Tag Archives: PaaS

PaaS Next Cloud Battleground

Leave a reply

Frost & Sullivan, an IT analysis and consulting firm, predicts that the platform as a service market will be the next area of keen competition for cloud innovators, as the infrastructure- and software-as-a-service spaces have been commoditized.

The platform-as-a-service space will be the next battleground for cloud service providers, as the infrastructure-as-a-service and software-as-a-service markets face commoditization, according to a study by Frost & Sullivan.

Frost & Sullivan’s new “Asia-Pacific Platform as a Service Market 2011” report shows that in that region the PaaS market is attracting considerable interest from businesses due to the flexibility it brings to application development and SaaS.

As most software available from the cloud is standardized, enterprises are looking to leverage PaaS offerings as it will be the only stack where a service provider can create differentiation.

Frost & Sullivan said the Asia-Pacific PaaS market had revenues of $43.2 million in 2010 and will reach $523 million in 2016. Frost & Sullivan provides consulting and services to companies poised for growth.

“The growing developer community, with an increasing number of small/part-time developers, is also creating a strong opportunity for the market,” said Frost & Sullivan industry analyst Mayank Kapoor, in a statement. “PaaS provides them access to a scalable IT infrastructure and the tools required to develop and test their applications, on a pay-as-you-go basis.”

The high level of flexibility and the ability to reduce costs while developing, testing and deploying new applications is creating a strong case for greater adoption of PaaS, the Frost & Sullivan report said.

Although enterprises have begun to recognize the benefits and need for cloud computing, PaaS is still only a fledgling concept. Its lack of regulation and standardization has restrained adoption among enterprises in the highly regulated sectors, Frost and Sullivan said.

Moreover, the differences in the choice of platforms, such as Java, Ruby, or others – represented by CloudBees, Heroku and a growing list of players — are hindering porting applications and data between PaaS vendors and to on-premise, the report said.

Therefore, openness and integration with other platforms and mobile devices will be important in the future. Constant technical innovations will ensure that the PaaS market evolves and sheds its embryonic tag, Frost & Sullivan said in a press release on the report.

Meanwhile, Frost & Sullivan predicts that the PaaS market will continue to attract new players as it matures. The influx of competitors can also be attributed to enterprises’ demand for local data center presence of cloud service providers, the company said. For instance, today, an increasing number of companies are demanding that IT teams serve as internal service providers.

“There is increasing pressure amongst both internal IT teams and third-party service providers to streamline operations through automation and intelligent management,” said Kapoor. “Cloud can be one of the frontline options to meet this demand and eventually, will bode well for PaaS.”

Author: Darryl K. Taft
Source

PaaS To See Strong Growth

1 Reply

Platform as a service (PaaS) is a core layer of the cloud computing architecture, and its evolution will affect the future of most users and vendors in enterprise software markets, according to Gartner.

“With large and growing vendor investment in PaaS, the market is on the cusp of several years of strategic growth, leading to innovation and likely breakthroughs in technology and business use of all of cloud computing,” said Yefim Natis, vice president and distinguished analyst at Gartner. “Users and vendors of enterprise IT software solutions that are not yet engaged with PaaS must begin building expertise in PaaS or face tough challenges from competitors in the coming years.”

PaaS is a common reference to the layer of cloud technology architecture that contains all application infrastructure services, which are also known as “middleware” in other contexts. PaaS is the middle layer of the end-to-end software stack in the cloud. It is the technology that intermediates between the underlying system infrastructure (operating systems, networks, virtualisation, storage, etc.) and overlaying application software. The technology services that are part of a full-scope comprehensive PaaS include functionality of application containers (servers), application development tools, database management systems, integration middleware, portal products, business process management suites and others — all offered as a service.

Gartner analysts said 2011 was a pivotal year for the PaaS market. As Gartner predicted last year in the report “PaaS Road Map: A Continent Emerging”, the broad vendor adoption in 2011 amounted to a sound industry endorsement of PaaS as an alternative to the traditional middleware deployment models.

In 2012, the PaaS market is at its early stage of growth and does not yet have well-established leaders, best use or business practices or dedicated standards. The adoption of PaaS offerings is still associated with some degree of uncertainty and risk.

“However, PaaS products are likely to evolve into a major component of the overall cloud computing market, just as the middleware products — including application servers, database management systems (DBMSs), integration middleware and portal platforms — are the core foundation of the traditional software industry,” Mr Natis said. “The tension between the short-term risk and the long-term strategic imperative of PaaS will define the key developments in the PaaS market during the next two to three years.”

Some of the newly announced PaaS offerings will reach general availability late in 2012, and by the end of 2013, all major software vendors will have competitive production offerings in the PaaS market. By 2016, competition among the PaaS vendors will produce new programming models, new standards and new software market leaders. However, until then, users will continue to experience architectural changes to technologies, business models and vendor alignments in the PaaS market.

As vendors continue to invest in PaaS services, and the major software vendors look to deliver comprehensive PaaS service portfolios, activity in all segments of PaaS will accelerate and the fast pace of growth and change in the PaaS market will create confusion, making user adoption decisions more difficult.

“While there are clear risks associated with the use of services in the new and largely immature PaaS market, the risk of avoiding the PaaS market is equally high,” said Mr Natis. “The right strategy for most mainstream IT organisations and software vendors is to begin building familiarity with the new cloud computing opportunities by adopting some PaaS services now, albeit with the understanding of their limitations and with the expectation of ongoing change in the market offerings and use patterns.”

Source

Pros And Cons Of The Cloud

Leave a reply

When you talk to a bona fide Cloud supplier they talk in the straight-forward, clear and non-technical way about the business benefits of Cloud computing. However, in the same way that two hundred jumbo jets landing safely at Heathrow is not news but one jumbo jet crashing is news, Cloud makes the headlines when it fails and for those who over-complicate it.

Cloud computing provides organisations with an alternative way of obtaining IT services and offers many benefits including increased flexibility as well as cost reduction. However many organisations are reluctant to adopt the Cloud because of concerns over information security and a loss of control over the way IT service is delivered. These fears have been exacerbated by recent events reported in the press including outages by Amazon and the three-day loss of Blackberry services from RIM. So what approach can an organisation take to ensure that the benefits of the Cloud outweigh the risks?

Before we de-mystify Cloud computing let’s define it.

