Security
In nearly every survey done about cloud computing the top reason given for not adopting it is a concern over security.
Putting your business-critical data in the hands of an external provider still sends shivers down the spines of most CIOs.
Only by giving up some control over the data can companies get the cost economies that are available. CIOs, along with other C-level executives, must decide if that trade-off is worthwhile.
In deciding on the trade-off some of the questions to consider are:
- What happens if the data stored or processed on a cloud machine gets compromised?
- Will we know?
- If we do not know, how will we notify our constituents, especially when data breach notification laws are in place?
- How will we know to improve our security?
There is a school of thought that says that holding your data in the cloud is not much more insecure than having it on internal servers connected to the Internet. The recent case in the UK of a hacker who hacked his way into the US Government network shows that supposedly secure networks are just as likely to be breached.
Companies need to be realistic about the level of security they achieve inside their own business, and how that might compare to a cloud provider. It’s well known that more than 70% of intellectual property breaches are a result of attacks made inside the organisation.
Clearly security will be raised as a concern around cloud computing for many years to come. There is still some work to be done before more formalised standards are in place. Organisations like the Cloud Security Alliance are at the forefront of addressing these issues.
In the same way that some banks took longer than others to offer internet banking facilities so it will be with cloud computing. Some organisations will evaluate the risks and adopt cloud computing quickly. Other more conservative organisations will hang back and watch developments.
2. Data Location & Privacy
Data in a cloud computing environment has to exist on physical servers somewhere in the world and the physical location of those servers is important under many nations’ laws.
This is especially important for companies that do business across national boundaries, as different privacy and data management laws apply in different countries.
For example, the European Union places strict limits on what data can be stored on its citizens and for how long. Many banking regulators also require customers' financial data to stay in their home country. Many compliance regulations require that data not be intermixed with other data, such as on shared servers or databases.
In another example, Canada is concerned about its public sector projects being hosted on U.S.-based servers because under the U.S. Patriot Act, it could be accessed by the U.S. government.
Some of the larger cloud providers (e.g. Microsoft, Google) have recognised this issue and are starting to allow customers to specify the location of their data.
Another data issue to address is: What happens to your data in a legal entanglement?
What if you miss paying a bill, or decide not to pay a bill for various reasons, like dissatisfaction with the service? Do you lose access to your data?
This is something that can be addressed at the contract stage to ensure that the right safeguards are be put in place to prevent a provider from withholding access to your data.
3. Internet Dependency, Performance & Latency
A concern for many organisations is that cloud computing relies on the availability, quality and performance of their internet connection.
Dependency on an internet connection raises some key questions:
- What happens if we lose our internet connection?
- How long can we run our business?
Moving an existing in-house application to the cloud will almost certainly have some trade-offs in terms of performance. Most existing enterprise applications won’t have been designed with the cloud in mind.
Organisations considering investing in cloud computing will certainly have to factor in costs for improving the network infrastructure required to run applications in the cloud.
On the plus side, bandwidth continues to increase and approaches such as dynamic caching, compression, pre-fetching and other related web-acceleration technologies can result in major performance improvements for end users, often exceeding 50%.
At the software level, applications will have to be architected for the cloud in order to achieve maximum performance. We’re well down the road with thin-client, browser based applications but many of these would still need re-designing in order to benefit from a cloud environment.
In reality the vast majority of applications don’t require the levels of nano-second performance that might be impacted by putting them in the cloud. In the real world, scalability is likely to be a more important issue across more applications.
Latency (the time taken, or delay, for a packet of data to get from one designated point to another) will undoubtedly be an issue for certain applications. Trading applications that require near-zero latency will probably be run in-house for many years to come. One of the key problems with putting these applications in the cloud is that latency on the Internet is highly variable and unpredictable.
There are many cloud computing commentators who claim that the cloud will never be able to support these types of applications. However, vendors such as Juniper and IBM are already demonstrating extremely low latency capabilities in the cloud so it’s a case of watch this space.
4. Availability & Service Levels
One of the most common concerns regarding cloud computing is the potential for down-time if the system isn't available for use.
This is a critical issue for line-of-business apps, since every minute of downtime is a minute that some important business function can't be performed. Every minute of down-time can not only affect revenue but can also cause reputation damage.
These concerns are further exacerbated by the recent highly public outages at some of the major cloud providers such Google, Salesforce.com and Amazon.
As a counter to these concerns, cloud-computing advocates are quick to point out that few enterprise IT infrastructures are as good as those run by major cloud providers.
Whilst highly public outages get lots of press coverage and help feed the views of the cloud computing cynics one needs to compare this against in-house outages which rarely get publicised. Just how many times per year are internal systems down and/or unavailable? How does this compare to a typical cloud computing scenario?
Many companies thinking of adopting cloud computing will look to the service-level agreements (SLAs) to give them some comfort about availability. Surprisingly, some cloud providers don't even offer SLAs and many others offer inadequate SLAs (in terms of guaranteed uptime.)
Cloud providers will need to get serious about offering credible SLAs if the growth of cloud computing is not to stall. Increased competition will help and will push the early entrants to provide greater assurances to their customers.
Just because a provider says that they can deliver a particular service over the Web better than an internal IT organisation can doesn't make it necessarily true. And even if they can, how do you know they are doing that consistently and, if they aren't, what compensation is due back to the customer?
Cynics will say service level agreements are not worth the paper they are written on. They will point out that an SLA doesn't necessarily assist in obtaining high quality uptime, but provides the basis for conflict negotiation when things don't go well. A bit like a pre-nuptial agreement.
5. Current Enterprise Applications Can't Be Migrated Easily
Moving an existing application to a cloud platform is not as easy as it might first appear. Different cloud providers impose different application architectures which are invariably dissimilar to architectures of enterprise applications.
So for a complex multitier application that depends on internal databases and that serves thousands of users with ever-changing access rights it’s not going to be an easy switch-over to a cloud platform.
In reality most organisations that adopt cloud computing will end up doing it with new applications. Existing applications will probably continue to run on-premise for some time. That’s not to say that these applications can’t be converted but that the costs of conversion will often outweigh the benefits.
Amazon Web Services offers the most flexibility with regard to migrating applications because it provisions an "empty" image that you can put anything into. However, applications cannot be easily moved due to its idiosyncratic storage framework.
With some other cloud platforms (e.g. Microsoft Azure) it may be possible to take existing applications and, with minimal effort, modify them to run in the cloud. Much will depend on the existing architecture of the application though. If it was developed using underlying “web services” then it is likely that it can be modified relatively easily to run in the cloud.
Whilst the lack of a convenient migration path for existing applications might hinder cloud computing adoption, in the longer term it is not going to be a permanent barrier. As more vendors build applications for cloud deployment so will the uptake of cloud computing grow.
No comments:
Post a Comment