ITIC: Home

Concerns about cloud computing security and how fast cloud providers will respond in the event technical troubles should arise is making companies hesitant to embrace cloud computing — at least within the next 12 months. An 85% majority of the IT Performance Trends survey subjects say they will not implement a public or private cloud between June 2009 and June 2010. However, of that 85%, 31% say they are studying the issue but have made no decision yet and another 7% are “Unsure.”

Security topped the list of concerns and guarantees that companies would demand from a cloud services provider, if their firms were to implement a cloud model. An overwhelming 83% of respondents said they would need specific guarantees to safeguard their sensitive mission critical data before committing to a cloud. Additionally, almost three-quarters or 73% of respondents would require guaranteed fast response time for technical service and support. Nearly two thirds (63%) of respondents want minimum acceptable latency/response times and a nearly equal number (62%) say they would need multiple access paths to and from the cloud infrastructure.

It was clear from the customer interviews and essay responses that IT managers, especially those companies with fewer than 1,000 end users, will keep their corporate data and applications firmly planted behind the corporate firewall until they have ironclad assurances regarding the security of their data and their ability to access it.

“The idea that I would trust my email, financial transactions, or other day to day business operations to cloud computing is just asking for trouble,” observed an IT manager at a midsized corporation with 500 employees in the Midwest. “I do not even want to imagine my all my users being dead in the water because my link to the Internet was down,” he adds. Another manager at a retail firm with 250 employees expressed reservations about the ability of a cloud services vendor to deliver top notch service and support should the need arise.

“Downtime is the bane of an IT professional’s life,” says the network administrator at a retail firm with 250 employees. He noted that when an onsite and locally managed system fails, he and his IT team can take immediate action to replace parts, rebuild the operating system, restore data from tape backup or perform any other action required to restore services and applications. “Compare that to a failure in a cloud computing scenario, when all you can do is report the problem and hurry up and wait,” he says. “Most IT people are action oriented and they won’t respond well to being at the mercy of a cloud provider while listening to complaints and queries from users and management of ‘When will the system be back up?’ or ‘When can I get access to my data?'”

The director of IT at another midsized company with 400 users opined that he does not yet have confidence in the still-emerging cloud computing model. “We own our data, not the cloud provider, and we need to know it is movable if we need to leave the provider.”

Finally, the survey respondents indicated during first person customer interviews that they will continue to chart a conservative course that includes a very low tolerance for risk until the economy recovers and their companies can once again bolster IT staffs and provide more resources.

Analysis

Cloud computing is still in its nascent stages. It’s common for the hype among vendors, the press and analyst community to outpace current realities in IT, especially in the small and midsized businesses who have smaller budgets and are generally more conservative and risk averse than their enterprise counterparts.

The survey results also showed that there was much more of willingness on the part of larger enterprises to explore, test and deploy a cloud infrastructure. Among corporations with over 3,000 end users, a more convincing 57% percentage said they will either deploy or are considering a public or private cloud implementation over the next 12 to 18 months. Even this group though, is rightfully concerned about the uncertainties of trusting their sensitive data to a public cloud whose provider may be located in a foreign country.

Therefore, it is imperative that cloud computing vendors provide customers and prospective customers with transparency and full accountability with respect to crucial issues like: security, technical service and support, equipment and capacity of their data centers; an overview of the technology used (e.g. specific server equipment, virtualization, management, etc.). The vendors should also provide specific SLA levels and guarantees in the event those levels are not met.

Corporations should also perform due diligence. Get informed. Thoroughly investigate and compare the services and options of the various cloud providers. Know where and how your data will be stored, secured and managed. Ask for customer references. Consult with your in-house attorneys or obtain outside counsel to review proposed contracts. Don’t be afraid to insert out clauses and penalties in the event your cloud provider fails to meet SLAs. Also, at this early stage of development, don’t be afraid to ask for discounts and caps on prices hikes for the duration of your contract.

Share This Post:
2 Comments:
  • Etoin Shrdlu said:

    The problem with the cloud is that there are multiple points of failure. Take links to the Internet – if they’re down, the enterprise goes down. And, when a corporation wants to transmit data over the Internet, it wants to do so securely, which means multiple, secure links to the Internet.

    Then there’s the question of accountability and, to take things further, GRC. By definition and of necessity, cloud environments rely heavily on virtualization. Now, one of the main attractions of virtualization is the ability to shift loads from overburdened or failing servers to other servers rapidly and easily. But the workloads will SHARE servers. Where’s the accountability and the traceability? How can an enterprise prove beyond doubt that a particular app was sitting on a particular server in full compliance when those apps may be moved around at any time?

    There are lots of other issues being raised; let’s not be blinded by the cloud fans’ mantra of “It’ll save you CapEX up front;” they’ll charge enough for services later to make enterprises wish they’d ponied up the CapEX in the first place, once the enterprise is locked into a contract.

    • Hello, Etoin:

      Welcome to the ITIC Website, I hope you’ll come back and visit often. The technical and business issues and concerns you raise regarding Cloud Computing are all points well taken. Any organization contemplating a public cloud infrastructure must perform due diligence in advance of any migration. All cloud providers are not created equal and there will be many classifications and strata of offerings. Corporate enterprises must ask very specific questions with respect to such crucial items as: the type of server and virtualization product as well as specific configuration. The type of infrastructure equipment is also important. Customers should also ask how often the equipment is upgraded and request and insert specific minimum latency and guaranteed response times into their licensing and support contracts. Also, insert outclauses and penalties into the contracts, in the event the cloud provider fails to meet agreed upon Service Level Agreement (SLA) committments. Security is also a crucial issue — end point security is a must in the cloud. AND, corporate enterprises are well advised to have their corporate counsel or outside attorneys carefully review the security and privacy statutes of the state (if in the U.S.) or country where their data will reside.

      And finally, you are absolutely correct Etoin: all prospective cloud customers should perform a thorough three-year TCO/ROI analysis of the capital expenditure and operational expenditure costs to make the best decision for their individual conpany.

Post a Comment: