Abstract
The discussion over the advantages and disadvantages of the cloud computing is being held over the years. There are three models that are used in order to define has this technology will be used, such as SaaS, PaaS and IaaS. This paper provides the overview of the differences of those models and cover the concerns that are associated with the use of the cloud computing. Even though the future of any technology is not easy to predict, we try to analyze the current market of cloud computing and based on that try to predict how it will evolve with time. Due to the fact the main issue of the cloud is privacy and security of data, it is possible that big enterprise companies will use the hybrid approach and will outsource only the least sensitive data keeping part of the information on the premises.
Introduction
Cloud computing is one of the emerging trends of the XXI century. It introduced a new concept to the IT industry allowing to basically outsource a big part of the IT infrastructure and reduce a cost of maintaining servers on their own. At this point, small startups and huge empires do not have to rely on their own hardware, do not have to pay additionally their stuff to handle it and have an opportunity to expand without a huge additional cost and in a timely manner. Cloud computing enables adopting new resource demanding technologies at a higher pace and be sure that data are properly stored and backed up. At the same time, there are a lot of constraints that this technology has as from the technical view, as well as from the ethical one. Every manager who is considering to adopt this technology should pay a lot of attention on what are the pros and cons of it.
In this paper the background of the cloud computing technology will be covered, a short history and the description of the technology itself, the explanation how very different models of the cloud computing will be provided. After that the constraints that every manager who is in charge of the decision to migrate to the cloud will be discussed. In the next part of the paper, we will describe the ethical issues of using cloud computing technology. At the end, we will try to predict the future development of the technology.
Background
Cloud computing business model offers shared access to such resources as servers, storage, software etc (Mell & Grance, 2009). In the 2012 The National Institute of Standards and Technology (NIST) developed the document that was aimed to define the most important aspect of this new emerging paradigm by proving the set of characteristics that a technology would require to be called cloud-based, different cloud models and their differences, and what are the current deployment models.
So what are the characteristics that define cloud computing technologies? On-demand-service, Broad network access, Resource pooling, Rapid elasticity and Measured service are mentioned in the NIST Definition of Cloud Computing (Mell & Grance, 2009). It means that the provider of cloud services should make sure that the client on his own can control how many resources does he need at certain point of time without any assistance; all the resources can be accessed through the standard interfaces by mobile devices and PCs; storage, memory, network bandwidth, etc are allocated automatically and dynamically without client’s knowing the physical location of those resources; client can request to increase or decrease the computing capabilities at any moment and it can be done easily and without any extra efforts from client’s side; due to the fact all resources are constantly monitored and allocated, the provider of the service and the client can track all the changes.
Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) are the three cloud computing models that are designed to meet various needs of the customers (ComPUtING, 2011). SaaS gives the customers the opportunity to use the applications that are running in the cloud through the thin client without being attached to any specific realization and just to be sure that the function that they need will be performed. PaaS offer a convenient solution to the software developers which are not interested in developing their application in a fast and efficient manner, and want their applications up and running. PaaS can ensure that a developer will provide the developer with a set of tools and services that will make the overall process of the creating software more manageable and comfortable. IaaS promises their customers that they will receive all the necessary resources such as storage, servers, bandwidth and all supporting software by the first demand and gives an opportunity to scale dynamically (Kepes, 2016).
Unfortunately, there has been a lot of question regarding the security of the cloud computing along all the years when this technology has gained more and more popularity. There has a been many cases of the security breaches in regards to the cloud-based services that lead to the data breaches involving millions of the people. In that respect, the security issue should be investigated more closely to bring awareness and avoid similar situations in the future.
Methodology
In this paper, the main focus will be given to the overview of the weakness of the different cloud computing models, the constraints that every manager and software developer should be paying attention to and the ways to undermine them. The goal of this paper is to provide the definition, characteristics, main issues of this technology as well as ethical and security considerations. The research will show what are the weak spots of the cloud computing and will analyze the root causes in order to understand the issue in a deeper way.
