The amorphous nature of cloud computing can make IT pros charged with protecting their organizations' data feel as if they're trying to rope the wind.
While privacy and security top the list of governance woes cited by the business technology professionals we spoke with, availability, performance management, accessibility, auditing, and monitoring are far from nonissues, especially for those subject to restrictive regulations such as Payment Card Industry standards or the Health Insurance Portability and Accountability Act.
"Cloud computing, in my opinion, would cause too great a reliance on having Internet connections, plus expose company information to compromise or theft," says one respondent to our September InformationWeek Analytics cloud computing survey. "From a PCI compliance point of view, it would be a nightmare."
Still, the pluses – scaling applications quickly and seamlessly while shedding capital and operating expenses associated with maintaining servers – are attractive enough that this model will continue to gain popularity with business leaders. And cloud computing proponents, including the big vendors vying for shares of this lucrative market, are masters of accentuating the positives while downplaying potential negatives, like outages and governance challenges.
So how can information security pros reconcile their need for governance with business leaders' directives to bring capital and ongoing costs under control? Our advice: CIOs must sit security groups down at a table with legal counsel and data owners to hash out issues. Having these hard discussions up front is the only way to counter skepticism, like that expressed in our poll, where just 18 percent of the 456 business technology professionals surveyed said they were using cloud services, compared with 34 percent who have no interest. More than half said they are very concerned about security, with performance, control, and concerns over vendor lock-in and support rounding out the top five worries.
We've heard this refrain before for software as a service (SaaS). If you don't control your data – or, in some cases, even know where in the world it's residing – you can't govern it, and you surely can't promise an auditor that it's protected from unauthorized access. But even more than SaaS, cloud computing, by its distributed nature, raises issues regarding privacy rights and regulatory compliance. This is true whether you subscribe to the infrastructure model of cloud computing, where you lease resources on a metered basis, as with Amazon.com Inc. (Nasdaq: AMZN)’s Elastic Cloud Compute (EC2) and Microsoft Corp. (Nasdaq: MSFT)'s Azure, or an application platform model, where application services in the cloud are populated with your data, as with Salesforce.com Inc. or PeopleSoft Inc. (Nasdaq: PSFT). Governance issues, such as data management and regulatory compliance, are still very much in limbo. The courts and industry groups will eventually help develop guidelines, but for now, we're on our own.
Why aren't enterprises falling all over themselves to buy and use cloud services? Is it risk aversion? Is it a lack of confidence in the service providers? Is it just another version of the insource/outsource debate? Or is it something else more fundamental?
I know that as we discussed building applications that are to be used in conjunction with securities trading, we had many concerns about overall system performance that we had to work through. Although the service was to be provided in a SaaS model, the datacenters would continue to be owned by the service provider, and the new infrastructure and applications would be added into the existing datacenters leveraging the physical infrastructure already in place. While the application was being architected to run in a grid/virt/cloud agnostic way, controlling the underlying infrastructure and it’s performance was too near and dear to the basic application for any consideration of a cloud deployment early on, at the very least.
That’s not an indictment of the cloud providers. That is more of the parochial view of a traditional IT department “controlling” the infrastructure.
Remember way back in the ‘90s, when service providers were going to build storage in the net? How successful were those ventures? I know the carrier that we were working with had big plans and hopes for that service that never materialized. ASPs for applications other than infrastructure seemed doomed to the same fate. I know of services being established to take snap-shotted data off of the enterprise SAN and ship it to a service provider for safe-keeping. These services at least had more of a fighting chance—for the raw asset they stored was only the “backup” in case of a serious event in the primary data center.
I think that strikes more at the core. For some enterprises, losing control of the primary data is the issue. We were okay moving our apps outside the firewall through a browser.It took awhile to get comfortable with, but it is now acceptable. We were comfortable with moving our entire data center out of our control, as long as the in/outsourcer could demonstrate that our stuff was being managed safely, securely, and in many cases better, than we were capable of. We could touch our data when we needed, and could build protections into the agreements. After all, we could send someone over to touch “our” hardware; we could test the security and service levels easily enough. In some cases, after all, the data center was still in our buildings.
As virtualization became real, for the traditionalists it was little mainframes all over again, right? I partition off this part of the machine for this app, and this part to that one—and we’ll use a SAN so our data is easily available should we have to reconfigure our virts. Inside the firewall, this was good news; we can drive up the utilization of our platforms and lower our overall costs.
Putting it into someone else’s data center—even one that may likely have better physical security, network bandwidth, and raw power than we can dream of—means that we are now trusting the whole kit and caboodle out to an outsider—and on top of everything else, we are going to be sharing hardware with our competitors/customers/suppliers on an infrastructure that really isn’t all that trustworthy in the first place, I mean, my gawd, what are we doing here!
And besides, they have the only copy of our data. Not just our email, or our sales funnel, or our customer list. But the whole dang thing. Everything!
That is what we have to convince them is the right and safe thing to do.
I know that cloud services/SaaS are very a la mode right now, and on paper, they can be made to make perfect sense. Especially if it's a pay-as-you-go model, what could be smarter in an era of economic uncertainty and reduced budgets, right?
So why aren't enterprises falling all over themselves to buy and use cloud services?
i think it's more than risk aversion where new models or service providers are concerned. I think it's more than the latest iteration of the insourcing/outsourcing debate. But the more indifference customers show toward cloud, the louder the vendors seem to have to crow about it. What am I missing here?
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
As we well know, the online echo chamber and its increasingly viral and social components can magnify the propagation speed and distribution of stories and rumors, whether true or false.
In his recent Congressional testimony, Dennis Blair, the U.S. director of national intelligence, stated that the U.S. is "severely threatened" by cyber attacks and that the recent Google (Nasdaq: GOOG) attacks should serve as a wake-up call.
Fatal System Error, the book just released by West-coast-based journalist Joseph Menn, is really a public policy statement written as a thriller for a wider reading public. UPDATED 2:45 PM
Just when you despair that mobile apps are drowning in triviality -- Sticker Jam Hearts, Cookie Doodle, and Love Jive are all top iPhone apps, incidentally, and Calm Candle isn’t far behind -- know that hardworking, serious apps now are clawing their way onto our phones.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Ray Kurzweil's Blio and Apple's iPad tablet will make it easier than ever to have books "read" to us, says Dr. Kim, who believes that talking tablets will become interwoven into our consciousness as we "merge" with the increasingly elegant machines we hold in our hands.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
