Posts

Cloudy with a chance of transparency

  1. (Image: ‘Cloudy with a Chance of Meatballs’ – Sony Pictures Animation)

In my previous blog I talked about some approaches we’ve found to getting assurance against our 14 Cloud Security Principles, and how you can use the information that providers publish to assess how they run a service.

On a recent project, the preferred cloud provider didn’t publish much to describe the security properties of their services. Given the cost and potential risk involved (the system stored a large amount of personal data), the project team decided that it was worth exploring the service face-to-face to jointly work out how well the service met the project’s security requirements. As part of that they asked the NCSC to support the conversation and bring our approach to cloud security to the table.

Exploring the cloud

The presentation started with an initial claim that the service met all 14 of NCSC’s Cloud Security Principles; a rather confident statement which prompted us to explore a number of topics. This included seeking confidence that their protective monitoring actually detects malicious activity, that they apply all security patches promptly, and finding out how they go about hiring people who can be relied upon to build and operate the service securely.

For some of the discussion, their sales team focused on how a topic (patching, for example) wasn’t our problem, as we were buying into a managed service. They were probably trying to give us confidence in how much easier it would be to use their service (rather than run our own), but it actually had the opposite effect. We couldn’t help but assume the worst; that if the cloud provider avoided questions then they must have something to hide.

It’s useful to compare the responses given by different providers concerning patching. Do you think one gives more confidence than the other?

  • Provider 1 commits on their public website to applying critical patches within 30 days of their publication. These patches are usually published monthly. Data from the service’s threat model, and feeds from internal audit and monitoring systems are used to prioritise which patches to test and deploy first. These security patches are often applied across the service within a day or two of their publication (but the service provider isn’t in a position to guarantee that, and therefore doesn’t).
  • Provider 2 patches their service ‘in line with industry standards’,  and actual figures would be defined in a contract. We’d anecdotally heard that security patches for the product used by the provider were published on a fixed schedule, and once released they would be applied to the cloud service within 90 days. This stance was acknowledged but not confirmed by the vendor.

If I had found those two providers, and they both met my needs in other ways, I would without question prefer Provider 1.

You don’t need perfection

Of course, focusing on a specific aspect of 1 of the 14 Security Principles will only ever be a small part of the your wider decision. However, the style of conversation (and resulting openness for that 1 facet) makes me think that that one provider cares more about my data than the other. This openness can lead to finding a few skeletons in the closet. So far we’ve found these admissions to be – for the most part – positive, as they demonstrate that the service provider acknowledges issues or incidents, which leads to discussions around their aspirations and commitments to improve in the future. And of course, we’re not seeking perfection; real services will tend be good at some things and less good at others.

In the case I touched on earlier, we ended talking a different team inside the service provider’s organisation. It allowed us to focus on some specific areas of concern to work on together, and that did include a commitment to patching. The customer was able to get confidence in those proposed improvements by stating expectations in contracts, and they will continue to engage with the vendor to manage expectations. It might end up being a long journey, but the decision to buy that service now relies on the vendor holding up their end of the deal.

The value of transparency

This sort of approach isn’t scalable, as the conversations were had behind closed doors. Even the more general ‘lessons learned’ can’t be easily applied elsewhere, as different projects and organisations have different risk profiles and types of data. If we could have obtained more information from published sources, we’d have been able to share some of the details with others looking to make similar technology decisions. It would also make it possible to include the product in any repeatable assessment framework for SaaS security.

I’m hoping this blog highlights the value of cloud providers being transparent with customers about their approach to security. It’s bit like a cirrostratus cloud – it might be a sign that change is coming, but most of the time you can see what’s going on behind it. Whether you’re selling services to the public sector, industry or individuals, that transparency gives much more confidence than the exact details of how the service is run. We’d love to hear in the comments about other cloud service providers that publish relevant and easy to understand information about how they secure their services!

Andrew A
Cloud Security Research Lead – NCSC

Source: National Cyber Security Centre

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Microsoft Azure Applications | Glossary

Microsoft Azure is a cloud computing service for managing applications and services. Azure was announced in October 2008 as Windows Azure before changing its name to Microsoft Azure in 2014.

Microsoft Azure is a widely used computing service, with over 600 Azure services for users, you would think that an Intern for an IT company would be an expert, right? Well, sadly no. I’m the first to admit that as well as lacking knowledge in AWS, I knew as much about that as  I did Azure.

