Table of contents

1. Introduction ....................................................................................... 1 1.1 ICT Procurement .......................................................................... 1 1.2 Cloud Computing ......................................................................... 2 2. Traditional vs Cloud Computing ........................................................ 3 3. Challenges & Issues for Cloud Computing ........................................ 6 4. Conclusion - Choose Cloud or Not? ................................................. 10 5. Reference ......................................................................................... 12

1. Introduction
Nowadays, Cloud computing becomes an adoptable technology for many organizations with its a range of attractive advantages. Cloud computing represents one of the most significant shifts in Information and Communication Technology (ICT). For many organizations, cloud computing has already been a new solution of their ICT procurement. Cloud computing can be used by many organizations to deliver better services and to improve their operations, as it allows for highly scalable computing applications, storage and platforms. It seems that cloud computing should be an excellent choice for business and government in their ICT procurement, however, some security issues and risks will remind people that cloud computing might be not a best option.

1.1 ICT Procurement

The process of ICT procurement can be complex and time consuming (SWAAB ATTORNEYS n.d.). The organization will not achieve their ICT requirements without a proper understanding of the business process, the business objectives, the technical requirements and the impact on existing operations. Therefore, the following step must be taken during the process of ICT procurement. Firstly, the functional and business requirements which need to be achieved are identified. Then, the organization identified all of the possible solutions to meet its requirements and evaluate the ability of each solution. After done this, the organization can list some preferred solutions which are able to provide appropriate functions and services. The next step is called choose the right solution for the best value. In this step, the most important thing is to identify the risk associated with the implementation of those potential solutions. At the end of this step, a most appropriate and valued solution is chosen by the organization. Finally, it is necessary to ensure the internal structures, systems and procedures that support the timely and efficient implementation of the solution.

1.2 Cloud Computing

Cloud computing is the new evolution of the internet. The cloud means the set of hardware, storage, applications and network, so cloud computing can be defined as using the cloud to provide computing as a service. Computation, software, data access, and storage services are provided by cloud computing, which do not require end-user knowledge of the physical location and configuration of the system. There are three cloud computing models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) (Kepes 2011). In the SaaS model, software applications are offered on the internet instead of software packages to be installed on individual computers. PaaS provides facilities to support the entire application development lifecycle including design, implementation, debugging, operation etc. IaaS is a way of delivering cloud computing infrastructure including servers, storage, network and operation system rather than separately purchasing servers, software, operation system, storage and network equipment. As the cloud is a board collection of services, organizations can choose when, where and how they purchase cloud computing service.

In this report, cloud computing will be compared with the traditional process in ICT procurement. Firstly, the advantages and benefits of cloud computing are illustrated that gives some reason why we choose cloud computing. And then, the risks of cloud computing adoption are also be analyzed, which reminds us to think about the adverse impact of cloud computing. In addition, some solutions and recommendations are also provided.

2. Traditional vs Cloud Computing

Cloud computing technology is one of the most significant trends in the field of information and communications technology and ICT management. Cloud service allows users to access and use the necessary ICT resource via the internet. cloud computing offers a realization of service oriented architecture in which IT resources are offered as services that are more affordable, flexible and attractive to business (Motahari-Nezhad, Stephenson and Singhal. 2009). In this case, hardware and software are no longer purchased and managed by user themselves but obtained as a service. Cloud computing serves both customers and organizations. For the organizations and companies, cloud computing solution might be a way in their ICT procurement. Compared with traditional ICP procurement, cloud computing represents a range of advantages that attracts many organizations to adopt it in their business process and services.

Cost Reduction In the traditional ICT procurement, all the things including software, network devices, PCs are bought separately by organizations themselves. After bought those things, they need to ensure all the things work together appropriately so that they can achieve the functions and services. Moreover, they must pay money for the maintenance service to ensure everything works well. The Electricity budget also should be concerned about. In this case, the cost of ICT might be the big part of total budget for an organization. Since cloud computing technology appears, all of these problems can be effectively solved.