Constraints
Among the issues that rise while a manager is considering to migrate to the cloud, one issue is very substantial which is the issue of the data security. Nevertheless, there are still some questions that should be answered before making the executive decision to migrate to the cloud. Michael Armbrust identified ten obstacles for the growth of the cloud computing such as “availability of service, data lock-in, data confidentiality and auditability, data transfer bottlenecks, scalable storage, bugs in large distributed systems, scaling quickly, reputation fate sharing, software licensing” (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski & Zaharia, 2010).
In the most cases, managers are hesitant to implement clouds since it implies the loss of control over the data since the significant amount of the IT infrastructure is being outsourced to the thirds parties. Even though primarily it is exactly the point of such a paradigm shift, management may have their concerns since in this case they lose their leverage and may to be in a position to take over the control (Almorsy, Grundy & Müller, 2016). At the same time the process of migrating to the cloud requires some initial funding and may be a little bit pricey for the company since the software should be correctly configured beforehand and that involves additional expenses for the salary of the software developers(Gashami, Chang, Rho & Park, 2015).
Another reason for a big company to reconsider switching to the cloud paradigm may be the fact, that even though small ventures and startups can save a lot of money paying only for the resources they use, this is not necessary the best financially motivated decision for the company that indeed requires a big amount of resources. Since changing the cloud vendor is very complicated and resourceful process, the company should be completely sure that it is choosing the partner. Unfortunately, the cloud vendor has all the power regarding pricing policies and can change it on the way.
One of the other issues that should be taken into the consideration is that although cloud vendors guarantee that the service will be up and running 99,99% of the time, the moment when servers will be under the maintenance is chosen by the cloud provider and it may occur at the most inconvenient moment for the company.
Privacy
Despite the fact, the cloud computing allows avoiding large up-front investment, in practice management of the company may face complicated challenges with the security and privacy of the data that will be stored in the cloud (Wei et al., 2014). Cloud computing applications that belong to the SaaS level, first of all, should pay attention to such issues as proper encryption protocols, that will ensure that the information provided by users would not get accessed by the third parties without a permission (Adkinson-Orellana, Rodríguez-Silva, Gil-Castiñeira & Burguillo-Rial, 2010). Of course, there is another issue with the SaaS applications, such as that in most cases the user’s data is secured only with a password and if the session was not closed in a proper way it may lead to the exposure of the information that is stored.
Ethical considerations
Cloud services offer a lot of advantages to the business, although there are some ethical issues what should be discussed in the process. Lawyers often use an analogy with the confidential documents that are stored not at the property of the company. There are three sides of the situation that should be taken into the account, such as data security, data privacy and data availability ("THE ETHICS AND SECURITY OF CLOUD COMPUTING", 2016). Data security involves data encryption, server security, client security and password security. Data encryption means that everything will be protected with a legit encryption protocol, for example, SSL that is used for banking systems (SSL link). Server security means that cloud provider should ensure that serves are protected from the hackers attacks, for example using audit services from the third parties like McAfee or any other provider. SaaS applications cannot completely ensure the safety of the client leaving this duty to the client and in case if laptop or smartphone will be stolen, the thief will be able to get access to the private data of the user in case if the user did not use any other methods to ensure his privacy. The client is also supposed to make sure that the passwords used for logging into the application will be complicated enough and would not be easily figured out or broken.
The client and the cloud provider should agree on the terms of the data privacy and set such ground rules as who owns that data that is collected by the SaaS application, how this data can be used, whether it can be given to the third parties without the customer’s approval and which part of the data is completely confidential(Chen & Zhao, 2012).
The company should guarantee their clients that they data will be always available and backup their data constantly. First of all, it is better if data centers that company uses are situated in the different countries or at least different locations. This way the company will show that they take its obligations regarding the data backup very seriously and in the case of any disasters data still remain secure and available to the clients ("THE ETHICS AND SECURITY OF CLOUD COMPUTING", 2016).