Different people interpret cloud computing differently so let’s settle on the National Institute of Standards and Technology(NIST SP800-145) definition as the best one: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of:

* Five essential characteristics (on demand self service, broad network access, resource pooling, rapid elasticity, measured service),
* Three service models (IaaS, PaaS, SaaS), and
* Four deployment models (public, private, hybrid, community).”
* Measured service (cloud systems automatically control and optimize resource use by leveraging a metering capability. Resource usage can be monitored, controlled, and reported to provide transparency).

What makes Cloud computing so compelling to those who use it?

• Confidentiality— Cloud computing solutions provide powerful authentication and authorisation layers. Ironically, since these solutions are used by lots of different organisations the cloud solutions are more secure. The applications which are developed by a company on top of the infrastructure or platform remain the responsibility of the company.
• Privacy- Cloud computing solutions provide good protection for sensitive information
• Integrity—Cloud computing solutions provide similar protection of integer data.
• Availability—Cloud computing suppliers produce the infrastructure and bandwidth to give companies real high speed access, storage and applications. All organisations should still ensure that they have made arrangements for outages. Cloud computing even allows more reliable backup and recovery.
• Resiliency—Cloud providers have disaster recovery equipment to ensure that you will survive untouched by any type of negative event.
• Compliance—Every company has to comply with a huge range of laws, regulations and standards. If data is demanded by the authorities, cloud computing service providers can provide this without compromising any other information.
• Licensing—Cloud computing allows companies to only use those licenses needed at a specific point in time removing any concerns about using illegal software.
• Reliability—Cloud computing provides solutions where people are.
• Transparency—Cloud computing service providers can demonstrate the existence of effective and robust security controls, assuring companies their information is properly secured against unauthorised access, change and destruction.
• Monitoring—Measurable and transparent monitoring is provided by default by solution providers to companies.
• Integration—Cloud computing solutions provide the missing links to integrate with existing internal solutions.
• Network centric—Cloud computing solutions are, by default, offered via the network.
• Certification—Cloud computing service providers can provide proper assurance that they are doing the “right” things. Independent assurance from third-party audits and/or service auditor reports is a vital part of any service provider assurance program.

What added-value?

Cloud computing offers organisations the ability to scale without large financial commitments upfront for infrastructure acquisition and maintenance. Capital expenditure with cloud computing is much lower since services and storage are available on demand and are priced as a pay-as-you-go service. Capital expenditure is largely replaced with operational expenditure. Savings on unused server space and licenses also allow companies to contain costs.

Cloud provides on-demand convenience which is a core added value for many companies since they can unilaterally provision computing capabilities as needed automatically without requiring human interaction with cloud services providers. Cloud services offer both increased flexibility and scalability for the evolving IT needs of companies, allowing for traffic spikes and reducing the time to implement new services whilst increasing innovation.

Companies can also focus on their core business, rather than be concerned about solving peak business demands for performance. One of the major added value impacts of cloud computing is that the business is back in control over its solutions. Business departments can find their own solutions online and decide themselves if they go ahead or not without the intervention of others.

Cloud services allow organisations to better use existing infrastructures and increase productivity and transform business processes using methods that were prohibitively expensive before the cloud. Cloud computing allows business departments to detach their IT needs from their infrastructure and allows data to be stored in a centralised easily accessible manner which the user finds easier. Of course, virtualisation has made it impossible to physically pinpoint the exact physical disc where data is stored.

Instead of extensive discussions, analysis and lots of people involved in developing and testing applications and data solutions, business units are able to activate and use practical solutions in days. This has a fundamental impact on the agility of a business and the reduction of costs associated with time delays. One of the cornerstones of cloud computing is that it can automatically control and optimise resource use by leveraging a metering capability appropriate to the type of service. Resource usage can be monitored, controlled, and reported providing transparency for both the provider and company of the used service.

Another added value of cloud computing is less energy usage and using existing energy at the cloud computing service provider, which might have different locations and choose where energy is cheapest to buy. Re-allocating IT operational activities to cloud computing offers companies the opportunity to focus on innovation and research and development. This allows for growth.

The key premise of the cloud is that by outsourcing portions of information management and IT operations, enterprise workers will be free to improve processes, increase productivity and innovate while the cloud provider handles operational activity smarter, faster and cheaper. Assuming this to be the case, significant changes to the existing business processes will likely be required to take advantage of the opportunities that cloud services offer.

When moving to the Cloud it is important that the business requirements for the move are understood and that the Cloud service is selected meets these needs. Taking a good governance approach, such as COBIT1, is the key to safely embracing the Cloud and the benefits that it provides without fear and with many advantages as I hope I have demonstrated.

Author: Constantine Galonis
Source

SaaS, PaaS, and IaaS: A Security Checklist for Cloud Models

2 Replies

How does security apply to Cloud Computing? In this article, we address this question by listing the five top security challenges for Cloud Computing, and examine some of the solutions to ensure secure Cloud Computing.

Organizations and enterprises are increasingly considering Cloud Computing to save money and to increase efficiency. However, while the benefits of Cloud Computing are clear, most organizations continue to be concerned about the associated security implications. Due to the shared nature of the Cloud where one organization’s applications may be sharing the same metal and databases as another firm, Chief Security Officers (CSOs) must recognize they do not have full control of these resources and consequently must question the inherent security of the Cloud. However, it is important to note that Cloud Computing is not fundamentally insecure; it just needs to be managed and accessed in a secure way.

All Cloud Models Are Not the Same

Although the term Cloud Computing is widely used, it is important to note that all Cloud Models are not the same. As such, it is critical that organizations don’t apply a broad brush one-size fits all approach to security across all models. Cloud Models can be segmented into Software as a Service (Saas), Platform as a service (PaaS) and Integration as a Service (IaaS). When an organization is considering Cloud security it should consider both the differences and similarities between these three segments of Cloud Models:

SaaS: this particular model is focused on managing access to applications. For example, policy controls may dictate that a sales person can only download particular information from sales CRM applications. For example, they are only permitted to download certain leads, within certain geographies or during local office working hours. In effect, the security officer needs to focus on establishing controls regarding users’ access to applications.

PaaS: the primary focus of this model is on protecting data. This is especially important in the case of storage as a service. An important element to consider within PaaS is the ability to plan against the possibility of an outage from a Cloud provider. The security operation needs to consider providing for the ability to load balance across providers to ensure fail over of services in the event of an outage. Another key consideration should be the ability to encrypt the data whilst stored on a third-party platform and to be aware of the regulatory issues that may apply to data availability in different geographies.

