Market Analysis: Putting Cloud Computing To The Test

*Putting Cloud Computing To The Test*
**By Tony Garritano**

***The National Institute of Standards and Technology (NIST) has taken a hard look at cloud computing. Cloud computing has been the subject of a great deal of commentary. Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models. As a result, the NIST released its definition of cloud computing along with some guidelines to ensure security. Here’s what they said:

****First, in defining cloud computing, the NIST noted, “A cloud computing system may be deployed privately or hosted on the premises of a cloud customer, may be shared among a limited number of trusted partners, may be hosted by a third party, or may be a publically accessible service, i.e., a public cloud. Depending on the kind of cloud deployment, the cloud may have limited private computing resources, or may have access to large quantities of remotely accessed resources. The different deployment models present a number of tradeoffs in how customers can control their resources, and the scale, cost, and availability of resources.”

****NIST went further to detail the economic considerations that users need to consider when going to the cloud. The institute said, “In outsourced and public deployment models, cloud computing provides convenient rental of computing resources: users pay service charges while using a service but need not pay large up-front acquisition costs to build a computing infrastructure. The reduction of up-front costs reduces the risks for pilot projects and experimental efforts, thus reducing a barrier to organizational flexibility, or agility. In outsourced and public deployment models, cloud computing also can provide elasticity, that is, the ability for customers to quickly request, receive, and later release as many resources as needed. By using an elastic cloud, customers may be able to avoid excessive costs from overprovisioning, i.e., building enough capacity for peak demand and then not using the capacity in non-peak periods. Whether or not cloud computing reduces overall costs for an organization depends on a careful analysis of all the costs of operation, compliance, and security, including costs to migrate to and, if necessary, migrate from a cloud.”

****While endorsing cloud computing overall, NIST did warn that users need to prepare for security. NIST pointed out, “Organizations should be aware of the security issues that exist in cloud computing and of applicable NIST publications such as NIST Special Publication (SP) 800-53. As complex networked systems, clouds are affected by traditional computer and network security issues such as the needs to provide data confidentiality, data integrity, and system availability. By imposing uniform management practices, clouds may be able to improve on some security update and response issues. Clouds, however, also have potential to aggregate an unprecedented quantity and variety of customer data in cloud data centers. This potential vulnerability requires a high degree of confidence and transparency that cloud providers can keep customer data isolated and protected. Also, cloud users and administrators rely heavily on Web browsers, so browser security failures can lead to cloud security breaches. The privacy and security of cloud computing depend primarily on whether the cloud service provider has implemented robust security controls and a sound privacy policy desired by their customers, the visibility that customers have into its performance, and how well it is managed.”

****To clarify, NIST released guidelines on privacy and security around cloud computing. Proactive technology vendors within the mortgage space are both adopting cloud computing and seeking to educate the mortgage space on the benefits of this technology advancement. For example, PROGRESS in Lending has learned that eLynx, a portfolio company of American Capital, has released a new white paper that will help companies that utilize Cloud computing technology understand the recently released guidelines on security and privacy issued by the NIST. The paper, entitled “Data Security in the Cloud,” summarizes the government’s recommendations related to cloud-based services offered by eLynx to the financial services and real estate industries.

****“Too many companies have over-used the concept of cloud computing in an effort to gain a marketing advantage,” said Alan Matuszak, Vice President of Software Engineering and Operations for eLynx. “In the process, many executives in our industry find they have unanswered questions when it comes to data security and privacy as they relate to these advanced systems. This new paper answers some of those key questions.”

****eLynx has been offering cloud-based services for close to two decades. The company’s experienced executives contributed to the paper, which also outlines how eLynx meets or exceeds all NIST recommendations.

Tony Garritano
Tony Garritano is chairman and founder at PROGRESS in Lending Association. As a speaker Tony has worked hard to inform executives about how technology should be a tool used to further business objectives. For over 10 years he has worked as a journalist, researcher and speaker in the mortgage technology space. Starting this association was the next step for someone like Tony, who has dedicated his career to providing mortgage executives with the information needed to make informed technology decisions. He can be reached via e-mail at