As we mentioned above, instead of purchasing, operating, and maintaining specific software, hardware and network environment, users just pay a fee based on the actual requirement for the use of ICT resources that are provide by the service providers. For example, cloud computing is an excellent alternative for the universities which are especially under budget shortage in order to operate their information systems effectively without spending more money for computers and network devices (Ercan 2010). The
3

users can easily use the cloud service on the web page by using the web browser. In the SaaS model, cloud computing provides the software service. Users can user the commercial software on the web browser via the internet. The software upgrades and patches are not required to handle by users. For some case, software is only to be used for a short term need, so the users only need to pay for the short term fees rather than buy the full vision software which cost much money. In addition, it is obvious that the software is running on the cloud which means that the operation and maintenance of the software is handled by the cloud service provider, so the users can save money for this. Platform as a Service allows the creation of web applications easily and without the complexity of buying and maintaining the software and infrastructure. For example, the Google App Engine allows users to build the web applications running on Googles infrastructure and it is free to get started. Moving on IaaS, users can obtain the hold infrastructure service including servers, storage, database, network and operating system. What the users needs are just a client with web browser and internet connection, and the user do not need any background knowledge of the ICT. Thus, organization and companies save the cost of training their employees to know about the ICT knowledge. To sum up, cloud computing provides a pay-as-you-go services model which offers users additional price reductions and also the flexibility (Sultan2009).

Flexibility & Mobility The other advantage of cloud computing is flexibility. During the process of ICT procurement, the functional and business requirement must be clearly identified in order to choose the appropriate device, but sometimes it is hard to figure out how advanced technology and storage space you should buy. Another problem is that, with the rapid development of ICT, the old device probably insufficient for your functional requirement. In addition, for the local device and equipment, it is hard to support the flexible extension of storage space. For the users, if they cannot always sit with the office computer, it is a limitation for them to do their job in other place without accessing the function and data which are stored in the office computer. Therefore, the lack of mobility limits the improvement of their work and the service they want to provide for the customers.
4

Cloud computing providers can allocate more hardware resources and higher computing efficiency to applications on an as-needed basis which enables flexibly scaling up or down the amount of required resources on-demand. Users can rapidly provision computing resources without forecast how much processing rate and storage space they need to use. Cloud computing service providers professionally managed hardware, network, software and operating systems using virtual server technology to offer flexible service. It is convenient for customer purchasing the storage space, computing power, applications and service every time and everywhere. In addition, for the users who need to work in different place and use the applications and data which is not easy move around, cloud computing provide them the flexibility and mobility to use cloud service of application and data storage wherever they want to use. For example, the mobility of cloud service allow you proceeding you work at home if cant physically attend to your work place. Furthermore, the cloud computings fragmenting of services offers users the flexible choice of the functions and services they currently need. For example, in order to complete a task which requires a particular application to support, cloud service providers allow users only pay for a particular function and in a particular time period instead of that users buy the software and implement it by themselves.

Scalability For many enterprises and organizations, it is no easy for them to scale up or down the ICT infrastructure depending on their needs at anytime. In traditional ICT procurement, the organizations have to provision for future needs as the ICT infrastructure needs to be set up appropriately before the business process begins. As a result, the business process and services is contingent on the ICT infrastructure establishment time. The other problem is that ICT resource has its lifecycle. During the lifecycle, ICT resource is required to be maintained and managed effectively. For the IT staff in an organization, they have to focus on the scheduling and distribution of ICT resource in order to utilize it efficiently. Furthermore, the IT staffs also have to concern about the dynamic expansion capacity during the ICT procurement process as the demands of the business is constantly
5

changing with the development of enterprises and social needs.

