ICAEW.com works better with JavaScript enabled.
Exclusive

Cloud Computing 101 – your questions answered!

Author:

Published: 18 May 2022

Exclusive content
Access to our exclusive resources is for specific groups of subscribers.
Questions raised during our recent live webinar.

This blog post accompanies our recent webinar, Cloud Computing 101: what is the cloud all about  – if you missed it, you can follow the link now to watch the webinar on-demand. In this post we’ll cover the questions raised by attendees during the live session.

What are the risks relating to cloud platforms? How can the risks be managed?

Like any other piece of software, there are risks associated with leveraging cloud platforms – some of these risks are higher than with on-premise (desktop/internal network) solutions, but many are lower.

The key risks around cloud platforms are typically relating to security – ensuring your login credentials are complex and secure – contractual risks (being tied into particular products and services, or the risk of losing access at short notice), and data location and access considerations which may require careful management. Our updated cloud services guide, to be released soon, will explore the risks in more detail, but in short, managing the risks depends on being aware of what the risks are, and the organisation’s appetite for accepting or mitigating them.

With the increase in video conferencing and consequential need for local processing power, does this limit the savings that could be achieved by moving processing to the cloud?

Many video conferencing providers are optimising this and can deliver VC capabilities to sufficient quality via apps or web browsers without needing significant on-machine processing. So while some local processing is required, it is generally minimal. Cloud computing enables you to draw on much, much more powerful processing than is typically delivered in a standard desktop or laptop machine.

It is also worth highlighting one of the key benefits of cloud computing, that the processing power is scalable. So if you have a seasonal business, you don’t need to build your infrastructure to meet peak demand, leaving redundant capacity the rest of the year; cloud computing allows you to scale up and down processing power as needed.

Is there a need to back up data stored in the cloud?

In regard to backups, this is an area where risks are typically lower – cloud providers commonly offer backup as a part of the package, and this can be at a much higher frequency than achievable through on-premise solutions, though it is always worth checking the fine print. For business critical data, it may be worth considering a separate backup strategy as no service is infallible. AWS, GCP or Microsoft Azure outages are rare but can happen, making international headlines when they do – though history has shown that such outages are often rectified swiftly. Equally, providers could be victims of cyber attacks as seen with Kronos last year. 

How you manage this risk will ultimately depend on how long your business can keep running without access to the cloud solution and the data stored within it, or, to change the perspective, how quickly you might be able to recover if it was your on-premise solution that fell over. If you determine that an alternative backup solution is required, this could be ‘off cloud’ (though in doing so you may negate many of the benefits of using the cloud in the first place, as this requires physical infrastructure, on-premise servers and so on), or it could be an alternative cloud provider. It may also be necessary to consider any legal provision for loss of data or service, bearing in mind that smaller businesses may have little ability to influence the contractual terms with cloud providers.

What are the downsides of cloud platforms?

All solutions have good and bad features, and many of these will depend on your circumstances. Fundamentally, in a cloud computing environment, you have less control over the infrastructure because you are effectively ‘renting’ it – if you have very specific infrastructure requirements, or have a need to retain a high level of control over your systems, then it may be difficult for cloud providers to meet those needs. 

If your home or office has poor bandwidth, then cloud computing may not be for you as it does generally require a stable, fast internet connection. Cloud solutions also typically operate on a licensing basis, in a way that might not be the case for physical hardware in an on-premise server – if your business finds it easier to manage one-off fixed costs, then that is something to take into account. 

There are also some known challenges with accessibility of data, as cloud providers tend to want you ‘locked in’ to their service and so sometimes make it difficult to access your data at volume, or may provide it in formats which are incompatible with other tools.

How difficult is it to change cloud provider? Is data migration a challenge?

In some ways it is very simple – many cloud provider contracts operate on a rolling basis, so you can leave at short notice should you so choose. However, there are practical challenges, as mentioned above, relating to data accessibility. Most providers will make it possible to get hold of your data in some form, but they may not make it easy for you. It is best to understand this from the outset, rather than waiting until you want to end a contract before realising you can’t get your data out in a usable way. There are also third parties who are able to assist with the migration process, and often have specialist tools to manage the data transfer. This is a topic area we’ll be looking to explore further in the coming weeks and months.

Are there data security concerns to be aware of? Is my data going to be stored in the US?

While the main providers are large US companies, the data centres they use to provide cloud services are not all US-based. Indeed, Microsoft for example has Azure data centres in over 200 locations around the globe, covering the significant majority of jurisdictions from a data perspective. They also host data for a number of public sector organisations and so have experience of managing data confidentiality at the most critical level.

If the data that you intend to host in the cloud is likely to be subject to data protection laws, or you have concerns about local regulations and rules around data accessibility, it is worth discussing with cloud providers as part of the scoping process to understand what controls can be put in place to manage this risk. They are, for the most part, well-versed in data protection laws and regional jurisdictions, and will be able to advise on how their solution can support your specific circumstances. It may be that your data is stored in a single, agreed, data centre, or that you are able to enter a more complex agreement involving the use of multiple data centres to support operations in different territories, but still being able to interact with that data through a common platform.

Privacy concerns and the risk of inappropriate access to data are things that can be managed by good cyber hygiene – strong passwords, multi-factor authentication and clear delineation of admin and non-admin roles all contribute to this. Again – most cloud providers are aware of the common challenges in this area and have tools in place to help.

What is the difference between IaaS, PaaS and SaaS?

On the webinar we talked about a ‘house’ analogy. Infrastructure as a Service (IaaS) is like having a plot of land – a blank canvas where you can pretty much do anything you want. Platform as a Service (PaaS) is like having the house built for you but left unfurnished and undecorated – so the basics are in place but left for you to put your own stamp on it. Software as a Service (SaaS) is your fully-furnished home – ready to live in from day one. Though as noted above, the benefit of the cloud that this analogy doesn’t highlight is the scalability – you have to imagine a magic plot or house that can change size at will!

It is also worth understanding that SaaS solutions are typically build by providers who host their software on IaaS providers, leveraging PaaS tools. So, for example, Netflix is a very typical SaaS cloud-based solution, but is hosted on AWS who provide the infrastructure and technology to support it.

PaaS providers tend to sit more in the developer space, so providing servers, databases and the tools that support development of applications.

What are APIs and how are they relevant to Cloud Computing?

APIs are “Application Programming Interfaces” – in other words, they are a means by which different applications can talk to each other. Typically, they work on the basis of one application sending a request to another application, in a pre-defined format, and the second application then sending a response, which could be informational (eg. a simple acknowledgement that the request was valid), or could contain data, again in a format that would be laid out in the specifications of the API. Requests can also involve data, or can be instructions to add, change or delete data stored by the target application, or trigger any defined action on the target application that has been ‘exposed’ via the API.

APIs can, where necessary, be designed using tokens, encryption and gateways to authenticate and validate requests, and exchange information securely.

APIs are popular when working with cloud software, as they allow applications to communicate with each other in a programmatic way, leaving the user to interact simply with the front-end of one application without having to directly engage with other, connected applications. They are key to the integration of systems.

What happens if your internet connection goes down?

The same thing that happens to your Netflix film – the film is still there in the cloud, but you stop being able to watch it! So a stable, fast internet connection is important when using cloud-based services.