‘The Cloud’ is yet another phrase that we could easily add to the myriad buzzwords surrounding the information age. We often hear terms such as ‘stored on the cloud’ or ‘access it on the cloud’ when referring to the storage and accessing of information, but how many of us actually stop to consider what this phrase really means? And, more importantly, what it represents?
As many organisations undertake a digital transformation, we likely have a working understanding of the term, and perhaps even use it in conversation, but it is important to understand the intricacies of this technology. This is key in fully considering the implications that cloud computing security represents.
In this article, we will conduct a deep dive into cloud computing, to give a clear definition to the term, and explore its history, benefits, and the security considerations that it represents for businesses.
The digital age is here to stay, and it is incumbent upon us all to remain relevant, or risk becoming obsolete.
According to Accenture, a leading technology consulting company, ‘cloud’ computing does not refer to any single technology or entity, but rather a ‘model of computing where servers, networks, storage, development tools, and even applications are enabled through the internet.’1
Many incorrectly refer to ‘the cloud’ as though it exists in one physical space, or as a single entity, but this is not the case. Instead, cloud computing is a model that enables organisations to embrace elasticity in their digital workspaces by using the internet to store and access information remotely. This is somewhat troubling, as if cloud computing does not exist in any one physical place, where exactly is our information being stored?
As the world becomes, simultaneously, increasingly dispersed and connected, the ability to utilise cloud computing architecture will inevitably grow in significance for the large majority of businesses around the world. Therefore, it is vital that we understand the different types of cloud computing architecture, and the ways in which they are nuanced.
There are three types of cloud computing: private, public, and hybrid:
A private cloud is when an organisation establishes its own cloud computing architecture, which is the sole property and responsibility of the organisation itself, and is generally housed on-site, or in a data centre belonging to the organisation.
A public, or community, cloud computing architecture is when a third party offers cloud computing to a number of organisations, and assumes responsibility for the maintenance and management of the system in return for payment.
A hybrid cloud meshes both private and public cloud computing architectures in order to maximise the benefits of each deployment model.
Each type of cloud computing architecture represents very different benefits and, importantly, risks and security considerations. We will explore these in detail later on. For now, let’s consider the history of cloud computing, to understand its origins as well as its reasons for being.
The origin of the term ‘cloud computing’ is widely disputed. Some draw its nascent principles from the ‘intergalactic computer network’ of the early 1960s, whilst others believe it began with Advanced Research Projects Agency Network (ARPANET), the predecessor to the internet, which began in 1966.2 The (now ubiquitous) cloud symbol harks back to ARPANET in 1977 and the CSNET in 1981.
The use of the term ‘cloud’ to refer to the distributed connection of devices, however, began with complex telephone networks in the early days of the internet. The term was first applied to computing in 1996 at Compaq, where it was used in an internal document to describe distributed computer networks. One year later, Professor Ramnath Chellappa gave a formal definition to cloud computing in the paper ‘Electronic Infrastructure for a Virtual University.’3
Therefore, whilst the concept has been established for a number of decades, use of the term ‘cloud’ in its modern form came around the turn of the millennium, in step with the dot com boom.
The following shows a timeline of the origin of cloud computing:
In order to consider the benefits of cloud computing, it is helpful to explore what the world of business looked like without it.
Prior to using cloud computing, technology was largely focussed on cumbersome boxes filled with metal and silicone. Home offices were adorned with large computers, which were essentially large boxes of metal and silicone. Large companies had entire rooms devoted to ‘data centres’, which once again were filled with - you guessed it - metal and silicone. These individual machines and data centres required huge amounts of maintenance, and relied on highly trained (and highly paid) IT professionals to connect them into a network so that these ‘centralised’ databases could be accessed. They crashed regularly, and required huge amounts of electricity to run. In other words, they were hugely inefficient.
To better illustrate this point, think of these individual data centres and computers as localised water sources - like a pond. This pond provides drinking water to your home office, or your company’s offices, and therefore might vary drastically in terms of size, based on the hydration needs of your organisation or home. These ponds are expensive to install, and require routine maintenance and specialist skills to ensure that they suit the needs of your organisation, and keep supplying clean drinking water.
