Get Your Head INTO the Cloud: What Is Cloud Computing?
By Derek A. Smith, CISSP, CAP, CEH, CNDA
Everyone from the government, to large corporations, to small businesses and university programs are talking about Cloud Computing these days, but just what is cloud computing anyway?
The National Institute of Standards and Technology, Information Technology Laboratory, an agency of the U.S. Department of Commerce, founded in 1901 as the nation's first federal physical science research laboratory, also known as NIST, is the government’s authority on all matters pertaining to security our nations systems. According to NIST, Cloud Computing “is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”
Basically, Cloud computing is a developing word that describes the development of many current technologies and computing methodologies into something new and different. Cloud computing divides application and information resources from the basic infrastructure, and the mechanisms used to distribute them.
For organizations adopting this methodology, cloud computing improves cooperation, agility, scaling, and availability, and by improved and efficient computing practices, provide the possibility of cost reduction for the organization.
More precisely, cloud defines the use of a collection of services, applications, information, and infrastructure containing pools of compute, network, information, and storage resources.
These mechanisms can be rapidly arranged, provisioned, implemented and decommissioned, and scaled up or down. This in turn provides for an on-demand utility-like model of allocation and consumption that is very beneficial to organizations.
From an information architecture viewpoint; there is much misunderstanding surrounding how cloud computing is both like and different from existing models of computing; and how these likenesses and differences impact the organizational, operational, and technological methods to network and information security practices.
The keys to understanding how cloud computing architecture influences security architecture are a common and concise lexicon, joined with a consistent arrangement of selections by which cloud services and architecture can be analyzed, plotted to a model of compensating security and operational controls, risk assessment and management frameworks, and in turn to compliance standards that can be adopted by organizations choosing to utilize all the cloud has to offer.
Derek A. Smith is IT Security Manager, Consultant and Associate at a large Fortune 500 company. He is an expert at Information, Cyber, and Physical security with 30 years’ experience in the security and law enforcement industry. To learn more visit Derek’s website at http://www.cybersecuritysamurai.com/ or his Squidoo page at http://www.squidoo.com/get-your-head-into-the-clouds-cloud-computing-security. You can also visit his blogs at http://cloudcomputingsecurity.cybersecuritysamurai.com/blog/ & http://cloudcomputingsecurity-derek.blogspot.com/.
