Transitioning from Traditional Information Systems to Cloud Computing Environment in the UK - Term Paper Example

Critical Discussion of Factors to Consider when Transitioning from Traditional Information Systems to Cloud Computing Environment in UK: Small Medium Enterprise (SME) Name Course Name and Code Instructor’s Name Date Table of Contents Table of Contents 2 Introduction 3 Confidentiality, Integrity, and Availability of information assets 5 Risk, Vulnerability and Threat assessment 7 Compliance 7 Legacy systems 8 Cloud models and adoptions 9 Cloud models 9 Drivers for cloud adoption 12  Backups, Liability, Continuity and Disaster management 14 Service level agreement (SLA) 14 Conclusion 14 Reference 15 Introduction Cloud in cloud computing refers to the internet. Cloud computing refers to a style of computation that delivers massively scalable IT enabled capabilities to external consumer as a service via internet technologies (Gardner, 2010). Cloud computing requires that IT be delivered as a service via the internet in which documents, data and emails are stored online making them accessible in real time from any laptop, mobile phone or PC. The advent of cloud computing was necessitated by various players as shown in the figure below. Cloud computing is used to reduce costs of infrastructure and addressing concerns such as scalability and capacity. Cloud computing can be classified as private and public. Public cloud computing is run by a third party cloud provider who is charged with the responsibility of providing the servers, infrastructure and networking needed to ensure that applications are scalable and available (Dublin Institute of Technology, 2011). Private clouds on the other hand refers to a proprietary computing architecture that is owned or leased by a single firm that provides hosted services behind a firewall to customers within the firm. Private cloud computing has however faced criticism in that cloud ought to run on the internet and not to be hidden behind a firm’s firewall. Contrary to this argument, some observers see that private cloud computing is something to look out for in the near future. This argument is based on the fact that large firms are likely to embrace this form of cloud computing as opposed to the publicly available cloud computing. This view is supported by what players in the industry say that vendors are lining up to release products which will facilitate adoption of internal cloud services. However, this is limited by the fact that few firms’ have the capacity to create and manage a true cloud computing (Dublin Institute of Technology, 2011). Thus it is expected that firms may choose in future to have an integrated system where it partly utilizes public cloud computing and partly private cloud computing. Even though adoption of cloud computing has been on the rise in recent past, many small and medium enterprises are still clueless about the technology. Studies have indicated that in United Kingdom less than 20% of SMEs use the technology and more than 43% do not know what the term implies (Tyler and Hurley, 2011). Of those who understand what the term means, 36% do not see the benefits of adopting the technology. However, UK SME owners have incorporated a wide range of technologies into their business. This purpose of this report is provide a critical analysis of what SMEs in UK need to consider when they want to transition from their traditional computing to cloud computing. Confidentiality, Integrity, and Availability of information assets Many SMEs in UK have cited security concerns to be the main barrier for them adopting cloud computing. Of the enterprises which have adopted cloud computing, 43% reported a lapse in security or issue with the technology between June 2010 and June 2011 globally (Tyler and Hurley, 2011). It has been argued that IT security has always based on keeping people out of data centre. Thus, some IT experts have argued that IT security ought to change in order to fit in cloud computing. In the past IT security aimed at preventing outsiders from accessing data from data centres. Thus they always focused on preventing intruders from accessing information in data centres. For the cloud technologies, IT security needs to concern itself with inside out security systems, access rights and data (Tyler and Hurley, 2011). Some opponents of the technology have argued that cloud computing is only viable to criminals who are the leading edge adopters of the technology on the premise that it is powerful, scalable, available and that in their case anonymity of the technology. In spite this criticism; UK government promised at the beginning of 2011 to adopt cloud computing and businesses owing to its ability to cut costs (Dublin Institute of Technology, 2011). However, it was argued that some departments would avoid adoption of the technology based on its inability to address security and privacy issues. Even though many firms cite security as being a barrier to cloud computing, the performance and availability of cloud services are also raising concerns over the adoption of the technology. Concerns about performance and availability are second to security concerns as shown in the table 2 (Tyler and Hurley, 2011). Barrier Percentage Security 50 Performance and availability 48 Others 2 This implies that performance and availability of cloud services are equally important as security concerns in the adoption of cloud computing among companies. In spite these concerns, cloud providers have systems in place which prevent data leaks or access by third parties. The enterprise owners also have their own identity management system which is used to control access to information and computing services (Dublin Institute of Technology, 2011). Thus cloud providers can either integrate the identity management system of the customer into their own infrastructure via federation or SSO technology, or provide their own identity management solution. Cloud providers physical machines are adequately secure and access to them and relevant customer data is restricted and those accesses are properly documented. To ensure privacy critical data such ads