No matter what your IT need, there’s someone out there willing to sell you a cloud-based solution to your problem. From software as a service, to applications, storage and infrastructure-virtually all aspects of ICT can be outsourced and delivered remotely.
But just because you can do something does not mean you should, and the increasing complexity of the regulatory environment that enterprise sized companies are working in means that the cloud is most definitely not the answer for everyone. For a start, you need to know where it is.
"The cloud is not just a vague place out in cyberspace, ultimately it’s a physical box located in a physical room," said Eoin Goulding, managing director of Integrity Solutions. "Yet we’re still seeing a trend for people moving services to the cloud without fully appreciating what that can mean, without really knowing where exactly those services are being run from."
Yes, with an ‘if’
Goulding says that while there are many advantages to using cloud delivered technology, there are also lots of drawbacks, and these do not get the attention they should.
"The big one is that when something goes wrong with a cloud delivered service, there’s nothing you can do. If you have a service operating onsite and there’s a problem with it then you can do your best to get it back up and running. Most importantly, at all times you know exactly what’s going on."
"With a cloud service, if there’s an outage then there isn’t much you can do about it, other than wait for the service provider to get it back up and running. Meanwhile, you’re sitting there while your business suffers."
He also suggests that there is a cloud-shaped bubble slowly inflating in the ICT services sector and when it bursts, the fall out won’t be pretty.
"A lot of big cloud companies were started with huge investment cash behind them but there is so much choice in the market now that it’s only a matter of time until some of these companies run out of money. When that happens, the lights will be turned out and their clients will be left high and dry."
"It doesn’t matter what kind of contract or service level agreements are in place, it’s going to cost their customers a lot of money to get their data back and keep their businesses going."
In general, Goulding says that of all the reasons to opt for the cloud, the financial ones should be eyed most suspiciously of all.
No, with a ‘but’
"We’re seeing a lot of companies being pushed towards the cloud for financial reasons. They’re under pressure, have let staff go and need to do more with less, so the cloud looks like the ideal solution. But the problem is that once you’ve moved your activities to a cloud provider, it becomes quite hard to back out if you change your mind."
"And once you’ve made the initial savings, you’re left with the realities of that model of doing business. And it’s risky-it carries risks that need to be carefully assessed in advance. Good business isn’t just about saving money, it’s about saving money in a way that doesn’t open the company up to unacceptable risk levels."
Risk is a reoccurring theme when it comes to analysing the reasons why some companies are deliberately opting not to use public cloud technologies. Since day one, banking and financial services companies have been notoriously reluctant to use cloud services because of the risks associated with taking a core asset-data-and trusting it to a third party company.
It’s not hard to see why. Any cloud service is only as good as its uptime-that is, how available it is. If you become dependent on a remotely delivered service and it becomes unavailable, where does that leave you?
However, Goulding points out that there are many more potential problems than just this obvious one, some of them inherent in the principles behind the technology.
"Managing your risk and identifying what’s really important to the business is important. When you move a service to a cloud provider, then your data is hosted on a shared virtual server somewhere. You have no way of knowing what else is hosted on that physical server and you’re open to a lot of risks because of that."
"People with no understanding of the technologies involved are convinced that they should be moving their company’s services to the cloud simply because it’s a hyped concept. But it’s not an ideal fit for everyone, not by a long shot," he said.
In addition to having no say over what virtual neighbours you share your cloud provider with, companies using cloud providers have no control over who in turn their cloud provider outsources its needs to.
"You can put your systems into a cloud centre and yes, get some operational efficiencies and reduce headcount and so on," said Peter Rose, technical director for Tekenable. "However, somewhere along the lines, your service provider will probably outsource some element of that service to another third party that you’re not aware of."
"They may encounter a problem with that third party provider-they might not pay their bills on time, they might have a service outage, or whatever reason it might be, and suddenly your contract with your direct provider has no value whatsoever. It’s all very well having a contract, but if you can’t access the services that you’re depending on then, regardless of what the contract says, your business is going to suffer. A bank for example, would go out of business very quickly if there was a loss of service."
Shifting sands
Even those companies that think they have a good fix on the regulatory issues that directly concern them need to be aware that the ground beneath their feet can shift. According to Rose, a key example is the US government’s homeland security act.
"Any company putting any data onto a server that belongs to an American company, regardless of where it sits in the world, will find that the homeland security act gives the American government access to that data without even needing to notify them that it’s happening," he said.