However, fast forward a few weeks, and while I’m still no expert, I think I know my fair share and it’s all down to this glossary of key terms. While I used it to build my knowledge pretty much from scratch, it can also be used to fill in any gaps or even to refresh your memory. Either way, I can honestly say that without this glossary, I wouldn’t have been able to do half of the things I have – blagging can only take you so far.

What is Microsoft Azure

Microsoft Azure is a cloud service from the global software giant, Microsoft. Azure offers a vast range of useful compute and application resources. These are all offered on-demand and in a cost-effective manner which helps businesses scale and grow.

What I have learnt from creating this glossary is that even the complicated sounding terminology usually has a simple explanation. Which can be useful when developing your knowledge on technical topics. I must stress that these do not need to be committed to memory – and you certainly don’t need to know the ins and outs of every detail.

Microsoft Azure Glossary

App Service App – this app provides resources for hosting a website or web application or mobile app back end.

Affinity Group- these ensure that resources created within the same affinity group are hosted by servers that are close together. This enables these resources to communication quicker and easier.

Availability set – is a collection of virtual machines that are managed together to provide application redundancy and reliability. This use of this ensures that during either a planned or unplanned maintenance event at least on virtual machine is available.

Azure Classic Deployment Model – this is a model used to deploy resources in Azure.

Azure command-line interface (CLI) – this interface can be used to manage Azure services from Windows, macOS and Linux.

Azure PowerShell – this is a command-line interface to manage Azure services via a command line from Windows PCs.

Blob Storage – this is storage that handles all unstructured data, scaling up or down as your needs change. This storage means that users will no longer have to manage it which saves time and effort.

Cloud Services – allows you to develop, package and deploy applications and services to the cloud.

Endpoint – Endpoints allow you to make VMs placed in different networks, irrespective of whether it is within Azure/on premise/other cloud.

Instance Level Public IP Address – these are associated directly to the Virtual Machines Instances rather than to the Cloud Services when you back all the Virtual Machines within.

Public Virtual IP Address – when you create a Cloud Service in Azure, you will be assigned with Virtual Public IP Address. This address will not be released until all the VMs placed insider the Cloud services is successfully deleted or stopped.

Portal – this is a secure portal used to deploy and manage Azure services. There are two portal Azure portal and Classic Portal.

Region – this is an area that does not cross national borders and contain one or more data centers.

Resource – this is an item that is a part of your Azure solution that users can use to deploy different types of resources.

Resource group – this service holds related resources for an application which is located within Resource Manager.

Shared access signature (SAS) – this is a signature that enables you to grant limited access to a resource, without exposing your account key.

Regional Virtual Network (VNet) – is a service in which enables users to securely connect Azure resources to each other using virtual networks. A VNet is a representation of your own network in the cloud.

Resource Group – this is a container that holds related resources for an Azure solution. The resource group can include all resources for the solution or only ones that that you want to manage as a group.

Reserved Virtual IP Address – users can reserve IP addresses for the subscription.

Storage Account – this is an account in which gives users access to the Azure Blob, Queue, Table, and File services in Azure storage.

Subscription – this is an agreement between a customer and Microsoft in which enables the user to obtain Azure services. The pricing is dependent on the offer chosen for the subscription.

Tag – this is an indexing terms that enables users to categorise resources for ease of management or billing. This enables users to organise complex collections of resources in an easy manner.

Virtual Network – this is a network that provides connectivity between your Azure resources that is located from all other Azure tenants.

Virtual Machine – multiple virtual machine can run at the same time and they allow the software implementation of a physical computer that runs an operating system.

Virtual Machine Extension – this is a resource in which implements behaviours or feature that either help other programs work or give the ability for the user to interact with a running computer.

X-PLAT CLI this is a command line interface for Windows, Linux and IOS Platforms.

I hope that you will find this Microsoft Azure glossary just as useful as I did, whether that’s to learn something brand new or to expand and refresh your knowledge. Feel free to leave a comment in the section below about any questions or suggestions you may have.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , ,

Cloud Security elements every business should consider

Cloud Security has been a serious issue since the concept of the cloud began. The classic example was initially the discomfort of a shift from physically seeing the IT security infrastructure to simply trusting someone else with it virtually. Back in 2012, Serviceteam IT carried out major business process project for an insurance sector organisation. The conversation regarding data being located in the the Cloud was very short. Under no circumstances, no matter how much cheaper or how much more flexible, as cloud security was considered low.