IaaS: within this model the focus is on managing virtual machines. The CSOs priority is to overlay a governance framework to enable the organization to put controls in place regarding how virtual machines are created and spun down thus avoiding uncontrolled access and potential costly wastage.

The following check-list of Cloud Security Challenges provides a guide for Chief Security Officers who are considering using any or all of the Cloud models.

For CSOs focused on PaaS

Challenge #1: Protect private information before sending it to the Cloud

There are already many existing laws and policies in place which disallow the sending of private data onto third-party systems. A Cloud Service Provider is another example of a third-party system, and organizations must apply the same rules in this case. It’s already clear that organizations are concerned at the prospect of private data going to the Cloud. The Cloud Service Providers themselves recommend that if private data is sent onto their systems, it must be encrypted, removed, or redacted. The question then arises “How can the private data be automatically encrypted, removed, or redacted before sending it up to the Cloud Service Provider”. It is known that encryption, in particular, is a CPU-intensive process which threatens to add significant latency to the process.

Any solution implemented should broker the connection to the Cloud Service and automatically encrypt any information an organization doesn’t want to share via a third party. For example, this could include private or sensitive employee or customer data such as home addresses or social security numbers, or patient data in a medical context. CSOs should look to provide for on-the-fly data protection by detecting private or sensitive data within the message being sent up to the Cloud Service Provider, and encrypting it such that only the originating organization can decrypt it later. Depending on the policy, the private data could also be removed or redacted from the originating data, but then re-inserted when the data is requested back from the Cloud Service Provider.

For CSOs Focused on SaaS

Challenge #2: Don’t replicate your organization in the Cloud

Large organizations using Cloud services face a dilemma. If they potentially have thousands of employees using Cloud services, must they create thousands of mirrored users on the Cloud platform? The ability to circumvent this requirement by providing single sign-on between on-premises systems and Cloud negates this requirement.

Users with multiple passwords are also a potential security threat and a drain on IT Help Desk resources. The risks and costs associated with multiple passwords are particularly relevant for any large organization making its first foray into Cloud Computing and leveraging applications or SaaS. For example, if an organization has 10,000 employees, it is very costly to have the IT department assign new passwords to access Cloud Services for each individual user. For example, when the user forgets their password for the SaaS service, and resets it, they now have an extra password to take care of.

By leveraging single sign-on capabilities an organization can enable a user to access both the user’s desktops and any Cloud Services via a single password. In addition to preventing security issues, there are significant costs savings to this approach. For example, single sign-on users are less likely to lose passwords reducing the assistance required by IT helpdesks. Single sign-on is also helpful for the provisioning and de-provisioning of passwords. [Editor's note: Also read Role management software--how to make it work for you.] If a new user joins or leaves the organization there is only a single password to activate or deactivate vs. having multiple passwords to deal with. In a nutshell, the danger of not having a single sign-on for the Cloud is increased exposure to security risks and the potential for increased IT Help Desk costs, as well the danger of dangling accounts after users leave the organizations, which are open to rogue usage.

For CSOs focused on PaaS

Challenge #3: Keep an Audit Trail

Usage of Cloud Services is on a paid-for basis, which means that the finance department will want to keep a record of how the service is being used. The Cloud Service Providers themselves provide this information, but in the case of a dispute it is important to have an independent audit trail. Audit trails provide valuable information about how an organization’s employees are interacting with specific Cloud services, legitimately or otherwise!

The end-user organization could consider a Cloud Service Broker (CSB) solution as a means to create an independent audit trail of its cloud service consumption. Once armed with his/her own records of cloud service activity the CSO can confidently address any concerns over billing or to verify employee activity. A CSB should provide reporting tools to allow organizations to actively monitor how services are being used. There are multiple reasons why an organisation may want a record of Cloud activity, which leads us to discuss the issue of Governance.

For CSOs focused on IaaS

Challenge #4: Governance: Protect yourself from rogue cloud usage and redundant Cloud providers

The classic use case for Governance in Cloud Computing is when an organization wants to prevent rogue employees from mis-using a service. For example, the organization may want to ensure that a user working in sales can only access specific leads and does not have access to other restricted areas. Another example is that an organization may wish to control how many virtual machines can be spun up by employees, and, indeed, that those same machines are spun down later when they are no longer needed. So-called “rogue” Cloud usage must also be detected, so that an employee setting up their own accounts for using a Cloud service is detected and brought under an appropriate governance umbrella.

Whilst Cloud Service providers offer varying degrees of cloud service monitoring, an organization should consider implementing its own Cloud service governance framework. The need for this independent control is of particular benefit when an organization is using multiple SaaS providers, i.e. HR services, ERP and CRM systems. However, in such a scenario the CSO and Chief Technology Officer (CTO) also need to be aware that different Cloud Providers have different methods of accessing information. They also have different security models on top of that.

Some use REST, some use SOAP and so on. For security, some use certificates, some use API keys, which we’ll examine in the next section. Some simply use basic HTTP authentication. The problem that needs to be solved is that these cloud service providers all present themselves very differently. So, in order to use multiple Cloud Providers, organizations have to overcome the fact they are all different at a technical level.

Again, that points to the solution provided by a Cloud Broker, which brokers the different connections and essentially smoothes over the differences between them. This means organizations can use various services together. In situations where there is something relatively commoditized like storage as a service, they can be used interchangeably. This solves the issue of what to do if a Cloud Provider becomes unreliable or goes down and means the organization can spread the usage across different providers. In fact, organizations should not have to get into the technical weeds of being able to understand or mitigate between different interfaces. They should be able to move up a level where they are using the Cloud for the benefits of saving money.

For CSOs focused on SaaS, PaaS and IaaS

Challenge #5: Protect your API Keys

Many Cloud services are accessed using simple REST Web Services interfaces. These are commonly called “APIs”, since they are similar in concept to the more heavyweight C++ or Java APIs used by programmers, though they are much easier to leverage from a Web page or from a mobile phone, hence their increasing ubiquity. “API Keys” are used to access these services. These are similar in some ways to passwords. They allow organizations to access the Cloud Provider. For example, if an organization is using a SaaS offering, it will often be provided with an API Keys. The protection of these keys is very important.

