Usare consapevolmente i servizi cloud

Per usare nel modo giusto i servizi del cloud computing si devono seguire diverse indicazioni.  Quest’ultime servono principalmente per ponderare principalmente i rischi e i benefici dei servizi offerti,verificare l’affidabilità del fornitore e stare attenti alle clausole contrattuali. Ma vediamo in modo più approfondito le indicazioni consigliate per usare i servizi cloud.                                                    

Prima di optare per l’adozione di servizi di cloud computing, è opportuno che l’utente verifichi la quantità e la tipologia di dati che intende condividere. E’ necessario innanzitutto valutare gli eventuali rischi e le possibili conseguenze derivanti da tale scelta sotto il profilo della riservatezza e della loro rilevanza nel normale svolgimento della propria attività. Tale analisi valutativa dovrà evidenziare l’opportunità o meno di ricorrere a servizi cloud.

                                

Gli utenti dovrebbero ragionevolmente accertare l’affidabilità del fornitore prima di migrare sui sistemi virtuali i propri dati più importanti, tenendo in considerazione le proprie esigenze istituzionali o imprenditoriali, la quantità e la tipologia delle informazioni che intendono allocare nella cloud, i rischi e le misure di sicurezza. Gli utenti dovrebbero valutare, inoltre, le caratteristiche qualitative dei servizi di connettività di cui si avvale il fornitore in termini di capacità e affidabilità.

E’ consigliabile ricorrere a servizi di cloud computing nelle modalità SaaS, PaaSIaaS in un’ottica lungimirante, vale a dire privilegiando servizi basati su formati e standard aperti, che facilitino la transizione da un sistema cloud ad un altro, anche se gestiti da fornitori diversi.

                                 

E’ sempre opportuno che l’utente valuti accuratamente il tipo di servizio offerto anche verificando se i dati rimarranno nella disponibilità fisica dell’operatore proponente, oppure se questi svolga un ruolo di intermediario, ovvero offra un servizio progettato sulla base delle tecnologie messe a disposizione da un operatore terzo. Si pensi ad esempio a un applicativo in modalità cloud nel quale il fornitore del servizio finale (Software as a Service) offerto all’utente si avvalga di un servizio di stoccaggio dati acquisito da un terzo. In tal caso, saranno i sistemi fisici di quest’ultimo operatore che concretamente ospiteranno i dati immessi nella cloud dall’utente.

In fase di acquisizione del servizio cloud è opportuno approfondire le politiche adottate dal fornitore, che si dovrebbero poter evincere dal contratto, relative ai tempi di persistenza dei dati nella nuvola. Da una parte l’utente dovrebbe accertare il termine ultimo, successivo alla scadenza del contratto, oltre il quale il fornitore cancella definitivamente i dati che gli sono stati affidati. Dall’altra, il fornitore dovrà presentare adeguate garanzie, assicurando che i dati non saranno conservati oltre i suddetti termini o comunque al di fuori di quanto esplicitamente stabilito con l’utente stesso. In ogni caso, i dati dovranno essere sempre conservati nel rispetto delle finalità e delle modalità concordate, escludendo duplicazioni e comunicazioni a terzi.

-Salvatore Zaccaria

Posted 11 months ago
1 note • View comments
Tagged: SaaS, PaaS, IaaS, clausole contrattuali, rischi e benefici, .
Understanding SaaS

Like we have said before according to Techtarget.comSoftware as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.”  A Web OScould be an example of SaaS, in fact a very clarifying one. 

To understand better the Web OS we have made a list of Free Web OS providers and have create an account in each one of them, with this account you will be able to use this Web OS and see how do they work. The account details are:

E-Mail: sm4rtcloud@gmail.com

User: sm4rtcloud

Password: sm4rtcloud*

For all these Web OS you will need a recent version of Adobe Flash Player wich can be downloaded and installed for free here

The Web OS are:

Camilo Ferran

Posted 1 year ago
View comments
Tagged: SaaS, WebOS, Cloud Computig, .
Software as a Service has password issues. Platform as a Service has encryption issues. Infrastructure as a Service has rogue user issues

According to Joe McKendrick the SaaS, PaaS and IaaS (the three cloud models) have very different kinds of risks…  “Software as a Service has password issues. Platform as a Service has encryption issues. Infrastructure as a Service has rogue user issues”.

