Cloud Technology for Insurers - Part 2
Types of Cloud
In the first part of our article series we have introduced you to the origins and basic concept of cloud technology and why it is currently one of most discussed tech trends. In this part, we will explain the different types of cloud and their implications.
Private or Public Cloud – or Rather Something In-between?
As we explained in the previous article , cloud services leverage resource pooling, i.e. they share a pool of resources in the form of hardware and operating staff. Different types of cloud deployment models result directly from this feature.
If all pooled resources are used exclusively by a single organization, this is referred to as a private cloud. In this case, the resources need not be provided by the utilizing organization itself, as the operation of a private cloud can certainly be outsourced to another provider. It is implied that private clouds are only an option for companies of a certain size.
In a public cloud, many users share the resource pool of a mutual provider. Virtualization ensures that physical hardware resources can be distributed among many users and that they nevertheless remain isolated from one another. The advantage of a public cloud is that it offers any user, no matter how small, access to a practically unlimited and modern resource pool. While a private cloud affords full control over the cloud, the user of a public cloud is rather strongly subject to the conditions of the cloud provider. Indeed, a cloud provider aims to realize the greatest possible economies of scale to be economical and therefore will usually not offer individual users any sort of special treatment.
A hybrid cloud is a composition of two or more clouds (private or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Most companies with private clouds will evolve to manage workloads across data centers, private clouds, and public clouds—thereby creating hybrid clouds. For example, an organization might store sensitive client data in house on a private cloud application, but interconnects that application to a business intelligence application provided on a public cloud as a software service.
Organizations that do not want to afford their own private cloud but still want to have maximum control over the cloud provider can decide for a so-called community cloud. Here, two or more organizations share their own cloud. For example, a regional association of insurance companies could operate a community cloud and provide it to its members.
Cloud Provider and Cloud User Share Their Responsibility for Security
Cloud services can be classified in three different service-models. Depending on the service-model, the cloud provider and the cloud user share the responsibility for maintenance and security of the cloud-based system in different proportions (see figure 2). The important point to realize is that there is always a certain share of responsibility remaining with the cloud user. The safest cloud environment can be made unsafe by user not being careful enough. If we compare the situation to a house: you may have a house with bullet-proof windows, steel-reinforced doors, and a highly-sophisticated alarm system: if you leave it with a window open and the alarm system switched off, it is just a welcoming prey for burglars.
Originally, cloud services only offered pure IT infrastructure such as processing power and storage space. This service model is known as Infrastructure as a Service (IaaS). As this merely entails infrastructure, comparable to a new PC or server, the user himself is responsible for installing software and for maintenance. In our analogy of housing space, IaaS would be an apartment or house that you can rent, without any furniture or services included.
Cloud providers have expanded their offering by taking further responsibilities from users. Platform as a Service (PaaS) offers runtime environments for a specific programming platform (e.g. Java) so that the user is no longer responsible for the maintenance of operating systems and runtime environments. In our house analogy, PaaS corresponds to a furnished house with caretaker and laundry service. Obviously, you can now focus on other things than taking care of your laundry. On the other hand, you have lost some flexibility: the laundry service may not use the fabric softener with the scent you like so much.
In the case of Software as a Service (SaaS), the cloud provider also operates the applications for you. In our house analogy, this would correspond to a hotel with full board, spa and security service. Mind that even in this setting, some of the responsibility stays with you: for example, take good care of your key card and better lock your valuables in the hotel safe.
In the next article in our series, we will present the various advantages of cloud compared to in-house data centers. We will also give an overview on the challenges that insurers face when deciding for cloud adoption. These challenges and how they can be successfully addressed is then the topic of the remaining articles in this series.