public cloud computing vs. private cloud …...public cloud computing vs. private cloud computing:...

14
Public Cloud Computing vs. Private Cloud Computing: How Security Matters 1 Public Cloud Computing vs. Private Cloud Computing: How Security Matters Research Paper Public Cloud Computing vs. Private Cloud Computing: How Security Matters Delvis Simmonds Alli Wahab Cameron University IT Capstone Dr. Diaz Gomez April 27, 2012

Upload: others

Post on 01-Feb-2020

66 views

Category:

Documents


6 download

TRANSCRIPT

Page 1: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 1

Public Cloud Computing vs. Private Cloud Computing:

How Security Matters

Research Paper

Public Cloud Computing vs. Private Cloud Computing:

How Security Matters

Delvis Simmonds

Alli Wahab

Cameron University

IT Capstone

Dr. Diaz Gomez

April 27, 2012

Page 2: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 2

Table of Contents

Abstract ...................................................................................................................... 3 Introduction……………………………………………………………………………………………………………….3

The growth of Cloud Computing .................................................................................. 5 Public Cloud Security Issues ................................................................................................................................ 7

Private Cloud Computing ............................................................................................ 9 Private Cloud Security Issues .............................................................................................................................. 9

Concise comparison .................................................................................................. 10

Conclusions & Future Work ....................................................................................... 11

Bibliography ............................................................................................................. 12

Page 3: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 3

Public Cloud Computing vs. Private Cloud Computing:

How Security Matters

Delvis Simmonds, Alli Wahab

Computing and Technology Department, Cameron University, Lawton, OK, USA

Abstract Cloud computing has promised to enhance efficiency, flexibility, greater agility,

less capital expenditure and to overcome geographic limitations to compete in a global

market. If adopted and implemented, businesses would require not only new

architectures, but also new ways to procure IT services. More and more companies are

shifting to Cloud based services, but at the same time they are concerned about the

security risks. One thing that is really unclear to many is the understanding of what a

Cloud really is. Hopefully after the definitions and illustrations of Cloud computing are

given you will understand it better. Much attention will be given to public and private

Cloud computing issues; as more businesses today utilize Cloud services and

architectures, more threats and concerns arise.

Introduction

Cloud computing represents a major change in how we store digital information

and run computer applications hosted in the “Cloud” (Miller, 2009). While still a

buzzword, the Cloud seems to be confusing, and the concept tends to evoke multiple

responses (Vorro, 2011). There are many definitions of Cloud computing, but they all

focus on certain characteristics of it. The several definitions stem from the three main

categories of Cloud computing which are Infrastructure-as-a-Service (IaaS), Platform-as-

a-Service (PaaS), and Software-as-a-Service (SaaS).

Furthermore, Cloud security is also a broad term and is of major concern. The security challenges Cloud computing presents are formidable, including those faced by public Cloud whose infrastructure and computational resources are owned and operated by an outside party that delivers services to the general public via a multi-tenant platform and for the private Cloud which is hosted on-premise, scales “only” into the hundreds or perhaps thousands of nodes, connected primarily to the using organization through private network links. Security concerns such as secure data

transfer, secure software interfaces, secure stored data, user access control and data

separation must be considered before moving to the Cloud (Beckham, 2011).

Attempting to address security and privacy issues after implementation and deployment is not only much more difficult and expensive, but also exposes the organization to unnecessary risk (Julie, 2011). As a result, many companies remain

skeptical about entrusting their data and computing tasks to outside vendors including

Microsoft, IBM Smart Cloud, and Google. Every trade publication and analyst firm has

done a survey of CIOs regarding Cloud adoption. Results showed that security was the

top reason why CIOs are not too anxious about adapting to the Cloud (see Figure 1).

Page 4: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4

Figure 1: The results in the graph above are gathered from a survey of CIOs,

organizations and IT professionals, which was carried out by the International Data

Corporation (IDC) in 2009. On a whole, the results have been quite steady up until now. The highest challenge/issue related to the Cloud is security. Security is not the only

concern. Issues such as cost, availability, performance, and standardization are also very

high considerations.

This research paper will provide a definition of Cloud computing, the security

issues related to public and private Cloud computing, and give a concise comparison of

both models, focusing more on the security issues.

Definition of Cloud computing

The term Cloud computing entails many different notions. You will find that

some definitions have more meaning than others; Gartner defines Cloud computing as

being scalable, delivering IT-enabled services using the Internet (Gartner, 2012). On the

other hand, The 451 Group sees Cloud computing as a set of business models and

technologies that enables IT functions to be delivered and consumed via a third party.

