The corona pandemic has digitized our everyday life. In response to the pandemic and to shape their digital future, companies are increasingly using the advantages of cloud infrastructures such as Amazon Web Service, Microsoft Azure, Google Cloud, Alibaba, IBM or Oracle.  Cloud computing follows the approach of making IT infrastructures available. Therefore, a user can access storage space, computing power, databases, platforms and / or software easily via a computer network such as the Internet without the need for a local installation or local infrastructure. , But what is a “cloud”? What are the advantages for companies? And what do companies have to consider in the area of security and data protection? An analysis.
The term “cloud computing” can be defined differently depending on the point of view
From an operator’s point of view, the cloud is “more than just another person’s computer”
Depending on the point of view – either from the operator’s or the consumer’s point of view – the term “cloud computing” can be defined differently. Cloud operators tend to relate cloud infrastructure with the hardware and software components that are necessary to set up and operate a cloud service. Hardware includes servers, network components, storage systems or data centers. This hardware is then made available to users on a platform via the Internet. In addition, the providers need suitable software to operate and scale their devices efficiently and software such as billing systems to operate the cloud service.
Figure 1: Cloud Infrastructure.
From the user’s point of view, a cloud infrastructure is comparable to a resource pool, from which the user can subscribe to various service and deployment models
For a user, a cloud infrastructure can be compared with a resource pool (server, data storage, software, etc.), from which one can make any use. The resources can be managed and used more flexibly and efficiently than traditional, local IT infrastructure.
In this context, the cloud infrastructure can be characterized using service and deployment models. Service models are described as “Infrastructure as a Service” (IaaS), “Platform as a Service” (PaaS) and “Software as a Service” (SaaS). With IaaS, users create their own virtual computer clusters through cloud-based access to virtual hardware such as computers, networks or storage. Therefore, the users are responsible for the selection, the installation and the operation of their applications and middleware. With PaaS, users access the cloud-based programming and runtime environments with flexible, dynamically adaptable computing and data capacities. Such environments are particularly interesting for developing your own software applications. SaaS or “Software on Demand” offers software collections and applications.
The deployment model describes how users access the cloud infrastructures – i.e. as exclusive users (private cloud) or with others (public cloud), in a small, defined group of users (community cloud) or as a hybrid cloud – a combination of private and public cloud.
The NIST published a general definition that combines the different approaches
Since the term “cloud computing” can be defined differently depending on the point of view, the National Institute of Standards and Technology (NIST) published a generally applicable definition for cloud computing in 2011, which met and unites the different definition approaches with widespread acceptance.  The NIST listed the following essential characteristics for cloud computing:
- Self-allocation of services from the cloud by the user(s), which should be available when required
- Services from the cloud can be accessed via standard mechanisms via the network
- Computing power, network, storage or other resources are shared between different parties
- Virtual resources scale quickly and (from the user’s point of view) indefinitely. They can also be automatically adapted to changes in the load.
- The use of resources can be measured and thus monitored, for example for billing or automatic scaling.
A Cloud infrastructure offers companies many advantages compared to the classic, local IT infrastructure
Cloud computing enables companies to outsource the operation of servers and IT environments
Cloud computing enables companies to outsource data storage, applications or IT infrastructures and, under certain circumstances, supersedes the operation of their own servers and IT environments.  This shifts the investments for software or server infrastructures, for example, to the cloud service provider for a performance-based fee. These cloud-based IT solutions allow companies to design their processes more efficiently and save costs, as they only pay after the duration of the use of the cloud service. Classic, local resources such as software and hardware can be saved in this way. 
Cloud services are scalable, more available, easier to maintain and improve the productivity of companies
For the user, cloud computing offers the following advantages over a purely local IT system: 
- Scalability: i.e. IT infrastructure can be provided and enlarged / reduced in next to no time in the event of strongly fluctuating demand, as any number of servers can be offered by third parties (the cloud provider). 
- Relocation of know-how: Less IT knowledge is required because the cloud providers set up and maintain the infrastructure.
