Tech Brief - Chris Cruz
Few technical terms have been more injected into common lexicon than the ever-growing terminology around cloud computing. Joining the ranks of such phrases as “Just Google it,” the “cloud” has become an overly simplified method for explaining computing methods long utilized in the IT profession. This tech brief will attempt to simplify not the “cloud,” but rather the technology and services that make it work, the competitive field that cloud vendors compete within, as well as the user and security implications that it holds.
End-users are notorious for commonly referring to any kind of computing service or storage application which they don’t fully understand as being “the cloud.” That’s not surprising though, since it is estimated that by 2018 at least half of all IT spending will be cloud-based. It is thought of as being ubiquitous, mysterious, and usually beyond simple explanation. Education end-users on the realities of cloud computing can go a long way in encouraging tech literacy, in addition to helping users to better grasp the risks and trade-offs one makes when utilizing cloud services.
When visualized, many unfamiliar with basic IT concepts often confuse the cloud with other services like Wifi, or they may even assume the entire concept of the Internet to be the cloud. This is a side effect of the ephemeral nature to which the cloud has been assigned, as being something that is simultaneously everywhere yet nowhere, and to include the notion of the cloud being something far away.
What is Cloud Computing
Cloud computing can be most succinctly surmised as Computing-as-a-Service (we’ll refer to this as CaaS, though not to be confused with Communications-as-a-Service). This less-than-user-friendly phrase is probably the most encompassing, but still leaves some sense of mystery. We can further elaborate on CaaS by defining it as the following: Computer infrastructure provided as a service model accessible to customers and organizations directly via the Internet. No one owns the cloud nor its terminology, but rather the cloud is made up of whoever’s infrastructure one happens to be using anywhere in the world. That infrastructure is typically comprised of a server or, much more likely, one or more data centers or server farms hosting the application in question. A company can manage this infrastructure and offer it up to customers via one or more cloud services, or, a company may resell to their customers someone else’s cloud infrastructure, with the customer only seeing the resellers branded service. This is where security and privacy implications begin to occur, since the end-user will generally have no idea where their data actually resides.
Some of the most common use cases around cloud computing from the end-user’s perspective include internet-enabled storage, file and photo sharing, web-based email, or other internet activities in which data is stored, used, or manipulated while entirely off of the user’s asset. The various types of cloud services can be rolled up into three common types: Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS). SaaS includes things like online email or office suites the like of Google and O365. IaaS is the next level down, where instead of a complete service via the cloud, the user receives a virtualized server to their desired specifications which can host end-user facing services and applications. PaaS is one step further away from the end-user, and represents an entire suite of infrastructure for the customer to leverage, typically to build more advanced services or applications, or to empower resellers to create customized solutions for specific/niche markets. Across all of these options, the biggest benefit to cloud computing is off-loading a service and its supporting infrastructure management to an outside party, thus saving time, money, and resources.
The cloud market itself has been booming for nearly two decades with no end in sight. In 2017, Gartner predicted that the IaaS segment of the cloud computing market alone will reach $71.55 billion by 2021. The first major player to hit it big in the cloud was Salesforce, who provided an enterprise-quality service application completely accessible via a simple interface over the internet. No complicated installation rollouts or version controls were required, end-user support was offloaded to the vendor rather than an internal help desk, and all the internal infrastructure costs were rolled into a single per user or per month fee. For the first time, the burdens eased by cloud computing were truly clear to businesses large and small.
Today, the cloud market is dominated by a number of well-known names, including Microsoft, Google, and IBM. Other players have stepped into the game, and non-better than Amazon with their Amazon Web Services (AWS) offerings. Based on revenue, AWS maintains a dominant hold with a 47.1% market share. Q1 earnings for AWS in 2017 were up 42% from the year prior, hitting $3.66 billion in revenue. Though Microsoft’s Azure cloud services only hold a 10% market share, in the same period as AWS, their revenues grew an impressive 90%, nearly double the AWS growth rate. Google’s cloud services hold a 3.95% market share, and IBM’s Softlayer service is right behind them with 2.77%. AWS alone is predicted to hit $43 billion in cloud market revenue by 2022.
