Blog/Expert Analysis/

Everything you need to know about cloud computing

John Sears

John Sears


Apr 26, 2022


12 min read

Jump to section

As modern organizations grow increasingly reliant on technology for their needs, the challenge of managing and securing that technology grows with it. Enter cloud computing: one of the biggest advancements in IT infrastructure of the twenty-first century.

The cloud is a way to manage technology resources as a pooled service, accessed over the internet. This allows businesses to avoid the cost and complexity of buying and managing their own technology infrastructure.

Naturally, cloud computing has myriad benefits: security, in particular, but also efficiency, agility and cost savings. There's a reason why it is so pervasive today, and a big chunk of that reason has to do with the almighty dollar.

However, cloud computing can also be complex, and the risks associated with it should not be underestimated. Learning how IaaS, PaaS, and SaaS services work is thus the first step on the road to utilizing cloud services effectively – and that's what this article will discuss. You'll learn about what cloud computing is; how it works; the benefits of cloud computing; what IaaS, PaaS, and SaaS mean; and more. Let's get started!

What is cloud computing?

Simply put, cloud computing refers to the process of storing and accessing data and applications over the internet instead of on your computer’s hard drive.

For instance, rather than laboriously saving a document to your desktop and using that location as the entry point to view, edit, and work, you can save it on the cloud, where it can be accessed from any device with an internet connection.

By delocalizing the storage and processing of information, cloud computing has helped make life easier for users and businesses alike.

Cloud storage

The terms “cloud computing” and “cloud storage” are often used interchangeably, but they are two separate concepts at different levels of specificity.

Cloud storage is just that – the ability to store your files on a remote cloud server and share them with other users. For example, Dropbox, iCloud, and Google Drive are all well-known cloud storage platforms; their chief functionality is in letting you use their servers similar to how you’d use your own hard drive. You can upload, download, or rename files and more.

Encrypted storage is secure storage. If you can protect your data, scammers and snoopers won’t be able to access or sell it – which is why NordLocker is an excellent storage solution. NordLocker keeps your data simultaneously secure and accessible by encrypting your valuable data in an airtight cloud.

Cloud computing

Cloud computing, on the other hand, is a much broader term. It encompasses not only the storage of information, but the manipulation of that data as well as tools, services, and applications that run in the cloud environment instead of your computer.

Rather than building, owning, and maintaining large IT infrastructure, companies rent the resources they need (usually on an ad-hoc basis), which saves development time, improves quality, and standardizes results.

Slack, Gmail, Salesforce, HubSpot, Google apps, online games, hosting services — all are examples of cloud computing. In contrast to simple cloud storage, they allow you the ability to edit and manage particular kinds of data, whether it’s messages, customer panels, or video games.

The benefits of cloud computing

Before, a company would need to gather a number of expensive, specialized pieces of hardware and software in order to set up and run a shared database system. They’d also have to hire expensive engineers and IT professionals to install and maintain that system.

These days, most businesses get by using low-cost or even free cloud services (like NordLocker’s 3GB plan).

In addition, the cost of data storage has plummeted in recent years as technology has improved. For example, Amazon’s S3 storage service charges just $0.023 per gigabyte of data stored each month. For many legacy organizations that still rely on localized access, this cost is comparable to that of the electricity needed to run the various servers and storage systems necessary to keep the company afloat. Unless you’re selling a de facto media marketplace or file sharing service, cloud storage is likely to be one of your lowest expenses.

As organizations scale, it's also significantly easier and more cost effective to add storage capacity in the cloud than it is to purchase and manage additional hardware. Companies that see large fluctuations in traffic no longer need to worry about purchasing or selling their infrastructure from day to day – they can simply adjust one cloud parameter and dial back their monthly utilization, often saving tens of thousands of dollars or more.

Collaboration and productivity

The shift to cloud computing has also been revolutionary in terms of organizational efficiency and employee productivity. By liberating data from the need to be tethered to a single device or physical location, cloud computing has allowed organizations to be more fluid and dynamic.

