In May, the National Institute of Standards and Technology (NIST) released their report, “Cloud Computing Synopsis and Recommendations,” which offers an eminently readable summary of the technology as it currently stands. For anyone interested in learning what cloud computing is and how it can be used, or anyone wanting to refresh their knowledge, this report is an excellent resource.
The report opens with an interesting point: moving to cloud computing is inherently a business decision. An organization must consider deployment and service models, the economics of cloud computing, operational characteristics, service level agreements, and last but not least, security. Depending on the needs of an organization or group of end-users, the configuration of a cloud computing system can vary greatly. However, there are five essential characteristics that every cloud computing system must have. These are, in no particular order:
On-demand self-service – users don’t have to interact with anyone or follow a particular schedule for usage
Broad network access – the system can be accessed through widely available/standard mechanisms, commonly the internet
Resource pooling – multiple users can be served at the same time
Rapid elasticity of capabilities – more users or greater volumes of data can be accommodated quickly
Measured service – usage can be monitored, controlled, and reported on
Apart from these basic requirements, many different combinations of service and deployment models are possible. There are three basic service models, software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) and four deployment models, public, private, community, and hybrid. For the purposes of this post, we will focus mainly on the distinctions between the service models and what type of use each is appropriate for.
SaaS has become almost ubiquitous in the age of fast, cheap, and widely available internet service. In the SaaS service model, the end-user is, in effect, renting access to a particular application. Consumers have user level control over the application, but only have limited administrative control, and no control at all over the middleware such as Java, the operating system, or the hardware. Because of this, most of the burdens and risks associated with SaaS are shifted onto the provider.
Both PaaS and IaaS offer significantly more freedom to the cloud consumer, who can control the middleware as well as the operating system, respectively. For many organizations, this amount of control is neither desired nor convenient. SaaS is a good choice for those organizations that do not want to – or cannot – support a dedicated IT force.
With SaaS, providers and consumers need to consider whether or not there is ample network redundancy, if data can be securely deleted, if communications have adequately secure encryption, and if the cloud is portable (if necessary). When it comes to e-discovery, portability issues are one of the largest concerns. Many vendors do not offer solutions that encompass every part of the EDRM, often making it necessary to use multiple products during the course of discovery and review. Checking for compatibility between systems or choosing a comprehensive solution is crucial.
For more details, read the full NIST report, “Cloud Computing Synopsis and Recommendations.”