Cloud computing represents uncertainty for some IT organizations. Security is one major concern, but there are others. Cloud adoption rates may rise as more companies find tooling and support to mitigate the potential fears associated with public cloud architecture.
A dim view of the cloud
Every new technology has its share of naysayers. Many of these skeptics aren’t uninformed members of the general public. Negative opinions are also prevalent among hard-nosed business leaders who supposedly have the most accurate industry data to work with. Take this quote from an internal memo at Western Union in 1878, “This `telephone' has too many shortcomings to be seriously considered as a practical form of communication. The device is inherently of no value to us.” It’s likely that whoever wrote that memo changed his mind after the technology not only proved itself but completely revolutionized the communications industry.
Cloud represents uncertainty for some
Today, the changes in tech are so fast and furious that it’s harder than ever to evaluate what’s really a significant advance and what’s just hype. But cloud computing is at least partly living up to its early promise. That doesn’t mean that all businesses are eager to implement cloud solutions. TheServerside.com Readership Survey 2011 revealed that 31% of surveyed companies have no intention of investing in cloud computing in the next 18 months. When the question was asked in a slightly different way (do you intend to deploy apps to the cloud?), there were still a lot of reluctance to commit. 10% of respondents said ‘no’ and an additional 18% said they were considering deployment but have no concrete plans in place to actually take that step.
Are these companies being backward or overly cautious? Is there a good reason that these firms are hanging back and letting others lead the way into the cloud? Let’s look at what’s making the cloud a less attractive solution for some companies and what it might take to change their minds.
Security remains top obstacle
The #1 reason organizations steer clear of the public cloud is concern over security. An internal server setup with firewalls may not be perfect (in fact, no security system is). But it carries with it a greater sense of safety both for consumer data and proprietary business data. Plus, if a breach does occur, the company can at least take responsibility and clean up the mess. They aren’t stuck telling customers, “We trusted your data to a faceless cloud computing vendor and now you are at risk for identity theft. Sorry about that, but we were trying to save money by outsourcing our IT infrastructure.” That’s much worse from a PR standpoint than saying, “A disgruntled employee stole data or maliciously compromised our security. They’ve been identified and are being prosecuted to the fullest extent allowable by law.”
What needs to change?
The fact is that there are some companies that will not be able to take the risk of moving data to a public cloud. This is especially true in industries where data privacy is strictly regulated. If an organization cannot control and monitor exactly how and where data is transmitted and stored, it’s not possible to certify that it is being handled appropriately in accordance with privacy legislation. However, the average business customer is likely to be just as safe in a well-constructed and appropriately managed cloud as they are in their own data center. The security risks are simply different – not substantially greater.
The main problem facing cloud providers in this area is customer education. In short, providers are going to have to get better at communicating how cloud security actually works and how it addresses the specific concerns that business owners have about their data. One way providers are moving in the right direction is with private and hybrid clouds that ease security concerns without sacrificing scalability and other benefits that make the cloud attractive in the first place.
Cloud providers have the most to gain by improving security and the most to lose when holes are exposed. They can and should be held accountable in this area. So, those businesses that have already moved to the cloud actually owe those who lag behind a “thank you”. As long as there are still customers out there who need to be wooed, providers must continue to improve cloud security to prove that this technology is worthy of trust.
Other common concerns regarding the cloud
According to survey results, the following are the most frequently expressed fears causing organizations to shy away from cloud involvement:
- Unpredictable costs
- Potential increase in complexity
- Lack of tooling support
- Changes in organizational structure for IT
- Uncertainty about availability
- Reluctance to be “locked in” with a vendor (and difficulty picking a vendor)
Many of these issues are also related to lack of knowledge about how the cloud works. Again, as business leaders become more aware of the tools and support systems available to mitigate these risks, adoption rates will increase. Let's take a closer look at a few of these concerns.
The scalable, on-demand nature of cloud services means that there is the potential for spikes in usage that can lead to unexpected expenditures. Poor deployment strategies can also make the cost-savings advertised by cloud providers vanish in the proverbial puff of smoke. Better pre-migration planning and ongoing monitoring are the keys to avoiding these pitfalls.
There are two factors that can affect availability – the data centers handling cloud computing and the infrastructure distributing internet services to the end user. The best cloud vendors supply detailed current and historical data about their “uptime”. Many have been in business long enough to demonstrate a track record that can put the mind of customers at ease. For geographic areas where internet connectivity is spotty, businesses will likely just have to wait for local infrastructure to catch up before realizing the full benefit of cloud deployment.
This fear has less validity with the common “pay-as-you-go” cloud model where businesses are not committed to a long-term contract. That’s not to say that all clouds are exactly the same and there would be no costs associated with switching. However, there is a great deal of standardization when it comes to cloud-based applications compared to apps hosted on legacy mainframes (especially with clouds from VMware and Google). Once the switch from older systems to the cloud is accomplished, the move from one cloud to another is likely to be much less difficult.