True cloud competencies
In the midst of fresh companies coming up to provide cloud based services each day, the first step is to decide a provider whose main capabilities are concentrated on the cloud. On premise vendors of systems have extremely dissimilar sets of skills, software design, business models, approaches, as well as infrastructure as compared to those central part competencies of a cloud service provider. Much of cloud computing companies’ businesses achievement is dependent on an optimistic performance experience of the system. It is for this reason that real multi-tenant companies for cloud computing places an important resource center of attention and asset around building exceedingly gifted organizations. These organizations that are built should have profound know-how around making sure that robust system, stability, availability and security.
Upgrading and enhancing the system
The on-site ERP (Enterprise Resource Planning) software can be modified; however, those modifications are connected to your existing software deployment and are difficult to put into practice again with prospect editions. As your enterprise resource planning provider releases latest product updates along with improvements, the formerly realized modifications will be done away with as soon as you upgrade. In addition, the IT team will have to begin modifying afresh. That is a major cause as to why various companies just stay away from improving their ERP onsite software and now resolve for operating their business on outdated technology. In reality, the majority of medium sized enterprises are running old-fashioned editions of their ERP software.
In contrast, cloud enterprise resource planning answers similar to NetSuite are constantly improved by the service provider so that clients can be sure that they are for all time using the newest, higher edition of their ERP software. As a result of the cloud environment, the top cloud applications today are developed upon, formerly realized modifications and integrations automatically without extra investment.
Return on investment for E-Business in the cloud
Although there are different views on how return on investment (ROI) is calculated, the method used may depend on the business organization itself. The type of organization thus makes a given method more encouraging than the other. Consequently, the methods explained bellow may be taken into an account with the main aim of reducing total cost of ownership (TCO) and increasing total income(Komevs & Holm, 2012).
First is the total cost of ownership(TCO).Cloud computing ensures that even none-IT personnel can organize and run the applications and other infrastructure appropriate for the organization needs. It is due to almost non-existent obstacle to entrance in addition to the low technical ability qualification. These comprise of all the direct and indirect item costs like the server. The direct cost of the actual item and the indirect cost of maintaining it are also included in the TCO. Many hardware and software costs, plus indirect costs like installation, training, security controls, power, and cooling in addition to labor cost are also included within TCO. (Komevs & Holm).
Second is cost saving. By means of lowering costs that comes as a result of decision-making delays with rapidly changing to fresh facilities to adapt to the trends in the market, organizations are in a position to swiftly advance the position of their company. It goes alongside the contest with other competitors that results to additional revenue faster and offers them the possibility to take hold of significant market share. Since return on investment (ROI) is the ratio of total income to that of costs, it is obvious that ROI will be reasonably high at low cost which is the favorable condition for any company using or planning to transit to cloud technology (Komevs & Holm, 2012).
Third is the greater cost and profit margin control. Increase in revenue plus opportunities permits companies to provide to fresh markets and broaden their client base for extra expansion and enhancement. The scalability of cloud computing permit for the evasion of less provisioning or over provisioning services for IT which at all times guarantees improved capacity use and evasion of waste. Profit can be increased by lowering IT expenses from the use of cloud computing that is the difference between revenue and expenses. Consequently, this increases the profit margin (Komevs & Holm, 2012).
The fourth method is quick and lively provisioning of resources. Time and again, when an organization expands, more man power is needed in addition to equipment. It may take quite some time, say weeks or months, with the training of fresh employees that can influence the business since this is down time. Cloud computing permits for the speedy provisioning of the capital to level to the expansion or decrease in growth, doing away with the need for new equipment. With the employment of easy to use applications, this guarantees that it is trouble-free to train fresh or changed workforce, reducing down time to simple days and ensuring that the new section or business component turnout to be fruitful extremely fast(Komevs & Holm, 2012).
The fifth and last method is process improvement. By means of on demand answer or way out and collective services, organizations can take advantage of the growth of fresh talents, know-how and solutions. This amounts to enhanced business course which on the other hand ensures that the organization is capable of getting used to market variations and even see them as fresh chances for expansion and development (Komevs & Holm, 2012).
Owing to the fact that business organizations only pay for what they use and not the cost of the entire system as in the case of conventional network model of hosting, it is also obvious that there is much of cost savings that takes place by use of cloud computing. Effectiveness and optimization in addition to applications that are used via web browsers all contributes to production enhancement that improves business processes. The web browsers used can also be run by old computers with no difficulties in comparison to applications installed which might require extra power for computing (Komevs & Holm, 2012).
