5 Principles to Know

7 mins

Cloud computing allows computing services and resources, such as servers, storage, databases, networking, software, analytics, and intelligence, to be made accessible via a network. If it is a public cloud, the network is the public internet but if its a private cloud, the transit data may be over a local or private network. Before cloud computing, all computing services were only accessible via your computer hardware, installed software or your businesses' own local servers and data storage.

02 TA01 01

Although the term 'cloud computing' may be applied to a range of technologies, there are three main types of cloud service.

1) Infrastructure as a Service (IaaS). An IaaS cloud provides a user with IT infrastructure for processing, storage, networks, and other raw computing resources on which the user can set up and run its own operating systems, rather than purchasing hardware.

2) Platform as a Service (PaaS). A PaaS cloud provides access to a computing platform which is a ready-built environment on which a user can develop its own cloud-based applications to run within the platform.

3) Software as a Service (SaaS). A SaaS cloud provides access to a software application, which the user accesses via their web browser without the need for the application to be installed onto the user's system. Most common examples include Microsoft Office 365 and Google Docs.


Cloud providers commonly charge users according to their actual usage of cloud resources. While the metrics to measure this usage vary widely, an example is charging for each unit of cloud storage utilised per hour. This enables users to save on costs otherwise devoted to maintaining idle machines or servers whenever they are not utilised.

02 TA02 01

Cloud computing also allows users to increase the capability offered by existing machines or servers for a given task ('scaling up') and recruit additional machines to service that task ('scaling out'), more efficiently than traditional methods. Traditional methods require time and cost devoted to planning and arranging the purchase of new servers and hardware to be delivered on-site. In contrast, cloud computing allows a user to scale up and out by simply requesting and paying for the additional resources required without the need for any physical delivery.

The ability to scale up or out quickly also translates into another advantage of cloud computing: elasticity. This means that in case of a sudden spike in computing demand, such as a spike in enquiries after an announcement, the cloud provider could cater to this by automatically enlisting the support of an additional server or increasing the capability of the existing machines on a temporary basis. This reduces the risk that existing servers would be overwhelmed by an often unexpected spike in capacity demand.


Both public and private clouds offer similar services, but the way they operate differs when it comes to performance, security and control.

A public cloud is computing services offered over the public internet, where servers are shared across many users. A private cloud provides exclusive use of cloud resources to a single user - the cloud provider may host those resources at its own premises or the user's private internal network or a combination of both.

02 TA03 01

Public cloud environments are generally 'multi-tenanted' – different users share the same infrastructure and resources of the cloud provider. This usually involves separating or partitioning one user's data or use of a service from another user's data or use, also known as 'segregation'. Effective separation is achieved by implementing encryption at various layers, including at the device or hardware layer, and the storage layer, where divisible parts of data are kept ‘at rest’ and locked with encryption keys which can only be unlocked by or on behalf of each user.

Private cloud arrangements often allow for a higher degree of customisation. However, they often also come with higher costs, as in-house IT teams are often required to set up and maintain a private cloud on an ongoing basis, as well as customise the private cloud for higher levels of privacy, for example. In public clouds, backup servers could be deployed quickly and even automatically to replace affected servers and data centres in the event of a natural disaster or other plausible disruption. These contingencies would need to be expressly catered for in other ways in private cloud arrangements.


Cloud service providers adhere to a shared security responsibility model. This is unlike a traditional data centre model, where the user is responsible for security across their entire operating environment, including applications, physical servers and even physical building security.

In general, responsibility in a shared model is split such that the cloud provider manages and controls the host operating system, the virtualisation layer, and the physical security of its facilities. To ensure security within a given cloud environment, the user is responsible for and configures and manages the security controls for the guest operating system and other applications, as well as for the security group firewall. The user is also responsible for encrypting data in-transit and at-rest.

As most cloud arrangements involve the processing of personal data, for all UK businesses, guidance will be required on the General Data Protection Regulation. As it is the user who will determine the purposes for which and the manner in which any personal data are being processed, it is the user who will most likely be the data controller and therefore will have overall responsibility for complying with the Data Protection Act 1998. The ICO has provided further guidance on this.


To secure your data, cloud systems use sophisticated access controls and authentication processes to limit access, and data encryption to protect data that is stolen or intercepted. Cloud providers employ the most advanced security techniques and provide the most reliable service possible, as their reputation depends on it. Your data is, however, not immune from attack or seizure, as is the case for data stored on computer hard drives and local IT infrastructure.

You should understand prospective cloud service offerings fully, to make sure that they meet your business requirements, are procured under a robust business case and have been subjected to a risk and compliance analysis. Any analysis of security risk should be informed by the IT security certification that the cloud provider has achieved. There are widely recognised international standards for information security compliance such as ISO/IEC 27001.

An assessment of the importance and criticality of the service and the sensitivity of the relevant data will inform any choice in the cloud deployment model. For example, certain sensitive data may be better stored on a solution provided by a well-known, tested and certified cloud solution, whereas a new innovative public SaaS product may be used for business purposes which are less critical and do not require access to sensitive data. The most important aspect is to have an IT professional working alongside you to ascertain operational and technical requirements, in order to ensure your cloud strategy is well-considered from the start.


Thank you for signing up for LawtechUK news and updates

You will now be notified of all our latest updates.

Thank you for contacting LawtechUK

We will get back to you as soon as we can.

Thank you for your interest in the Open Legal Data project.

The LawtechUK team will be in touch with you shortly.

Thank you for signing up for LawtechUK news and updates

You will now be notified of all our latest updates.