cloud computing guide - benefits, security risks, types, and more

What is cloud computing

In a nutshell: Cloud computing is a collective term for applications, servers, networks and/or the storage of data on the Internet. The bottom line is that users and the IT infrastructure they use are no longer physically in the same place, either in whole or in part. The cloud infrastructure (hardware, software) is therefore potentially global.

Cloud computing - An easy explanation

Think of Cloud Computing as a virtual rental space for computer stuff. Imagine not needing all the computer things at home, but being able to use them over the internet. Your programs, files, and even the machines running them reside in this "cloud," which is essentially massive internet servers. The best part? You can access them from anywhere, as long as you're online.

Picture yourself in a café with your laptop. Your software and data aren't on your laptop; they're in the cloud. You open your browser, log in, and voilà, you're seamlessly working as if you were at home. Whether you need a small program or a massive database, the cloud has room for it all.

In this virtual cloud world, many people share the same space, but everyone has their own corner. And if you need more space, you can just rent more, just like you'd add a room to your apartment. This way, your computer stuff stays organized, without worrying about hardware. That's Cloud Computing in a nutshell.

What are the benefits of cloud computing?

Cloud computing should bring several advantages: The resources should be adaptable to the current consumption (upwards as well as downwards), the prices should become transparent and correspond exactly to the consumption (pay as you go) and the speed of launching new services (time-to-market) should be reduced via automation. Finally, cloud computing allows data and applications to be stored anywhere in the world and to be accessed from anywhere in the world.


Ideally, cloud users only pay for what they need. But the provider must also have transparent prices. Ideally, the current status in the back end should be transparent and visible up to date.


Cloud computing should reduce the time-to-market, i.e. the time from the start of a project to the market launch of a new product. This is primarily because the cloud provider has many elements of the necessary IT infrastructure "at the push of a button". However, comparisons are very difficult here - industry must be compared with industry and service with service.


Since cloud providers focus on technical expertise, security should be higher than for an average SME whose core business is something completely different and IT is "only" a means to an end. On the other hand, there is the single point of failure problem: once an attacker is inside, not only one company is affected, but potentially all customers - the fact that even large ones repeatedly have security problems is easy to follow in the media.


Here, too, the focus is on the cloud provider's specialization. The reliability of the applications used is guaranteed by its expertise and focus on the core business. However, the extent of expertise that a customer benefits from can vary greatly. It must therefore be precisely defined in the service level agreement (SLA) what the cloud provider is responsible for and what the customer is responsible for.


Hier geht es um die Güte eines Service. Denn die Cloud-Applikation kann antworten, aber es kann sehr langsam gehen. Deshalb sollte der Kunde genau überlegen, was er an Reaktivität (z. B. Antwortzeit für Service X) bei jedem Service benötigt, und diese in klar definierten KPIs niederlegen; diese gehören ins SLA.


The availability of a cloud service is the minimum period during which the system is available. Typical time units are minutes, hours, days, months, quarters or years. Availability is usually specified as a percentage value in relation to the period under consideration, for example "99.5 % in the month". In cloud computing, 99.9 percent is considered the minimum value. Again, keep in mind that 99.9 percent means a loss of access of 8.7 hours per year. For some businesses, this may already be too much.


Since the IT infrastructure is ready at the push of a button, new offerings can be launched more quickly. Time-to-market is therefore reduced. But cloud computing is only one part of this calculation. The relevant processes must also be standardized at the customer.


The necessary resources can be infinitely adjusted to the customer's needs, both upwards and downwards. It is important to note, however, that many companies do not have such needs at all, or only to a limited extent. Unlimited scalability is nice, but often a limited variant is enough.

What (cloud) service models are available?


Function as a Service (FaaS) is a category of cloud computing services. Here, the service provider makes individual application functions available on a cloud basis that scale easily and whose infrastructure is hidden from the user (e.g., a search query or the retrieval of geodata).


Infrastructure as a Service (IaaS) is a business model in which computing infrastructure is rented instead of purchased. This means that capacity can be flexibly adjusted at any time (on demand). Sudden growth can be accommodated (scalability) without the application provider having to buy new premises or hardware. At the same time, unused capacity can be reduced again immediately. The customer therefore only pays for what he currently needs.


A Platform as a Service (PaaS) offering enables developers to develop, run and manage cloud applications without having to worry about building and maintaining the infrastructure. This is done by the service provider, who also already provides certain services (storage, databases, development environments, etc.). These services can only be accessed via APIs.

