Welcome!

Linux Authors: Esmeralda Swartz, Carmen Gonzalez, Elizabeth White, Pat Romanski, Dana Gardner

Related Topics: Cloud Expo, SOA & WOA, Virtualization

Cloud Expo: Article

Moving to the Cloud – Benefits and Concerns

Addressing the concerns about the cloud will allow you to see the benefits more clearly

A recent survey from the International Association of Outsourcing Professionals (IAOP) found two-thirds of outsourcing customers currently do utilize or have plans to implement cloud computing solutions. Eighty percent of those surveyed indicated their organization intended to deploy more outsourcing services in the next year.

In a recent Forrester report titled "Sizing the Cloud," it estimates a move from $40.7 billion spent on the global market for cloud computing in 2011 to more than $241 billion in 2020. The public cloud, which is under considerable scrutiny for security risks, will account for more than 66 percent of the total in 2020.

For many enterprises, moving data and applications is really a question of "when" instead of "if." The cloud is a sea change in business, and is moving well beyond a fad stage. Security breaches and large-scale outages might prove to be hiccups in cloud adoption rates, but the cost savings and increased flexibility will win out long term. Addressing the concerns about the cloud will allow you to see the benefits more clearly, and promote an informed decision in selecting a provider.

Time and Money
When IT managers are asked by senior executives why they should move their mission-critical data or applications to the cloud, the answer shouldn't be "because everyone is doing it." If IT comes back with a compelling list of reasons that increase efficiency and revenue while also costing less, then they have a compelling case.

As with most things in business and life, it all comes down to time and money. Spending less money and also freeing up time to earn more money efficiently. The simplest benefit for the cloud is the lower total cost of ownership. Moving to the cloud means less physical hardware purchases or upgrades. An enterprise with an on-premise server setup simply cannot compete with a multi-tenant cloud provider. You can't defeat economies of scale. Electricity bills are lowered as there are no longer server rooms that require optimal temperatures to function, and you don't need to operate all of the related equipment. Servers don't need to be frequently upgraded or repaired. In the cloud, the provider fixes the problems and ensures the platform is built with modern components and is working properly.

"Scalability" is another benefit tossed around so much that it almost loses its true meaning. It really means adaptability, where the cloud solution adjusts to user demand, which translates directly into cost efficiency and avoids overcapacity. If your company's product goes viral and daily demand increases ten-fold, cloud-based solutions can be quickly ramped up to handle the demand without the risk of not fulfilling orders.

For some enterprises that move large amounts of their data and application requirements to the cloud, some reductions in IT staffing may naturally follow. If staff reductions are not forthcoming, it's important to frame a move to the cloud not as simply the removal of an obstacle that will allow the staff to work more efficiently. For enterprises where the IT staff are already overworked and only a fraction of requests are handled, moving to the cloud can free up time for more mission-critical tasks. Perhaps now that new back office functionality can be completed or a sales team can be better trained on using the latest business intelligence suite.

For many enterprises, using the cloud initially for replication and disaster recovery efforts is a way to dip their technology toes into the water. Companies that want to hold on to the control of on-premises data centers can still benefit from the cloud's safeguards by trusting it with data backups. As competition rises and costs continue to fall for cloud-related services, disaster recovery efforts will become more and more cost effective.

Lingering Concerns
With the recent Amazon Web Services and PlayStation Network security breaches, many enterprises are understandably worried about the security measures of various cloud providers. Change will consistently be met with hesitation, and when it comes to moving critical data to the cloud, some concern is warranted.

IT management has considerable concerns about giving up governance of corporate data. However, the management and security of this data is still the responsibility of the enterprise, creating a scenario where doing nothing can be perceived as the proper course. In order to move forward with progress, IT will need the right cloud provider that can allay the governance concerns and provide assurances to data safety.

Data breaches of private information or sensitive intellectual property can have a ruinous effect. Regulatory compliance adds another wrinkle, especially for global firms, where strict rules about the "location" of data conflict with many cloud providers lack of transparency. If your company is based in the U.S., but the data is technically residing in the United Kingdom, which privacy laws do you need to follow?