Cloud Computing offers massive scalability which helps to avoid extended periods of underutilized ICT capacity. The functionalities and services can be quickly expanded or contracted without requiring overhauls to the core data center or additions of new devices. Cloud computing fosters business innovation by enabling organizations to explore quickly and cost effectively the potential of new, IT-enabled business enhancements that can grow with unprecedented scale (Marston et al. 2011). In the PaaS model, cloud service providers provide the scalability of deployed software including load balancing and failover. For those organization which is growing rapidly and scaling, the cloud computings IaaS model provides massive advantages of scalability and quick provisioning. With the click of a mouse, enterprise and organizations can easily scale up or down their ICT facilities infrastructure in the cloud. Actually, the only thing they need to consider is just what services or functions is appropriate for their requirements, as the IaaS offers users the infrastructure, storage space, applications, database, development platform and anything on-demand.

3. Challenges & Issues for Cloud Computing

Even though cloud computing brings massive benefits, it also has plenty of issues that never be solved. Actually, cloud computing is facing many unsolved and inherent problems and threats affecting both cloud computing providers and customers (Lombardi, and Pietro 2010).

As mentioned above, IssS providers offer customers the compute, network, and storage capacity. It is very easy for customers to acquire the cloud service by a frictionless registration process where anyone can use a valid credit card to immediately access the cloud service. Some providers even offer free limited trial periods for customers. Cloud
6

computing providers are actively being targeted, partially because their relatively weak registration systems facilitate anonymity, and provides fraud detection capabilities are limited. By abusing the relative anonymity behind these registration and usage models, hackers have been able to conduct their activities with relative impunity. PaaS providers have suffered most from this kind of attacks. In another words, cloud providers allow spammers, malicious code authors and hackers a way of abuse and nefarious use of cloud computing (Archer et al, 2010).

The other threat of cloud computing comes from shared technology issues. Cloud service vendors deliver their services in a scalable way by sharing infrastructure. The underlying components such as CPU caches and GPUs that make up this infrastructure are not designed to offer strong isolation properties for a multi-tenant architecture (Archer et al, 2010). In this case, strong compartmentalization should be implemented to ensure that individual customers do not impact the operations of other tenants running on the same cloud environment. Customer should have no access to any other tenants actual or residual data, network traffic, etc. However, hackers have targeted the shared technology inside cloud computing environments, because the disk partitions, CPU caches, GPUs, and other shared elements were never designed for strong compartmentalization. As a result, attackers consider finding a way to impact the operations of other cloud customers and gaining unauthorized access to the customers private data.

According to these threats, some significant issues are raised from the cloud computing environment.

Confidentiality & privacy Confidentiality refers to authorized parties or systems which have ability to access protected and private data. As the increased number of parties, devices and applications involved in cloud which leads to an increase in the number of points of access, the threat of data compromise increases in the cloud computing environment. Thus, delegating data control to the cloud will lead to an increase of data compromise. One of the points we
7

concern about in the cloud infrastructure is the multitenancy which refers to cloud characteristic of resource sharing(Zissis and Lekkas 2011). Cloud computing is based on a model in which resources are shared at the application level, host level and network level. Even though users are isolated at a virtual level, the hardware resource is shared by all users. In the multitenant architecture, the software applications virtually partition its data and configuration so that each users works with a customized virtual application instance. Sharing the common processing resources such as CPUs, RAM and disk space, which is an important characteristic of cloud infrastructures, will lead to a serious vulnerability. Due to the lack of hardware separation, there is a risk of data breach.

Cloud computing stores an organizations sensitive data in the control of a third party, which introduces a significant level of risk on the privacy and security of the data (Krautheim 2009). The data confidentiality is correlated to user authentication in the cloud environment. Electronic authentication is the process of establishing confidence in user identities. If the authentication process is weak, it will lead to a breach in privacy. Software confidentiality is as important as data confidentiality, because it refers to identifying whether an application or process can maintain and handle the users personal data in a secure manner or not. It must be ensure that software application accessing to users private data not bring additional confidentiality and privacy risks. Privacy is the desire of cloud service users to control and protect the disclosure of personal information. Unfortunately, the cloud represents a number of challenges towards privacy issues involved in data stored in multiple locations in the cloud which will increase the risk of confidentiality and privacy breaches. The cloud users store their data in the cloud providers server instead of in their own server. As a result, they lose control of their private data. Thus, the cloud service providers are required to ensure appropriate privacy and confidentiality protection.

