One of the core beliefs held by many potential Cloud users, and many vendors, is that the Cloud is not only insecure but also in some way intrinsically `dangerous’ to businesses. An important Cloud technology that lies at the heart of this belief is multi-tenancy – the ability to share the processing resources of a single instance of an application between a number of different users.
It is here, of course, that many of the real operational cost savings of the Cloud can be found, for not only does the user save on all the costs associated with acquisition, but only pays for the share of the resources used.
The alleged downside of this, however, is that such an infrastructure has the dangerous habit of sharing not only resources but data and even business processes between users. This, according to Peter Coffee, Vice President and Head of Platform Research with Salesforce.com, is a fear that is being perpetuated by the vendors of traditional on-premise business applications.
“Their marketing budgets are comparable to our annual revenues and they use much of that marketing budget to perpetuate myths and fears. It is arguable that they have a fiduciary duty to do this on behalf of their shareholders, but that doesn’t mean I won’t try just as hard to call them out when they say things that are falsifiable on the face it. And it is falsifiable on the face of it to say that there are security issues with multi-tenancy, because there is no evidence this is true. For example, Larry Ellison (CEO of Oracle) has attempted to suggest a connection between multi-tenancy and data hazard. The problem is there is no demonstration that this exists. And if it did then banks running Oracle would arguably need a separate instance of Oracle for every customer. So as soon as you look even a millimetre deep into the argument you realise that the people making the argument better hope that you don’t believe it. They want you to believe in one place but ignore it everywhere else. When they are selling you a database on which you build a multi-tenancy system that’s OK. But when we build a multi-tenancy access it is somehow different? No it is not. The main difference is that we are professionals and we have 104,000 companies where we operate the IT for them. ”
Coffee’s bottom line here is that IT has moved on and their collective business model is now history. He points to the way that users have been told over the years that doing it themselves has been the prudent option, but he also suggests that in the next year or two we will look back and say that doing it themselves will actually look like they were `doing it on the cheap’. Coffee acknowledged that the irony here is that security is crucial to the survival of companies like Salesforce.
“One major security breach could materially threaten our company’s existence. That is simply not going to happen with most company’s private datacentres. Most organisations cannot fire their entire datacentre operations team, raze the datacentre to the ground and start over again, saying `this time we’re going to do it securely’. But if I was ever associated with a major security breach our customers’ relative ease of switching to another provider would be much greater. ”
His position is that the company has to treat security seriously and ensure that every employee is educated to take in seriously. So every employee goes through an annual security practices re-certification process to ensure as best they can that all of them are up to speed on the subject. And contrary to popular belief, he suggests that there is growing evidence showing that the Cloud is doing security better than can be achieved with at least most on-premise datacentres. For example, he points to the National Institute on Standards and Technology (NIST), which has put out documents in the last year identifying eight areas where the Public Cloud is now probably more secure than anything other agencies are doing now.
“Many Government agencies in the USA, Australia and other parts of the world use our services, so there is a continual demonstration that organisations that can afford to be as demanding as they like, are using the cloud. ”
His tactic is now to counter Cloud security arguments with facts. A common challenge is that `most security experts say the Cloud is insecure’, to which he replies that a UK-based survey earlier this year of security officers showed that 55% of them feel the Cloud is more secure.
“I’ve been doing this for 12 years now and I have built up a body of evidence. The trouble is that means I can’t really generate a good headline saying `Salesforce goes uncracked for one more day’. It’s not news. ”
And in the end it is not even the uncrackability of the service that is the key question. In fact it is the ability to manage cracking attempts. It is the speed at which it can be spotted, stopped and repaired, plus the ability to restore customers’ business processes to normal operation with the minimum – ideally zero – disruption.
“That’s right. Hypotethetically a business like ours could be `cracked’ a hundred times a day, and that sounds bad. But if the cumulative impact of all of them is just 1 microsecond of downtime, that doesn’t sound so bad. So the proper measure is the impact on our customers’ ability to be confident in doing business on our platform. That is why we share all the information. ”
That comes back to the need now for SLAs that are meaningful for the business user. In fact Coffee is against the word `Agreement’ in SLA. Instead he now prefers to use the term `Service Level Assurance’.
“Service Level Agreements are documents written by lawyers, to be consumed by lawyers. Service Level Assurance is a state of mind for my customers, and if I can achieve that for them they are not going to ask me for a Service Level Agreement. ”
In his view, the only reason customers ask for a Service Level Agreement is because they feel no sense of assurance in what is being delivered and the only way they feel better is to have a legal hammer with which to hit their supplier. What is needed is the ability to get to the point where customers do not think in terms of retribution against their supplier, but rather think in terms of trust in the supplier.
“That is what the brand is all about, and why we have trust as the top line. They expect a certain standard of purity and fitness for use and that is what brands were invented to be. This is no longer an IT replacement conversation, it is a brand elevation and awareness conversation. I would like nothing more than to see a world where customers say `of course our systems are powered by the Force.com platform’ becomes tantamount to an underwriters’ laboratory label saying of course this product won’t injure you’. ”
This position may sound idealistic, but it is fair to observe that most other areas of industry, be it manufacturing or service provision, have market leaders that by and large live by such values. Coffee compares this directly with what he calls the draconian licence agreements that the IT industry has used – and still widely uses – to defend itself against what would be assumed to be their rightful responsibilities in most other market sectors.
“You get a licence that gives to right to use a box of parts or a list of code, and you assume all responsibility for making it do anything useful. All those disclaimers of fitness for usability. The odd thing is that being service providers we simply couldn’t begin to suggest that we would ever be able to do that. It would be like users saying `so our subscription connects us to….nothing?’ We just couldn’t do that. ”
One final aspect Coffee wanted to add to the mix is the qualitative change that cloud-based technologies can bring – an addition that he sees not as an evolution of IT, but as a fundamental change in what it is offering. The fact that it not only can exploit continuous, real-time feedback monitoring of all activities, but is geared to get the best possible results from doing so is a major step forward.
“This is not a quantitative change, it is a qualitative change and users that are not able to reconceive it will be wondering, in two or three year’s time: `we bought all this virtualisation, we built a private cloud, why are we still underachieving? All virtualisation does is take a technology that gets less expensive over time and make it more manageable using people who get more expensive over time. It is going in exactly the wrong way. And there are diminishing returns on the ratio of virtual to physical servers over time through increasing complexity. ”