The lack of transparency in regards to outage or breach notification is another often voiced concern. IT managers want to learn about breaches immediately from the provider, not hours later from the blogosphere. IT wants the service provider to go on auto-pilot in the face of disaster, and to follow documented call-out and escalation procedures. Concern about breaches and outages is certainly justified, and in-house IT should have a direct hand in reviewing the cloud provider's processes and track record in handling problems.

Diving into the Cloud
For larger enterprises with multiple applications and massive data sets, it pays to start small in the cloud. There is no rule saying it's an all or nothing choice. Instead of moving applications that need to be fast down to the millisecond, consider setting up some back-office applications to test out the cloud provider's performance and security. While a piecemeal approach might result in higher initial costs, it does provide you with a testing environment where you can perhaps introduce failures to check the provider's systems. If the solution provider can't handle routine non-critical tasks, they can't be trusted with personally identifiable customer data.

Look ahead to your growth rate as well and consider your likely data and application needs. If you have confidence in a growing business, your related systems will need to handle that movement without interruption. Few things derail a growing firm's chances faster than outages due to unexpected data or application demand. With a cloud solution in place, spikes in demand can be transformed from an issue to be feared to a welcome sight that heralds new milestones for the business.

Finding That Trusted Partner
The barriers to entry for the cloud are quite low, with new companies entering the space or established companies launching cloud divisions by the minute. Many vendors dive into this arena without sufficiently trained staff or the right technology expertise. They might not understand the regulations surrounding PII or have the right controls in place to protect from breaches.

To properly screen your solution providers, you need to ask them to be upfront with their protocols for data security and also pricing. Demand visibility. As the industry matures, customers who only accept transparency and don't tolerate confusing service agreements or evasive answers will help weed out the poorly run cloud outfits.

While moving to the cloud often takes some responsibility away from internal IT staff, you still need them involved in the process from the beginning. Ask your IT security staff to carefully review the cloud providers security and network procedures and to raise any red flags. Use their knowledge to poke holes in the provider's system and call out any outlandish claims about security or uptime.

Another key consideration is to look at any other SaaS providers that are interrelated with your chosen vendor. Every organization that has access to your data needs to follow set standards to be sure you don't have security holes for your data management. This chain of outsourcers can reach three or four levels removed from your company, so you need assurances from the cloud provider that these company's data standards are sufficient.

Outsourcers should be able to provide you with clear password creation and management standards that will help prevent password hijacking. Especially for multi-tenant cloud environments, the vendor needs to have controls in place to keep your data separate from other tenants.

For localized outages where there are hardware failures, how does the vendor handle such problems? Will they fix it within the hour, or within 24 hours? The best vendors will have extra hardware equipment on hand to proactively handle failures.

Finding the right vendor will allow the enterprise to experience lowered costs and operational flexibility so they can reach greater heights that would not be attainable with on-premise solutions.

More Stories By Lucas Roh

Lucas Roh is CEO and President of Hostway. From Hostway's very beginning, he has been the driving force in the company's dedication to reliability and easy-to-use services through an ongoing commitment to emerging technology. Since starting the company in 1998, he has charted Hostway's growth to achieve an international presence, rank as one of the top-five Web hosting companies globally and remain profitable every quarter since its founding. Recognizing this success, the Chicago Business Hall of Fame named Roh Chicago's Young Business Leader of the Year in 2004.

Previously, Roh was a computer scientist at Argonne National Laboratory, conducting pioneering research in the emerging field of computer technologies integrated into mathematics. For six years, he worked in software and hardware engineering for several companies, including Tektronics and Hewlett-Packard. In the late 1980s, he founded Wavetech Corp, a software company. He has taught at Colorado State University and has authored more than 20 academic papers.

Roh received a Ph.D. in computer science from Colorado State University in 1995 and an undergraduate degree in physics from the University of Chicago in 1988.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.