What are the different types of cloud computing?

Public Cloud

A public (or public) cloud computing architecture exists when cloud computing services are provided by a third party. The cloud provider assumes responsibility, maintenance and management of the system including the public cloud services.

Private Cloud

A private cloud exists if the cloud computing architecture belongs exclusively to one organization. This can, but does not have to, be housed in the organization's own data center.

Hybrid Cloud

A hybrid cloud is a mix of public and private cloud (or on-premises infrastructure). In theory, data and application workloads can be seamlessly moved between platforms.

Multi Cloud

A multi-cloud refers to the combination and integration of multiple public clouds.

Cloud computing providers


The term hyperscaler originated from "hyperscale computing" and is intended to express the massive scalability of computing resources. Hyperscalers are the largest international cloud providers active in the public cloud area, such as Amazon Web Services (AWS), Microsoft Azure, Google or Ali Baba. Currently, these are exclusively American or Chinese providers. Hyperscaling providers serve very many customers simultaneously and offer large computing power and high storage capacity.

International providers

Local providers operate in only one market and their data centers are also geographically located in only one country (this is not a barrier to geo-redundancy). Typically, these are specialized providers that focus on specific cloud services and capabilities.

These cloud providers must score high on support and quality. In addition, they offer a clear legal framework related only to one jurisdiction. This is the only way to circumvent laws such as the CLOUD Act.

Local providers

Local providers operate in only one market and their data centers are also geographically located in only one country (this is not a barrier to geo-redundancy). Typically, these are specialized providers that focus on specific cloud services and capabilities.

These cloud providers must score high on support and quality. In addition, they offer a clear legal framework related only to one jurisdiction. This is the only way to circumvent laws such as the CLOUD Act. In Switzerland, the swiss hosting certification serves as a signal for this.

What are the security risks of cloud computing?

Many companies are afraid to take the step into the cloud, primarily out of fear of data loss. Unlike data protection, data security is not limited to personal data. There is no such thing as absolute protection. However, the right choice of cloud provider is crucial for the risk profile: 

Large international cloud providers should offer higher protection because they have more experts and higher budgets. However, this is not always the case; the data breaches that are a regular topic in the media often occur at large international companies. The larger the organization, the more complex and challenging the task of plugging all the holes.

Large organizations are characterized by the "single point of failure". This makes them attractive targets for attack, because a single failure can affect millions of people. Conversely, small does not automatically mean fine. In any case, it is important to clarify exactly who the partner is (e.g., look at the customer list), what their protective measures are, what data they have themselves (data classification and measures to be derived) and, above all, only store data that is really necessary.

Further Security Risks in Cloud Computing

Apart from data losses, there are additional security risks that should be considered when using cloud services:

  • Data breaches: Since a significant amount of sensitive data is often stored in the cloud, it becomes an attractive target for hackers. A successful attack could lead to the compromise of confidential data.
  • Lack of compliance: Depending on the industry and region, companies must adhere to specific regulatory requirements regarding data privacy. Meeting these requirements in the cloud can be challenging.
  • Loss of control: Storing data in the cloud results in a certain degree of loss of control for companies. They become heavily reliant on the cloud provider and the security measures they have in place.
  • Vendor dependence: Some cloud providers may use specialized proprietary technologies that make transitioning to another provider more difficult. This can lead to an unintended dependence referred to as "Vendor Lock-in."

It is important for companies to understand these risks and take measures to mitigate them. This could involve selecting a trustworthy cloud provider, implementing robust security protocols, and regularly reviewing compliance.

Guide: Cloud provider selection and successful migration to the cloud

The move to the cloud has the potential to improve IT security and availability. At the same time, costs are to be saved and companies are to be given more time for their core business. For this to succeed, key points in the company's needs profile must be clarified and the right cloud partner selected.

Because the flip side of cost savings, efficiency and time gains is the loss of control over the infrastructure. In other words, a key new business relationship is created. 

So what to look for when choosing a cloud provider and giving up in-house hardware?

>Guide: Cloud provider selection and successful migration to the cloud

Cloud Computing Conclusion

Cloud Computing offers many advantages, such as cost reduction, increased scalability, and improved accessibility. However, there are also security risks that should be taken into account before opting for the use of cloud services.

It is important to choose a reliable cloud provider and implement strong security management to minimize the risks. Furthermore, one should consider the legal and regulatory requirements that apply to the respective industry and region.

With the right measures, Cloud Computing can be a powerful tool that assists businesses in operating more efficiently and flexibly.