But beyond that, the cloud has ushered in an era of unprecedented collaboration. No longer do team members have to be co-located in order to work on the same document or project. With cloud-based tools like Google Docs, Dropbox, and Evernote, team members can now work on the same document simultaneously from anywhere in the world.


Though some think cloud computing is less secure than traditional computing models, it depends on how you define security.

In the past, for an organization to be secure, it needed to invest a significant number of resources into maintaining its own in-house IT infrastructure. This process often entailed purchasing and maintaining costly hardware, software, and data storage systems as well as hiring and training expensive professionals to monitor access and incomings and outgoings.

If you hired the wrong person or built your security system around the wrong hardware, the privacy and intellectual property of your entire organization was at risk. Talk about stressful decisions!

With cloud computing, however, that responsibility is shifted to the cloud provider. In addition to being under strict regulatory oversight, a cloud provider spends a much larger portion of its budget on security than a typical organization would. It also has the workforce, expertise, and financial incentive to keep your data safe since that’s the entire purpose of the business.

It’s sort of like hiring a plumber.

Let’s say you have a leak. Rather than spending hours (perhaps days) onerously shopping for the right materials and then attempting to install them yourself, most people would rather call a company to do their plumbing for them.

A do-it-yourself approach has a number of benefits: the aforementioned company manages the certification of its staff, so you know you’re getting verified expertise, and it also makes sure to engage in safe, industry-leading installation practices because it values maintaining its reputation. Cloud computing is similar in nature.

What is IaaS?

IaaS, or infrastructure as a service, is a type of cloud computing service that provides the client with cloud computing infrastructures like storage, networking, servers, and virtualization. IaaS works as a pay-as-you-go model, and it can be an excellent alternative to on-premises models.

Businesses can scale the infrastructure as needed instead of investing large sums in building up their hardware. The service enables a company to purchase only the resources it needs for as long as it needs them.

The customer still has complete control over the infrastructure — it provides the functions of a physical data center, but the client doesn’t have to maintain and manage it, so it's cheaper.

IaaS examples

  • Amazon Web Services

  • Microsoft Azure

  • Google Compute Engine

  • Digital Ocean

  • Linode

  • Rackspace


  • Cost efficient. The service enables the business to retain control over the infrastructure without investing in hardware or maintenance.

  • Scalability. Infrastructure-as-a-service resources can be scaled or reduced easily, depending on the company's needs.

  • Control. With IaaS, the company can have complete control over its infrastructure.

  • Flexibility. The business can change the resources it uses based on its current needs without making significant investments, unlike on-premises hardware.


  • Lack of transparency. With on-premises services, the company can have detailed insight into the infrastructure, but with IaaS, the business has less awareness.

  • Performance. What the infrastructure can handle entirely depends on the infrastructure provider.


  • Cost efficient. The service enables the business to retain control over the infrastructure without investing in hardware or maintenance.

  • Scalability. Infrastructure-as-a-service resources can be scaled or reduced easily, depending on the company's needs.

  • Control. With IaaS, the company can have complete control over its infrastructure.

  • Flexibility. The business can change the resources it uses based on its current needs without making significant investments, unlike on-premises hardware.

Who should choose IaaS?

IaaS is excellent for new and growing organizations because the infrastructure can be scaled quickly without significant financial and time resources.

On the other hand, large corporations may be more financially capable of independently creating and handling software and hardware. They may prefer to keep everything in-house for complete control over their infrastructure.

What is PaaS?

PaaS, or platform as a service, is when the provider delivers hardware and software to the client to develop their applications. PaaS goes a few steps further than IaaS. On top of providing the business with storage, networking, servers, and virtualization, it also manages middleware, operating systems, and runtime.

Platform as a service is an excellent solution for companies developing their own software on a tight budget. PaaS enables the business to build its applications without worrying about the maintenance of storage, infrastructure, or operating systems.