Cloud computing eradicates these completely. Think of it as a connection to a centralised water tower or reservoir with a system of irrigation, where the volume of water on offer is infinite, and you pay-as-you-go based on your needs. Cloud computing allows you to connect to centralised data centres in a secure, remote location, in return for regular payments. Through the internet, cloud computing architecture allows you to connect servers, networks, storage, and development tools, no matter where you, your teams, or your employees are based.
The benefits of cloud computing, therefore, are significant. Not only do they provide an average cost saving of 15% across all of your organisation’s IT needs, but they also decrease the burden of maintenance, the risk and impact of crashes, and enhance the efficiency of the way that your organisation stores and accesses information.4
Cloud computing architecture also broadens the range of tools at your disposal. Many software providers rely on cloud computing in order to provide their services. In most cases, by storing information remotely, the speed of delivery, efficiency, and rate of innovation are all increased, which leads to a superior experience for customers. This is definitely the case at Sherpany, where secure cloud computing architecture is used to provide a seamless and intuitive user experience.
Now, all of this sounds great, but much like the merchants of the 17th Century who evolved from storing their gold at home, to using banks, can we really trust storing our data - which is arguably our most valuable asset - in a remote, centralised location? In the next section, we will explore the risks and data security considerations of cloud computing.
The transition from mainframe computers to client/server deployment models has fuelled significant concerns regarding information and communication security. Whilst trust is not a new topic in the context of business or, indeed, technology, when moving from localised data centres to a public cloud computing architecture, organisations are placing significant trust in a third party organisation to deliver on information and communication security. So what considerations need to be made when selecting a cloud computing architecture?
The truth is, cloud computing security depends on a range of different factors. As previously mentioned, when we refer to ‘cloud’ technology, we are not referring to any single entity or architecture, and therefore the specifics of cloud computing security vary wildly depending on the selected deployment model. According to research published by The University of the Aegean, this variance in cloud computing security is due to data governance being outsourced and delegated to third parties.5
In traditional architectures, trust is enforced by a robust security policy and access control, all of which gives clear perimeter security. The same is true in private cloud computing, where cloud computing is created for, and the responsibility of, an individual organisation. In public cloud computing architectures, however, the issue of security is obscured. For example, on a public cloud computing architecture, enforcing security is the responsibility of the architecture owner, rather than the organisation whose data it is storing. In this instance, companies are delegating security governance to a third party, and trusting their processes and technology. In the illustration we considered previously, the perimeter of an individual pond is far easier to guarantee than that of a reservoir, which supplies more than one organisation.
Therefore, it is vital that organisations conduct thorough rigorous due diligence with respect to cloud computing security when selecting a public cloud architecture. You should be very aware that your security is being mitigated to a third party, and is no longer under your protection or control. In some cases, using a Trusted Third Party (TTP) might be prudent, who can facilitate all transactions and guarantee the appropriate security protocols are in place. Particular attention should be paid to these security protocols. You should feel confident that your selected cloud computing architecture gives your information the same level of security as it would have under your own control.
As organisations revolutionise their working practices through digital transformation, and as the cloud computing market continues to mature, it is clear that these two narratives will be increasingly linked.
There are huge benefits here: Cloud computing architecture provides invaluable efficiencies in terms of speed, cost, and performance. Organisations, as they become increasingly distributed around the world, can access and collaborate on information in ways that the ARPANET developers would never have dreamed of in the 1960s.
However, as you adopt this technology it is vital that you consider the shifts in data security, recognising the control that is yielded as you trust others with our data. Breaches represent a significant risk, and therefore the importance of thorough due diligence in selecting software partners cannot be overstated.
At Sherpany, we run everything on the cloud. Our software is designed to meet the security and compliance requirements of mid-sized companies and enterprises. Our technology is ISO 27001 and ISAE 3000 certified, GDPR compliant, and is unaffected by the US CLOUD Act. We understand the benefits of leveraging this technology, and as a result, we practice what we preach when it comes to cloud computing.
Learn more about how Sherpany ensures full compliance and data security, protecting all of your corporate information.
1. Cloud Computing, Accenture, 2020.
2. A history of cloud computing, Computer Weekly, 2018.
3. Electronic Infrastructure for a Virtual University, R. Chellappa et al, ACM, 1997.
4. 25 Must-Know Cloud Computing Statistics in 2020, Hosting Tribunal, 2020.
5. Addressing cloud computing security issues, D. Zissis & D. Lekkas, University of the Aegean, 2010.