Thankfully both the marketplace, and the organisation in the example above, have moved on and are cautiously adopting the benefits the cloud can offer. Last year the Enterprise Cloud Computing Survey from IDG revealed concerns that cloud security are still significant at 52%. Our own UK Cloud Snapshot Survey reveals 43% of respondents from UK organisations still cite cloud security as being the greatest barrier to cloud adoption. We can take encouragement from the downward trend, perhaps due to both improved cloud security and better end-user understanding.

One way to ensure a full understanding of cloud security, and security in general, is to understand the levels of your infrastructure that require protection. A simplistic multi-level infrastructure model, from the physical level, to the network level, to the applications.

Physical Security

Not so long ago physical security was a significant issue, as data centres were vulnerable and accessible to anyone almost, especially an in-office comms room. Companies recognised this risk, and therefore took the necessary steps to safeguard the physical infrastructure. Cloud has been has been a key player in alleviating physical security concerns. The expansion of the data centre for colocation, to the then centralisation of servers to purchase a ‘slice’ to now deploying applications without having to consider the server.

With almost all cloud providers, physical security concerns almost completely disappear, Partially due to the additional checks and measures carried out at data centre locations. Partially due to the distributed nature of the application, as the data will not only be encrypted on disk, but most probably meaningless as it’s balanced between multiple buckets.

Network Security

The second area to consider is the network, which is of upmost concern to Serviceteam IT. As an industry, cloud and IT professionals have made a great deal of progress in securing operating systems and basic networking.  Almost all organisations have the necessary cyber security tools, firewalls, access control lists and intrusion detection to safeguard against outside attacks to an internal network.

The greater challenge has come with the adoption of an ‘outside’ network, where the end-point is trusted, however, the traversal has been via the Internet. Cloud Connectivity can now take care of the network cloud security concerns, as the links have become both dedicated and secure.

Application Security

As the bottom of the ‘funnel’ has been, and can be, better secured, this has forced potential attackers to target higher up the stack. A common trend is tampering with customised applications, impersonating users or compromising some other user end-point. Whilst application security is a continual challenge, businesses can implement tools such as application monitoring. multi-factor authentication or group policy for additional protection and user verification.

Within the application layer, the emphasis should be on identifying vulnerabilities. Simple house keeping such as log file analysis, patch management, filters, scanners and yes, good old back-up! The digital world can be rather dangerous, therefore, security-aware application design, application security testing, and runtime application self-protection all combined with context-aware and adaptive access controls are needed.

Cloud Security Conclusion

Positioning as “inside” or “outside” security is very much for the past. Along with three digit passwords, open relays and no user-access controls. The simple recognition that perimeter defence is simply not enough. Applications need to be considered more actively in regards to their impact upon security as a whole.

Perhaps in the coming years the number of organisations expressing concerns regarding cloud security will continue to fall. Most probably when organisations are more comfortable with network security and application security is more robust.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Amazon Web Services (AWS) | Glossary

Recently starting as a Market Research Intern for Serviceteam IT, it became undeniably apparent that my knowledge in the IT industry lacked to say the least. The realisation of this caused emotions of discouragement, however, I knew that to perform well I had to act on this situation. I began to assemble a list of key words in which I either knew nothing about or lacked in knowledge.

If you are anything like me, this glossary will hopefully help piece together the jargon to create a comprehensive and easy to follow understanding regarding Amazon Web Services – which is exactly what it has done for me. There is certainly no guarantee that you will be an AWS expert simply by reading a few definitions, but it will hopefully provide a basis for your knowledge in which you can build on.

Amazon Web Services is a cloud service provider that offers a range of useful computing resources. These are all offered on-demand and in a cost-effective manner which helps businesses scale and grow.

Networking

Virtual Private Cloud – Amazon VPC is a commercial cloud computing service that provides users a virtual private cloud by provisioning a logically isolated section of Amazon Web Services Cloud.

Route 53 – this is an Amazon web service used to create a new DNS (see above for definition) service or migrate an existing DNS service to the cloud.

AWS Direct Connect – allows you to establish private connectivity between AWS and your datacentre or office. This has various benefits for the user including reduction of network costs and increase in bandwidth throughput.

