After reading the insightful HP article “Lack of Transparency in Public Cloud”, I cannot help but weigh in and expand on the implications of the Public Cloud. The strategy offers immediate or almost immediate access to a solution, at a relatively low cost and a “pay for what you use” approach. Yet, I share the concerns of the feasibility of an IT solution that is offering little obvious guarantee or transparency for security, location, quality of service, or continuity of service. The business user of IT has historically used corporate IT like a utility, expecting IT services as we would expect to use water or electricity. As with public utilities, one can go off the grid and get what we need, but there are risks and implications besides benefits. Let the public cloud buyer beware.
Let me expand on these key concerns.
- Security – It is no secret that the internet is a dangerous place. Leaving important data on a public internet site is akin to moving an important file cabinet from your organization’s secure location to a street corner. Even locked, it is exposed to anyone that walks by. Most passersby would ignore it; a few will look at it as a challenge or opportunity. Moving it to a location where a relative stranger promises to watch it is almost as bad, even if you hold the keys to the locks. Is it worth the risk? Who can you trust? The point is that you need to know and depend on your keeper of the corporate jewels, or even your collection of trivia. If it is important enough to pay for public cloud, it is important enough to safeguard. The same point for the “keys”. Even if you have a security key, is your provider of certificates for the service you are leasing reputable? How about the cloud staffing? Are backups and operations maintenance of critical data performed by reputable staff and process?
- Location – Where is your service and data located for the public cloud? Is it mandated by corporate policy or by law that the service be located in the country of your organization? If you have verified the country of service, is there a guarantee that the service will stay there? Do you care if your public cloud sales data or CRM analysis is being done in North America, South America, Asia, Europe, or any particular country therein? Even if you have assurances that the cloud service is offered at a desirable location, will it stay there over the duration of the service? It is the cloud!
- Quality of Service – I leased a service many years ago to quickly set up and host an application for common use by a project team. The usage quickly expanded beyond our expectations, but the system hosting the work could not scale without extensive moves and investment on our part. Public cloud providers today make this concern typically trivial, but the point remains: how do you know what you can expect? Is the quality of the service reliable enough to meet your business need, and transparent enough to prove it?
- Continuity of Service - This concern extends beyond the public cloud, actually. When you buy a service, there is an implicit expectation from most consumers that the service will be available any time they need it. In fact, it generally takes a bit of cost and work to set up the redundancy that most consumers expect. Here is where the transparency is generally published by reputable cloud providers, but the consumer must also read and understand the implications. Did the consumer buy single server availability when redundancy, clustering and/or remote backup of data is needed? The latter surely costs more. How do we know that our data is being successfully backed up? And to where? Related to continuity, is the public cloud vendor viable as a business to support the cloud service? Bankruptcies and business strategy changes (like disbanding unprofitable cloud services) can be unexpectedly disruptive as well.
We have been reminded in this last year of some notable failures of public cloud services. If you haven’t read about the Amazon EC2 and Amazon RDS Service Disruption in the US East Region, it may be a good read to understand the complexity of automation that provides the benefits of public cloud services.
Typically, a business user of a cloud service is not looking under these covers, but only searching for a way to provision their needs quickly and cheaply. The word “Shadow IT” as it applies to the public cloud is an appropriate phrase. Shadow IT is a bit shady in the corporate sense and is being purchased to get around the approved IT practices and governance. Let the buyer beware.
Here is a note to those IT groups that are being challenged with the “competition” of your consumers who are moving to shadow IT: Build a reliable and viable private cloud service to compete. The private cloud of an IT shop can transparently govern the security, location, QOS and business continuity to the corporate policy…but you must earn the business these days with effective cost controls and service agility. You already have potential to provide a superior product to compete.
Before I get 1000 responses that I am vilifying all public cloud, let me be clear that the public cloud has many good business cases and has scores of reputable and qualified providers. But even that statement begs the question, how do you really know unless you do your homework on a fully transparent provider?
Leveraging the benefits of public and private cloud is one of the significant opportunities available to the savvy enterprise. HP Strategic IT Advisory Services (SITAS) is prepared to assist you with enterprise architecture planning and design to improve your leverage of IT to support the business. Cloud services are a key part of this strategy.