Integrity One of the key aspects in information security is the integrity which means that the data can be modified only by authorized parties (Zissis and Lekkas 2011). Managing an
8

entitys rights and privilege to specific resource can ensure that valuable data and services are not abused, misappropriated or stolen(Zissis and Lekkas 2011). If the unauthorized access is prevented effectively, organization which use cloud service can achieve greater confidence in data and system integrity. As the increasing number of entities and access points in a cloud environment, authorization is crucial in assuring that only authorized entities are allowed to interact with data. The cloud computing provider is trusted to maintain data integrity for their customers. Some threats including sophisticated insider attacks on these data attributes are presented in cloud computing environment (Suantesson and Clarke 2010). The cloud service provider should also concern about the software integrity which refers to protecting software from unauthorized deletion, modification, and fabrication. They provide a set of software interfaces or APIs for customers to manage and interact with cloud service. In this case, the security of cloud services significantly depends on the security of these interfaces. If these interfaces can be maliciously used by unauthorized users, the users data can be modified and stolen. Hardware and network integrity is another security issues should be address by cloud service providers. The QoS of cloud is focused on by the organizations which running their business and service on the cloud. If the cloud service is down, organizations will lose the capability of doing business and providing service for their customers.

Availability Availability is usually guaranteed via Service Level Agreements that commit over 99% system availability, 24 hours a day, seven days a week and 365 days a year. The high level system availability means that the system or service rarely go down and if unfortunately it goes down, it should have the best professionally trained experts to fix the problems in the shortest possible time (Daley 2010 ). The cloud service providers need to ensure the high level system availability for their users. They should also have a range of options for varying levels of data backup and recovery. Obviously, the cloud service vendor is a single provider for organizations and enterprise, which will cause a single point of failure problem (Paquette, Jaeger and Wilson. 2010). In fact, there are some problems for the cloud service providers to guarantee the high level availability of
9

their service. Actually, even the worlds biggest cloud service vendors, such as Amazon, Google and Microsoft, inevitably experienced the outages or periods of unavailability (Paquette, Jaeger and Wilson 2010). Not only the hacking incidences, the natural disasters and other unexpected events can cause cloud service to become unavailable, which is hard to be predicted. A typical example is that the Amazon EC2 data center went off-line about 4 hours because of the lightning strike.

Legal Issues Since the cloud computing appeared, it had to face the legal issues. The key problem that, anyone who use cloud service is hard to tell where the data is or has been, creates the legal issues (Navetta 2009). For the users who use cloud service storage, their data can be stored in any physical location which raises the question of legal governance over the data. For example, some regions have relevant laws that forbid moving certain types of data across borders, such as Europe. The other problem is that the liability issue between cloud users and cloud service providers. As the data is stored in the cloud, the cloud providers have responsibility to secure the users data, while the cloud users also should have some responsibility to make sure the cloud providers have some level of reasonable security to protect their private data and confidential information. Therefore, when there is a security branch that results in the data branch, the users and cloud service providers need to face a legal problem that who is accountable for it. Unfortunately, these legal issues are hard to be solved because of the different legal system in different regions. In additions, the fact is that the related laws and policies are unsound.

10

4. Conclusion - Choose Cloud or Not?

Some reasons supporting moving towards to the cloud includes: Obviously that cloud model is highly scalable and can be quickly deployed. The pay-as-you-go model is cost-effective and enables organizations to reduce cost. The internal skills restraints and shortages of ICT can be alleviated. Clouds advantages of flexibility and mobility

Some areas and issues should be concerned about before moving to cloud environment: Currently, cloud service is lack of application visibility, infrastructure and utilization levels. Now, it is no possible to seamlessly move all applications and business on the cloud The sensitive data and information is not suitable to handle by the third party such as cloud service provider. Cloud service venders cannot provide high level QoS of availability which will directly impact on the business and service. The legal issue is the main problems that should be focus on.