- Global access: Users have access to the systems using a web browser regardless of their location or the devices they are using. (For example, home office is possible)
- Maintainability: The maintenance of cloud computing applications is easier as they do not have to be installed on each user’s computer.
- Multitenancy: The resources and costs can be divided among a large user pool. This enables the centralization of the IT infrastructure at locations with low costs such as low real estate prices for server centers, electricity, etc.
- Increased efficiency: The utilization and efficiency of systems, which are often only 10-20% loaded, can be improved. ,
- Productivity Increase: Productivity can be increased if multiple users can work on the same data at the same time instead of waiting for it to be saved and emailed. Time can be saved by eliminating the need to re-enter information when fields match, and eliminating the need for users to install application software upgrades on their computers. 
- Availability: Availability is improved by using multiple redundant locations, making well-designed cloud computing suitable for business continuity and disaster recovery. 
Many measures such as data encryption or identity management increase the security of a cloud 
Many companies have concerns about possible cloud providers and therefore avoid migrating business-critical data to the cloud or using cloud-based software, mainly for fear of downtime, loss of control and data. . The topic of security (for example against hacker attacks) and data protection is a central concern of many users. Important measures must be taken to ensure the security of a cloud:
- Physically secure the data center (e.g. access control by authorized personnel, etc.)
- Secure the server
- Secure network structures and access
- Secure platform and applications
- Secure data through encryption
- Secure identity management
- The secure management of keys and access IDs
- The protection of data during processing, which must then be available as clear text
Data protection in a public or hybrid cloud is the responsibility of the provider
Data protection is an important issue, especially in a public cloud or in a hybrid cloud, where the data is outside the control of the data owner. There is often a risk that insufficient or incomplete data will be deleted. Because the storage locations cannot be localized for the user, a user cannot fully understand the deletion. Even after termination of a cloud service, a user must trust that the provider will reliably delete data. 
The use of cloud services by different users harbors the risk that a lack of separation of customer data allows unauthorized persons to view or even manipulate the data of third parties, since the data is not physically but virtually separated. 
Many companies such as banks, health and insurance companies are subject to strict legal regulations and compliance requirements. Cloud services are sometimes very opaque about the storage location and the flow of data. There is therefore a high risk for companies and banks that these requirements cannot be complied with. If the cloud service provider hires subcontractors for certain services, the situation becomes even less transparent. The insolvency of the cloud service provider also entails incalculable risks for a user. ,
Measures for a secure cloud
Cloud security is very complex and includes both technical and procedural measures as well as contractual regulations. Technical measures include, for example: , 
- The encryption of the communication connections by, for example, SSL / TLS encryption
- Protected and encrypted data storage, for example using homomorphic encryption1  or the sealed cloud approach..
- Securing the cloud components (physical access control)
- User and administrator authentication (e.g. through identity and access management and multi-factor authentication)
- Monitoring for the early detection of security-relevant incidents and malfunctions through intrusion detection systems
- Service level agreements (SLA) oblige the cloud service provider to comply with data protection regulations and the corresponding emergency and recovery processes by defining response times, recovery times and escalation levels in the event of disruptions.
- “Confidential Computing” in the “trusted execution environment” – a protected CPU enclave – enables data to be protected during processing, which is then available unencrypted as plain text.
 In the cloud, only encrypted data is calculated that can be decrypted in the private sector.
 An alternative approach is the concept of the sealed cloud. The key management separates the encryption from the decryption, each using its own key. An orderly backup and subsequent deletion of unencrypted data takes place before an administrator has access to the memory, for example for maintenance purposes.
Cloud computing opens up new possibilities for companies to develop new business models and more efficient design of work processes and the resulting cost savings. If a company decides to take the step to cloud-based services, risks such as downtime, loss of control and data as well as security against hacker attacks and data protection must be analyzed. There are many procedural, contractual and technical security measures that can be taken to make the infrastructure used as secure as possible.