(Rhoton, J. 2011). Furthermore, Forrester defines Cloud computing as complex

infrastructure that hosts end-customer applications and billed by consumption (Rhoton, J.

2011).

The definition mostly used today is the one expressed by the National Institute of

Standards and Technology (NIST), which states: “a model for enabling convenient, on-

demand network access to a shared pool of configurable computing resources (e.g.,

networks, servers, storage, applications, and services) that can be rapidly provisioned and

released with minimal management effort or service provider interaction” (Grance, T.,

Mell, P., 2009).

The NIST’s definition is much more detailed, and will be the one referenced to in this

paper.

Cloud computing is available in several service models. Each model has different

levels of responsibility for security management. See Figure 2 below for a depiction of

these service models.

Page 5: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 5

Figure 2: Cloud computing models. Taken from (Buecker, Lodewijkx, Moss, Skapinetz,

Waidner, 2009). Figure 2 above shows that Software as a Service (SaaS) provides a number of

ways to control access to the Web portal, such as the management of user identities,

application level configuration, and the ability to restrict access to specific IP address

ranges or geographies. Platform as a Service (PaaS) allow clients to assume more

responsibilities for managing the configuration and security for the middleware, database

software, and application runtime environments. Infrastructure as a Service (IaaS)

model transfers even more control, and responsibility for security, from the Cloud

provider to the client; access is available to the operating system that supports virtual

images, networking, and storage. (Buecker, Lodewijkx, Moss, Skapinetz, Waidner,

2009).

The growth of Cloud Computing Over the past two years, the number of Cloud-based services implemented in

businesses has increased, according to a survey carried out in 2011 by Ernst and Young, a

Page 6: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 6

global leader in assurance, tax, transaction and advisory services (see Figure 2).

Figure 2: A global information security survey of organizations carried out in 2011 by

Ernst and Young revealed a 13% growth in the number of organizations using Cloud-

based services from 2010 to 2011. However, in 2011 there was a 16% negative growth

for plans on using Cloud-based services (Ernst and Young, 2011).

Previous Work

The interesting debate of public Clouds vs. private Clouds has resulted in other

research. In an article by Beth Schultz entitled “Public Cloud vs. private Cloud” 76% of

IT-decision-makers would focus initially on the private Cloud, but private Clouds may

not always be the best solution. The better approach is to evaluate specific applications,

security and compliance considerations and then decide what is more appropriate for a

private Cloud and what is more appropriate for a public Cloud. The size and type of the

company are huge factors in the decision making process; if you are at a smaller

company and don’t have a huge data center, then a public Cloud service will be

acceptable. Whereas, if you are at a larger company which requires mission-critical

applications or data, then it would not be wise to place the more important stuff on a

public Cloud (Schultz, B. 2011). Microsoft TechNet has done some research and

documentation on the security issues in public and private Clouds, reminding us not to

ignore security, even when the CSP appears to control the entire stack (Microsoft

TechNet (1), 2012). Whether the choice is a private Cloud or public Cloud the security of

your data will be very important in both cases. Cloud computing is only as secure and

reliable as the Cloud vendor providing the service, whether it is you or a third-party

(Joyent, 2012).

Public Cloud Computing

There are three Cloud models which companies can choose from, which are

public Cloud computing, private Cloud computing and hybrid Cloud computing. Public

Cloud computing means relying on third parties to offer efficient IT services over the

Page 7: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 7

Internet as needed. On the other hand, Private Cloud computing reassures the

organization that their information and processes are more secure since everything is

managed internally. Hybrid Cloud computing is a combination of both private and public

services. Hybrid Cloud computing is another extensive topic; therefore this paper will not

discuss it.

The National Institute of Standards and Technology defines a public Cloud as a

Cloud infrastructure that is made available to the general public or a large industry group.

Public Clouds are owned by the organization(s) selling Cloud services (Grance, T., Mell,

P., 2009). Figure 3 below gives a basic illustration of an organization using a public

Cloud.

Figure 3: Illustration of an organization using public Cloud services. (Diagram by Delvis

Simmonds and Alli Wahab, 2012).

Public Cloud Security Issues Cloud infrastructures are just another computer network. This means that Clouds

will have the same security any network infrastructure will have (intrusion detection/

prevention etc.). It is up to the Cloud vendor (whether it be you or a third party) to

determine the level of security required (Joyent, 2012). The International Organization

for Standardization (ISO) provides some codes of practice for information security

management, namely the ISO 27001 and 27002. The ISO 27001 covers all types of

organizations. This document specifies the requirements for implementing security

controls customized to the needs of the organization (ISO (1), 2008). The ISO 27002 is

also customized to the needs of the organization, but it is intended to help meet

requirements identified by a security risk assessment (ISO (2), 2008).