Consider the example of Google Apps. If an organization wishes to enable single sign-on to their Google Apps (so that their users can access their email without having to log in a second time) then this access is via API Keys. If these keys were to be stolen, then an attacker would have access to the email of every person in that organization.

The casual use and sharing of API keys is an accident waiting to happen. Protection of API Keys can be performed by encrypting them when they are stored on the file system, or by storing them within a Hardware Security Module (HSM).

Conclusion: Homemade or Off-the-shelf?

When implementing a security framework to address these challenges, the CSO is faced with a buy vs. build option. They could engage developers to put together open source components to build Cloud Service Broker-like functionality from scratch. This approach creates the runtime components of a broker, such as routing to a particular Cloud Service Provider. However, other components of the solution, such as reporting and an audit trail, may not be present. An off-the-shelf Cloud Service Broker product will provide these extra features as standard and should also provide support for all the relevant WS-Security standards at a minimum.

As the Cloud Security Alliance notes in its Security Guidance White Paper. “Cloud Computing isn’t necessarily more or less secure than your current environment. As with any new technology, it creates new risks and new opportunities. In some cases moving to the cloud provides an opportunity to re-architect older applications and infrastructure to meet or exceed modern security requirements. At other times the risk of moving sensitive data and applications to an emerging infrastructure might exceed your tolerance.” I hope this article provides sufficient data points to guide readers on their journey.

Source

New Buzzword, Old Legal Issues

Leave a reply

As an observer of the information technology and Internet industries for several decades, I watch with great amusement as new buzzwords surface for old IT concepts.

I was rewarded not too long ago, when the term “cloud computing” appeared on the scene. The technology concept behind cloud computing has been around for more than 50 years, and the legal issues are equally old. Those concerns remain unchanged, despite the new buzzwords.

Dartmouth Time-Sharing – 1964

Connecting to computers remotely (think connecting to a mainframe over telephone lines) has been around since at least 1964, but the current marketing buzz about cloud computing might make you think it’s something new. It’s just not true.

“Cloud computing” is merely the newest label for the 1964 remote computing service originally called “time-sharing” at Dartmouth College. Dartmouth “time-sharing” used General Electric (NYSE: GE) 235 computers (and dumb terminals — teletype 33/34) over telephone lines. Since 1964, the same idea of using remote computing as “time-sharing” has been given a number of labels:

Application Service Provider (ASP)
Software as a Service (SaaS)
Platform as a Service” (PaaS)

At a recent conference, I attended a panel discussion about cloud legal issues; however, not once did the panel ever refer to any of these prior names. In fact, the panel members acted as if the technology and legal issues raised by cloud computing were something new.
How the Big Internet Players Address Cloud Legal Issues

The major cloud providers include IBM, Microsoft, Amazon, Google and Salesforce.com. Their Terms of Service (ToS) are generally standardized for single and small users — however, major customers can and do negotiate their arrangements.

Small users have no choice. They have to agree to terms that are likely confusing without a lawyer’s help. For example, the standard legal terms of Amazon Elastic Computer Cloud (Amazon EC2) include seven different links:

AWS Acceptable Use Policy
AWS Customer Agreement
AWS Service Terms
AWS Tax Help
AWS Trademark Guidelines
Privacy Policy
Terms of Use

What Legal Terms Are Most Important?

If your company is using the cloud to store or access business data, and if you have the clout to negotiate, there are a few key issues you should address:

How will you get your data when you are no longer happy using your cloud service provider?

Inevitably, each cloud customer will stop using its cloud provider at some point for some reason. When that happens, options are limited to 1) moving the processing back in-house and off the cloud; or 2) moving to another cloud provider. Cloud customers’ lawyers need to negotiate with their cloud providers to clearly define closure, including the data format and the cost for migration of the data to another location. Failure to address this could result in an expensive and painful migration, or a business decision to be stuck without the practical ability to change, similar to the days when changing cell carriers required losing your cellphone number, making customers reluctant to switch.

After termination, be sure the cloud provider deletes your data.

It is essential that the old cloud provider not retain the customer’s business data, such as accounting and customer data, and other business records. Deletion is even more important because of regulations related to privacy (including credit card information and/or HIPAA health data). The cloud provider agreement must clearly obligate the cloud provider to delete data from its system (including backups) after the customer has migrated away. Of course, the cloud provider should be bound to protect all confidential data at all times.

Understand data backup obligations.

Speaking of backups, companies routinely create data backups, and cloud providers are no different. Therefore, cloud provider agreements must clearly delineate how customer data and systems are protected from disaster, including sharing where customer data is stored and how the customer can access that data if and when it is needed.

Ensure protection of trade secrets.

If the cloud customer has trade secrets such as proprietary customer data or software, that customer must properly protect its data or software and have tangible evidence to prove in a lawsuit that it made appropriate efforts to protect those trade secrets. One of the best ways to prove that a trade secret has been properly protected is to show that only the trade secret owner can access the protected information. One solid way to do that is to have the ability to audit.

Establish the right to audit cloud IT operations.

The Sarbanes-Oxley Act (SOX) requires publicly traded companies to comply with laws of the Securities and Exchange Commission (SEC) including the ability to audit and verify accounting data. In order to conduct a SOX audit of IT/Internet services, customers need audit rights in the agreement. For companies not covered by SOX, but for which a formal CPA opinion is required by stockholders, the right to audit the cloud provider is essential.

In Conclusion

Each business has its unique requirements for using cloud services. Signing the standard cloud provider agreements may be convenient, but risky.

Any company using the cloud needs to properly protect its IT and data with a cloud agreement that is clear and specific to its own requirements.

Author: Peter S. Vogel
Source

Paving a Pathway Into The Cloud

1 Reply

Before spacecraft are blasted off into space, the astronauts that travel in them, mission-control personnel, and other key staff undergo specialised education and training, launch procedures are verified and rehearsed, and policies are drawn up so that everyone is clear about their roles. Organisations wanting to move into the cloud computing space need to employ similar rigour.

Although cloud service technology is easily available and is a potential business game-changer, it is best for enterprises to not plunge straight into it without a well thought out plan. First, be clear on your business strategy and what the specific drivers for change are. In the current climate many are prioritising on growing business revenue, reducing operational costs, and winning new customers. The correct use of cloud computing services may well be able to support these goals.

Understanding what cloud computing is all about will help organisations to identify its potential business value. In its purest form cloud computing is simply a style of computing delivery and not a technology as it is sometimes perceived. Resources such as compute power, storage assets, applications etc. are virtually pooled and delivered as services which are shared by many other users and organisations. This form of economical sharing of IT resources is often referred to as the multi-tenancy model.