Top players in the cloud computing industry
There are many players that have been seen to come up to help in the management enhancement of cloud computing companies. Cloud computing companies have come up with different features and support different platforms.
Amazon EC2
Perhaps, this is one of the leading cloud computing companies that have been active in the industry. The company has developed platforms that include Windows, Linux, Oracle, OpenSolaris, and Debian. These platforms have been developed and are able to support all the new and emerging features that come with these platforms. The cost ranges from $0.1 to $0.8 per hour in Linux/Unix platforms, for standard on-demand instances. On the other hand, Windows costs from between $0.125 to $1.000 per hour. The range for high CPU on-demand cases will range from $0.2 to $0.8 per hour. This range is for Linux. The High CPU on-demand cost for Windows starts from $0.30 to $1.2 per hour. One feature that is common and popular with developers is that of web-scale computing. It is one of the features that are used and popular with most players in the market.
In terms of scalability and flexibility, Amazon EC2 is highly scalable because of the availability of automatic scaling. The cloud computing solution is able to provide increase or decrease in capacity within a very short period of time. The users are able to select the memory configurations that fit their requirements. They are able to ensure that they get the configurations that will be optimal for their requirements. It makes the issues and the needs for the platforms work fit for the platform that has been provided. It is highly available, up to 99.95%.
Sun Microsystems Sun Cloud
It is a cloud computing provider from Sun Company. The platforms that are supported by this cloud computing player include MySQL, OpenSolaris, VirtualBox, and NetBeans IDE. They are the platforms that are developed by the same company. One of the popular features that come with this cloud computing service provider is that of many applications that supersede any other cloud service provider. the company provides free service for the first 60 days after purchasing. The price will then be organized with the sales representative about the price that will be used.
In terms of scalability and flexibility, the cloud computing service provider has network-scale computing. It is possible for the users to restructure and rescale their infrastructure. The security of the company has been developed so that there are tools that have been integrated and can be used by the clients to encrypt data. There is also hardened OpenSolaris that is used for Amazon EC2.
Microsoft Azure
It is cloud service that is provided by Microsoft. It is platform that is used for applications. It allows developers to develop websites using PHP, ASP.NET, and Python and deploy these websites using FTP and other file management applications. There are developments by the service cloud service provider to support programming languages in the future. There are also developments that have been made so that there are managed code languages. It is made possible with the use of .NET.
There is an offering from Microsoft Azure that is referred to as development accelerator discount. This plan offers a discount of between 15-30% for the first six months. It also has automatic scaling and is able to scale highly. There are open platforms that offer services for both Microsoft and non-Microsoft users.
SalesForce
It is a cloud service provider that supports all major platforms and development environments. Some of the environments that are supported in this platform include .NET, Java, PHP, and Rails. These are a few of the supported environments. There are many more that are supported by this cloud service provider. It has cloud services that are used for automation, customer service, and platform. There is transparency of operations because of the provision reports and real-time information.
It has automated scaling where the users will scale with the provider without having to migrate or restructure their infrastructure. The integrations will not be broken because of the changes that shall have been made with the new developments.
The security of the provider is intact because of the user security, physical security and encryption features that have been provided by the provider. it enables customers to have security of their data.
Investigations into security concerns with major cloud service providers. There are security concerns that have been developed for cloud computing technology. The security concerns are known to affect the way the providers are able to ensure that there is better security for their clients in regard to cloud computing security and concerns.
Amazon has provided mechanisms that will ensure that there is better security for their clients.
There are different levels in which securyt are provided for in the Amazon’s EC2 cloud. One of the levels is Operating System. There is security at the operating system of the host. There is also security that is offered at the virtual instance of the operating system. There is the installation of a firewall, and signed API calls. They are all used to provide cases where the providers will ensure that there is better management of the provisions. Each of the levels of security that has been integrated in these aspects builds on the security of the others.
Hypervisor
Amazon EC2 has been developed to make use of the Xen hypervisor, thus taking advantage of the paravirtualization. With the use of paravirtualization, the paravirtualised guests will not have direct access to the CPU. There are four different modes of privileges that are provided by the CPU. They are referred to as rings. The rings are designated as 0-3 with 0 being the most privileged. 3 is the least privileged. The host OS will operate in ring 0 while the guest OS will operate in a ring that has fewer privileges like 1. The applications will operate in ring 3, which has the least privileges.