It is hard to simply say that cloud computing solution is the best option of ICT procurement. It seems that the massive benefits of cloud computing technology should be the good reason for people to implement this advanced technology in their business process. However, the crucial security issues including confidentiality, integrity, privacy and availability becomes the obstacle for organizations and enterprise moving to cloud computing (Dillon 2010). Choosing cloud computing as your ICT procurement solution or not just depends on the demands or requirements you need to achieve.

11

5. Reference
Archer, J., D. Cullinane, N. Puhlmann, A. Boehme, P. Kurtz, and J. Reavis. 2010. Top Threats to Cloud Computing V1.0. https://cloudsecurityalliance.org/topthreats/ (accessed August 18, 2011). Daley, T. 2010. What's Cloud Computing All About?. Waster+Water Management Australia 37 (4): 28-30. Informit. http://www.informit.com.au.dbgw.lis.curtin.edu.au/databases (accessed august 6, 2011). Dillon, T. 2010. Lifting and Shifting Workloads in The Cloud. CIO 2010:36. Informit. http://www.informit.com.au.dbgw.lis.curtin.edu.au/databases (accessed august 6, 2011). Kepes, B. 2011. Understanding the Cloud Computing Stack. http://broadcast.rackspace.com/hosting_knowledge/whitepapers/ (accessed August 18, 2011). Krautheim, F.J. 2009. Private Virtual Infrastructure for Cloud Computing. http://www.usenix.org/event/hotcloud09/tech/full_papers/ (accessed August 20, 2011). Lombardi, F., and R. D. Pietro. 2010. Secure Virtualization for Cloud Computing. Journal of Network and Computer Applications 2011 (34): 1113-1122. ScienceDirect. http://www.sciencedirect.com.dbgw.lis.curtin.edu.au (accessed august 16, 2011). Navetta, D. 2009. Legal Implications of Cloud Computing. http://www.llrx.com/features/cloudcomputing.htm (accessed October 6, 2011). Marston, S., Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi. 2011. Cloud Computing-The Business Perspective. Decision Support Systems 2011 (51): 176-189. ScienceDirect. http://www.sciencedirect.com.dbgw.lis.curtin.edu.au (accessed august 12, 2011). Motahari-Nezhad, H. R., B. Stephenson, and S. Singhal. 2009. Outsourcing Business to Cloud Computing Services: Opportunities and Challenges. http://www.hpl.hp.com/techreports/2009/ (accessed August 20, 2011). Paquette, I., P. J. Jaeger, and S. C. Wilson. 2010. Identifying the Security Risks Associated With Governmental Use of Cloud Computing. Government Information Quarterly 2010 (27): 245-253. ScienceDirect.
12

http://www.sciencedirect.com.dbgw.lis.curtin.edu.au (accessed august 12, 2011). Suantesson, D., and R. Clarke. 2010. Privacy And Consumer Risks In Cloud Computing. Computer Law & Security Review 2010 (26): 391-397. ScienceDirect. http://www.sciencedirect.com.dbgw.lis.curtin.edu.au (accessed august 12, 2011). Sultan, N. 2009. Cloud Computing For Education: A New Dawn?. International Journal of Information Management 2010 (30): 109-116. ScienceDirect. http://www.sciencedirect.com.dbgw.lis.curtin.edu.au (accessed august 6, 2011). SWAAB ATTORNEYS n.d. The Steps in an Information and Communication Technology(ICT) Procurement. http://www.swaab.com.au/publications/ITC%20procurement.pdf (accessed October 6, 2011) Zissis, D. and D. Lekkas. 2011. Addressing Cloud Computing Security Issues. Future Generation Computer Systems 2010. ScienceDirect. http://www.sciencedirect.com.dbgw.lis.curtin.edu.au (accessed august 6, 2011).

13