‘Cloud Computing’ is a general term used for anything that entails delivering hosted services over the internet. Permitting consumers and businesses to use applications without installing them on their local machines and allowing access to personal files on any computer with internet access is one of the major benefits of cloud computing.

Providing Infrastructure (IaaS), Platform (PaaS) and Software (SaaS), cloud computing has certain cons associated with the open hosting theory as well.

Cons of Cloud Computing
Given the simplicity and advantages in terms of cost that cloud computing entails, it’s no surprise that organizations are keen on taking the plunge there. When opening the arena of the ‘Cloud’, users may be from anywhere, accessing anything, and storing it anywhere in any manner. To restrict these activities may not be as easygoing as it may sound. Talking in terms of compliance auditing, the basic checkpoint states that an enterprise should have complete control and everything should be in their premises. This basic criteria is not met in case of cloud computing. With the cloud coming into picture, the data/server or storage don’t need to reside in the same building anymore. Many would even raise an eyebrow at security of cloud computing since they are often unable to meet the enterprise regulatory compliance requirements. Almost a year back, Chuck Goolsbee from SearchDataCenter.com based his skepticism on numerous factors such as if cloud computing providers can meet regulatory compliance requirements like PCI DSS (Payment Card Industry Data Security Standard), which is an essential component for e-commerce.

Cloud Computing and PCI DSS
One basic question that arises with reference to Cloud Computing and PCI is--can the payment card applications/data be placed on the infrastructure of the cloud computing provider in a compliant manner? The scope of PCI DSS indicates scope limitation of PCI assessment based on network segmentation. In case of cloud computing, there are both the physical as well as virtual infrastructure devices. To assess basic PCI standards, the assessment should be related to groups containing application or data related to card payments. It seems logical that in case an enterprise is planning to harnesses e-commerce and cloud computing benefits as well, it should target a provider that is PCI DSS compliant. On the other hand, for the providers of cloud, they should take care of significant and important aspects such as installation and maintenance of firewalls to protect card holder data, not using vendor supplied default parameters (credentials), protection of stored data and using encryption to ensure security of data while transferring. Besides these simple precautions, there are other overheads in terms of securing payments from cloud infra, which may include assigning unique ids for users for identification, restricting physical access to card holder data, maintaining security policies for employees and others in the organization.

Compliance – a broader view under cloud
In the present scenario, there is an ever-increasing pack of guidelines that enterprises need to worry about. There are already numerous regulations in place such as FTC's Red Flags Rules, PCI DSS, SOX to HIPAA/HITECH. This happens as the market witnesses an increase in the number of cloud services providers. The mixed environment leaves a decision maker with several choices and questions to consider regarding cloud computing compliance. Should an enterprise decide to go for cloud computing, they must consider various aspects of compliance that the company cannot get rid of simply by going onto the cloud. If the data is related to Personally Identifiable Information (PII) or Personal Health Information (PHI) or corporate/finance related information – special attention is desired before migrating to the new infrastructure.

Cloud Computing - costing or cost saving?
The answer to this question actually depends a lot on the duration for which the company is looking for this solution. Not quoting the exact figure to keep it simple here, companies pay much (much much) more for year 1 On-Premises than that of a model based on hosting of services. Moving ahead, the same cost difference is not substantial in the third year which interestingly (and eventually) comes out to be more cost effective for an On-Premises solution in year 5 of operation. However, On-Premises will again lose to the hosted model of operation when we add on the license renewal cost and the hardware upgrade cost (Year 5). It therefore eventually depends on what the company is aiming at. For a solution and investment that is short sighted, a hosted model will win the company in terms of cost.

Current Trend
The concept is new and has mixed pros and cons. Higher security risk, compliance complications, auditing efforts, lesser cost of ownership and several other factors determine the choice of the decision maker. Companies playing proactive in the market are trying to get their hand cautiously into the Cloud. They are attempting to use it for applications that are not critical. They are determined to vouch for it only if the experience thereof is positive for a period and then decide their next move towards this new buzz. Besides this, emerging entrepreneurs are trying to expand by using Google Docs, various social networks and blogging. Well yes, Google Docs is an example of cloud computing if you wondered here!