Instance isolation
It is another development and mechanism that is provided by Amazon EC2. There are different instances that are running on the same machine. It is a provision that is provided for by the Xen hypervisor. There is also a firewall which resides in the hypervisor layer and the network layer. These are used to provide the security that is needed for the issues that are seen with the layers that are provided. It provides a security feature because of the fact that there is a need to have all packets to pass through the hypervisor layer.
Microsoft Azure
There are concerns that have been put in place to ensure that there is proper security for Microsoft Azure security concerns. Microsoft has developed Security Development Lifecycle (SDL), which is used in the development of cloud security processes and features. One of the concerns that have been put in place is the management of personnel who handle the cloud features and infrastructure. Personnel have been required to undergo training and be subjected to security checks. It is done in order to ensure that there is proper management of client data and information.
There is also network administration where internal network traffic is isolated from outside traffic. It is done in order to ensure that there is proper management of data and information flow within the company.
SalesForce
There are many layers that have been designed and used by SalesForce to enhance their security. Some of the features and developments that have been put in place include the introduction of access management so that the operators will have to get permission to access the resources and data of clients. It is the definition that has been done at the operational layer of the Force.com security architecture. There is a need to have security check and assessment for all the employees in the company.
There is also physical security that has been put in place to enable security. One of the ways in which this has been enabled is the setting of anonymous building and ensuring that there is proper security of the perimeter.
The network security initiatives that have been put in place include Stateful packet inspection, bastin hosts, two-factor authentication process, end-to-end TLS/SSL procedures that have been developed by the company.
Sun Cloud
The company has developed tools that will enable the customers to protect the most important data. The strategy that Sun Microsystems has adopted is by helping clients to build private clouds.
General security concerns
After establishing the financial safety and feasibility of the provider, it is time to think about the safety they offer for your data. Expert cloud computing services providers make venture level safety a main concern and show that commitment with suitable official approval. Necessary certifications to look for comprise SAS 70 Type II, jointly with fulfillment certifications applicable to your industry, like PCI DSS. In case your business operates globally, the service provider ought to also assure that they meet necessary global standards with accreditations together with EU-US protected Harbor certification.
The safety of your data and your nonstop access without interruption to that data, also demand physical safety measures. The correct service provider will make sure that effectual data redundancy, automated backups, plus mirroring across many data centers. They will in addition be keen to talk about how data is stored and secluded from other customers' information, and their provisions for guaranteeing your access in the occasion of a disastrous experience.
Compliance and audit management
There are compliance and audit requirements that will be required when assessing the risk issues that are associated with cloud computing. There are many regulations that organizations are required to cope with when migrating to new infrastructures that have been developed. There are legal and jurisdiction requirements and compliance that will be required for organizations when they are migrating to cloud computing. The cloud is distributed and virtualized, and thus, requires that the organizations that are working on the migration procedures will have ways in which they will meet the standards that have been set.
One of the ways that transparency can be achieved for cloud computing is through management platforms which are seen to be centralized and consolidated. Also, there are outsourced solutions that are achieved and obtained from cloud computing solutions. Organizations now have the chance to outsource their IT operations because of the solutions that are provided for by the cloud computing service providers. the auditors and regulators of the cloud computing have now been tasked with ensuring that the providers of cloud service are compliant to the requirements that clients would be interested to have.
There are various compliance standards that will be required to be followed by cloud computing service providers. One of the areas that need to be covered by the cloud service providers is corporate governance. There is a need to ensure that the providers have a clear balance of control and provision between stakeholders, managers, and directors of the organization. There should be standards that are followed by the organizations in order to ensure that there is better management and integration of technology.
There is also be a need to have a framework which will be used to manage the risks so that if there is a likelihood of a risk taking place, there will be proper ways to manage the risks. There is a need to have an assessment of the risks in terms of the magnitude of the impact and the likelihood of them occurring.
There is a need to have compliance to corporate obligations, like the corporate social responsibility, and applicable laws that are in place. There is a need to ensure that all the standards that are to be followed are in order.
Cloud computing standards
There are standards and concerns that are in development stages that can be adopted by cloud computing stakeholders. The developers of these standards come from ISO/IEC and ITU-T organizations.
ISO/IEC 27017 - it is a standard that is being developed to cover the security issues in cloud computing and controls. It covers privacy issues and control of the cloud. It is important to have these features and developments in order to ensure that there is better management of controls and concerns for the whole process.
