Page 10 - COSO Guidance Book
P. 10
2 | Enterprise Risk Management for Cloud Computing | Thought Leadership in ERM
1. What Is Cloud Computing?
Definition • Public cloud – The cloud infrastructure is available to
the general public or a large industry group and is
Cloud computing is a computing resource deployment owned by an organization selling cloud services.
and procurement model that enables an organization to
obtain its computing resources and applications from any • Hybrid cloud – The cloud infrastructure is composed
location via an Internet connection. Depending on the of two or more clouds (private, community, or public)
cloud solution model an organization adopts, all or parts of that remain unique entities but are bound together by
the organization’s hardware, software, and data might no standardized or proprietary technology that enables data
longer reside on its own technology infrastructure. Instead, and application portability.
all of these resources may reside in a technology center
shared with other organizations and managed by a third- Cloud Service Delivery Models
party vendor.
The cloud solutions offered by a CSP usually are referred to
Cloud Computing Terminology as cloud service delivery models, and the most common are:
• Cloud service provider (CSP) – A third-party vendor • Software as a Service (SaaS) – Applications
that provides application delivery, hosting, monitoring, organizations use to perform specific functions
and other services through cloud computing. A single or processes (e.g., email, customer management
organization can have contractual relationships with systems, enterprise resource planning systems, and
multiple CSPs depending on the required cloud solutions. spreadsheets). A more evolved offering of SaaS that is
gaining popularity at the time of publication is known as
• Multi-tenant – With most CSP technology solutions, a Business Process as a Service (BPaaS). With BPaaS,
customer is a single tenant among many tenants sharing entire business processes (e.g., payroll and supply-chain
common resources and technologies. The multi-tenant management) are outsourced to a third-party provider
concept affects how resources are organized and and supported by combinations of cloud service delivery
provided to the CSP’s customers. For example, a cloud solutions.
customer’s data might be housed in a single large data
storage platform that is shared with the data of multiple • Platform as a Service (PaaS) – Development
tenants of the same cloud solution. environments for building and deploying applications.
The CSP provides its customers with proprietary tools
Cloud Deployment Models that facilitate the creation of application systems and
programs that operate on the CSP’s hosted infrastructure.
The most common types of cloud computing deployment
models, according to the National Institute of Standards of • Infrastructure as a Service (IaaS) – The CSP provides
Technology, are: an entire virtual data center of resources (e.g., network,
2
computing resources, and storage resources).
• Private cloud – The cloud infrastructure is operated
solely for an individual organization and managed by
the organization or a third party; it can exist on or off the
organization’s premises.
• Community cloud – The cloud infrastructure is shared by
several organizations and supports a specific community
that has common interests (e.g., mission, industry
collaboration, or compliance requirements). It might be
managed by the community organizations or a third party
and could exist on or off the premises.
2 Peter Mell and Timothy Grance, The NIST Definition of Cloud Computing, Special Publication 800-145,
http://csrc.nist.gov/publications/PubsSPs.html#800-145.
w w w . c o s o . o r g