 

SaaS Risks:

The biggest issue in the SaaS model of Cloud Computing is the password management, since SaaS delivers applications from the cloud, the main risk is likely to stem from multiple passwords accessing applications. However other risks that must be consider are:

 

  1. Data Security: One company data co-mingled with other businesses’ data.
  2. Lack of federated identity management: Due to multiple identities of employees at multiple SaaS providers, an employee’s access cannot be shut off automatically, following termination of an employee.
  3. Lack of strong service level agreements (SLAs) and contracts that hold people accountable should something happen. 
  4. Lack of interoperability among vendors (Vendor Lock-in): Puts companies at risk if SaaS provider goes out of business or acquired by a competitor. Switching costs could be high. 
  5. Web Application and Infrastructure Vulnerabilities.

 

PaaS Risks:

In the PaaS the number one issue is the data encryption, PaaS can be inherently secure, but the risk is slow system performance. That’s because data encryption is recommended before data is sent to PaaS cloud providers. However other risks that must be consider are:

 

  1. Business Continuity Planning and Disaster Recovery with PAAS vendor.
  2. Lack of Secure Software Development Process with PAAS vendor. 
  3. Vendor Framework Lock In. 
  4. Lack of adequate provisions in SLA. 
  5. How to meet compliance demands and control risks when work with a PAAS Vendor.

 

IaaS Risks:

In this case the most important issue will be the rogue users. IaaS focuses on managing virtual machines, and the risks are little different than with other cloud types — here, the main risk is rogue or unwarranted commandeering of services. IaaS requires governance and usage monitoring; enterprises should establish cloud service governance frameworks that help prevent employees accessing information or services they are not permitted to use. However other risks that must be consider are:

 

  1. If the business mission critical application is hosted in IAAS environment, the down time due to man mad or nature disaster could introduce significant business risks.
  2. Physical security of the IAAS environment.
  3. The Service Level Agreement.
  4. Compatibility of IAAS and internal legacy infrastructure. 
  5. Regulatory compliance.

 

 

- Camilo Ferran

 

www.zdnet.com

www.owasp.org

 
Posted 1 year ago
View comments
Tagged: Risks, SaaS, PaaS, IaaS, .
  Cloud computing offers the end user resources without the requirement of having knowledge of the systems that deliver it. Additionally, the cloud can provide the user with a far greater range of applications and services. Therefore the cloud enables users and business scalable and tailored services, this services are: Software as a service (Saas), Platform as a service (PaaS) and Infrastructure as a service (IaaS).   SaaS: Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. Is becoming an increasingly prevalent delivery model as underlying technologies that support Web services and service-oriented architecture (SOA) mature and new developmental approaches, such as Ajax, become popular. Meanwhile, broadband service has become increasingly available to support user access from more areas around the world.   SaaS is closely related to the ASP (application service provider) and on demand computing software delivery models. IDC identifies two slightly different delivery models for SaaS. The hosted application management (hosted AM) model is similar to ASP: a provider hosts commercially available software for customers and delivers it over the Web. In the software on demand model, the provider gives customers network-based access to a single copy of an application created specifically for SaaS distribution.   Benefits of the SaaS model include: - Easier administration. - Automatic updates and patch management. - Compatibility. - Easier collaboration. - Global accessibility.   The traditional model of software distribution, in which software is purchased for and installed on personal computers, is sometimes referred to as software as a product.   PaaS: Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones.   Platform as a Service (PaaS) is an outgrowth of Software as a Service (SaaS), a software distribution model in which hosted software applications are made available to customers over the Internet. PaaS has several advantages for developers. With PaaS, operating system features can be changed and upgraded frequently. Geographically distributed development teams can work together on software development projects. Services can be obtained from diverse sources that cross international boundaries. Initial and ongoing costs can be reduced by the use of infrastructure services from a single vendor rather than maintaining multiple hardware facilities that often perform duplicate functions or suffer from incompatibility problems. Overall expenses can also be minimized by unification of programming development efforts.   On the downside, PaaS involves some risk of “lock-in” if offerings require proprietary service interfaces or development languages. Another potential pitfall is that the flexibility of offerings may not meet the needs of some users whose requirements rapidly evolve.   IaaS: Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.   Characteristics and components of IaaS include: - Utility computing service and billing model. - Automation of administrative tasks. - Dynamic scaling. - Desktop virtualization. - Policy-based services. - Internet connectivity.   Infrastructure as a Service is sometimes referred to as Hardware as a Service (HaaS).   Camilo Ferran    http://whatis.techtarget.com/ http://www.itgovernance.co.uk/ 

