Concerns about cloud computing security and how fast cloud providers will respond in the event technical troubles should arise is making companies hesitant to embrace cloud computing — at least within the next 12 months. An 85% majority of the IT Performance Trends survey subjects say they will not implement a public or private cloud between June 2009 and June 2010. However, of that 85%, 31% say they are studying the issue but have made no decision yet and another 7% are “Unsure.”
Security topped the list of concerns and guarantees that companies would demand from a cloud services provider, if their firms were to implement a cloud model. An overwhelming 83% of respondents said they would need specific guarantees to safeguard their sensitive mission critical data before committing to a cloud. Additionally, almost three-quarters or 73% of respondents would require guaranteed fast response time for technical service and support. Nearly two thirds (63%) of respondents want minimum acceptable latency/response times and a nearly equal number (62%) say they would need multiple access paths to and from the cloud infrastructure.
It was clear from the customer interviews and essay responses that IT managers, especially those companies with fewer than 1,000 end users, will keep their corporate data and applications firmly planted behind the corporate firewall until they have ironclad assurances regarding the security of their data and their ability to access it.
“The idea that I would trust my email, financial transactions, or other day to day business operations to cloud computing is just asking for trouble,” observed an IT manager at a midsized corporation with 500 employees in the Midwest. “I do not even want to imagine my all my users being dead in the water because my link to the Internet was down,” he adds. Another manager at a retail firm with 250 employees expressed reservations about the ability of a cloud services vendor to deliver top notch service and support should the need arise.
“Downtime is the bane of an IT professional’s life,” says the network administrator at a retail firm with 250 employees. He noted that when an onsite and locally managed system fails, he and his IT team can take immediate action to replace parts, rebuild the operating system, restore data from tape backup or perform any other action required to restore services and applications. “Compare that to a failure in a cloud computing scenario, when all you can do is report the problem and hurry up and wait,” he says. “Most IT people are action oriented and they won’t respond well to being at the mercy of a cloud provider while listening to complaints and queries from users and management of ‘When will the system be back up?’ or ‘When can I get access to my data?'”
The director of IT at another midsized company with 400 users opined that he does not yet have confidence in the still-emerging cloud computing model. “We own our data, not the cloud provider, and we need to know it is movable if we need to leave the provider.”
Finally, the survey respondents indicated during first person customer interviews that they will continue to chart a conservative course that includes a very low tolerance for risk until the economy recovers and their companies can once again bolster IT staffs and provide more resources.
Analysis
Cloud computing is still in its nascent stages. It’s common for the hype among vendors, the press and analyst community to outpace current realities in IT, especially in the small and midsized businesses who have smaller budgets and are generally more conservative and risk averse than their enterprise counterparts.
The survey results also showed that there was much more of willingness on the part of larger enterprises to explore, test and deploy a cloud infrastructure. Among corporations with over 3,000 end users, a more convincing 57% percentage said they will either deploy or are considering a public or private cloud implementation over the next 12 to 18 months. Even this group though, is rightfully concerned about the uncertainties of trusting their sensitive data to a public cloud whose provider may be located in a foreign country.
Therefore, it is imperative that cloud computing vendors provide customers and prospective customers with transparency and full accountability with respect to crucial issues like: security, technical service and support, equipment and capacity of their data centers; an overview of the technology used (e.g. specific server equipment, virtualization, management, etc.). The vendors should also provide specific SLA levels and guarantees in the event those levels are not met.
Corporations should also perform due diligence. Get informed. Thoroughly investigate and compare the services and options of the various cloud providers. Know where and how your data will be stored, secured and managed. Ask for customer references. Consult with your in-house attorneys or obtain outside counsel to review proposed contracts. Don’t be afraid to insert out clauses and penalties in the event your cloud provider fails to meet SLAs. Also, at this early stage of development, don’t be afraid to ask for discounts and caps on prices hikes for the duration of your contract.