Tech­ni­cal arti­cles

Let’s get cloud!?

Grow­ing cloud

The future is in the clouds,” fore­casted the news­pa­per Die Welt in March 2010, iden­ti­fy­ing cloud com­put­ing as the next impor­tant growth area for the IT indus­try. Look­ing back, this fore­cast does not seem par­tic­u­larly dar­ing; after all, the term “cloud” has been cir­cu­lat­ing since the 1990s in con­nec­tion with ideas for out­sourc­ing IT ser­vices. In 2006, Ama­zon Web Ser­vices (AWS) – today’s mar­ket leader – was founded as a sub­sidiary of the e-​commerce com­pany Ama­zon. In 2018, the com­pany gen­er­ated an annual turnover of more than 25 bil­lion US dol­lars. But com­peti­tors don’t sleep either. Microsoft, Google and IBM also recorded sig­nif­i­cant growth due to the boom­ing cloud busi­ness. In Ger­many, soft­ware giant SAP has realigned itself in view of the promis­ing mar­ket.

Accord­ing to cur­rent analy­ses, com­pa­nies will invest an aver­age of 28 per­cent of their IT bud­get in cloud ser­vices in 2022. If the fore­cast of Die Welt was not already real­ity in 2010, it is now at the lat­est. In the IT indus­try, all signs point to the cloud. How­ever, cloud growth would not be pos­si­ble if users did not have a need to use it. Pri­vate indi­vid­u­als who want to expand their data stor­age or use web-​based appli­ca­tions will ben­e­fit from switch­ing to the cloud, as will com­pa­nies that want to reduce costs and gain flex­i­bil­ity. But how can the cloud be grasped and which ser­vices can be accessed via it?

Every­thing as a Ser­vice?

The cloud is abstract and there­fore dif­fi­cult to grasp. Almost every­one has a rough idea of it, but very few can pro­vide a con­crete expla­na­tion. Although cloud ser­vices are almost every­where these days, a bind­ing def­i­n­i­tion is still miss­ing. Experts usu­ally refer to a def­i­n­i­tion pre­sented by the US National Insti­tute of Stan­dards and Tech­nol­ogy (NIST) in 2011. Cloud com­put­ing is there­fore a model that allows a net­work to access a shared pool of con­fig­urable com­put­ing resources (e.g. com­put­ing power, stor­age sys­tems, net­works, servers, appli­ca­tions and ser­vices) any­time and any­where that can be made avail­able quickly, with min­i­mal man­age­ment effort and lit­tle inter­ac­tion with the ser­vice provider. In less com­pli­cated terms, IT infra­struc­tures are pro­vided from a com­puter net­work – the cloud – with­out hav­ing to be installed on the local device of a user. Cloud ser­vices are offered and used via tech­ni­cal gate­ways, pro­to­cols and often via the web browser.

In gen­eral, cloud com­put­ing is divided into three dif­fer­ent ser­vice mod­els, which can be described as sev­eral lev­els. The Infra­struc­ture as a Ser­vice (IaaS) level rep­re­sents the foun­da­tion. In this model, basic IT resources such as com­put­ing power, mem­ory or data stor­age are pro­vided over the net­work. The level above is called Plat­form as a Ser­vice (PaaS). In this model, the ser­vice provider offers users a soft­ware envi­ron­ment that allows them to develop and run their own appli­ca­tions. The third, high­est level, Soft­ware as a Ser­vice (SaaS), offers access to appli­ca­tions. In this case, the soft­ware can be used online as a ser­vice, while the ser­vice provider is respon­si­ble for its con­fig­u­ra­tion, main­te­nance and updat­ing.

Pri­vate, Pub­lic, Com­mu­nity or Hybrid? Cloud first!

Users can use each of these lev­els or each model sep­a­rately depend­ing on their indi­vid­ual require­ments. The required resources can be retrieved via dif­fer­ent chan­nels. The def­i­n­i­tion of NIST names four deploy­ment mod­els for cloud offer­ings. In a Pri­vate Cloud, the cloud envi­ron­ment is pro­vided for one com­pany only. Host­ing and admin­is­tra­tion can be han­dled either by the com­pany itself or by a ser­vice provider. Via the Pub­lic Cloud, cer­tain ser­vices of a provider can be used by the gen­eral pub­lic or a large group of users. In a Com­mu­nity Cloud, a smaller group of users, usu­ally sev­eral com­pa­nies or insti­tu­tions with the same inter­est, shares a cloud envi­ron­ment. The Com­mu­nity Cloud is oper­ated by one of the involved insti­tu­tions or ser­vice providers. A Hybrid Cloud is a cloud where sev­eral inde­pen­dent cloud infra­struc­tures (pri­vate or pub­lic) are shared via inter­faces. In addi­tion, there are other cloud offer­ings, which are in part mix­tures of the described vari­ants and which oper­ate under other names. For exam­ple, the so-​called Multi Cloud, in which cloud ser­vices and plat­forms from dif­fer­ent providers are com­bined into a sin­gle large cloud from the user’s per­spec­tive.

