The term “cloud computing” generally means anything that involves delivering hosted computing services over the Internet. Here, the word “cloud” is used to refer to the Internet, most frequently depicted in diagrams as a cloud.
Cloud computing is an activity equivalent to that already provided by computer servers or mainframes within a company. To engage in cloud computing, organizations will work with a cloud vendor and need not have expertise in or control over the technology infrastructure in the cloud supporting them. Resources such as data storage space, computer applications (e.g., customer relationship management programs), and computing (i.e., data processing) are shared by all of a particular cloud vendor’s customers.
Since the cloud vendor realizes economies of scale, it can make significant capital investment in building a large-capacity, state-of-the art data center. This makes cloud computing particularly attractive because information technology personnel are continuously struggling to increase storage capacity or add computer application capabilities without investing in new hardware, software or personnel.
Using cloud-computing services is akin to using a storage facility for short-term storage needs rather than building another warehouse: You may need the extra storage space at certain times of the year, but it is less expensive and easier to rent space than to build a new facility that will be empty for most of the time.
A “public cloud” operates outside of the company’s computer network, and it is provided by a third party. An advantage of using public cloud computing is the device and location independence that it provides. Although the network infrastructure is off-site and accessed via the Internet, users can connect from any location using a variety of electronic devices, including personal computers, laptops, tablets and smartphones.
The use of public cloud computing can also be a part of a corporate business continuity and disaster recovery plan. Since the network infrastructure is off-site, a physical event at a company location will not affect network availability, and employees will retain their ability to connect to the company’s network.
Additionally, a cloud-computing vendor is more likely to have multiple data centers that can substitute for a center that experiences an outage. Because this may not be true of all vendors, care should be taken when selecting the cloud vendor because certain cloud-computing services have suffered outages.
In contrast, a private cloud is typically within the company’s network and shared among the company’s internal user groups. A private cloud can be created with a third-party provider by segregating a part of the vendor’s cloud for the exclusive use of a customer. But this comes at a higher cost.
Typically cloud-computing customers do not own the physical computer network infrastructure. Instead, companies avoid incurring expenses by renting usage from a third-party provider. They consume computer resources as a service and pay only for resources that they use.
Generally there are two billing methods associated with cloud computing. The utility model is essentially pay-for-use (akin to paying for gas, electric or other utilities), and the other is a subscription approach, which is a fee for access over a period of time.
There are a number of risks associated with using cloud computing. Perhaps the primary concern for most companies that are using a third-party provider for cloud computing is data security.
However, data security is likely to be stronger because the cloud vendor has more resources to devote to it. But cloud computing users do relinquish control of data security. If a data breach occurs in the cloud service provider’s computer network environment, it is likely that the cloud-computing customer will still be responsible for the privacy breach response actions, including notification and provision of call center services and credit monitoring. The cloud-computing customer, however, may be able to bring a claim for negligence (in failing to protect the data) against the cloud vendor.
Sandy Codding is a managing director and U.S. Commercial Errors & Omissions Practice Leader for Marsh’s FINPRO Practice.