While business users are starting to become more aware of the potential cost benefits of Cloud Computing, many still have crucial unanswered questions when it comes to data security, which is preventing early adoption in some quarters.
“Customers don’t trust vendors as far as vendors claim to know their product. Customers trust the opinion of other customers over that of the vendors and will take more value from what these people are saying than the vendors”, commented COLT Telecom’s Steve Hughes in a panel session on Cloud platforms and infrastructure at this year’s Business Cloud Summit.
Also participating in the session were Dr Stephan Farestan, Senior Executive of Product Strategy and Development for TIBCO, and Mike Payne, Chief Technology Officer and Head of Architecture and Strategy for the Ministry of Justice. The debate was chaired by journalist and BusinessCloud9 contributor Martin Banks.
Are CIOs ready for the Cloud?
“56% of European CIOs are not familiar with Cloud Computing. Is that because the industry is not telling the story properly when it comes to infrastructure, or is it just too early?”, asked Martin Banks.
“We asked CIOs what they know about the Cloud and there are a stunning number of people with no awareness. I don’t think ‘Cloud’ as a marketing term has been successful at all - it has confused the hell out of everyone”, said Steve Hughes.
“There used to be something like 67 definitions of Cloud Computing, but now there is now one definition of what the Cloud is, so we’re getting there”, he added.
“It’s not too early”, insisted Mike Payne. “Of those who have taken the plunge to Cloud Computing, 73% have projects underway. Most companies take an incremental approach…the advantage with Cloud solutions is that they are more controllable. It’s useful to have a service where you can go and set up as many servers as you need to carry out that testing and development process”.
Governance
“Two of the main questions when choosing Cloud providers are who do you trust and how do you stay in control? Organisations still want to be in control of their infrastructure. It’s their data and they want to keep that control. I’ve been to many Cloud presentations where people say you don’t have to care where your data is – but what if you do? This is where reality starts to come into it. If you have a business to run, you have a responsibility”, added Payne.
Managing that responsibility should be a key consideration for Cloud providers going forward, suggested Dr Stephan Farestan: “If you provide a platform as a service, you need to provide policies to fine tune and control. What used to be programming is increasingly being deconfigured – that’s very positive because it means that this is externalised, it used to be bedded inside code, it’s now externalised. It makes it easier to control and change”.
Cloud vendors and users could learn from the government’s outsourcing processes, said Mike Payne: “The government is used to working at arm’s length from data and have a number of outsourcing models in place. There are lessons that can be learnt from these and applied to the Cloud. We’re looking at how to establish policies to check that they’re doing what we say they’re doing”.
Managing risk
On the issue of so-called contract ‘lock-ins’ (or articulated service agreements), Martin Banks commented: “If you say the words lock in, people throw up their hands in horror, but when you attach it to the Cloud, it’s a good thing because it suggests you’re locked into a certain policy and governance code”.
“Locking someone into a way of working is a good thing”, agreed Steve Hughes, “but it’s another thing to lock them into a service provider. The customer should always be able to get their application and data back. It’s crucial that if things suddenly change, the service provider has a duty to make sure something happens for the customer. There is no real reason you shouldn’t be able to transfer applications and data back to the customer”.
Martin Banks suggested that should a Cloud provider perhaps fail as a business, for example, an escrow style service where customers can get access to their data and also the business process behind it.
“An escrow service is the only way to do it and I think that’s an important consideration”, agreed Dr Stephan Farestan.
“I can’t see a software provider saying that – it’s not the message they want to give to their customers. While I can see that the model has merit from a practical point of view, I can’t see how they would do it”, countered Steve Hughes.
“There is an escrow consideration, but also a business continuity issue. You should be thinking about how to spread your risk across multiple suppliers and processing the specifics of one Cloud environment into another”, suggested Mike Paynes.
“There is an opportunity for Cloud vendors to federate and therefore back off their own risk with another Cloud vendor – so for example in a disaster recovery scenario, Cloud vendors with restricted geographical coverage will be able to cooperate with other vendors. Passing on elements of service from one Cloud provider to another will not be an insignificant task. That’s still some way away, but it’s a consideration”, commented Steve Hughes.
