Cloud Computing – One Year Later

In a posting last year, I discussed the basics of cloud computing and its pros and cons . This posting looks at the progress cloud computing has made since then.

First a quick review:

 Last year, I defined Cloud computing as sharing of computer, network and related applications such that they are virtual to the user. The attraction to cloud computing is its scalability, minimum start-up costs, selection of business applications, flexibility and cost savings (capital investment and/or a utility cost structure).

The cons or things to consider are the SLA agreements, actual performance, what vendors actually offer, what are the IT staffing requirements/ impact and Security.

So where are we today?  First of all the definition of cloud computing has morphed from the original concept to, well you name it.  There is the private, the public and the hybrid cloud,  SaaS, IasS,PaaS, data storage, “big data”, data management, managed service, hosting, off premise and on premise, multi-tenancy versus single or few end point connections; the list goes on and on. I think there are cloud computing offers for dry cleaning and dance instructions, you get the point!

Given this proliferation of cloud computing definitions, one can see why various reports indicate there is a tremendous growth in cloud computing.  The truth probably lies somewhere in between, meaning there is an increase in outsourcing, an increase in contract support of various applications like payroll or human resources, while no real growth of the true cloud computing because it is not actually available.

There are also surveys that  indicate significant concerns that putting data in the cloud also carries risks, with a majority of the respondents citing security worries as the top barrier to their adoption of cloud com­puting. An article titled “Cloud Security” by Kaplan, Rezek and Sprague added a number of additional concerns, among them are compliance of the infrastructure.   They ask, are you buying into a cloud architecture/infrastructure/ service which is not compliant? Another concern is audit and reporting with the concern that you may not have the ability to provide the required evidence and reports to show compliance to regulations such as PCI SOX or HIPAA? Can you satisfy legal requirements for information when operating in the cloud?

This article also points out that there has been a significant increase in web application vulnerabilities, so much so that these vulnerabilities make up more than half of the disclosed vulnerabilities over the past 4 years (67% of all web application vulnerabilities had no patch in 2009.).

Along with these concerns about compliance and security for more traditional IT resources, CIOs, CISOs and CEOs now have to worry about managing risk and building trust within a new computing environment, while facing increasing scrutiny and regulatory requirements.

Additional concerns of cloud computing are administration, management of the cloud and its related functions, Total Cost of Ownership (TCO), privacy issues, backup/disaster recovery, and  Virtualization (ability to see the data, traffic, status, etc of your “network” and /or application and users), so one can track, monitor and account for one’s own activities.

So here are my suggestions/comments this year:

First, cloud computing is a moving target that is being caused by vendors jumping on the proverbial “band wagon”.  You should cut through all the clutter and group vendors by what they can actual do, not what they say they can do.

 Second, you must nail down your definition or needs for cloud computing.  Do this by organizing a priority list relative to what makes sense for your company to have in the cloud.  Consider what might happen to your company and its reputation if the cloud “fails” or is compromised.  Will you actually reduce costs and /or personnel or will you actually need more people and time requirements.  If you are having a tough time making a list, than make a list of services that do not make sense to be in the cloud. Examples are specialized/custom software or applications that require unique hardware.

Third, after you have categorized vendors, research which company aligns best with the application(s) that might be beneficial to be in the cloud.  Does this company have the required support, a comprehensive SLA, adequate hardware, software and applications? Will the cloud you select be private or shared (and will you support and/or allow mobile access) and is your competition one of the clients of the vendor you are considering?

Fourth, develop a cloud computing strategy and test it throughout the organization and do a complete ROI or TCO to capture the real cost savings and investments. Will the charges be a flat rate, a utility cost by applications, or by user/end points or a combination of the charges? Word of caution, do your analysis both internally and externally and don’t make any assumptions!

Fifth, place a sign on the side of your company building stating you are utilizing cloud computing ( similar to having a home security system, you really don’t have to buy the system,  just the signs that go on your doors and windows).

Lastly, and this is probably the most difficult, explain to management that while the perceived cost savings of using a cloud are making news, they are offset by increased costs within your organization combined with potentially increased risks and performance issues.

RHL 2/12/13

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>