The numbers tell a similar story if we look at adoption rates, as measured by applications run by each of the cloud service providers. Based on this view, AWS has a 57% market lead, but Azure has 34% and since 2016 has gained 60% market penetration into AWS’s user base. Google’s cloud services are up to 15% usage in 2017. Gartner’s Magic Quadrant for Instructure-as-a-Service gives some additional insights into the current shape of the market as well. Gartner’s reporting reflects not only market share, but also specific cloud computing metrics to include automated resources management, management tools delivered as services, and cloud software infrastructure services.
Gartner reports AWS and Azure as by-far the leading cloud platforms in the market, both firmly nested in the Leaders category amongst their peers. Google trails both significantly, but still holds a potentially promising spot as a Visionary in the market. Alibaba Cloud makes a surprise appearance in the Gartner report, a company not previously seen in most of the reporting collected. Alibaba is a Chinese-based conglomerate, often thought of as the Amazon of the East. Though they offer a variety of services, their cloud and technology offerings have been growing over the past few years, and they are additionally known for making a lot of plays toward artificial intelligence, quantum computing, and other more advanced tech services. A previous report by Gartner solely focused on IaaS found Alibaba to be ahead of all the other competitors, reaching $675 million in revenue in 2016, a 126.5% increase since 2015.
Security and Legal Concerns
Concerns about security, privacy, and governance have long plagued the notion of cloud computing, though they clearly haven’t been enough to halt its overall growth. Many industries, like healthcare, have been hesitant to adopt cloud solutions or services for several years now, and lag other industries who have held strong adoption rates like the finance sector, for example.
Security becomes a contentious issue in the realm of cloud computing, mostly due to the offsite nature of cloud services. Without owning the hardware, architecture, or potentially even the server stack being used, common security processes are owned by the cloud provider rather than the customers internal security or operations teams. This means that the customer must trust, or manually verify, that the cloud service provider is actively doing patch management, addressing common security vulnerabilities, and properly securing and/or encrypting stored data. Microsoft learned about security issues in the cloud early on when its Business Productivity Online Suite, the first version of Microsoft’s popular office productivity software made to be functional in the cloud, suffered a data breach in 2010 which impacted numerous customers and exposed their data to other users and potentially malicious actors. Numerous other companies have incurred similar incidents, including Yahoo, Dropbox, and other big names in cloud services.
Issues of security can be even more complicated, however, as some companies may have data with specific requirements or governance expectations. These can include data under the governance of the Heath Insurance Portability and Accountability Act (HIPAA), the Criminal Justice Information Services (CJIS) regulations managed by the FBI, or the General Data Protection Regulation (GDPR) as established by the European Union. Cloud service providers wishing to support customers that must adhere to these types of governance concerns are on the hood for providing the necessary and required security considerations. Just some of the extra work a cloud provider must do includes background checks, external audits, high level encryption management, record retention and data purging, enhanced physical security, and other support mechanisms. Each of these is not only a burden for the provider, but a potential fail point from a security perspective with significant impact to the customer.
Cloud computing also presents several legal considerations that have impacted a number of different industries. A major part of governance as previously discussed is the physical location of the data, specifically, what country or region the data may reside within. Data stored within the European Union is often subjected to GDPR, for example, which is significantly stricter in nature than privacy or data laws found in the U.S. Additionally, certain data may be subject to international restrictions, export controls, or other impedances depending on where it’s stored and where it is accessed from. Cloud users have to take this fact into consideration, and ensure their data is within the necessary compliance requirements, and cloud providers as well need to ensure they are not storing or moving data in a manner that is illegal or otherwise unapproved.
The cloud clearly shows no signs of stopping. The benefits for numerous industries far outweigh the risks, and the ability to offload not just the service, but many aspects of the maintenance, compliance, and hardware requirements offer tremendous savings opportunities and process advantages. AWS who, for all intents and purposes, reigns as the king of cloud, has managed to solidify their place as number one within the foreseeable future. But, competitors like Google, Microsoft, and even foreign companies like Alibaba, are entering into the fray with significant success. The market is ripe for competition, and it’s likely we will see many companies catch up with AWS in various market performance metrics, but it’s even more likely we’ll see new and more creative companies or startups striving to take cloud computing to the next level.