31
a private Cloud IT approach often leads to discussions about Thindevices,
remote access, Bring your own and a reliable authentication system.
Build a Public Cloud Service
If a company is in the software business for instance, then they might
consider building a Public Cloud service, so they and their customers could
benefit from the Cloud technology. Typically such a company uses an
external datacentre to host the infrastructure (IaaS), or use development
platforms such as Microsoft Azure (an example of Platform as a Service
(
PaaS)). The service which they then offer to their customers is typically
Software as a Service (SaaS). It is also common that those companies run
their own software development infrastructure and their software testing
environment in the Cloud.
A consumer will consider a service useful when it fulfills the needs of the
business or their personal needs. It is important to understand on which
device, on which network and under what circumstances this service is
consumed. Sometimes a lower quality service is acceptable, when it is not
required on a daily basis or for business critical processes.
Smart devices and public networks, in the context of Cloud services bring up
some questions about data security, data protection and usability. The
security related questions could be easily answered if the user access
devices are well controlled company owned assets. However, this becomes
a lot harder to answer if these are personally owned assets, brought in by
the young digitally‐savvy workforce. Usability depends on the performance
of the device, the network and the data entry needed.
Offering a Cloud Service, or using a Cloud service has some more technical
aspects to consider, most of them are covered in detail in Part III of this
book, but should be initially mentioned here. Technically, there is a dramatic
change in the way IT security is designed and enforced, especially bring your
own (BYOD) segments the former homogeneous environment. Technical
solutions will not be sufficient to get IT security in Cloud systems right. End‐
users must be informed and instructed about security policies and
procedures. In some cases security problems that occur need investigating
and require specialist Cloud forensic analysis skills to be understood.