There is an ongoing debate between IT professionals of whether or not private

Clouds are really more secure. According to some analysts and vendors, there’s been no

shortage of debate and consternation about the security threats public Cloud computing

poses. The concern can be understandable; especially if sensitive data and vital

applications are in the hands of a party not directly under your preview (Joe, 2011).

Besides from the common view that private Clouds should be more secure, there are

Page 8: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 8

some interesting attributes/properties of public Clouds to consider.

Public Clouds are hardened through continual hacking attempts. The NIST

definition of public Clouds states that they are made available to the general public or a

large industry group. Therefore, public Cloud providers are much larger targets for

hackers than private Clouds. Public Clouds also attract the best security people available;

the biggest and best Cloud service providers have millions of customers relying on them.

They definitely would be meticulous about who they hire. Also public Cloud providers,

especially larger companies like Google, Amazon, and Facebook would get the latest

security gear much easier than a small to midsize private company. Here are some other

security issues related to Public Cloud Computing:

Assessment of the CSP

Any small, young business can advertise Cloud-based services to the

world. How are you sure that that company is capable and safe to work with?

CSPs should hold industry certifications such as the SAS 70 Type II, which is an

audit that provides independent 3rd

party verification that a service organization’s

policies and procedures are correctly designed (SAS 70, 2012).

Security of the communication channels

Data and communication protection is paramount in Cloud computing. We

use the services provided even though the security mechanisms for secure

communication is abstract. Services can be accessed several ways, such as

through a thin client, laptop or mobile phone. The fact that your data is easily

accessible through these channels, data is transferred across multiple networks,

more especially if your CSP is extremely far away from your location. All

communication should be protected using encryption and key management.

Transparency of security processes

- Some Cloud Service Providers may not explain their security processes

for their own security reasons.

Compliance with Regulations

o Payment Card Industry Data Security Standard (PCI DSS)

o Health Insurance Portability and Accountability Act (HIPAA)

o Sarbanes-Oxley Act (SOA)

o Proper implementation of the CIA triad (Confidentiality, Integrity,

Assurance)

o Geographical borders

- The location of the customer’s data is significant. Public Cloud

service providers typically implement robust data replication mechanisms

as a safe guard for server failures. This means that the customer’s data

might be distributed across the globe in various geographies. This would

conflict with the customer’s need/requirements to keep their data within a

specified border (Microsoft Corporation, 2011).

Potentials of a single security breach

- A single security breach not only destroys the CPS’s reputation but put

Page 9: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 9

your data and many others’ in danger. A perfect example is Sony’s data

breaches in 2011. Sony faced customer relation fallouts, and lawsuits over its

failure (Schwartz. M, 2011).

Access control mechanisms

Data Loss

Cross-tenant data leakage

- vulnerabilities of shared network infrastructure components, such

as vulnerabilities in a DNS server, Dynamic Host Configuration Protocol, and IP protocol

vulnerabilities, might enable network-based cross-tenant attacks in an IaaS infrastructure

(Pfleeger, Irvine, Kwon, 2012).

Private Cloud Computing According to the National Institute of Standards and Technology (NIST) a private

Cloud is a Cloud infrastructure that is operated solely for an organization. The

organization or a third party can manage it. Private Clouds can exist on-site or off-site

(Grance, T., Mell, P., 2009). Typically private Clouds are used when sensitive data is

involved. Figure 2 below gives a basic illustration of an organization using a private

Cloud.

Figure 2: Illustration of an organization with a private Cloud. (Diagram by Delvis

Simmonds and Alli Wahab, 2012).

Private Cloud Security Issues Private Clouds have the same security concerns as public Clouds do, but typically

on a smaller scale since private Clouds are operated solely for an organization. However,

there are some specific concerns towards this Cloud model:

• Security Architecture

Page 10: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 10

o Perimeter Security and insider attacks

- Very often, traditional perimeter security is not configured to

protect resources from attacks that come from within the organization

(Microsoft (2), 2012).

o Hypervisor vulnerabilities and network level authentication (IPSec,

IPS/IDS)

- Virtual machines are heavily used in Private Clouds. It is possible

that those virtual machines will be able to have virtual

communication with other virtual machines. Virtual machines

should only be communicating with the ones they need to.