Cost savings

Cloud providers build large data centres employing multi-tenancy infrastructure with massive scaling capability, giving their customers significant cost savings. Paying only for what services you use in cloud computing is what often sets it apart from traditional IT outsourcing when it comes to contracts and pricing. In cloud computing, when a user needs IT resources, he/she provisions them from the available resource pool, uses them as long as needed and, typically, pays for them based on usage and not in the form of a fixed charge. When the resources are no longer needed, they are returned to the pool.

It is important to understand that such sharing, while highly cost-effective, often brings with it security and data protections concerns. Despite efforts being made to assure customers of public cloud security, many organisations seek the benefits of the cloud delivery model without using shared public services. The logical solution to such concerns is a private cloud, where organisations duplicate the efficiency of the public cloud model, but build the cloud inside their protected premises. Many organisations are figuring out whether it makes sense for them to use public or private service; others feel a hybrid approach is the best solution.

Cloud types

Commonly cloud services are delivered in three configurations: Software as a Service (SaaS), in which users have access to shared commodity-like applications hosted on an internal or external cloud infrastructure; Platform as a Service (PaaS), essentially software and services running above the server operating system such as development tools, databases, middleware, authentication and security software; and finally Infrastructure as a Service (IaaS), which enables organisations to self-provision base operating systems such as Windows and Linux, thus eliminating the long waiting times for purchasing and installing physical servers.

The cloud computing connectivity model breaks down into four types: private, public, hybridand community cloud. A private cloud as previously mentioned is installed on business premises running on the internal corporate network and is an exclusive resource. A public cloud is accessible from routable worldwide Internet connections, with infrastructure and services shared with potentially thousands of customers. A hybrid cloud is a carefully selected blend of public and private services; powerful hybrid cloud use cases occur in functionality such as “cloud bursting”, where excess workloads are transferred to an external cloud to be processed. Finally the less well known “community cloud” is a collection of clouds between organisations where a level of trust or grouping exists between the entities.

Besides providing better alignment of cloud computing with business goals, the preparatory effort prior to cloud entry also gives an organisation the opportunity to improve its process framework. Invariably, internal business processes related to SLA, service management, incident management, disaster recovery, and so on will need to be tweaked, especially for public cloud utilisation.

The case for cloud

The last few years have seen thousands of use cases emerging that prove that, in the right circumstances, cloud computing does pays off significant benefits. Cloud computing services underpinned by an efficient virtualized architecture present all types of end-user companies –and cloud providers themselves – with a powerful competitive engine to respond to the most demanding business needs.

How each organisation develops its strategy for the cloud transformation journey will determine their ultimate return on investment – and maybe even survival. Their choice of cloud model, the underlying technology, and the consulting and implementation partners’ pedigree will be major factors in that journey to efficiency and business agility. In addition, never underestimate the importance of bringing on board business users early to provide key business input in the development of your cloud roadmap.

Like it or not, the pressure to be part of the private, public or hybrid cloud movement is there. Those that do not adopt it or adapt to it will find themselves probably in some sort of difficulty growing the business and staying viable. In the last couple of years, it’s been quite easy to hide a little bit behind the hype, so to speak. Not any more – we’re in a new world again and that future for now is Cloud Computing.

Laying the virtual foundation

In planning the journey to a private cloud implementation a well architected combination of server, network, software and storage virtualization layer is an essential design consideration. A resilient and performance-orientated cloud environment should include stringent automated IT operational security controls and effective monitoring and alerting, with high-availability failover capabilities in place.

Another key element of cloud computing is consumer cloud self-service. In cloud computing savvy business departments needing resources simply browse and select from a service catalogue, configure, add to the shopping cart and click to agree to pay a fee. Each month an invoice is generated for the consumer as a chargeback, giving visibility of just how much resources are consumed. In an ideal world cloud self-service should be a CIO’s automation dream. Though often successful when controls are in place, poorly designed self-service capability could lead to more headaches than it set out to solve if users go on an endless shopping spree for limited resources.

Public cloud considerations

Organisations looking at adopting public cloud computing also need to bear in mind that most cloud services are commoditised. Thus the luxury of determining every detail you have on your in-house infrastructure and middleware may not be available in all cases in public clouds. For many company applications and services this may not pose any form of a barrier or restriction. However, it becomes a key point when considering moving applications to external clouds. When developing a business case justification for using public cloud services, carefully analyse the SLA with the future cloud provider and the legal and process aspects of data handling and storage.

Despite the commercial benefits of public cloud, for many sectors such as financial, healthcare and government, the large-scale use of public cloud services may remain off the immediate radar due to regulatory, national and industry compliance concerns. As confidence grows in the security and reliability of public cloud computing some regulatory aspects may be relaxed, allowing further use of public cloud services.

Managing the cloud

Capacity and performance planning is an important factor in cloud management. Organisations need to understand how their cloud environment is growing and performing in order to make suitable projections about the amounts of network bandwidth, storage, CPU power, etc. needed. In the 1980s and 1990s IT needs had a sort of linear capacity progression and one could plan three years ahead with a decent degree of accuracy. The rise of the Internet and high data proliferation has shortened the planning window to between a few months and two years in some cases. In particular, unfettered growth of unstructured data is presenting the IT organisation with one of its biggest challenges. A smart cloud design will need to have features to make sure end-users consumers and the IT organisation are not caught out by any nasty capacity or performance surprises.

Source

Enterprise Application Strategy Using the Cloud

1 Reply

Cloud computing and SaaS have gained considerable momentum over the last few years. Although companies are adopting cloud and SaaS technology, there is great confusion over the applications in which cloud can serve an organization. Organizations are left with endless questions about security, infrastructure options, scalability, administration and business agility.

While application programming interfaces (APIs) have improved from many vendors, going cloud does not eliminate the need for integration and/or middleware. Some smart platform-as-a-service (PaaS) vendors have architected middleware right into their technology stack. This gives the organization a more robust cloud platform in which to architect an enterprise application strategy.

Cloud and SaaS can play an important part of the organizational IT strategy, especially for mid-sized companies that are strapped for resources. The secret of implementing the correct software or technology solution is always to ask what this can do for the organization. A few questions to begin designing your enterprise application strategy include: Will this assist us in facilitating growth? What are my organizational needs, now and in the future? Is it scalable? Should we use full cloud? Can we supplement our existing systems by using the cloud? Can we use the cloud to unify disparate systems? Can we sustain this solution and maintain it?

