Cloud Computing, where the architecture of your technology estate is based upon the integration of third-party technologies and services, is gaining momentum in the industry.
It’s a natural extension of outsourcing where an organization uses technology within it’s own physical boundary (i.e. its data-center) but the technology is owned and operated by the vendor. The reason why organization’s take this up is because they believe that it has economical benefits, and the reason for this is that the technology is ‘metered’, i.e. used on-demand. It also means your organization doesn’t have to hold assets and worry about capital. You just pay for what you use. It’s also based around the service catalog so it integrates with the philosophy of ITIL too. Cool.
Maybe not-so-cool. One of the big downside is data-protection. With this model, it’s really tough to keep control of your data. Not only is this a risk from the perspective that third-parties can access it and potentially use for reasons outside of your knowledge and control, it does create a headache with regulation. Currently, protection is on contractual grounds. But is this enough? Security standards haven’t kept up with this trend and in my experience, they are woefully out of date.
So the question is if you can really afford the cloud if you can’t prevent unauthorized access to your data – which will be far more expensive to your business in terms of regulatory breach or reputational damage in the long-run. The panacea is to separate the application and technology from the data.
There are vendors who have clocked this and are developing products to capture the market against the conceptual solution. One vendor is Vormetric who offer a product suite that secures the data separately from the security of data access. The principle is that your cloud-computing partners can supply and manage the application yet the data is secured and encrypted so that only your employees can use it. Now this is cool.
But it won’t just be about encrypting data thank-you-very-much. I expect IT organizations will have to take a serious look at their software methodologies and development life-cycle to ensure the concept beds in. It needs to be principle-based and considered at the start of a development, not bolted onto the end. The Vormetric product, however, does allow you to leverage off existing applications and infrastructure.
The other issue with cloud computing is with version control. Well, version control if implicit in its model but it is all or nothing. You can’t give some people one version of a service and others a different version easily, or at least meet cloud computing’s economic objectives. However one benefit is that security patches are deployed to everyone once in this model. You shouldn’t find rogue PCs with insecure versions of software lying around, undiscovered.
I’m reminded of that Ken Olson 1977 quote which this link does a good job of placing in context:
http://www.snopes.com/quotes/kenolsen.asp
There are a ton of solo businesses I know who rely on Google desktop and gmail and other ubiquitous net resources.
What if your gmail goes down or your account is deleted (has happened)? Or even worse, is hacked?
That being said, I can see various clouds emerging like Steven King’s “The Fog” to gobble all the SAAS seekers it can find.
Maybe there’ll be “cloud” levels:
e.g. Stratus – bog standard it works mostly and your data is usually recoverable within the last backup cycle. Yikes.
Cirrus – 5 miles high and well above the plebs in coach class near ground level. Your data is funneled wherever it needs to go with “jet stream” efficiency.
@Mark I like the analogys to clouds there. Maybe it just relates to the service levels agreed.
My friend had his gmail hijacked by someone who had a similar name and convinced their support she was the owner of the account (I think she forgot what email address she registered)
We’ve been providing real cloud based solutions for the last 8 years to customer and have addressed the issues associated with risks you’ve outlined. Each one, when taken as a whole and viewed as if it was a Fortune 100 company, can be successfully addressed.
We host hundreds of applications for customers across most industries and are able to successfully complete financial audits from some of the largest financial institutions. These issues can and are addressed.
Thanks for the article.
Bill Sorenson
CEO
IVDesk
@Bill – I guess you were offering ‘cloud’ solutions before Dell (apparently) coined the phrase ‘cloud’. It must be exciting to be on the frontier!