Cloud Best Practices
BYOD implies mobile computing and those on the run oen use the cloud
to store and access both personal and organizational documents. us,
it is worthwhile to consider the cloud dynamic, including selection, legal
issues, and security. e federal government’s CIO Council carefully con-
sidered these issues (2012). is chapter aligns with their ndings and
recommendations. Readers are also urged to review Cloud Procurement
Questions, Appendix F, which provides a comprehensive worksheet
for cloud vendor selection. Readers will also be interested in reviewing
Appendix K, which provides a detailed security checklist that can be used
when accessing cloud vendors and web service providers.
e adoption of cloud computing represents a dramatic shi in the way
organizations buy IT—a shi from periodic capital expenditures to lower
cost and predictable operating expenditures. With this shi comes a learn-
ing curve regarding the eective procurement of cloud-based services.
Cloud computing presents a paradigm shi that is larger than IT, and
while there are technology changes with cloud services, the more substan-
tive issues that need to be addressed lie in the business and contracting
models applicable to cloud services. is new paradigm requires organi-
zations to re-think not only the way they acquire IT services in the con-
text of deployment, but also how the IT services they consume provide
mission and support functions on a shared basis. Organizations should
begin to design and/or select solutions that allow for purchasing based on
consumption in the shared model that cloud-based architectures provide.
Cloud computing allows consumers to buy IT in a new, consumption-
based model. Given the dynamic nature of end-user needs, the traditional
method of acquiring IT has become less eective in ensuring the orga-
nization eectively covers all of its requirements. By moving from pur-
chasing IT in a way that requires capital expenditures and overhead, and
114 • Bring Your Own Devices (BYOD) Survival Guide
instead purchasing IT “on-demand” as an organization consumes ser-
vices, unique requirements have arisen that organizations need to address
when contracting with cloud service providers (CSPs).
e primary driver behind purchasing any new IT service is to eectively
meet a commodity, support, or requirement that the organization has.
Part of the analysis of that need or problem is determining the appropriate
solution. Choosing the cloud is only the rst step in this analysis. It is also
critical for organizations to decide which cloud service and deployment
model best meets their needs.
e National Institute of Standards and Technology (NIST) has dened
three cloud computing service models: Infrastructure as a Service,
Platform as a Service, and Soware as a Service.
ese service models can be summarized as follows:
1. Infrastructure: the provision of processing, storage, networking,
and other fundamental computing resources
2. Platform: the deployment of applications created using programming
languages, libraries, services, and tools supported by a cloud provider
3. Soware: the use of applications running on a cloud infrastruc-
ture environment
Each service model oers unique functionality depending on the class
of user, with control of the environment decreasing as you move from
Infrastructure to Platform to Soware. Infrastructure is most suitable for
users like network administrators as organizations can place unique plat-
forms and soware on the infrastructure being consumed. Platform is most
suitable for users such as server or system administrators in development
and deployment activities. Soware is most appropriate for end-users since
all functionalities are usually oered out of the box. Understanding the
degree of functionality and what users will consume the services is critical
for organizations in determining the appropriate cloud service to procure.
NIST has also dened four deployment models for cloud services:
Private, Public, Community, and Hybrid. ese service deployments can
be summarized as follows:

Get Bring Your Own Devices (BYOD) Survival Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.