credit card numbers are masked and only authorized users can access it. In addition some cloud service providers allow encryption of data in order to enhance its security (Dublin Institute of Technology, 2011). However, encryption management key management techniques employed in cloud computing today are vulnerable. Based on this argument; SMEs need to evaluate their security concerns and seek relevant information from experts prior to making that bold move of transitioning from traditional systems to cloud computing. The integrity of the service provider is essential in adoption of cloud computing. SME in need of cloud computing often need to be sure that the vendor will perform the right kind of operation on their data. They also need assurance that their data will not be manipulated by then service provider (Dublin Institute of Technology, 2011). Thus SME need to look out for firms which value transparency to ensure the integrity of their data. Most cloud computing infrastructure are protected from equipment failures and outages using standards network switches, servers and storage facilities and hence has high availability. Risk, Vulnerability and Threat assessment Data stored in cloud computing system is vulnerable as long as it is not encrypted. Cloud computing are vulnerable to poor authentication, accounting system, authorization; remote access to management interface; lack of standard solutions and technologies; lack or weak key encryption among others. Most firms who want to safeguard their data stored in cloud turn to encryption (Dublin Institute of Technology, 2011). Studies have indicated that 85% of firms which have adopted Cloud computing encrypt their data (Trend Micro, 2011). In addition, studies have indicated that 50% of those prospecting to adopt the technology say that they would consider providers who offer encrypted storage of data. Threats such as abuse and nefarious utilization of computing, malicious insider, data leakage or los, account or service hijacking are some of threats facing cloud computation. Compliance Cloud computing also faces compliant risks. However, some cloud providers such as the Trend Micro™ SecureCloud™ provides policy based key management technology alongside industry standard encryption which gives the enterprises control over the data stored in the cloud system. This alleviates the compliance risk in addition to privacy issues and security. The ethical issue that arises in the adoption of cloud computing is trust between the vendor and the client. This is because cloud computing requires the client to entrust his/her IT data and resources to the vendor (Dublin Institute of Technology, 2011). It trust that makes more firms to be sceptical of the safety of their data. Trust comes from various angles of cloud computing and in order to win the trust of clients, vendors ought to address all issues such as security, vulnerability, and performance issues facing the technology among others. The reputation of the vendors and policies adopted by them can help them win the trust of clients. Thus SMEs intending to adopt cloud computing ought to find out the policies and the reputation of the firm prior to adopting cloud computing. SMEs seeking cloud services need to find out whether the vendor is responsible for compliance and what happens in case the provider subcontractor. I9n addition, SME s need to take into consideration whether the service providers uphold international standards of operations and whether the service to be provided is in the best interest of their business. Legacy systems Legacy system refers to programming languages, hardware, software that is outmoded and is no longer supported by their respective vendors (Dublin Institute of Technology, 2011). They however continue to exist due to the cost, effort and potential risk of interrupting the business due to movement of data and key business processes to cotemporary technologies that are more advanced such as cloud computing. These models are relied upon today mainly by financial firms. Cloud models and adoptions Cloud models There are various models of cloud computing. They are divided into delivery or service models and deployment models. Service models include Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). In SaaS model all resources are outsources all resources for cloud computing through renting services that are remotely accessible via the internet (Dublin Institute of Technology, 2011). Thin client interface is used by the client to access the vendor’s software or applications. Under this model the client lacks control over the infrastructure through which the application is running. Salesforce.com and Netsuite are examples of SaaS providers. In the case of PaaS model the vendor rents dedicated resources to the client. In this model the client can deploy his/her own created application onto the cloud system by employing various programming languages in addition to tools supported by the vendor. The client has some control over user deployed software and applications but not on the cloud infrastructure. Google Application Engine and force.com are examples of PaaS model (Dublin Institute of Technology, 2011). The IaaS is a model is a service dedicated resources which is offered to a single client and does not allow sharing of information with unknown individuals. The model allows the client to deploy his/her application onto the cloud infrastructure. The client can control self deployed applications but has no control over the cloud infrastructure. The deployment models are independent of service models and they include public cloud, private cloud, community cloud and hybrid cloud. Public cloud is accessible to the general public who share in payment as you go (Dublin Institute of Technology, 2011). One can access the resources in this model via the internet and the provider ensures the economies of scale and management of the needed infrastructure. Clients have an option to choose security levels they desire in this model and negotiate for service levels. The widely adopted example of public cloud is the Amazon Web Services EC2. The figure below shows a structural