Every enterprise, big or small, knows that cloud computing is going to be part of their business. Small companies use it every time they turn to QuickBooks Online, Google mail, or a hosted Exchange server. Large companies are increasingly being attracted by the promise of zero hardware costs and ease of deployment. Yet there’s still fear about moving into the cloud, mainly because of the changes a business must address in order to embrace virtualization. Change hurts, and it hurts businesses more, at least in the short term — and businesses will always be concerned about the cost of change versus the benefits.
Recently, one of the most important voices on information management entered the discussion on cloud security. At a forum on Capitol Hill, Vivek Kundra, appointed by Barack Obama to the post of the United States Chief Information Officer, commented that fears around cloud security have been exaggerated to slow change, at both business and Federal government level, saying, “A lot of people are sort of driving this notion of fear around security. And the reason I think that’s been amplified, frankly, is because it preserves the status quo.”
Security and access control to any cloud computing environment definitely tops the list of arguments against cloud technology — especially when a firm considers moving critical data into the cloud. When companies entrust their data to a cloud service provider (CSP) they are effectively handing over their most precious asset. Giving control of your own data to someone else seems a little risky.
Taking the question of security further, it’s apparent that the cloud is still a long way from having a generic security construct. CSPs are building their own policies, procedures, and security systems. In other words, not only do they have the keys to the warehouse, but they built the lock, and the building. How much can a business afford to put their trust in their CSP? As cloud technology matures this will become less of a concern, especially if we see standards or Government oversight. Until then, it’s entirely up to the business to do the due diligence and ultimately make a decision regarding the trustworthiness of their CSP.
These are fundamentally fears of change, not fear of the technology itself. Several recent studies have pointed out that businesses running their own Information Technology (IT) departments have more security issues and maintenance issues than comparable cloud-based offerings. This makes perfect sense. Google, for example, has a very large and very good staff dedicated to the domain of systems security. Their server farms are world-renowned in performance, scalability, and very-near-perfect availability. In contrast to this, small and medium businesses cannot afford to put the same resources on security. Businesses running their own servers see more failures related to poor security policy, inadequate firewall systems, missing disaster recovery plans, and related problems — all of which frequently stem from not having enough staff, or the right staff, that are qualified to protect the network. The payoff is clear: It makes sense to turn these operations over to someone else, someone who’s job is to focus on security, availability, and disaster recovery.
This doesn’t mean that cloud-based systems are any more or less intrinsically secure than traditional hardware solutions. But it is a different kind of security, and rife with its own subtle nuances and needs.
Business aren’t only concerned with the hands-on issues of moving to the cloud. Another leading point of contention in the cloud-versus-Infrastructure debate is service and, specifically, your CSP’s service level agreement (SLA). To a business, full-time, reliable access to data is critical.
Today’s cloud vendors are almost uniform in providing little to no guarantee of service in their SLA’s, in some cases quite clearly spelling out a zero-liability and zero-recourse contract if something goes wrong. In contrast, traditional infrastructure often provides a better guarantee of service — either through service agreements with local hosting providers or through staffing. Businesses are right to be concerned about data availability, server uptime, and guaranteed access. A business needs its data, it’s web site, and its customer facing systems to be working at all times. Fortunately, cloud vendors are beginning to offer higher levels of service — at a correspondingly higher cost (some vendors, such as Rackspace, have started to roll out multi-tier service plans).
As with security, businesses would be wise to take a close look at real costs and their own history of service. When comparing the costs of trying to achieve near-100% service availability, most cloud-based vendors do a better job, at a lower price. For example, a recent comparison of Amazon Web Services actual availability figures showed in excess of 99.99% server availability. That’s an extremely good ratio, and very costly to otherwise achieve. Businesses looking to guarantee similar results will have to look into 24-hour staffing, redundant hardware, extremely thorough backup systems, multi-site installations, and a comprehensive disaster recovery plan — and even then, chances are they won’t be able to beat Amazon’s actual track record.
While the SLA itself may look frightening, the fact is cloud vendors know security, and availability of service is their lifeblood. Poor performance will mean disgruntled customers and failure in the market.
The long-term benefits of cloud computing are becoming more and more clear. Ubiquitous access to our data, offloading the high costs of security, management, and availability, and just being able to focus business resources on core competencies instead of IT operations are a few of them. As the industry matures, businesses will find themselves eschewing the overhead of infrastructure, just as we now rely on public utilities or the phone company to provide service. The cloud will become the standard in business process management. But it will take time to happen, with early adopters leading the way.
Businesses need to take note of this. By all means, don’t jump in if you don’t want to. But remember that cloud computing will save a lot of money for everyone, IT operations being just one potential big-ticket to savings. And security? Mr. Kundra’s points are well taken. Business need to be conscious of security, but also practical. Once we weigh the costs against the benefits, the long-term winner is clear.
The truth is, the cloud computing industry is young. It’s immature. It’s like a little kid compared to long-standing, mature industries that we’re used to outsourcing to, such as the phone company. It will grow, but this will take time. And growth brings growing pains.
Mr. Zacharias J. Beckman has 25 years experience working with technology-focused clients from the Fortune 500, Government, and private and public sectors, including Xerox®, the Los Angeles Times, the Los Angeles County Sheriff, NASA, and the Department of Defense. Mr. Beckman specializes in Global Project Management and Program Management, successfully addressing the challenges of outsourcing and distributed development. He is also a published author and has developed coursework for Cross Cultural Teams, Program Management, Project Management, Risk Analysis, Software Quality Assurance, Project Methodology and more, and runs the widely read Rational Scrum blog.
Contributing author Sahail Ashraf is the Founder of Talented Internet, a Web marketing company. He is also a freelance writer and contributing author at Hyrax University.
Hyrax International LLC is your Global Project advisor. We address the challenges of outsourced projects and distributed teams, provide oversight, and make sure your project is done on time and on budget. On average our clients reduce their budget 40% with our best in class guidance, and we’ve never missed a deadline. Hyrax International LLC • http://www.HyraxLLC.com • 805-669-8493 • information@hyraxllc.com • 2629 Townsgate Road, # 235, Westlake Village, California 91361
Related articles:
 |
 |
Not ready to register? |
$585.00 $395.00 (Save 32%!)
Follow us on Twitter to hear the latest news, business intelligence, and events! Don't forget to subscribe to The Insider, too!
Hyrax International LLC
2629 Townsgate Road, Suite 235
Westlake Village, CA 91361
805-669-8493
© 2010-11 Hyrax International LLC
All rights reserved. Unauthorized reproduction strictly prohibited. For rights inquiry contact 805-669-8493.