Letter of Authorisation (LOA) – this is a letter needed for direct connect.

Border Gateway Protocol (BGP) Autonomous Systems Number (ASN) – this is a standardised exterior gateway protocol which is designed to exchange routing and reachability information among autonomous systems on the internet.

Compute

Amazon Machine Image (AMI) – this provides the information needed to launch an instance, which is a virtual server in the cloud.

Amazon Elastic Compute Cloud (EC2) – EC2 is a part of AWS and provides scalable computing capacity in the cloud, which developers can use to deploy scalable applications. In simple terms users can pay for computing servers to test and run applications. It is designed to make web-scale cloud computing easier for people – like how I’m trying to make AWS easier for you.

Amazon EC2 Container Service – is a cloud computing service in Amazon Web Services that manages containers. The service allows users to run and alter applications or microservices on groups of services.

AWS Elastic Beanstalk – is a service used for deploying infrastructure which allows developers to upload code and Amazon will work out the services to provide.

Storage

S3– Amazon’s Simple Storage Service, to put it as plainly as possible, is storage for the internet. It is designed to help web developers with web-scale computing – making it much easier.

CloudFront – this is a web service in which speeds up the distribution of web content. It delivers content through a worldwide network of data centers called edge locations.

Glacier – this is a secure, hard-wearing, and extremely low-cost cloud storage service for data archiving and long-term backup. It allows customers to store large or tiny amounts of data.

EFS – Elastic File System, like NAS in the cloud, can present S3 into several EC2 instances for example

Amazon Elastic File System (EFS) – this provides simple file storage for use with EC2 in the AWS cloud. This service is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily.

Snowball – is a service that accelerates transferring large amounts of data into and out of AWS using physical storage appliances, bypassing the internet.

Storage Gateways – this service connects an on-premises software appliance with cloud-based storage to provide integration with data security features.

Elastic Block Storage (EBS) – provides persistent block storage volumes for use with EC2 in the AWS cloud. They work independently from the life of an instance.

Dynamo DB – this is a fully managed database service that provides fast and predictable performance with seamless scalability.

ElastiCache – this is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. There are many benefits regarding this including improving the performance of web applications.

Redshift – this is a fast data warehouse that makes it easier to analyse data using standard SQL and existing business intelligence tools.

Database Migration Service – helps you migrate/convert databases into AWS easily and securely.

Elastic Map Reduce – is used for processing big data. It makes it easier and faster to process vast amounts of data across dynamically scalable EC2 instances.

Databases

Data pipeline – is a web service that helps to process and move data between different AWS compute and storage services.

Elastic Search – this service makes it easier to operate and scale Elasticsearch for analytics, full text search, application monitoring and many more.

Knesis Streams – this enables large scale data streaming. It also enables people to build custom applications that process or analyse streaming data for specialised needs.

Security and Identity

Directory Services – these services enable your directory-aware workloads and AWS resources to use managed Active Directory in the AWS cloud.

Inspector – this is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Identity and Access Management (IAM) – this is a web service that provides users will securely control access to AWS resources. With this, users can control who can use certain AWS resources and what resources they can use and in specific ways.

Web Application Firewall (WAF) is a web application firewall that provides protection regarding web applications from common web exploits.

Cloud HSM – this is a service which helps you meet corporate, contractual and regulatory requirements for data security. This is done by using dedicated Hardware Security Module appliances with the AWS cloud.

Key Management Services (KMS) is a managed service that makes it easier to create and control the encryption keys used to encrypt data.

Management Tools

Cloud Watch – this monitors your AWS resources and all the applications you run on AWS. It can be used to collect and track metrics, collect and monitor log files, set alarms, and automatically react to change in your AWS resources.

Cloud Formation – allows developed and system administrators to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.

Cloud Trial – this service enables governance, compliance, operational auditing, and risk auditing of your AWS account. Using this will enable users to log, continuously monitor and retain events related to API calls across your AWS infrastructure.

OpsWorks – this is a configuration management service that uses Chef, an automation platform that treats server configuration as code.

Config – this is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Service Catalog – allows organisations to create and manage catalogs of IT services that are approve for use on AWS. These services can include things from virtual machine images, software and databases.

Trusted Advisor – this is an online resource which enables you to reduce costs, increase performance and even improve the security of AWS. It uses an automated scan to find such information.

