Cloud computing or “cloud computing” consists of consuming computing and storage resources made available by providers via the internet. Like electrical power, computer power is thus offered on demand, in the form of subscriptions priced according to the IT capacity used. Main advantage: this model makes it possible to modulate expenses, over time, according to the fluctuation of a company’s digital activity.
What Is The Cloud?
The cloud is divided into three layers. The foundation of the building, IaaS (Infrastructure as a Service) provides computing, storage and bandwidth resources. Above, PaaS (Platform as a Service) groups together the services needed to run applications. Finally, SaaS (Software as a Service) precisely designates applications based on the building and generally marketed by software publishers or start-ups. Considered to be the nerve center of cloud computing, a handful of players share the infrastructure (IaaS) and platform (PaaS) cloud markets: AWS, Google, Microsoft and Alibaba.
Cloud comparison: which criteria to compare?
Cloud offers are many and varied. Within IaaS, for example, there is BaaS (Backend as a Service) which revolves around an API management environment designed to manage access to third-party applications. But also DaaS (for Data as a service) which brings together all the cloud bricks for data management, from databases to storage systems and data warehouses. Still on the IaaS front, Function as a Service (FaaS) provides computing resources in serverless mode. FaaS executes application code in functions to fully automate the driving and execution of the underlying computing capacity.
Once this categorization work has been carried out, it remains to be seen how to compare the different offers of the same type in order to choose the one that best meets your needs. Here, several criteria come into play. What is the functional range covered? What is the quality of service contract (SLA) to which the supplier commits, particularly in terms of availability rate? Does the provider give the possibility of recovering the data and deployed applications? Where is the cloud offer hosted (in France, in another European country, outside the Old Continent)? Does it meet the certifications required for the project (s) (Hosting of health data, SecNumCloud …)? All of these questions form the outlines of a decision-making matrix.
What are the advantages of the cloud?
Cloud computing has two main advantages. First, it avoids having to acquire computer systems, deploy them and maintain them. It gives access to an offer (CPU, storage, network, etc.) accessible online and priced according to the IT resource consumed. IT is thus moving from investment expenditure (capex) to operating expenditure (opex). A godsend for the CFO.
Then, the clouds, by pooling their investments over thousands or even millions of customers, have the means to offer innovative services that an average company would not have the means to develop. This is particularly the case in artificial intelligence or high performance computing.
Cloud computing offers have been enriched over time. To the computation and storage layers have been added databases of all types, capable of managing up to big data, but also autoscaling services making it possible to adapt IT resources in real time according to the amplitudes of traffic.
Serverless or FaaS (Function as a Service) environments have appeared to automate infrastructure, and Kubernetes as a Service bricks have been designed to build portable application architectures from one cloud to another. At the same time, more vertical solutions have emerged, targeting high performance computing, mobile applications, artificial intelligence, IoT.
What is the sovereign cloud?
The sovereign cloud consists in proposing cloud offers located in Europe and isolated from the extraterritorial regulations of the United States. Laws, articulated around the Cloud Act, which, let us remember, allow the US federal authorities to access data operated by American clouds, regardless of their location, including in France therefore. In the wake of the European consortium Gaya-X, the Macron government has initiated a policy to promote sovereign clouds after the failure of the Numergy and Cloudwatt initiatives initiated under the presidency of Nicolas Sarkozy.
In May 2021, the government launched the Confidence Cloud label which aims to certify cloud offers guaranteeing data security, their location in Europe, and their management by European players.
With the emergence of the cloud, companies are now outsourcing their information systems en masse. SaaS is democratizing in multiple areas: productivity suite (mainly with Office 365 and G Suite), HR management, financial management, supply chain management, ERP … Companies are also turning to the giants of IaaS and PaaS to develop their new digital services, or more prosaically to switch over to their old core business systems. Migration projects which are generally accompanied by a serious application facelift aiming to take full advantage of the innovative services offered by cloud providers.
Cloud: what does the CNIL say?
For the CNIL, cloud providers are not sufficiently transparent about the technical and organizational measures they implement to guarantee the security and confidentiality of data processed on behalf of their customers.
“This lack of transparency is lacking to customers who do not have all the information necessary to fulfill their obligations as data controllers”, insists the National Commission for Information Technology and Freedom. Faced with this observation, the CNIL advises companies embarking on this path to adopt a five-step action plan:
Identify the data and processing that will pass in the cloud,
Conduct a risk analysis in order to identify the essential security measures for the company,
Identify the type of cloud relevant for the envisaged treatment,
Choose a service provider with sufficient guarantees, both in legal terms and in terms of data protection.