Cloud Computing : Economic Opportunities versus Technical and Compliance Risks

• Autorzy: Klaus Brunnstein
• Języki publikacji: EN

Abstrakty

EN

Based on their own Information and Communication services, so far preferably in-house or when outsourced under close control, many enterprises have transformed their business processes into a strong interaction between computers, networks and human operation. "Cloud Computing", now strongly advertised by related service providers (and reflected by some media as in a hype) is presently in the world of real business IT still in its initial and test phase. Cloud Computing services offer reduced costs (esp. for investment and maintenance of staffs of specialists for developing and operating in-house IT-Services). On the more critical side, the ability of controlling (esp. sensitive) data and business processes is reduced, and other aspects of security (e.g. persistent and reliable work at high level of availability) need specific solutions which need more investment on the side of the enterprise. Indeed, early examples of incidents (such as a crash of an Amazon EC2 cloud system) indicate that (mildly speaking) "not all problems of (technical) security have been solved". Among the types of Cloud Computing services, forms of Private Clouds - e.g. in the form of Department or Enterprise Clouds, or in the form of mixed IT/Cloud systems - can best support the separation of storage and processing of sensitive data - which requires significant security controls and should remain under control of the enterprise - from less valuable business processes which may be "outsourced" into a (partially secure) Cloud. Moreover, there are critical concerns about moving some kinds of sensitive data - esp. including personal, financial and tax data - and related processes to general Cloud service providers when the location of the service may be in conflict with national laws and other legal regulations, so that national or regional (EU) compliance requirements cannot be met. (original abstract)

Słowa kluczowe

EN

Cloud computing; Data processing; Information management; Information system

PL

Chmura obliczeniowa; Przetwarzanie danych; Zarządzanie informacją; System informacyjny

• Czasopismo: Prace i Materiały Wydziału Zarządzania Uniwersytetu Gdańskiego
• Rocznik: 2011
• Numer: nr 3
• Strony: 49--59

Twórcy

autor

Klaus Brunnstein

• University of Hamburg, Germany

Bibliografia

• 1. Amazon EC, (2011), http://aws.amazon.com/ec2.
• 2. Business Insider, (2011), http://www.businessinsider.com/amazon-lost-data-2011-4 2011-04-22: Inside Amazon's Cloud Disaster 2011-04-28: Amazon's Cloud Crash Disaster Permanently Destroyed Many Customers' Data.
• 3. EU Data Protection Directive, (2011), http://en.wikipedia.org/wiki/European_Union__directive.
• 4. Cloud Security Alliance, (2011), https://cloudsecurityalliance.org/.
• 5. IBM Cloud Computing, (2011), http://www.ibm.com/cloud-computing/ us/en/.
• 6. Google Cloud, (2011), http://www.google.com/apps/intl/en/business/ cloud.html.
• 7. NIST Cloud Computing, (2011), http://csrc.nist.gov/publications/drafts/ 800-145/Draft-SP-800-145_cloud-defmition.
• 8. VMWare, (2011), http://vmware.com.
• 9. VSM definition, (2011), http://searchnetworking.techtarget.com/definition/ virtual-systems-management.
• 10. Wikipedia Cloud Computing, (2011), http://en.wikipedia.org/wiki/ Cloud_computing.
• 11. Wikepedia Virtual Machine, (2011), http://en.wikipedia.org/wiki/ Virtual_machine.