Cloud does not necessarily complicate your enterprise app strategy. In fact, it can aid in quickly constructing a scalable, agile business infrastructure to adapt to your quickly changing business requirements. While it is convenient for organizations to select one vendor on which to base their infrastructure strategy, collaboration in the cloud ecosystem is rapidly changing. Infrastructure-as-a-service (IaaS) firms are partnering with PaaS and consequently adding complimentary applications (SaaS) to offer a complete infrastructure strategy framework for organizations.

In the case of best of breed vs. integrated suite, the landscape has changed so much and so rapidly that it really boils down to what the objectives of the organization are. Our customers are using cloud to quickly add functionality, scale or unite their systems. We have several dozen posts on how to unify disparate systems, how companies are using cloud, cloud/SaaS software evaluation etc. If an organization selects a vendor that offers IaaS, PaaS and SaaS, it does simplify the infrastructure application strategy equation. The cloud technology stack can be a combination of SOA and other methods as outlined recently on our blog and ERP Cloud/SaaS Research buyers guide.

Organizations must exercise caution as to how they configure their enterprise application strategy whether it is on-premise, cloud (private or public) or a combination, and what kind of business agility it offers. Cloud has definitely opened an opportunity for more organizations as an easy point of entry but the advice for enterprise infrastructure strategy should be taken seriously as it will affect the ability of your organization to run effectively. Thoroughly investigate the expertise of your providers and make sure they have your best interests at heart. An impartial firm that does not sell or implement software is probably the best bet to succeed as they will define, aggregate and configure your organizational objectives to best fit your requirements.

Author: Dylan Persaud
Source

Cost-Conscious Cloud

1 Reply

While some concerns remain about data security and application uptime, there’s significant movement within the retail industry toward cloud-based solutions that can be delivered on an on-demand basis, and it’s easy to see why. Unlike many other technologies that retailers have had to adapt to meet their business needs, it’s as if cloud computing was designed specifically with the cost-conscious, data-deluged retail enterprise in mind.

For retail CIOs seeking a quick ROI payback from any proposed new initiative, adopting cloud-based solutions offers almost immediate cost savings. Not only is there less need for up-front capital investment in hardware, software and deployment, but these solutions are typically available on a per-usage basis, opening the door for retailers to use as much of an application as they need at any given time.

In addition, this pricing model allows retailers to move many IT costs from the capital expenditures budget line to the operating expenditures line, which can free up CapEx funds for other IT projects.

But most industry experts, along with retailers that have already adopted cloud solutions, agree that cost savings are only their most obvious benefit. Cloud-based solutions’ expanded availability offers retailers new levels of flexibility and speed to market. IT departments can scale up support in far less time than traditional application architectures would have needed.

Defining Cloud Computing

Cloud computing has nothing to do with meteorology. It got its name from the “cloud” graphics used to represent any off-premise computing area, in this case the Internet.

Cloud computing “allows users to obtain computing capabilities through the Internet, regardless of their physical location,” write Michael Mojica, Jeff Stephenson and Alan Healey in the May 2010 Accenture report, Six Questions Every Retail Executive Should ask About Cloud Computing. “Computing clouds are in essence online, supersized data centers containing hundreds of thousands of servers hosting web applications.”

There are public clouds, which take advantage of massed servers to lower all participants’ costs and are essentially available to anyone, and private clouds maintained by a company or group of companies, as well as public/private hybrids.

Cloud-based services are broadly divided into three categories: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Applications designed for traditional distribution methods can be adapted for cloud delivery, but many technology vendors are now designing solutions that specifically optimize cloud-based models.

Applying Power to ‘Big Data’

Many retailers would like to use more of the data coming from mobile technology and social media to gain greater insights into customer behavior and demand patterns, but one of the barriers has been the enormous IT investment required for both hardware and software.

In addition to lowering costs, mitigating risk and increasing flexibility, the cloud computing model expands access to massive computing power. And because retailers can use this power on an as-needed basis, they gain the benefits of deep data analysis without having to invest in technology that they might use for only a few days each week or each month.

The cloud’s combination of expanded computing resources and delivery to virtually any Web-connected device also adds the possibility of using its solutions to conduct real-time analyses.

“Scenario modeling, what-if analysis, and forecasting, which are ‘lumpy,’ data-intensive processes, are great candidates to be served by cloud-based solutions,” according to the Accenture Six Questions report.

Addressing Security Issues

The nagging questions about cloud computing have to do with security and application uptime. While acknowledging that no IT architecture can guarantee full 100% uptime, cloud proponents say that the use of multiple servers and data centers offers higher redundancy levels than would be possible with a single enterprise-operated data center.

In addition, data security is a concern no matter what type of IT architecture a company uses. Retailers traffic in Personally Identifiable Information (PII) about their customers as well as financial and transactional data, not to mention sensitive proprietary information about prices, promotions and their own interactions with vendors and suppliers.

Experts say the move to a cloud computing model can actually be a catalyst for assessing and addressing security concerns throughout the retail enterprise.

7 Security Recommendations

The Accenture Six Questions report provides seven security recommendations for companies considering a cloud deployment:

  • Work with your provider to determine its attention to security, privacy and compliance with data laws in all relevant jurisdictions.
  • The security of the cloud should be equal to the most risky client that is serviced by the provider.
  • Require your cloud computing partner to provide you with its risk assessment and how it intends to mitigate any issues found.
  • If the cloud provider does not have a seasoned Privacy Officer and a client-facing CSO, CISO, or equivalent security role, it is a sign that the provider doesn’t take security seriously enough.
  • Schedule monthly discussions with the cloud provider’s top privacy and security people.
  • The cloud provider should have the ability to map its policy and procedures to any security mandate or security/privacy/compliance-driven contractual obligation you face.
  • Pay attention to your cloud provider’s adherence to secure coding practices.

What cloud-based solutions can provide is cost savings with much higher levels of IT and business flexibility than retailers have been accustomed to.

Cloud-based solutions are just starting to sprinkle their benefits on the retail industry, and there are strong indications that these “showers” will quickly grow into a downpour — and that more and more retailers will like this change in the weather.

