Cloud Computing Risks and Rewards
The relationship between ITSM and cloud computing is still a hot topic. Companies are still asking questions regarding what the cloud is, IT versus business roles in adopting cloud infrastructure, and whether the shift toward cloud computing is optional or inevitable. Ambiguity abounds.
We all know the business wants results, and requires IT to offer swift responses to business demands. The business ultimately wants to remain agile and flexible – able to adjust quickly to changing needs. IT can’t always deliver solutions as quickly as the business wants. The cloud can.
It’s easy and logical, then, for the business to leap toward cloud providers to meet their needs. In the cloud, the business can be in control of their relationship with providers – though if one doesn’t suit their fancy, switching isn’t always easy or possible.
There are hundreds of questions that pop up here – most about the risks and rewards of leveraging cloud platforming. Before we delve any further, consider this list:
- Security. Where’s your data – with your provider, or with a third, fourth, or fifth party? Is it safe? Does your cloud provider explicitly state rights to outsource your data? You should clearly understand your provider’s security-related responsibilities and guarantees described in its service level agreement.
- Re: Security – SAS70 and PCI compliance. SAS70 (a set of auditing standards designed to measure handling of sensitive data) and PCI (a worldwide information security standard) assure companies that their storage vendors are handling their data properly – so they don’t have to audit vendors themselves. SAS70 and PCI compliance policies may uncover details that aren’t specified in service agreements. Since server outsourcing can put your data anywhere in the world without the end user noticing a change, SAS70 and PCI are standards for cloud peace of mind. Google realized this early when they announced their SAS70 Type II certification in 2008.
- Re: Security - Data Protection. If your data isn’t stored within your in-house network, it’s stored in someone else’s. It’s therefore subject to someone else’s protection framework. Be sure to ask for specifics from your cloud provider regarding the intrusion detection system (IDS), intrusion prevention system (IPS), firewall, and other security technologies they’ve deployed to clarify their integrity. These security appliances are required by PCI.
- Integration with existing systems. Will cloud-based applications integrate well with your internal network configuration, security infrastructure, and software?
- Governance. Who’s in charge of your data – you or your provider? Who’s in charge of application adoption and making decisions based on performance – the business or IT?
- Internet connectivity. Since the cloud operates through the internet, it’s completely bound to connectivity. No internet, no work.
- Lower IT infrastructure costs. IT can supplement or replace internal computing resources; no need to purchase equipment to handle peak needs.
- Lower software costs. IT won’t be burdened with the costs of installing and maintaining programs on every desktop in the business.
- Unlimited, pay-as-you-need-to storage capacity. As much as you need, whenever you need it. Most providers allow you to pay for more space as you need it so you don’t have to commit to a large sum of space.
- Operating system compatibility. The cloud is built on browser-based applications, meaning OS’s just don’t matter.
- Easy group collaboration. Sharing documents? Anyone anywhere can collaborate in real-time.
- You’re no longer bound to specific devices. Change computers and your applications and documents follow you wherever you go.
- Low systems cost. You don’t need a high-powered system to run cloud applications, so the computer doesn’t need the processing power or hard disk space demanded by traditional software.
It’s clear why the momentum toward the cloud is so strong – the rewards appear to outweigh the risks. Notice, though, that the risks are coming from IT while the rewards make up most of what the business side is drooling over. It’s no wonder we’re concerned with IT and business alignment in this context. That alignment may determine the success or nightmare of cloud migration.
A recent CIO survey reported that among companies not leveraging the cloud, many aren’t confident the cloud will reduce their IT costs. Half of IT decision makers, the report said, expect little reduction in IT spending after cloud adoption. Another 42 percent weren’t sure they’d save any money.
Among companies who had adopted cloud applications, however, cost savings topped scalability and flexibility as the top reason for adopting cloud computing. 83 percent of those respondents were using SaaS models.
CIO’s results indicate a lingering apprehension about cloud services, but also a prevailing wind toward the cost savings the cloud offers. Pew Research’s study on the future of cloud computing blew in the same direction: 71 percent of respondents said most people won’t be working with conventional PC software by 2020, leveraging internet-based applications instead; 27 percent said most people would still use superior PC-based applications.
We’re going to see more companies begin implementing cloud services in the next few years. This is clear. The IT-business strategy alliance is critical to the success of cloud implementations. Since more pressure lies on IT to adjust their infrastructure and methodology to accommodate cloud services, IT faces a greater challenge: grow toward an intimate partnership with the business, or grow in irrelevance to the business.
The question has one right answer – and with that answer come a host of more questions for another post.
For a more thorough look at cloud security, check out our upcoming security post.
Want to get in touch? Contact us here.
Image courtesy of Patrick Lane Photography.