Application Services

API Gateway- this is a fully managed service that makes it easier for developers to create, publish, maintain, monitor and secure API’s at any scale.

Appstream – this is a fully managed, secure application streaming service that allows you to stream desktop applications from AWS to a range of devices.

Cloud Search – this is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution.

Elastic Transcoder – to put it simply this is a media transcoding service within the cloud. It allows developers and businesses to convert media files from their source format into versions that will playback on a wide range of devices.

Amazon Simple Email Service (SES) – this is a simple email service that allows users to send and receive emails with no required commitments.

Simple Workflow Service (SWF) – this service allows users to build, run and scale background jobs that have parallel or sequential steps.

Developer Tools

CodeDeploy – this is a deployment service that automates application deployments to Amazon EC2 instances or on-premises instance in your own facility.

CodePipeline – this is a continuous delivery service that user can use to model the step required to release software.

Mobile Services

Mobile Hub – this service guides users through feature selection and configuration, automatically provisions the AWS services required.

Cognito – this is a product that controls user authentication and access for mobile applications on internet-connected devices. It also saves mobile user data in the cloud.

Device Farm – is an app testing service that allows people to test and interact with your Android, iOS, and web apps on many devices at the same time.

Mobile Analytics – with this service users can measure app usage and app revenue. You can view key charts and export your app event data to your Amazon S3.

Simple Notification Service (SNS) – this is a flexible, fully managed sub messaging and mobile notification service for coordinating the delivery of messages to subscribing endpoints and clients.

Enterprise Applications

WorkSpaces – this is a fully managed, secure Desktop-as-a-Service solution which runs on AWS. It is the AWS version of VDI.

WorkDocs  – this is a fully managed, secure enterprise storage and sharing service with strong administrative controls and feedback capabilities that improve user productivity.

Workmail – this is a secure managed business email and calendar service with support for exiting desktop and mobile email client applications.

When broken down, the mystery of Amazon Web Services and the technical phrases that come with it are more understandable than expected. Especially with AWS, there are a lot of terms – as you can probably see for yourself – however I must stress that these do not need to be committed to memory, and you certainly don’t need to know the ins and out of every detail. As long as you are able to build a basis for your knowledge, the purpose of this glossary has been achieved.

I have found that this glossary has saved me on more than one occasion, whether it was to learn something new, or to refresh my knowledge, it has helped me feel less like a fish out of water. I hope you will also benefit in a similar sort of way.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, ,

Making Sense of the Cloud | Glossary

Upon starting the position as a Market Research Intern at Serviceteam IT I was overwhelmed by the vast quantity of technical language surrounding the technology industry. Drowning in the sea of seemingly endless acronyms and jargon, I felt it was going to be impossible to get to grips with the enormity of knowledge I would need to make the most of this position. I began to compile a glossary of key terms often used in the tech industry in order to begin to make sense of the vast amount of technical jargon. I hope this blog will be useful for any individuals who face a similar task to me.

Making Sense of the Cloud

Cloud is one of the key buzzwords in the business world, with the Cloud Industry Forum claiming 4 out of 5 businesses currently use some form of cloud service and it has been claimed that the cloud is ‘reshaping the face of IT’ (Webster 2016). Coming from a background in Geography the technological meaning of the cloud differs extensively from those that I have studied at university. The dominance of cloud technology in businesses drove me to first try to gain a greater understanding of the extensive terminology regarding cloud services.

