*Putting Cloud Computing To The Test*
**By Tony Garritano**
***The National Institute of Standards and Technology (NIST) has taken a hard look at cloud computing. Cloud computing has been the subject of a great deal of commentary. Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models. As a result, the NIST released its definition of cloud computing along with some guidelines to ensure security. Here’s what they said:
****First, in defining cloud computing, the NIST noted, “A cloud computing system may be deployed privately or hosted on the premises of a cloud customer, may be shared among a limited number of trusted partners, may be hosted by a third party, or may be a publically accessible service, i.e., a public cloud. Depending on the kind of cloud deployment, the cloud may have limited private computing resources, or may have access to large quantities of remotely accessed resources. The different deployment models present a number of tradeoffs in how customers can control their resources, and the scale, cost, and availability of resources.”
****NIST went further to detail the economic considerations that users need to consider when going to the cloud. The institute said, “In outsourced and public deployment models, cloud computing provides convenient rental of computing resources: users pay service charges while using a service but need not pay large up-front acquisition costs to build a computing infrastructure. The reduction of up-front costs reduces the risks for pilot projects and experimental efforts, thus reducing a barrier to organizational flexibility, or agility. In outsourced and public deployment models, cloud computing also can provide elasticity, that is, the ability for customers to quickly request, receive, and later release as many resources as needed. By using an elastic cloud, customers may be able to avoid excessive costs from overprovisioning, i.e., building enough capacity for peak demand and then not using the capacity in non-peak periods. Whether or not cloud computing reduces overall costs for an organization depends on a careful analysis of all the costs of operation, compliance, and security, including costs to migrate to and, if necessary, migrate from a cloud.”
****To clarify, NIST released guidelines on privacy and security around cloud computing. Proactive technology vendors within the mortgage space are both adopting cloud computing and seeking to educate the mortgage space on the benefits of this technology advancement. For example, PROGRESS in Lending has learned that eLynx, a portfolio company of American Capital, has released a new white paper that will help companies that utilize Cloud computing technology understand the recently released guidelines on security and privacy issued by the NIST. The paper, entitled “Data Security in the Cloud,” summarizes the government’s recommendations related to cloud-based services offered by eLynx to the financial services and real estate industries.
****“Too many companies have over-used the concept of cloud computing in an effort to gain a marketing advantage,” said Alan Matuszak, Vice President of Software Engineering and Operations for eLynx. “In the process, many executives in our industry find they have unanswered questions when it comes to data security and privacy as they relate to these advanced systems. This new paper answers some of those key questions.”
****eLynx has been offering cloud-based services for close to two decades. The company’s experienced executives contributed to the paper, which also outlines how eLynx meets or exceeds all NIST recommendations.