formation of a public cloud. On the other hand private cloud the resources are restricted to the firm. The resources may be located in the precincts of the client’s firm or offsite. This kind of cloud model does not raise any security and compliance concerns. However, the cost of running this model is high as opposed to public model. The figure below is a structural formation of private cloud. The hybrid model of deployment is an integrated model of private and public cloud. Firms using this model can access the public model infrastructure but the public cannot access the infrastructure of the firm. The figure below shows the model diagrammatically. Finally, community cloud involves sharing of cloud infrastructure among multiple firms who have a shared interest. The model can be managed by a third party or a firm. The figure below is an illustration of community cloud model. It is clear that the available models of cloud computing provides a range of alternatives that SME can choose from based on their special needs and interests (Gardner, 2010). Drivers for cloud adoption There are various drivers which make people to adopt cloud computing in UK. Studies have shown that most firms with more than 20 employees in UK are at the forefront of cloud revolution. A study involving 450 participants found out that 48% of them used some form of cloud computing (Onestopclick, 2011). The study indicated that flexibility, cost savings, low cost of adoption, new service offering, skills gap, return on investment and other reasons are key drivers of cloud computing adoption in UK. The graph below shows how the participants considered the factors as primary drivers for adopting cloud computation. Graph 1 (Onestopclick, 2011) The study found out that flexibility accorded by cloud computing is the key driver for its adoption in UK. The study indicated that participants from small firms valued flexibility more than other participants which is an indication that cloud computing is really helping small firms with little in house resources to enhance their operation flexibility (Gardner, 2010). Thus this is an indication that SME can really benefit from the flexibility accorded by cloud computing.  Studies also indicate that cost saving is valued at 16% as the main driver of cloud computing (Onestopclick, 2011). In addition, in UK large firms cited cost saving as a driver for adoption of cloud computing than smaller firms. In addition, private firms in UK are unlikely to adopt cloud computing based on cost saving than public firms as affirmed b y previous studies. Smaller firms seeking to expand their IT capabilities can adopt cloud computing as it offer low costs of adoption (Dublin Institute of Technology, 2011). The ability of the system to deliver new services has been found to play a role in the adoption of the technology. Thus dependent on the needs of the firm, they can evaluate these benefits accorded by cloud computing against the concerns in order to make informed decision.  Backups, Liability, Continuity and Disaster management The client also needs to ask him/herself questions about the availability of the data in case something goes wrong with the service provider. This implies that SMEs renewed to source their cloud computing vendors who can assure them of the continuity of their ventures in case something goes amiss (Onestopclick, 2011). SMEs need to consider the disaster management policies put in place by cloud computing service providers to attend to emergencies such as unexpected attack on the infrastructure and how to recover the lost data and whether the firm has some backups. Service level agreement (SLA) Service level agreements between the clients and service providers are emerging as an essential component of cloud computing adoption. In order to monitor the quality of cloud service there is need to enforce service level agreement (Gardner, 2010). Some cloud providers such as Amazon EC2b puts the burden of proving service level agreement violation on the client and thus the client is expected to take the responsibility enforcing SLA. Having a formalized SLA allows enforcement process to be automated and hence relieving the consumers of the burden of enforcing SLA. Thus, SME need to look out for service providers who have formalized SLA that can allow automation of the enforcement process (Dublin Institute of Technology, 2011). Conclusion SMEs in UK need to take into consideration various factors when adopting cloud computing. Even though factors such as flexibility, cost savings, low cost of adoption, new service offering, skills gap, and return on investment have been cited to be primary drivers of adopting cloud computation, SMEs need to consider other factors. They ought to consider issues such as security, integrity, availability, risk, vulnerability, threat, compliance disaster preparedness and service level agreements when choosing cloud computing technology provider. Reference Dublin Institute of Technology. 2011. Home. Available at: http://arrow.dit.ie/ [Accessed 28 October, 2011] Gardner, D. 2010. Cloud Computing Models. Available at: http://cloudcomputing.sys-con.com/node/1588597 [Accessed 28 October, 2011] Onestopclick. 2011. Primary Drivers for Cloud Adoption in the UK. Available at: http://hosting.onestopclick.com/topic/145/439/primary-drivers-for-cloud-adoption-in-the-uk.html [Accessed 28 October, 2011] Shimba, F. 2010. Cloud Computing: Strategies for Cloud Computing Adoption. Dublin Institute of Technology, School of Computing Dissertations. Retrieved from http://arrow.dit.ie/cgi/viewcontent.cgi?article=1028 [Accessed 28 October, 2011] Trend Micro. 2011. Secure your Journey to the Cloud with Data Protection. Available at: http://us.trendmicro.com/imperia/md/content/us/pdf/solutions/enterprisebusiness/serversecuritysolutions/securecloud/sb01_sc_vmware_110707us.pdf [Accessed 28 October, 2011] Tyler, R., and Hurley, J. 2011. SMEs in UK slower to adopt cloud computing than Europe's firms. Available at http://www.telegraph.co.uk/finance/yourbusiness/businesstechnology/8472220/SMEs-in-UK-slower-to-adopt-cloud-computing-than-Europes-firms.html [Accessed 28 October, 2011] Read More