Everyone from the government, to large corporations, to small businesses and university programs are talking about Cloud Computing (the Cloud) these days, but just what is cloud computing anyway?
The National Institute of Standards and Technology, Information Technology Laboratory, an agency of the U.S. Department of Commerce, founded in 1901 as the nation's first federal physical science research laboratory, also known as NIST, is the government's authority on all matters pertaining to securing our nations information systems. According to NIST, cloud computing "is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This computing model promotes availability and is composed of five essential characteristics, three service models, and four deployment models."
Basically, cloud computing is a developing word that defines the expansion of many current technologies and computing methodologies into something new and different. The cloud divides application and information resources from the basic infrastructure, and the tools used to distribute them.
For organizations adopting this methodology, using the cloud improves cooperation, agility, scaling, and availability, and by improved and efficient computing practices, provide the possibility of cost reduction for the organization.
More precisely, cloud computing defines the use of a collection of services, applications, information, and infrastructure containing pools of compute, network, information, and storage resources. These mechanisms can be swiftly arranged, provisioned, implemented and decommissioned, and scaled up or down. This in turn provides for an on-demand utility-like model of allocation and consumption that is very beneficial to organizations.
From an information architecture viewpoint; there is much misunderstanding about how cloud computing is both like and different from existing models of computing; and how these likenesses and differences impact the organizational, operational, and technological methods to network and information security practices.
The solution to appreciating how this computing architecture influences security architecture are a common and concise lexicon, joined with a static arrangement of selections that can analyze cloud services and architecture, plotting them to a model of compensating security and operational controls, risk assessment and management frameworks, and ultimately to compliance standards that can be adopted by organizations choosing to utilize all the cloud has to offer.
Derek A. Smith is IT Security Manager, Consultant and Associate at a large Fortune 500 company. He is an expert at Information, Cyber, and Physical security with 30 years' experience in the security and law enforcement industry. To learn more visit Derek's website at http://www.Cybersecuritysamurai.com
