If you have been involved in a discussion about planning for cloud adoption with a client or within your organization, you were certainly not exempted from the following questions. And guess what you are not alone! A poll done by IDC (slide nr. 10) provides you a graphical representation of the challenges ascribed to the cloud model.
- Where is my data?
- Is my data secure in the cloud?
- Is my data secure in transit?
- Who is accessing my data?
- Who is accountable if something goes wrong
- Is there a disaster recovery plan?
- What about inter-country, export and privacy laws?
- Will I lose my data in case a storage site shuts down?
- What happens if my cloud provider disappears?
- How is the environment monitored for OS/DB/application failures? Will I be notified in case of a failure?
- What about data Encryption?
- Does a cloud solution integrate with existing IT solutions?
- Is the cloud solution customizable?
- Scale-Up, Scale-Down? Is it really as simple as clicking a button?
- Can I migrate a cloud solution back to an in-house IT solution?
- What about the regulatory requirements that can prevent me from using the cloud.
Anything on cloud is less secure than my own IT infrastructure. Well, of course, it’s a natural response as companies spend huge amounts of money in their local IT departments and trying their best to secure the infrastructure. The REALITY is that many attacks come from a lack of timely software update management and server misconfiguration. The likelihood of such issues occurring (at least as frequently) is greatly reduced in the Cloud, where security-patching process is more streamlined – the vendor, software & server architecture tend to be homogenous, there is staff dedicated to security ensuring the application of latest security patches.
Also, large Cloud providers are dealing with far more complex security issues that a local IT team sees on a daily basis.
This is definitely not a trivial concern. In the past, some vendors have lost customer data.
Secondly, there are data access governance concerns because there is the danger that sensitive data could fall into wrong hands either accidentally or by intentional misuse. It is very important to ask the cloud provider who establishes, maintains and checks audit trails (assuming they are being done in the first place).
Data in the Cloud is typically in shared environment. It is definitely important to ask what is being done to segregate data besides encryption.
Compliance in the Cloud
Monitoring SLAs and Contracts
No doubt that there will be SLA agreements signed with the vendors but the question is who is monitoring, auditing and enforcing the SLAs? In case of a security breech or an audit fail who is responsible measuring and reporting those breeches and failures?
Integration with Legacy Systems
We are far from relying completely on a cloud solution. Therefore, without a doubt, there will be plenty of integration work between the cloud system and an in-house system as well as securing them.
Can cloud systems move between different vendors?
Not that it happens very often but it is a valid question. The answer to this is YES but it’s not as easy as it may sound. There are two main issues here-Interoperability and migration cost policies. The goal is to move applications seamlessly between different vendors but for that the vendors will have to adopt standards-based technologies in order to ensure true interoperability. Open Cloud Consortium is promoting open frameworks that will let clouds operated by different entities work seamlessly together. However, exciting it sounds, I am not sure how far we have come on this. On the other hand, it proves negative for the vendors by making it easier for them to lose their customers.
Another major concern here is what happens when your cloud provider disappears? Check out the Coghead’s (one of the early cloud vendors) shut down story here.
Finding the Delicate Balance between Risks and Benefits
All the above questions and concerns are valid, are not insurmountable. The solutions exist and are fined tuned every day to provide a safe, secure and seamless experience in the Cloud’s adoption. Following are some of the things than an organization needs to keep in mind before moving to the cloud:
- Know your team, your solutions and your vendors.
- Enterprise architects, developers, product owners/stakeholders, IT leadership and outsourcing team should be involved.
- Make sure that there is an adventurous spirit and technical astuteness with your team; else the experience can be very frustrating.
Real World Cloud Computing Applications
In the end, it is always important to look at the brighter side. Here are some of the successful examples of Cloud Computing Applications.
Coca-Cola Enterprises – uses a Cloud-based system to streamline operations with merchandisers in the field;
Nasdaq - uses Amazon’s S3 Cloud Service to deliver historical stock and mutual fund information, rather than add the load to its own database and computing infrastructure;
Animoto - a small start-up which decided to use Amazon’s Cloud Services, was able to keep up with soaring demand for its service and scale up from 50 instances to 3,500 instances over a three-day period;
Times - wanted to place scanned images covering a 60-year period (15 million news stories) online. After being repeatedly turned down by the CIO for the use of six servers, the newspaper moved four terabytes into Amazon’s S3, ran all the software over a weekend on EC2 for $25, and then launched its product in a matter of minutes;
Mogulus streams 120,000 live TV channels over the Internet and owns no hardware except for the laptops it uses. It handled all of the election coverage for most of the large media sites. Its CEO states that he could not be in business without IaaS.
Hope you found this post as interesting as I enjoyed researching for it.