The Cloud is an environment which allows the delivery of IT services in a standardized way. This standardization makes it possible to optimize the procurement of IT services from both external and internal providers. The Cloud covers a wide spectrum from shared applications delivered over the internet to virtual servers hosted internally. The risks associated with Cloud computing depend upon both the service model and the delivery model adopted. The common security concerns across this spectrum are ensuring the confidentiality, integrity and availability of the services and data delivered through the Cloud environment.
There are several models for Cloud computing and organizations considering a move to the Cloud need to select the appropriate model. These models range from the Public Cloud – where applications and infrastructure are owned by the provider and made available to a wide range of organizations, through to the Private Cloud – where the infrastructure is operated for a particular customer. At the Corporate IT level adoption of Private Clouds is around 19% with a further 34% expecting to have such environments by the end of 2012.
The commercial flexibility of some Cloud services is such that many organizations are already using the Cloud at the departmental level without the organization being aware and without full assessment of the risks involved.