 

Cloud computing offers the end user resources without the requirement of having knowledge of the systems that deliver it. Additionally, the cloud can provide the user with a far greater range of applications and services. Therefore the cloud enables users and business scalable and tailored services, this services are: Software as a service (Saas), Platform as a service (PaaS) and Infrastructure as a service (IaaS).

 

SaaS:

Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. Is becoming an increasingly prevalent delivery model as underlying technologies that support Web services and service-oriented architecture (SOA) mature and new developmental approaches, such as Ajax, become popular. Meanwhile, broadband service has become increasingly available to support user access from more areas around the world.

 

SaaS is closely related to the ASP (application service provider) and on demand computing software delivery models. IDC identifies two slightly different delivery models for SaaS. The hosted application management (hosted AM) model is similar to ASP: a provider hosts commercially available software for customers and delivers it over the Web. In the software on demand model, the provider gives customers network-based access to a single copy of an application created specifically for SaaS distribution.

 

Benefits of the SaaS model include:

- Easier administration.

- Automatic updates and patch management.

- Compatibility.

- Easier collaboration.

- Global accessibility.

 

The traditional model of software distribution, in which software is purchased for and installed on personal computers, is sometimes referred to as software as a product.

 

PaaS:

Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones.

 

Platform as a Service (PaaS) is an outgrowth of Software as a Service (SaaS), a software distribution model in which hosted software applications are made available to customers over the Internet. PaaS has several advantages for developers. With PaaS, operating system features can be changed and upgraded frequently. Geographically distributed development teams can work together on software development projects. Services can be obtained from diverse sources that cross international boundaries. Initial and ongoing costs can be reduced by the use of infrastructure services from a single vendor rather than maintaining multiple hardware facilities that often perform duplicate functions or suffer from incompatibility problems. Overall expenses can also be minimized by unification of programming development efforts.

 

On the downside, PaaS involves some risk of “lock-in” if offerings require proprietary service interfaces or development languages. Another potential pitfall is that the flexibility of offerings may not meet the needs of some users whose requirements rapidly evolve.

 

IaaS:

Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis.

 

Characteristics and components of IaaS include:

- Utility computing service and billing model.

- Automation of administrative tasks.

- Dynamic scaling.

- Desktop virtualization.

- Policy-based services.

- Internet connectivity.

 

Infrastructure as a Service is sometimes referred to as Hardware as a Service (HaaS).

 

Camilo Ferran 

 


http://whatis.techtarget.com/

http://www.itgovernance.co.uk/ 

Posted 1 year ago
View comments
Tagged: Cloud Computig, IaaS, PaaS, SaaS, Services, Servizi, .

Creative Commons License
Sma4rt Cloud Blog by Sma4rt Cloud is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at sm4rtcloud.tumblr.com .
Permissions beyond the scope of this license may be available at http://creativecommons.org/.