Encryption and authentication mechanisms should be implemented

using IPSec and/or IPS/IDS (Microsoft (2), 2012).

• Security Zones

- Resources of different types and sensitivity levels should be located in

separate security zones (Stawowski, M., 2007).

Based on previous studies and the definition of a private Cloud, private Clouds

will immediately seem to be more secure than public Clouds because of how the

infrastructure is designed. It gives the organization more control over their policies and

security. According to NIST, the internal private Cloud is more suitable deployment

models that offer an organization greater oversight and authority over security and privacy, and better limit the types of tenants that share platform resources, reducing exposure in the event of a failure or configuration error in a control. Private Clouds typically would suffer from perimeter complacency; thinking that

because it is on the internal network, it must be secure; the Internet and viruses are still

present. So, caution and security standards should not be lowered just because it is private

(Bloomberg, 2012). Moreover, the private Cloud requires that to have total control over

all layers of the stack, which includes any traditional network perimeter security you

might want to have in place. In a private Cloud model, the Cloud services are not

typically exposed to the general Internet users and remote access to private Cloud hosted

resources is enabled through mechanisms used in traditional data centers. Private Cloud

computing typically uses virtualization technologies to increase hardware utilization and

to abstract compute, memory, network, and storage component from Private Cloud

consumers (Thomas, 2011). See Table 1 below for a concise comparison of public

Clouds and private Clouds.

Concise comparison Table 1: A concise comparison of public and private Clouds.

Public Cloud Private Cloud

Low investment hurdle High investment hurdle

Negative loss and control over data IT organization retains control over data

Higher risk of multi-tenancy data transfer Fewer security concerns

Page 11: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 11

Conclusions & Future Work In this paper we have provided a definition of Cloud computing and highlighted

the security issues/concerns related to public Clouds and private Clouds. As more

businesses today utilize Cloud services and architectures, more threats and concerns

arise. The attributes of both Cloud models shown in pages 7 to 10 and Table 1 definitely

would make one contemplate the direction to take. Nevertheless, the integration of

Cloud-based services in businesses is continuing. Both public and private Cloud models

have their own advantages and challenges; therefore security will always be an issue. The

needs and goals of each organization will vary. Therefore evaluating specific

applications, security and compliance considerations would help in deciding what is more

appropriate for a private Cloud and what is more appropriate for a public Cloud.

Cloud computing is a very wide subject area. Even though the scope was scaled

down to the security issues in public Cloud computing and private Cloud computing it

was still quite a challenge getting details on certain areas; most information found during

the research is related to either public Cloud computing or Cloud computing in general.

The reason for this is that the term “Private Cloud” is not as widely accepted as Cloud

computing.

Research in the future about Cloud computing will most likely be on Hybrid

Cloud Computing (the combination of services from public and private Clouds). Several

recent Cloud surveys confirm these high levels of interest in hybrid Cloud. A Unisys

survey in January 2011 indicated that 21% of IT organizations are focusing on hybrid

Clouds, and a Sand Hill Group survey of over 500 IT managers indicates that hybrid

Cloud use will triple over the next three years (Bitpipe, 2012).

Page 12: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 12

Bibliography Beckham, J. (2011) The Top 5 Security Risks of Cloud Computing. Retrieved February17,

2012 from http://blogs.cisco.com/smallbusiness/the-top-5-security-risks-of-cloud-

computing/

Bitpipe. (2012) What is driving hybrid cloud computing? Differences explained: Private

vs. public vs. hybrid cloud computing. Retrieved April 13, 2012 from

http://docs.media.bitpipe.com/io_10x/io_100433/item_419065/HPIntel_sCloudCo

mputing_SO%23034437_E-Guide_052611.pdf

Bloomberg, J. (2012) Why Public Clouds are More Secure than Private Clouds.

Retrieved March 2, 2012 from http://www.zapthink.com/2012/02/07/why-public-

clouds-are-more-secure-than-private-clouds/

Buecker. A., Lodewijkx. K., Moss. H., Skapinetz. K., & Waidner. M. (2009). Cloud

Security Guidance. IBM Recommendations for the Implementation of Cloud

Security. Cloud security: the grand challenge. Retrieved April 16, 2012 from

http://www.redbooks.ibm.com/redpapers/pdfs/redp4614.pdf

Ernst and Young (2011). Into the cloud, out of the fog. Retrieved April 13, 2012 from

http://www.ey.com/GL/en/Services/Advisory/2011-Global-Information-Security-

Survey---Seeing-through-the-cloud

Gartner (2012) Cloud Computing. Retrieved April 15, 2012 from

http://www.gartner.com/technology/it-glossary/cloud-computing.jsp

Gens, F. (2009) New IDC IT Cloud Services Survey: Top Benefits and Challenges.