  • Amazon CloudWatch: this is a monitoring service for all the applications running on AWS (Amazon Web Services). This can be used for a number of functions including the collection and tracking of metrics and setting alarms.
  • API: (Application Programming Interface) this refers to an interface that allows the user to access information from another service and integrate this service into their own application.
  • AWS: (Amazon Web Services) AWS is a cloud services platform offering multiple functions that aid business growth. Such functions include compute power, data storage and networking, which is available with pay-as-you-go pricing.
  • Broadcloud Cloud PBX: This is a phone system based in the cloud that provides greater flexibility, allowing you to take your desk phone anywhere there is an Internet connection.
  • CCMM: (Cloud computing maturity model) a five stage model outlining the transition of a company’s data centre to cloud computing. These five stages usually refer to consolidation, virtualisation, automation, utility and cloud.
  • CDN: (Content delivery network) A distributed system consisting of servers in discrete physical locations, set up in a way that individuals can access the server closest to them on the network, thereby improving speeds.
  • Cloud: The cloud refers to the provision of computing services over the Internet. Such services include storage and databases. The cloud allows you to access stored data and programs over the Internet as opposed to on your computers hard drive.
  • Cloud Connect: this is simply a physical link, using fibre technology, between your network and the cloud.
  • Cloud Native: Applications developed specifically for use in the cloud.
  • Cloud Portability: the ability for data and applications to be moved between cloud service providers.
  • Cloud Service Provider: A company that is responsible for the provision of a cloud-based platform to other organisations, usually for a fee.
  • Cloud Storage: A service that enables customers to save data in an offsite storage system through transferring it over the Internet.
  • Cloudware: Software that enables running or managing applications in the cloud. The software runs on a remote webserver as opposed to on a mobile device or PC.
  • Community cloud: A cloud infrastructure that is shared by several organizations and supports a specific community.
  • Disruptive Technology: An innovation which leads to an improvement in the way tasks are completed. Cloud computing is considered a disruptive technology.
  • Eucalyptus: An open source cloud computing and Infrastructure-as-a-Service (IaaS) platform for enabling private clouds.
  • External Cloud:  Cloud services provided by a third party organisation. It refers to a cloud solution that is located outside of the physical boundaries of the organisation in question.
  • Federation: the process of combining data across multiple systems.
  • Hybrid Cloud: This is the amalgamation of public cloud provider, such as AWS, with a private cloud platform. Companies are realising they need many different types of cloud services to perform a variety of different tasks. The aim of the hybrid cloud is to combine the services and data from different cloud models in order to create a successfully managed computing environment.
  • Infrastructure as a service (IaaS): The provision of cloud infrastructure services by a cloud service provider. This infrastructure includes servers and software amongst other things.
  • Internal cloud: The provision and maintenance of a private cloud by an IT department for internal use.
  • Microsoft Azure: Microsoft’s cloud computing platform.
  • Multicloud: the use of numerous different cloud computing services at the same time- for example using a different providers for infrastructure and software services. There are a number of different third party tools that enable organisations to manage multiple cloud systems.
  • Multitenancy: The existence of multiple clients sharing resources (services or applications) on distinct physical hardware. The individual data of each client is kept secure and cannot be accessed by the other users of the resources.
  • Platform as a service (PaaS): Method by which a whole computing platform can be operated remotely over the Internet. PaaS provides a way to essentially outsource the entire infrastructure needed to implement a solution without needing to purchase and implement a new platform. The company is only charged for the share of the resources that they actually use.
  • Private cloud: The private cloud is a combination of networking, storage, services and applications owned and operated by a specific organisation that can only be accessed by its employees and partners. It is possible that a private cloud can be created and managed by a third party to be used only by an individual enterprise.
  • Public Cloud: The public cloud is a combination of networking, storage, services and applications owned and operated by a third party and used by organisations and individuals over the internet.
  • Scalability: the cloud is elastic so can get bigger or smaller depending on demand. This encompasses scalability as the cloud can be scaled up when demand is high and scaled down when demand is low.
  • SLA: (Service Level Agreement) this is a formal agreement or contract between a client and a cloud service provider which states the level of service, availability and performance that is guaranteed by the cloud provder.
  • Software as a Service (SaaS): Cloud services in which the applications are provided over the Internet so that they do not need to be installed on the customer’s computer.
  • Vendor lockin: The dependency on a specific cloud provider and a low ability to move between vendors due to a lack of support for standardised protocols and/or service models.
  • Vertical cloud: A cloud environment build around the specific needs of a particular industry such as financial services.
  • VPN: (Virtual Private Network) the creation of a secure connection between networks over the Internet. The enables local network resources to be accessed in a different country.

Although it may seem daunting at first, cloud computing can be broken down relatively easily and this makes everything far easier to understand. There are also additional blog posts outlining the key terminology regarding Microsoft Azure, AWS and Cyber Security that may be an interesting read for anyone just starting out in the technology sector. Please feel free to share in the comments any further terms you feel should be included in this glossary.

Finally, for anyone interested in cloud services Serviceteam IT is part of a wider research project looking into businesses use of the cloud and the future challenges businesses are likely to face as a result of Brexit and the implementation of GDPR. The findings of this report will be made available on the website for anyone with an interest in the use of cloud computing in businesses.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!