"You can of course choose a provider that isn’t American but what if that company is taken over in the future by an American company, and it became subject to that act? This could establish the principle that client data that you are responsible for keeping safe could become subject to the whims of a government other than your own."
Rose says he’s recently talked to a ‘large Irish bank’ that said its security advisors would never allow its data to be hosted in the cloud.
"No matter how secure you think the system is or how many penetration tests you carry out, it is simply unconscionable to consider privileged financial information leaking. Their business would be gone overnight," he said.
"If data is hosted remotely, the people hosting that data have access to it. They own the machines, they’re physically in the data centre-if they want to they can access it. All it takes is one person in the data centre to get interested in that information and take a look and that’s a risk too far."
"There is no amount of cost savings or gains in operational efficiency that make it worth a bank taking the kind of risk, however remote, that could destroy it," said Rose.
Acceptable risk
But what if you’re not a bank? If you have your regulatory t’s crossed and i’s dotted and are happy that the risks posed by outsourcing aspects of your ICT needs are acceptable, then is the cloud the answer to your needs?
Well that depends. Nearly everyone agrees that if you are a relatively young company with minimal legacy investment in IT to consider, the cloud is a great place to start, particularly for non-core business functions. But for older companies, with legacy systems to consider, there can be complications that make it just not worthwhile.
"The universality of cloud-delivered technology has been overblown," said John Casey, sales director for Trilogy Technologies.
"As recently as a couple of years ago, people were talking about how providing cloud services was as simple as flicking on a switch. What we’ve seen is that it’s really not that simple. The idea that it is cheap, easy and risk free is too good to be true-it’s not that easy and it requires a lot more thought before embracing any type of cloud solution."
The problem, as Casey sees it, is that any company looking at a public cloud solution has to abandoning the infrastructure they have already invested in and move their data to someone else’s infrastructure.
Alternatively, they can opt for a private cloud solution that uses their own technology or a hybrid mix of the two. Most companies with any kind of legacy technology are opting for hybrid cloud.
Hybrid path
"Whether you should do likewise or not depends on how critical the application is to your business. If it’s a mission critical application, something that your company absolutely depends on, like an ERP system, then for many companies that’s just too risky. You’re leaving yourself open to the risk of outages outside your control," he said.
"But this hybrid approach is the best way to gain as many of the advantages as possible while also recognising the disadvantages. It involves delivering some applications to the business as a service and some locally from a private cloud set up."
"While cloud has been overhyped, when you get down to the day to day business companies like us are doing, it’s made up of this hybrid approach," said Casey.
While many companies are obviously attracted to the cloud for cost saving reasons, if they are a long established organisation with large amounts of legacy data that can’t be abandoned, then realistically speaking, any operational cost savings made through a move to the cloud will be lost in the cost of making that move in the first place.
"Recently, we worked with a client in the medical sector that was adamant they needed a cloud-based solution,"said George Dowling, managed services solution manager for Ergo.
"But they had a large amount of existing specialised infrastructure that had been there for a long time, generating huge medical files with complex tie-ins on their mainframes. It just wasn’t a viable option to use a public cloud solution-so instead we put in a virtualised on-site system."
"Companies like that one, that have maybe 30 or 40 years worth of data that they can’t really just forklift into the cloud, will always face compatibility problems. They’re often saddled with 20 or 30 year old legacy mainframe code that won’t work on modern virtualisation platforms."
"For these kinds of companies, it’s a hard thing to move into the cloud. It has to be done in a controlled and structured way, and there are lots of problems to solve and implications to consider. There are compliance issues that are extremely significant."
Market maturity
Trilogy Technology’s Casey thinks that it will take three or four years for the market to mature to the point that service stability levels are seen to be acceptable enough to host mission critical systems.
"That’s where I see the change coming in the next three to four years, in organisations deploying ERP systems and so on. Once it’s more stable and crucially once perceptions about reliability improve, then it will become more viable."
"Already we don’t work with a single organisation that doesn’t have at least some service delivered through the cloud, but what that is depends on the company and how important that service is to them. The technology is there and it does work, but there is a fear factor there."
Part of the problem is that when outages with cloud-based services happen, they tend to happen in a very public way.
"It’s hard to hush it up if your services become unavailable and when it happens, companies watching understandably say to themselves, ‘imagine if that was us? How would we cope?’ and that’s damaged the cloud cause quite a bit," said Casey.
Subscribers 0
Fans 0
Followers 0
Followers