Retrieved March 16, 2012 from http://blogs.idc.com/ie/?p=730

Grance, T., Mell, P. (2009) The NIST Definition of Cloud Computing. Retrieved March

15, 2012 from http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf

ISO (1) (2008) ISO/IEC 27001:2005. Information technology-Security techniques-

Information security management systems-Requirements. Retrieved March 16,

2012 from http://www.iso.org/iso/catalogue_detail?csnumber=42103

ISO (2) (2008) ISO/IEC 27002:2005. Information technology-Security techniques-Code

of practice for information security management. Retrieved March 16, 2012 from

http://www.iso.org/iso/catalogue_detail?csnumber=50297

Jansen et al (2011) Public Cloud Computing. Retrieved April 1, 2012 from

http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf

Joyent (2012) Security in Public and Private Cloud Infrastructures. Retrieved March 15,

2012 from http://www.joyent.com/documents/Joyent-Security-in-Public-and-

Private-Cloud-Infrastructures-White-Paper.pdf

Page 13: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 13

Joe (2011) Are Private Cloud really more secure than Public Cloud? Retrieved April 1,

2012 from http://www.smartplanet.com/blog/business-brains/are-8216private-

clouds-really-more-secure-than-public-clouds/13583

Microsoft Corporation (2011) Addressing Cloud Computing Security Considerations.

Retrieved April 2, 2012 from http://search.microsoft.com/en-

us/results.aspx?form=MSHOME&setlang=en-

us&q=Addressing%20Cloud%20Computing%20Security%20Considerations

Microsoft TechNet (1), 2012. Security Issues in the Public Cloud. Retrieved April 13,

2012 from http://social.technet.microsoft.com/wiki/contents/articles/security-

issues-in-the-public-cloud.aspx

Microsoft TechNet (2), 2012. Security Issues in the Private Cloud. Retrieved April 13,

2012 from http://social.technet.microsoft.com/wiki/contents/articles/security-

issues-in-the-private-cloud.aspx

Miller, M. (2009) Understanding Cloud Computing. Retrieved February 17, 2012 from

http://www.informit.com/articles/article.aspx?p=1321170

Pfleeger. L. S., Irvine. C., Kwon. M. (2012). "Guest Editors' Introduction," IEEE Security

and Privacy, vol. 10, no. 2, pp. 19-23. Retrieved March-April 2012

Rhoton, J. (2011). Common Definition. Cloud Computing Explained: Second Edition.

Recursive Press, US.

SAS 70 (2012). Introduction to SAS 70 Type II Audit. Retrieved April 16, 2012 from

http://www.sas70exam.com/services/type-ii-sas-70-audit/

Schultz, B. (2011). Public cloud vs. private cloud: Why not both?. Retrieved March 14,

2012 from http://www.networkworld.com/supp/2011/enterprise2/040411-ecs-

cloud.html?page=1

Schwartz. J. W. (2011). 6 Worst Data Breaches of 2011. Information Week Security.

Retrieved April 16, 2012 from

http://www.informationweek.com/news/security/attacks/232301079

Stawowski, M. (2007). Security Zones. The Principles of Network Security Design.

Retrieved April 15, 2012 from

http://www.brevard.k12.fl.us/infosec/documents/principlesnetworksecuritydesign.

pdf

Thomas (2011). Security issues in the Private Cloud. Retrieved April 1, 2012 from

http://social.technet.microsoft.com/wiki/contents/articles/security-issues-in-the-

private-cloud.aspx

Page 14: Public Cloud Computing vs. Private Cloud …...Public Cloud Computing vs. Private Cloud Computing: How Security Matters 4 Figure 1: The results in the graph above are gathered from

Public Cloud Computing vs. Private Cloud Computing: How Security Matters 14

Vaquero, L., Rodero-Merino, L., Caceres, J., Linder, M. (2009). A Break in the Clouds:

Towards a Cloud Definition. Retrieved February 15, 2012 from

http://ccr.sigcomm.org/online/files/p50-v39n1l-vaqueroA.pdf

Vorro, A. (2011) Clearing away cloud computing confusion. Retrieved February 17,

2012 from http://www.insidecounsel.com/2011/11/01/clearing-away-cloud-

computing-confusion