Source

Cloud Computing Data Security

3 Replies

Meeting the requirements for cloud data security entails applying existing security techniques and following sound security practices. To be effective, cloud data security depends on more than simply applying appropriate countermeasures. Taken collectively, countermeasures must comprise a resilient mosaic that protects data at rest as well as data in motion.

While the use of encryption is a key component for cloud security, even the most robust encryption is pointless if the keys are exposed or if encryption endpoints are insecure. Customer or tenant control over these endpoints will vary depending on the service model and the deployment model.

OVERVIEW OF DATA SECURITY IN CLOUD COMPUTING
It is understandable that prospective cloud adopters would have security concerns around storing and processing sensitive data in a public or hybrid or even in a community cloud. Compared to a private data center, these concerns usually center on two areas:

  • Decreased control by the owning organization when data is no longer managed within an organization’s premises
  • Concern by the owning organization that multitenancy clouds inherently pose risks to sensitive data

In both cases, the potential risk of data exposure is real but not fundamentally new. This is not to say that cloud computing does not bring unique challenges to data security.

Control over Data and Public Cloud Economics

In contrast to use of a public cloud, maintaining organizational physical control over stored data or data as it traverses internal networks and is processed by on-premises computers does offer potential advantages for security. But the fact is that while many organizations may enforce strict on-premises-only data policies, few organizations actually follow through and implement the broad controls and the disciplined practices that are necessary to achieve full and effective control.

So, additional risks may be present when data doesn’t physically exist within the confines of an organization’s controlled facility—this is not necessarily the security issue that it may appear to be. To begin, achieving the potential advantages with on-premises data requires that your security strategy and implementation deliver on the promise of better security.

The basic problem is that most organizations are neither qualified to be in the information security business nor are they in that business—they are simply using computers and networks to get their work done! Although secure computing is a desired quality, information security expertise is not a core-competency for most computer users nor is it common in most organizations. Returning to the point:

  • Moving data off premises does not necessarily pose new risks, and it may in fact improve your security.
  • Entrusting your data to an external custodian may result in better security and may well be more cost effective.

Two examples that underscore this are the commercial service offerings to either store highly sensitive data for disaster recovery or assure the destruction of magnetic media. In both cases, many highly paranoid organizations tightly control how they use these services—but the point is that they use external services, and when they do so, they entrust their data to external custodians.

It is important to state that some kinds of data are simply too sensitive and that the consequence of data exposure is too great for some customers to seriously consider using a public cloud for processing. This applies to any information category that entails national security information or information that is subject to regulatory controls, which cannot yet be met by public target cloud offerings. Likewise, it is unlikely that a well-governed organization would release highly sensitive future product plans to any environment where the organization would be uncertain that the information custodian (the CSP) did not enforce the information owning organization’s interests as well as the organization itself would.

In these examples, it is not the case that security needs for these categories can’t be met in a public cloud, rather the cost of providing such security assurance is incompatible with the cost model of a public cloud. If a CSP is to meet these needs that would demand additional controls, procedures, and practices that would make the cloud offering noncompetitive for most users. Consequently, where such data security needs prevail, other delivery models (community or private cloud) may be more appropriate. This is depicted in Figure 1. Note that this situation is a function of generally available and anticipated offerings in the public cloud space. Quite likely, this will change as security becomes more of a competitive discriminator in cloud computing.

FIGURE 1 Meeting security needs: public, community, and private clouds.

One can easily imagine future high-assurance public clouds that charge more for their service than lower-assurance public clouds do today. We might also expect that some higher-assurance clouds would limit access by selective screening of customers based on entry requirements or regulation. Limiting access to such a cloud would reduce risk—not eliminate it—by limiting access if screening is effective.

Organizational Responsibility: Ownership and Custodianship
While an organization has responsibility for ensuring that their data is properly protected as discussed above, it is often the case that when data resides within premises, appropriate data assurance is not practiced or even understood as a set of actionable requirements. When data is stored with a CSP, the CSP assumes at least partial responsibility (PaaS) if not full responsibility (SaaS) in the role of data custodian. But even with divided responsibilities for data ownership and data custodianship, the data owner does not give up the need for diligence for ensuring that data is properly protected by the custodian.

By the nature of the service offerings, and as depicted in Figure 2, a data owning organization can benefit from their CSP having control and responsibility for customer data in the SaaS model. The data owning organization is progressively responsible beginning with PaaS and expanding with IaaS. But appropriate data assurance can entail significant security competence for the owning organization.

FIGURE 2 Owning organization has increasing control and responsibility over data.

Ultimately, risks to data security in clouds are presented to two states of data: data that is at rest (or stored in the cloud) and data that is in motion (or moving into or out of the cloud). Once again, the security triad (confidentiality, integrity, and availability) along with risk tolerance drives the nature of data protection mechanisms, procedures, and processes. The key issue is the exposure that data is subject to in these states.

Data at Rest and in Motion

Data at rest refers to any data in computer storage, including files on an employee’s computer, corporate files on a server, or copies of these files on off-site tape backup. Protecting data at rest in a cloud is not radically different than protecting it outside a cloud. Generally speaking, the same principles apply. As discussed in the previous section, there is the potential for added risk as the data owning enterprise does not physically control the data. But as also noted in that discussion, the trick to achieving actual security advantage with on-premises data is following through with effective security.

Referring back to Figure 1, the less control the data owning organization has—decreasing from private cloud to public cloud—the more concern and the greater the need for assurance that the CSPs security mechanisms and practices are effective for the level of data sensitivity and data value. (But in Figure 2, we saw that the owning organization’s responsibility for security runs deeper into the stack for the owning organization as they move from SaaS to PaaS and again to IaaS.)

If you are going to use an external cloud provider to store data, a prime requirement is that risk exposure is acceptable. Risk exposure varies in part as a function of service delivery as it does for deployment.

A secondary requirement is to verify that the provider will act as a true custodian of your data. A data owning organization has several opportunities in proactively ensuring data assurance by a CSP. To begin with, selecting a CSP should be based on verifiable attestation that the CSP follows industry best practices and implements security that is appropriate for the kinds of data they are entrusted with. Such certifications will vary according to the nature of the information and whether regulatory compliance is necessary. Understandably, one should expect to pay more for services that involve such certifications. One likely trend here is that higher assurance cloud services may come with indemnification as a means of insurance or monetary backing of assurance for a declared level of security. Whatever the future may hold, we can expect that practices in this space will evolve.