PaaS examples

  • Heroku

  • Google App Engine

  • AWS Elastic Beanstalk

  • OpenShift



  • Easy to use. With PaaS, application developers don't need to start from square one when building software. PaaS provides simple development and deployment of software without the hassle of building and maintaining the rest of the infrastructure.

  • Scalable. Just like IaaS, PaaS provides a service that can be scaled up or down on an as-needed basis.

  • Affordable. PaaS enables the client to develop its software without large investments into the hardware and software needed for application development.

  • Time saving. PaaS reduces the amount of coding needed to develop an app since developers don't have to start from scratch when building software.

  • Support services. PaaS provides an array of services that help developers to build, test, and deploy the software they make.


  • Migration issues. If the PaaS provider hasn't outlined helpful migration methods, switching up services may be a grueling undertaking.

  • Challenging to customize or integrate. Some PaaS solutions may be difficult to integrate with already existing software. However, if the company chooses to customize PaaS to fit its legacy systems, some configurations of PaaS may limit the functionality of the platform.

Who should choose PaaS?

PaaS is an excellent choice for developers. PaaS enables them to focus on developing software and applications instead of working on operating system patches or the management of infrastructure.

It's also a time-saving solution because it doesn't require the application creator to start from scratch. In addition, PaaS is much more affordable than building, managing, and maintaining the needed infrastructure by yourself.

What is SaaS?

SaaS, or software as a service, is the most popular cloud computing option of the three. Like with the other two methods, SaaS is available online. Employees can log in to the software with personalized logins on most of their devices.

With SaaS, companies don't need a dedicated IT department to install, maintain, or manage the software. Just like with PaaS, SaaS providers handle storage, servers, networking, middleware, operating systems, and so on. But additionally, SaaS manages data and applications. SaaS providers offer technical support to their clients, so businesses can focus solely on utilizing the applications.

SaaS examples


  • Slack

  • Dropbox

  • Google Workspace

  • Microsoft 365

  • MailChimp5

SaaS examples

  • Time saving. Employees don't have to worry about maintenance and management of the applications — they can access them on the web. IT departments can focus on more pressing technical issues.

  • Accessible. SaaS is available for multiple devices and operating systems so employees can access resources on the go.

  • Cost effective. Companies don't have to invest large amounts of money to build and maintain entire infrastructures.

  • Scalable. Growing companies can quickly scale the software, making it available to more employees on an as-needed basis.


  • Integration limitations. Some SaaS applications may be challenging to integrate with the company's other existing resources.

  • Minimal customization and features. Most SaaS solutions offer minimal customization, freedom, or unique features. In most cases, when purchasing SaaS, the business is likely to get a one-size-fits-all solution.

  • Limited control. Since everything is run on the vendor's side, the performance quality and security level are up to the SaaS provider.

Cybersecurity in cloud computing

With IaaS, PaaS, and SaaS services growing increasingly popular, data security has become a particularly important point for companies making the shift to cloud computing, so it’s worthwhile covering it in detail.

What is cloud computing security?

Cloud computing security refers to the processes and techniques required to protect a shared cloud environment. Each environment often involves thousands of remote servers, numerous employees, access to personal devices, and the data you want to secure – so it’s imperative that it’s taken care of seamlessly.

Rightscale’s 2018 State of the Cloud Report indicates that approximately 96% of enterprises use cloud services, which makes the potential payoff quite large for a cyber criminal looking to “cash-in” on the cloud computing craze. In contrast with the old, self-managed model of security, a breach in a cloud service might mean gaining the ability to access thousands of businesses at once (depending on the specific configuration of the cloud provider).

To be clear, companies must consider several important risks, and a few high-profile instances of data loss have led to companies losing millions. These instances are crippling and damage the reputation of the cloud computing community as a whole.

But although cloud computing has its risks, with the right tools and knowledge, you can mitigate the majority of these threats.