Future development
Bernard Golden predicts that the industry will shift the focus from the enterprise public cloud that overflown the market in the last years (Golden, 2016). Big enterprise companies are not that interested in the public clouds and we can see the reduction of their involvement with the cloud providers. The most likely development of the situation is the development of the hybrid clouds when the part of the hardware still stays on the premise and the part is being outsourced. This way companies will secure the most sensitive data and in the case of need, they will be able to increase the amount of the rented servers since all processes will be already set-up. Due to that fact, the companies will need such services of the cloud vendors by helping them to manage multi-deployment locations (Golden, 2016). At the same time, little IT companies and startups will increase their lot as the customers of the cloud providers since it is a very easy way to start the IT business without any big investments.
Conclusion
In this paper, we covered the upbringing of the cloud computing industry, concentrated on the issues that cloud computing approach faces and explained how this will influence the future growth and development of the technology. The security risks that accompany cloud computing technology cannot be overrated, but at the same time, the advantages that this technology offers can be a powerful leverage in the decision-making process. If to you the company is afraid to pass the control over the data to the third parties, it can use a hybrid approach and advantage from the cloud keeping their data safe at the same time.
References
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58. http://home.cse.ust.hk/~weiwa/teaching/Fall15-COMP6611B/reading_list/AboveTheClouds.pdf
Mell, P., & Grance, T. (2009). The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6), 50. http://s3.amazonaws.com/academia.edu.documents/44872828/Storage_is_a_Strategic_Issue_Digital_Pre20160418-25420-3oeqth.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53UL3A&Expires=1485047242&Signature=%2Fr5%2BakRQ0h5OUZ1ZnZsPqYL3Hf8%3D&response-content-disposition=inline%3B%20filename%3DStorage_is_a_Strategic_Issue_Digital_Pre.pdf
ComPUtING, C. (2011). Cloud computing privacy concerns on our doorstep. Communications of the ACM, 54(1), 36-38. https://www.cs.bham.ac.uk/~mdr/research/papers/pdf/11-cacm.pdf
Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107. https://arxiv.org/ftp/arxiv/papers/1609/1609.01107.pdf
Kepes, B. (2016). Understanding the Cloud Computing Stack: SaaS, PaaS, IaaS. Support.rackspace.com. Retrieved 22 January 2017, from https://support.rackspace.com/white-paper/understanding-the-cloud-computing-stack-saas-paas-iaas/
Wei, L., Zhu, H., Cao, Z., Dong, X., Jia, W., Chen, Y., & Vasilakos, A. (2014). Security and privacy for storage and computation in cloud computing. Information Sciences, 258, 371-386. http://dx.doi.org/10.1016/j.ins.2013.04.028
Adkinson-Orellana, L., Rodríguez-Silva, D. A., Gil-Castiñeira, F., & Burguillo-Rial, J. C. (2010, May). Privacy for google docs: Implementing a transparent encryption layer. In Proceedings of the 2nd International Conference on Cloud Computing (pp. 20-21). http://www-gti.det.uvigo.es/~darguez/pub/2010_CloudViews_GoogleDocsPrivacy.pdf
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Gashami, J., Chang, Y., Rho, J., & Park, M. (2015). Privacy concerns and benefits in SaaS adoption by individual users: A trade-off approach. Information Development, 32(4), 837-852. http://dx.doi.org/10.1177/0266666915571428
THE ETHICS AND SECURITY OF CLOUD COMPUTING. (2016). CLIO.Com. http://nysba.webvent.tv/uploads/assets/1311/document/0001-Clio_Security_Ethics_of_Cloud_Computing.pdf
Golden, B. (2016). 5 cloud computing predictions for 2016. CIO. Retrieved 23 January 2017, from http://www.cio.com/article/3024329/cloud-computing/5-cloud-computing-predictions-for-2016.html
