After reading through Chapter 12 and our discussion in class, I think it’s easy to see that a lot of cloud computing is just the classic client/server architecture, but connected over the Internet, so the server in this case is in a data center somewhere rather than on site in the office. One section I found myself disagreeing with was the section on characteristics in order for something to be truly considered a cloud resource. The book stated that “the customer only rents a resource, with no knowledge or control over how it is provided or where it is located.” In my limited experience, there are many times that customers of major cloud services, such as AWS, specifically choose fairly defined and small regions where their cloud resources will be primarily hosted. With the contract with AWS, those organizations negotiated for primary resources to be located in a specific group of data centers in Northern Virginia and for backups also hosted by AWS to be stored in a data center in a different particular region based on the organization’s BCP and DRP. I’ve also seen instances where the contract dictates what other types of organizations may share the same physical hardware. For something to be labeled as being in the cloud, you don’t have to completely give up all of that control and be in the dark about what is going on. At least that’s my opinion.
This chapter talks about cloud computing and its characteristics which are on-demand self-service, rapid elasticity, broad network access, resource pooling, and measured service. On-demand self-service is one of the most valuable features of cloud computing as users can continuously monitor the server uptime, capabilities, and allotted network storage. Another advantage is broad network access where users can access the data on the cloud from anywhere with the help of a device and an internet connection which makes it so much easier to access and upload data.
I found the section of this chapter most interesting was about the client/server architecture of a virtual machine. A VM “is a software emulation of a physical computer system, both hardware and operating system, that allows more efficient sharing of physical hardware resources.” The concept of virtualization is the “act of creating virtual (rather then physical) versions of a variety of of computing capabilities, including, hardware platforms, operating systems, storage devices and networks”.
The book describes Virtualization as similar to Cloud Computing. I feel that this is an appropriate comparison because with Cloud computing and virtualization, the user is not using their physical computer. By having the book describe virtualization first, it made it easier to understand cloud computing.
Virtualization is definitely similar to cloud computing in terms of not using a physical computer. There are some differences between the two. For example:
1. Scalability – cloud can be extended as much as you want whereas virtual machines configuration limits its scalability.
2. Flexibility – cloud can be accessed from any location with internet. For virtual machines proper authentication is required before accessing them.
When buying software or hardware from external parties, the company should consider several factors before sealing the deal. A few of them are review of delivery schedules against the requirements, the software or hardware capability, security control of facilities. The one I’m more interested in is reviewing of delivery schedules against the requirements. This is a very important factor to consider because if the vendor must be able to meet all requirements of the system. A request for proposal (RFP) should be sent and evaluated. Some criteria to evaluating the proposal are turnaround time, response time, system reaction time throughput, workload, compatibility, capacity, and utilization. Our role in all of this determine whether the acquisition process was followed and whether the criteria for selecting the vendor was followed.
I think chapter 12 presented a great introduction and summary of various aspects of the six-system implementation process that we learn, which are coding, testing, installation, documentation, training, and support. We also learned about the 4 types of system installation, which are direct, parallel, single-location, and phased. I think it is important to bring up the importance of system training for employees, users, and business partners. Usually, computer training has been provided in-person or online classes. I think the trend will be to moving more to on-demand online tutorials so that employees, users, and business partners can learn or review important technical aspects on a needed basis. Once a system is fully implemented, the business should focus on threats from both inside and outside the systems’ security.
Training is definitely important. If you throw a user into a new system without them knowing how to use it, they will push back and hate that system forever. Training comes in many different forms. I think each one has its place. For example, when I worked as a grocery store cashier, there was computer training briefly on how to use the register, but the more indepth training came in person. Training is probably easier when you’re using commercial off the shelf software and can rely on the vendor or already produced material. It may be more difficult when a system is completely custom and training has to be created from scratch.
The most interesting part of this unit’s reading, to me, was the discussion of the evolving state of cloud computing, as well as its evolving role in organizations. In terms of IT developments, cloud computing is fairly new to most organizations. The text emphasized the increasing need to cater to wireless mobile computing devices, which are sometimes referred to as thin-client technologies. Therefore, mobile applications must be designed to utilize the standards of cloud computing, such as XML and JSON. These applications must then be designed to cater to a plethora of devices that range in screen size and resolution. Therefore, as computing services grow and develop, they must take into account the variety of devices and seek consistency across such. However, as noted by the text, consistency across platforms is an incredibly difficult thing to achieve. Most website designers use cascading style sheets, or CSS, in search of this consistency. As a user, I can agree that consistency across platforms is crucial, as I expect the same application to provide a similar experience no matter what device or platform I am using.
The one of key points in Chapter 12 is how organizations use beta testing to reduce software failure risk and provide a high quality of software. Since beta test applies to “real users” in a “real environment” through the software application, the programming team can receive the most useful feedback from the users to improve the application. In doing so, the team will identify the bugs and usability issues, and solve them before the official version is released. Although alpha testing can find out some issues, beta testing provides an opportunity to find out some big problems that are not able in the alpha testing, and it can the application security and mitigate project risk. Beta testing is a valuable analysis to improve the new system quality and help the organization to implement the project.
The area of cloud computing that is experiencing the most expansion right now is ‘everything As A Service’. I wish the readings had expanded more on this element of the large public clouds. It is really a rapid expansion of the term Software As A Service, but it changes the way that applications are architected and built in the cloud. As a result, it also changes the way an auditor does their function for applications that are cloud native! A brief example will help explain this. In the past if you wanted to send SMS text messages as part of an application you were building (an e-commerce site for example to confirm orders), you would have to procure software to send SMS messages, set up servers and get an account with a tel-communications company and then manage all that complexity every day – availability, capacity, patching of servers etc. In a modern public cloud you can purchase sending SMS messages as a service. All of a sudden the process of implementing SMS message sending from an ecommerce site can be achieved with just a few clicks on a screen to configure the service. You no longer have to purchase software, hardware, setup telco contracts and manage all that complexity. As you think about how easy and fast it became to implement that function, think about how on earth you would audit SMS messages as a service embedded in the middle of an e-commerce site!