Data in Motion
Data in motion refers to data as it is moved from a stored state as a file or database entry to another form in the same or to a different location. Any time you upload data to be stored in the cloud, the time at which the data is being uploaded data is considered to be data in transit. Data in motion can also apply to data that is in transition and not necessarily permanently stored. Your username and password for accessing a Web site or authenticating yourself to the cloud would be considered sensitive pieces of data in motion that are not actually stored in unencrypted form.

Because data in motion only exists as it is in transition between points—such as in memory (RAM) or between end points—securing this data focuses on preventing the data from being tampered with as well as making sure that it remains confidential. One risk has to do with a third party observing the data while it was in motion. But funny things happen when data is transmitted between distant end points, to begin with packets may be cached on intermediate systems, or temporary files may be created at either end point. There is no better protection strategy for data in motion than encryption.

Common Risks with Cloud Data Security

Several risks to cloud computing data security are discussed in this section. None of these are unique to the cloud model, but they do pose risk and must be considered when addressing data security. They include phishing, CSP privileged access, and the source or origin of data itself.

Phishing
One indirect risk to data in motion in a cloud is phishing. Although it is generally considered unfeasible to break public key infrastructure (PKI) today (and therefore break the authentication and encryption), it is possible to trick end users into providing their credentials for access to clouds. Although phishing is not new to the security world, it represents an additional threat to cloud security. Listed below are some protection measures that some cloud providers have implemented to help address cloud-targeted phishing related attacks:

  • Salesforce.com Login Filtering Salesforce has a feature to restrict access to a particular instance of their customer relationship management application. For example, a subscriber can tell Salesforce not to accept logins, even if valid credentials are provided, unless the login is coming from a whitelisted IP address range. This can be very effective in preventing phishing attacks by preventing an attacker login unless he is coming from a known IP address range.
  • Google Apps/Docs/Services Logged In Sessions & Password Rechecking Many Google services randomly prompt users for their passwords, especially in response when a suspicious event was observed. Furthermore, many Google’s services display the IP address from the previous login session along with automatic notification of suspicious events, such as login from China shortly after an IP address from the United States did for the same account.
  • Amazon Web Services Authentication Amazon takes authentication to cloud resources seriously. When a subscriber uses EC2 to provision a new cloudhosted virtual server, by default, Amazon creates cryptographically strong PKI keys and requires those keys to be used for authentication to that resource. If you provision a new LINUX VM and want to SSH to it, you have to use SSH with key-based authentication and not a static password.

But these methods are not always fool proof—with phishing, the best protection is employee/subscriber training and awareness to recognize fraudulent login/ capturing events. Some questions that you might ask your CSP related to protection from phishing-related attacks are:

  • Referring URL Monitoring Does the CSP actively monitor the referring URLs for authenticated sessions? A wide-spread phishing attack targeting multiple customers can come from a bogus or fraudulent URL.
  • Behavioral Policies Does the CSP employ policies and procedures that mandate that a consistent brand is in place (often phishing attacks take advantages of branding weaknesses to deceive users)? Does their security policy prohibit weak security activities that could be exploited? An example would be if they prohibit the sending of e-mails with links that users can click on that automatically interact with their data. Another example would be whether they allow password resets to occur without actively proving user identity via a previously confirmed factor of authentication (that is, initiate a password request on the Web and they confirm the identity of the user based on an out-of-band SMS text message to their cell phone).

Phishing is a threat largely because most cloud services currently rely on simple username and password authentication. If an attacker succeeds in obtaining credentials, there is not much preventing them from gaining access.

Provider Personnel with Privileged Access
Another risk to cloud data security has to do with a number of potential vectors for inappropriate access to customer sensitive data by cloud personnel. Plainly stated, outsourced services—be they cloud-based or not—can bypass the typical controls that IT organizations typically enforce via physical and logical controls.

This risk is a function of two primary factors: first, it largely has to do with the potential for exposure with unencrypted data and second, it has to do with privileged cloud provider personnel access to that data. Evaluating this risk largely entails CSP practices and assurances that CSP personnel with privileged access will not access customer data.

Data Origin and Lineage
The origin, integrity, lineage, and provenance of data can be a primary concern in cloud computing. Proving the origin of information or data has importance in many areas, including patents or proving ownership of valuable data sets that are based on independent analysis of commonly available information sources.

For compliance purposes, it may be necessary to have exact records as to what data was placed in a public cloud, when it occurred, what VMs and storage it resided on, and where it was processed. In fact, it may be equally important to be able to prove that certain datasets were not transferred to a cloud, for instance, when there are sensitivity or EU-privacy concerns about what national borders such data may have crossed.

While reporting on data lineage and provenance may be very important for regulatory purposes, it may be very difficult to do so with a public cloud. This is largely due to the degree of abstraction that exists between actual physical resources—such as disk drives and servers—and the virtualized resources that a public cloud user has access to. Visibility into a provider’s operations in terms of technical mechanisms can be impossible to obtain, for understandable reasons.

Where such requirements exist that the origin and custody of data or information must be maintained in order to prevent tampering, to preclude exposure outside a jurisdictional realm, or to assure continuing integrity of data, it may be completely inappropriate to use a public cloud or even a low-assurance private cloud. One can imagine that if such requirements become increasingly common, cloud-based services will arise to profit from the opportunity. In the absence of a public service and where a private cloud is cost prohibitive, alternative approaches should be considered— easiest among them the use of a hybrid or community cloud.

Source

How Cloud Computing Helps a Business Grow

2 Replies

If you came here for the article with the title, “How Cloud Computing Helps a Business Grow”, unfortunately, it has been removed at the request of the publisher of the website from which it was obtained.

Asking me to remove it was within their rights, but I believe it was a shortsighted decision based on old media ideas about the copyright “protection” of assets and the imagined potential loss of ad revenue.

I am not competing with the publisher of “How Cloud Computing Helps a Business Grow”. The articles here are gathered for the benefit of my clients and prospects who are trying to make a decision about cloud computing in their business. There are no competing ads here.

By asking me to remove “How Cloud Computing Helps a Business Grow”, the publisher lessened the opportunity for the author to have his ideas more widely read and the publishing website lost the long term SEO benefit of the link from this page that was here to acknowledge the source of “How Cloud Computing Helps a Business Grow”.

I invite you to check out these links to articles with information similar to “How Cloud Computing Helps a Business Grow”