Any­thing from the cloud – and then?

The cloud pro­vides not only stor­age space, but also hard­ware and soft­ware. Through the access to mem­ory, appli­ca­tions or vir­tual com­put­ers from the net­work, locally oper­ated IT infra­struc­ture becomes obso­lete in part. The advan­tages for cloud users, espe­cially com­pa­nies and pub­lic author­i­ties, are obvi­ous: By using cloud ser­vices, invest­ments in infra­struc­ture, hard­ware and soft­ware can be reduced sig­nif­i­cantly. On the one hand, there are no high costs for pro­cure­ment; on the other hand, there are no run­ning costs for oper­a­tion, main­te­nance and updates. All this is han­dled by the ser­vice provider.

In addi­tion, cloud ser­vices offer a high degree of flex­i­bil­ity because they are easy to scale at any time. Users can adjust their booked ser­vices to their cur­rent needs and there­fore only have to pay for those ser­vices they actu­ally use. If nec­es­sary, stor­age space or com­put­ing power can be expanded at will – over the long term or for a lim­ited period. If busi­ness is boom­ing and addi­tional IT capac­ity is needed, it can be quickly added. High mis­in­vest­ment in the wrong hard­ware or in hard­ware that is barely used later will be avoided.

Cloud com­put­ing also gives com­pa­nies more flex­i­bil­ity and agility regard­ing the use and exchange of data. Ser­vices from the cloud ensure that all users are always up to date, no mat­ter where they are. All they need to access cloud ser­vices is a sup­ported device and an inter­net con­nec­tion. This gives employ­ees the oppor­tu­nity to han­dle dis­rup­tions of pub­lic trans­port, traf­fic jams or child­care with­out any loss of pro­duc­tiv­ity. The more flex­i­ble work­ing life not only increases effi­ciency, but also hap­pi­ness among employ­ees.

By now, even com­plex IT infra­struc­tures such as con­tact cen­ters, which pre­vi­ously had to be set up locally, are pro­vided from the cloud. In this case, too, com­pa­nies ben­e­fit from a mas­sive reduc­tion of costs and an increase in flex­i­bil­ity due to easy scal­a­bil­ity.

Don’t be afraid of the cloud!

While cloud ser­vices are becom­ing more impor­tant, many Ger­man com­pa­nies, which tra­di­tion­ally react sen­si­tively to the issue of data pro­tec­tion, are still scep­ti­cal about out­sourc­ing their data. In fact, com­pa­nies that entrust their sen­si­tive data to a cloud ser­vice provider are becom­ing some­what depen­dent. The first step should there­fore be to check the frame­work con­di­tions care­fully. It should be noted, for exam­ple, that data stor­age devices located out­side the EU are not tied to Euro­pean data pro­tec­tion guide­lines. The Bun­de­samt für Sicher­heit und Infor­ma­tion­stech­nik (BSI) offers guid­ance. The BSI has pub­lished a Cloud Com­put­ing Com­pli­ance Con­trols Cat­a­logue (C5), which defines cer­tain require­ments that cloud ser­vice providers should meet in order, among other things, to ful­fil the strict legal require­ments on data pro­tec­tion.

Nev­er­the­less, the data encryp­tion can be a pow­er­ful pro­tec­tion. In addi­tion, gen­eral con­cerns can be over­come by the fact that the use of cloud ser­vices also offers advan­tages in terms of secu­rity. Unlike on-​premises solu­tions, users can rely on the provider to keep their cloud infra­struc­ture and appli­ca­tions as well as their secu­rity stan­dards up to date. In addi­tion, the providers have a high level of exper­tise that is dif­fi­cult for indi­vid­ual, even highly qual­i­fied admin­is­tra­tors to achieve. And last but not least, the cloud offers bet­ter pro­tec­tion against data loss due to defec­tive hard disks or other tech­ni­cal fail­ures.

If cloud solu­tions are imple­mented in accor­dance with secu­rity stan­dards – and pos­si­bly with the help of an expe­ri­enced part­ner – they offer com­pa­nies or author­i­ties lots of great advan­tages. Cur­rent trends, such as the devel­op­ment of appli­ca­tions via microser­vices and con­tain­ers or the down­siz­ing of infra­struc­ture through server­less com­put­ing, leave no doubt that mod­ern cloud tech­nol­ogy owns the future.