ISO/IEC 27036-x: It is the standard that is done in many parts and involves the security relationship between the suppliers of an information technology and the beneficiary. The relationship between the supplier and the beneficiary should be drafted to include the security of this information.
ITU-T X.ccsec: It is the standard that is used in the management of cloud computing security in the sector of telecommunication. It is used as a guide in the provision of cloud computing security standards and requirements.
ITU-T X.srfcts: It is the security standard that is used in the management of standards that are used in the management of security requirements. The security requirements framework is used to develop the security issues of concern.
Threats through users and service providers
There are security threats that are associated with cloud computing for both users and the cloud service providers. They need to be identified in order to ensure that there is proper management of information security systems in the whole process.
Data breaches are significant security threats that affect the users. It is one of the worst fears that organizations fear that it might take place. The loss of data in organizations is one of the worst fears that can bring significant impacts to organizations. With the possibility of losing data because of many handlers of data, it is a threat that has to be taken into consideration. With the advent of cloud computing, there is a new way in which cryptographic keys can be obtained by virtual machines which are known to reside in the same physical server.
It is another serious data threat that can affect users in their quest to have better management of information. The fact that a third party handles data can bring issues of data loss in case there is accidental deletion of data. There is a need to have service level agreements between the cloud service provider and the organization on how the data will be handled. The loss of data will not affect the service provider only; also, it will affect the data owner. If the data owner encrypts the data and then uploads the data to the cloud, in case there is loss of encryption keys, the data owner will lose that information permanently.
Account/service Traffic hijacking
It is one of the issues and threats that affect both the service provider and the data owner. In case the attacker gains access to the owners’ credentials, they will be able to eavesdrop to the owner’s data without the consent of the owner. It is one of the ways in which the owner of the data will be affected. If the service provider has a weak infrastructure, the exchange of encryption keys and credentials of users is one of the ways in which the data will be lost.
Insecure interfaces and APIs
This is another threat that is commonly associated with providers of cloud service. It is a significant threat because of the vulnerabilities that arise with the use of insecure APIs and interfaces. The security of the APIs and interfaces that the clients use to interact with cloud service is an issue of concern for many providers and users. They are a real threat to cloud service provision and is a requirement that should be considered when handling cloud computing.
Denial of Service
This is another threat that will affect both the providers and the users. The users will not be able to access the data and their content in the cloud because of the denial of service attack. The server will be congested with a lot of requests that will not allow them to process requests from the users.
Findings
All the threats and the security concerns of cloud computing security requires that there is a way in which a policy will be developed to ensure that there is security of the cloud. Some of the requirements in this aspect are the development of a security policy that will be used in the management of cloud computing provision. The security policy in this regard will be used to develop the required perspectives and aspects in the management of security concerns.
Data handling
In this aspect of handling data, there is a need to have only designated staff from the organization which owns the data to have access to the data in the cloud. There should be access privileges that are allowed only for the staff that are allowed to access this information. Also, the data operators of the cloud service provider will be required to have access levels and controls in the management of data and information.
Data access
There will be the development of data access levels in handling data in the cloud. It is important to understand the requirements of the cloud and have ways in which the data will be accessed and managed.
Cloud security policy steps for SMEs
There are steps that are required in order to have security policy that will be used for adopting cloud computing technology. The steps that are provided will be used in the management and enhancement of cloud computing issues and processes. From the research, the following policy steps should be adopted by SMEs while adopting cloud computing.
Data auditing
Before the data is uploaded to the cloud, there is a need to ensure that there is no confidential information. the data that is confidential should not be shifted to the cloud. There is a need to ensure the contract is honored by ensuring that the data is not private. There should be categories of data that will be used to organize the data so that they can be known whether they can be shifted in the cloud.
Encrypt data where it is necessary
There should measures to ensure that the data is encrypted as much as possible. Data encryption should be a routine before the data is shifted to the cloud. There should be measures and controls where the data should undergo encryption before the data is shifted to the cloud.
Manage the contract
After the contract has been developed, there is a need to ensure that the contract is relevant and covers all the emerging issues. Organizations are required to ensure that there appropriate information in the management of the contract.
Train the staff
Staff members that operate on cloud data should be trained on how to operate the data. It helps in ensuring that the data is safe and there are no vulnerabilities. There is a need to ensure that privacy of the data is maintained by the staff members. They are an important component in ensuring that there is privacy met.