Let’s take a look at a few risks (later, we’ll cover how to avoid them):

The biggest cloud computing security risks

Data breach

With billions of records exposed every year, a data breach is any company’s worst nightmare. It leads to lawsuits and destroys reputation. When you have hundreds or thousands of employees, you can’t guarantee they are taking all the necessary security measures. Cybersecurity experts warn that outdated software and weak passwords are often responsible for opening doors to hackers.

Loss of data

Employees should access only the data necessary to perform their daily tasks. If somebody from your company’s sales department can go through the files of the marketing team, it’s worth restricting this freedom. Otherwise, it can lead to accidental deletion of valuable intellectual property or even a data leak.

Compliance with GDPR

If an organization collects its customers’ data, it has to make sure it does so in compliance with cybersecurity laws. Companies that fail to comply with the GDPR or other international privacy agreements face penalties.

Insider threat

A disloyal employee may leave your company for a competitor and take advantage of your company’s data. Insider threat is worse than an attack coming from the outside because the person is already inside the network.

Revenge on the employer is also common. In 2019, Steffan Needham from the UK was sentenced to prison after he stole credentials from his former colleague and started deleting the company’s servers. The destroyed information caused revenue losses of £500,000, and the data was never retrieved.

DDoS attacks

A distributed denial-of-service (DDoS) attack occurs when hackers clog the network with traffic, making services run slow or even crashing the whole system. DDoS attacks can destroy your reputation and lead to huge financial losses.

One of the most notorious DDoS attacks, conducted against the DNS provider Dyn in 2016, brought down major websites, including Amazon, Netflix, Airbnb, Spotify, BBC, Twitter, PayPal, and Reddit.

Minimizing the threat of cloud computing in your organization

Security in cloud computing is a shared responsibility between the cloud provider and the company. If one party fails to do its job, the entire system may be compromised. Cloud computing security is much more complex than on-premise security, where you just need to surround your servers and end-point devices with firewalls and where all of the control is in your hands.

Here’s what you can do to enhance your security:

Back up your data

While it’s tempting to trust your cloud computing provider, always make sure your data is properly backed up in multiple locations. You don’t have to go overboard – a simple monthly copy on a detachable solid state hard-drive (SSD) can often mitigate the bulk of a security disaster – but something is better than nothing.

Understand your cloud system’s access controls inside and out

A lack of understanding behind access controls is the number one way outside entities can take advantage of your data. Because every cloud service is different, it’s important not to assume that your data is secure from one migration to another – access controls with similar names between one platform and the next may have very different meanings.

Instead of waiting for incidents to happen, learn about your cloud security system in advance and check for major differences. The cost-benefit ratio of doing an additional hour of reading versus having to explain why a year’s worth of data suddenly disappeared is well worth it.

Keep the logs

If the device of an employee with extensive access rights to your cloud is injected with malware, it can compromise the whole cloud. Logs can help trace employees’ steps and ensure that future holes are patched. Make sure that everyone in the company understands what cybersecurity logs are and how to handle them.

Use two-factor authentication

Two-factor authentication is an extra step in the login process. After users type in their credentials, they also have to authenticate themselves by typing a PIN, using an authentication app, or providing a fingerprint. While two-factor authentication takes more time, it’s a cornerstone of cybersecurity.

There’s a reason web apps always ask for stronger passwords – they’re notoriously insecure, and poor password creation methodology is one of the most common entry points into a system. Introducing proper two-factor authentication is one small step that improves your security outcomes significantly.

Encrypt your data

Encryption is the process of obscuring data so that a third party can’t understand it without a special “key.” In our tech-heavy world, it’s one of the best defenses against hackers and malware.

You can encrypt your data both in the cloud and in transit. You can do so in many ways – we recommend NordLocker because it secures every file with top-notch encryption protocols and, despite its strong security, still allows you to easily share data with your colleagues.

NordLocker has a strict zero-knowledge policy — what you keep in your locker is solely your business. This policy keeps your data safe, secure, and convenient to access.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.