This article can also be found in the Premium Editorial Download "Information Security magazine: Effective strategies for risk management and security information management systems."
Download it now to read this article plus other related content.
WRITING IN HIS blog recently, Misha Govshteyn, co-founder and CTO of log management software-as-a-service vendor, AlertLogic, notes that some vendors at the RSA Conference 2009 were using the term cloud computing
Govshteyn points out that Netgear uses "cloud" to describe its line of unified threat management (UTM) appliances. Netgear says it has a "hybrid-in-the-cloud security architecture." Endpoint security vendor Prevx uses "cloud" to describe its endpoint agents using the "power of the cloud."
"Those are some of the more absurd examples," Govshteyn says. "Cloud is really about moving complex computing workloads off premise and delivering them as a service. At the end of the day, cloud at its core is cost effective and simple."
Even IBM is coining the term for what it isn't. Big Blue describes its new WebSphere SOA appliance as the WebSphere CloudBurst Appliance. It's deployed in-house, but that doesn't stop IBM from calling it an SOA appliance, which deploys and manages SOA in a private cloud.
Like Govshteyn, other security experts and industry observers agree that the loose use of the term cloud has fueled some confusion about what it really comprises.
"I've heard from a lot of end users saying that they are sick of the word cloud because it's used in every conversation they have with vendors," says Chenxi Wang, a principal analyst at Forrester Research. "The industry is sick of getting another buzzword, but cloud computing and cloud services are here to stay."
Web-based service offerings are what primarily make up the cloud. In a recent Forrester report, Wang describes three markets associated with cloud computing: App-components-as-a-service, software-platform-as-a-service and virtual-infrastructure-as-a-service.
The app-components-as-a-service market includes Web-based email and other social networking applications where the application is owned by the provider. Google's Web-based word processing and spreadsheet applications fall into this market.
Salesforce.com and other vendors that sell their software via the Web would qualify for the software-platform-as-a-service market. Microsoft Azure Services Platform and Amazon's S3 data storage services also make up this market, according to Wang.
The third and final piece of the cloud-based services market includes the virtual-infrastructure-as-a-service market. The space is made up of traditional outsourcing services, such as when a company hosts a Web server at a remote data center where a service provider provides maintenance and upgrades.
Having a firm grasp of what really makes up the cloud is mixed among different organizations, Wang says. In fact, some companies may not realize that a small division is using cloud computing for a certain business process, she says.
"Many are just starting to get their feet wet and those companies tend to be less versed in the benefits and risks and even the functionality," Wang says.
Even the National Institute of Standards in Technology (NIST) is weighing in on an official definition. In a working definition released in April, NIST called cloud computing an "evolving paradigm." The organization narrows the term down to five key characteristics, three delivery models and four deployment models.
"Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction," NIST says.
Jim Reavis, a security consultant and director of the Cloud Security Alliance, a non-profit organization seeking ways to better secure cloud-based services, says the term "cloud" should be simplified for the average customer to understand.
"Cloud computing is in my view an on-demand usage of information technology delivered to the customer as a subscription-based service," Reavis says. "The customer is not aware of a lot of the interworkings of these shared resources."
And according to AlertLogic's Govshteyn, if customers aren't aware of the interworkings of the shared resources, they probably shouldn't worry about the definition of the cloud.
"Understanding the definition of cloud isn't really going to have any bearing on how you make your buying decision," Govshteyn says.
Robert Westervelt is news editor of SearchSecurity.com. Send comments on this article to email@example.com.
This was first published in June 2009