Conclusion
The research has dwelt on the need to ensure that there is a secure cloud for organizations because of the sensitivity of information and transactions that are being done in the cloud. Nevertheless, cloud computing is beneficial to organizations and should be embraced for reliability and efficiency in the handling of information. the issues that are seen to affect the implementation of cloud computing and the security concerns can be addressed. The research has focused on the security issues and what can be done to ensure that there is reliability and efficiency of the data. Cloud computing security can be handled if there is proper coordination between the cloud service providers and the data owners. From the research, it is becoming evident that the efficiency and safety of the data in the cloud is a process that will be enabled by both parties. The cloud service provider should ensure that the process and the interface that is used to access data is reliable and efficient. There should be safety in the whole process. Also, the organization which is seeking these services should ensure that there is proper auditing of data and information before the contract is allowed to be used in cloud. It will ensure that there is security and safety of confidential information. the confidential information should be kept safely within the organization.
Cloud service should also be complaint with security standards and regulations. It is one way in which security can be achieved. Most standards and regulations have been reviewed in order to have the latest trends taken care of, which ensures that there is security of data and information in the entire process. cloud service providers should ensure that they stick to most of the security standards and procedures that have been developed. In addition to the universal standards, there are corporate standards that have been developed in the process. there is a need to ensure that client data security procedures have been followed, and they should be helped in updating these standards and procedures.
In conclusion, the effort to have a secure cloud for SMEs should be enhanced with the development of more solutions. Organizations should have their data security policies that should be adopted by the cloud providers. also, there is still need to have security solutions for the cloud computing. Most of the security standards that are available today are suitable for individual entities. Effort should be made to have standards that can be used universally. There should be universal security frameworks that can be used in the management of this information. the cloud technology is a suitable technology that will help the SMEs in terms of scalability as they will make use of the latest technologies that come with the use of cloud.
References
Alliance, C. (2011). Security guidance for critical areas of focus in cloud computing v3. 0. Cloud Security Alliance.
Alliance, CS 2013, Cloud Security Alliance Warns Providers of’The Notorious Nine’Cloud Computing Top Threats in 2013. Top Threats Working Group The Notorious Nine Cloud Computing Top Threats in, 2013, 8.
Calheiros, R, N, Ranjan, R, Beloglazov, A., De Rose, C. A., and Buyya, R, CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Software: Practice and Experience, 41(1), 23-50, 2011.
Deed, C, and Cragg, P, Business Impacts of Cloud Computing. Cloud Computing Service Deployment Models: Layers and Management, 274-288, 2012.
Garg, S, K, Versteeg, S., & Buyya, R, Smicloud: A framework for comparing and ranking cloud services. In Utility and Cloud Computing (UCC), 2011 Fourth IEEE International Conference on (pp. 210-218). IEEE, 2011, December.
Hashizume, K., Rosado, D. G., Fernández-Medina, E., & Fernandez, E. B. (2013). An analysis of security issues for cloud computing. Journal of Internet Services and Applications, 4(1), 1-13.
Hennessy, J, L, and Patterson, D, Computer architecture: a quantitative approach. Elsevier, (2012).
Iosup, A, Ostermann, S, Yigitbasi, M, N, Prodan, R, Fahringer, T, and Epema, D, H, Performance analysis of cloud computing services for many-tasks scientific computing. Parallel and Distributed Systems, IEEE Transactions on, 22(6), 931-945, 2011.
Jayasinghe, D, Malkowski, S, Wang, Q, Li, J, Xiong, P, and Pu, C, Variations in performance and scalability when migrating n-tier applications to different clouds. In Cloud Computing (CLOUD), 2011 IEEE International Conference on (pp. 73-80). IEEE, 2011, July.
Kent, M, Vegetation description and data analysis: a practical approach. John Wiley & Sons, (2011).
Kornevs, M., Minkevica, V., & Holm, M. (2012). Cloud computing evaluation based on financial metrics. Information Technology and Management Science, 15(1), 87-92.
Leimeister, S, Böhm, M, Riedl, C, & Krcmar, H, The business perspective of cloud computing: actors, roles and value networks, 2010.
Sher DeCusatis, C. J., Carranza, A., & Decusatis, C. M. (2012). Communication within clouds: open standards and proprietary protocols for data center networking. Communications Magazine, IEEE, 50(9), 26-33.
Zissis, D, and Lekkas, D, Addressing cloud computing security issues. Future Generation Computer Systems, 28(3), 583-592, 2012.
