The latter have usually been providing IT services for years and have expanded their range of services to include cloud computing business models. These providers have well-trained staff and an extensive IT infrastructure. They protect their computing operations and the data with appropriate security measures and carry out audits regularly. Owning the aforementioned certification is useful for strengthening market acceptance.
• no administration
• no need for extra staff training
• SLA security
• SLA availability
• pay-per-use principle
• SLA data security
• dependence on the operator / service provider
• lack of standards (makes changing providers difficult)
• data is transferred over an insecure network
• billing must be double-checked
• no standard contracts
Contracts with cloud providers include provisions stipulating which services are to be provided and which security regulations apply. Users only pay for services they have used. For SMEs, the benefits certainly outweigh the drawbacks, see the table above.
The SLAs define the services provided and the appropriate level of availability and minimum resources guaranteed. They should also include stipulations on the proceedings in case of a violation by the provider (service unavailable). As these are still very new business models, the SLAs are negotiated differently for each case. Loopholes are only discovered once disputes arise and can disrupt the win-win relationship. This is why BITKOM has created a guideline for cloud computing and a checklist for drawing up SLAs, which deals with the following aspects:
1. regulations for data protection, information security, and compliance
2. specific customer needs
3. contract types (applicability of domestic or foreign laws)
4. service description (main point of the contract)
5. Service Level Agreements
6. usage rights for software in the cloud
7. provisions on subcontractors
8. Change Request Procedure and governance regulations
9. payment for cloud computing services
10. client control options
11. regulations on termination of services
Since many cloud providers offer standard software for SaaS, users are less dependent on providers with this system than with IaaS. The increasing use of VoIP and cloud computing mean that demands on carrier networks will continue to grow.