Cloud computing is rapidly emerging as a technology trend that almost every industry that provides or consumes software, hardware, and infrastructure can leverage. The technology and architecture that cloud service and deployment models offer are a key area of research and development for Esri in current and future iterations of the ArcGIS system platform solutions (see "ArcGIS in the Cloud").

Cloud computing speeds delivery of applications and can reduce costs.

Although there are several variations on the definition of cloud computing, some basic tenets characterize this emerging environment. Cloud computing furnishes technological capabilities—commonly maintained off premises—that are delivered on demand as a service via the Internet. Since a third party owns and manages public cloud services, consumers of these services do not own assets in the cloud model but pay for them on a per-use basis. In essence, they are renting the physical infrastructure and applications within a shared architecture. Cloud offerings can range from data storage to end-user Web applications to other focused computing services.

One critical difference between traditional and cloud computing is the scalable and elastic nature cloud computing provides. Instead of a static system architecture, cloud computing supports the ability to dynamically scale up and quickly scale down, offering cloud consumers high reliability, quick response times, and the flexibility to handle traffic fluctuations and demand. Cloud computing also supports multitenancy, providing systems configured in such a way that they can be pooled to be shared by many organizations or individuals. Virtualization technology allows cloud vendors to convert one server into many virtual machines, thereby eliminating client-server computing with single-purpose systems. This maximizes hardware capacity and allows customers to leverage economies of scale.

The service model comprises three core options within the cloud computing environment.

• Software as a Service (SaaS) comprises end-user applications delivered as a service rather than as traditional, on-premises software. The most commonly referenced example of SaaS is Salesforce.com, which provides a customer relationship management (CRM) system accessible via the Internet.
• Platform as a Service (PaaS) provides an application platform, or middleware, as a service on which developers can build and deploy custom applications. Common solutions provided in this tier range from APIs and tools to database and business process management systems to security integration, allowing developers to build applications and run them on the infrastructure that the cloud vendor owns and maintains. Microsoft's Windows Azure platform services are often referenced as PaaS solutions at this middleware tier.
• Infrastructure as a Service (IaaS) primarily encompasses the hardware and technology for computing power, storage, operating systems, or other infrastructure, delivered as off-premises, on-demand services, such as the Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Simple Storage Service (Amazon S3), rather than as dedicated, on-site resources.

The Cloud's Benefits

Cloud computing provides opportunities for organizations to become more cost-effective, productive, and flexible in order to rapidly deliver new capabilities.

The pay-as-you-go pricing model is often quite flexible when renting cloud applications or infrastructure, allowing prospective cloud clients to "try before they buy," while existing cloud consumers can pay in advance to take advantage of volume discounts and satisfy budget forecasting requirements. Renting assets shifts the duty of maintaining on-premises data centers to the cloud vendor, alleviating the customer's responsibility for software and hardware maintenance, ongoing operation, and support.

IT professionals' top concerns when considering moving to the cloud: security and privacy.

Ideally, cloud clients should be confident they are consuming state-of-the-art systems that are highly reliable and flexible enough to handle large traffic fluctuations. The burden, then, is on the vendor to scale and continually reinvest in the on-demand information technology (IT) architecture and service so that consumers are consistently provided with a robust, updated solution.

Moving parts of the corporate data and computing center to the cloud also reduces the amount of fragmented infrastructure, driving down up-front capital spending. As monies are reallocated to be invested in core business, other initiatives could be launched to provide direct value to customers and employees, giving the organization a competitive advantage.

With outsourcing and offshoring growing, leading to creation of a global workforce, team productivity depends on the power of networks and the Internet as a common platform. As such, cloud services are available 24/7, accessible from any browser on any device regardless of time zone. This provides faster, easier access for workers to do their jobs, allowing competitive differentiation for the organization and, likewise, attracting and retaining valuable and talented staff.

Risks in the Cloud

Despite cloud computing's many benefits, it's important to be aware of the risks and concerns when doing business in a cloud architecture.

Security and privacy are two of most IT professionals' top concerns when considering moving to the cloud, either as a vendor, broker, or consumer. The numerous known instances of security breaches should serve as reminders to be vigilant and cautious in the on-demand marketplace. Typical security and privacy examples include data storage and data transfer protection, vulnerability management and remediation, personnel and physical security, application security, data privacy, and identity management.

Depending on your industry, customer base, or public or private organization, compliance requirements exist that must be met and secured. Some compliance concerns include business continuity and disaster recovery; security standards (ISO 27001); logs and audit trails (eDiscovery); and specific standards and governmental compliance requirements, such as Sarbanes Oxley, Payment Card Industry, and the Health Insurance Portability and Accountability Act.

There are specific legal concerns when providing cloud services and, subsequently, consuming them. These revolve around liability and recourse, intellectual property issues and terms, and vendor transparency regarding location of recovery data centers. When relying on an Internet service, there is always a question of availability and the peak-load capacity that the vendor can carry. For example, current and prospective customers can scrutinize the uptime (and downtime) of Amazon Web Services and Google App Engine through CloudStatus.com to determine how healthy the services have been, monitoring their track record of service failures, latency, and throughput.

And finally, as of yet, there are no standards to ensure interoperability or free movement between cloud providers. As such, cloud consumers should also be aware of vendor lock in when moving forward in the cloud ecosystem.

When consuming cloud services, clearly, it's important to recognize the potential hazards and risks ahead, as with any new or existing IT investment. Concerns about security, inquiries around the provider's maturation in an incubating industry, reliability, and regulatory issues are all topics for discussion and clarification in a vendor service-level agreement (SLA). Although not a guarantee, to better ensure delivery of best practices in the cloud, SLAs with the cloud vendor are recommended when consuming cloud services. Realistically, these concerns are not too different from those that one would have choosing any third-party provider or service. As barriers to entry into cloud computing continue to fall away, confidence in cloud vendors will be established through repeated successful experiences, testimonials, and proven reliability with respect to operating procedures and performance.

Cloud Computing Deployment Models

There are several types of cloud computing deployment scenarios. The National Institute of Standards and Technology (NIST) is emerging as the preferred provider of the de facto definition of cloud computing and the distribution models.

The public cloud is the most commonly referenced regarding the topic of cloud computing, where the infrastructure and applications are owned by the organization selling cloud services. However, since many traditional vendors and users are not quite ready to jump into public cloud computing or are restricted from doing so, the cloud service tiers are replicated within a private cloud environment, behind the firewall, and maintained within the parameters of the host organization. Many believe that the sweet spot for cost optimization in an organization will rely on a delicate balance of public, or community, and private clouds. However, since this hybrid cloud solution is commonly bound together by proprietary technology, it will only be embraced by enterprise computing in the future as standards are developed.

More Information

To read an expanded version of this article, visit www.esri.com/cloudcomputing.

See also "ArcGIS in the Cloud."