Cloud Computing: Cutting Through the Fog

May 18, 2011

Cloud computing is being widely touted as a way to eliminate IT headaches, reduce cost, and increase performance. What are some of the drawbacks practices should consider?

Cloud Computing - and its “me-too” cousins ASP (Application Service Provider), SaaS (Software as a Service), and many other names - is being widely touted as a way to eliminate IT headaches, reduce cost and increase performance.

The basic idea has been around in various forms for decades - computer time-sharing, batch processing, service bureaus, hosting - but it seems that marketing has finally found a catchy label that has stuck. The Cloud is everywhere you turn, and everyone is (or should be) getting on it. Or so it would seem.

There are certain applications where cloud computing may make sense: virtual companies without a physical headquarters; hyper-growth companies that need quick, but short-term, access to technology infrastructure such as development- and test-server platforms; companies with a largely web-based business model; or companies that need to rapidly scale up (and possibly scale down) their infrastructure, etc. However, if you have a physical office, and a long-term business model based on in-person transactions (such as healthcare), then your first choice should probably be well-designed client/server architecture, where your data is more readily available.

But there are many things to consider before just assuming The Cloud will solve all your problems. First, there’s the cost: If you analyze the monthly hosting/cloud service costs over several years, usually there is a crossover point after about 18-24 months that favors having your own internal IT infrastructure. If you don’t have a lot of cash for a big one-time investment, which is a major selling point of cloud computing, leasing/financing can convert it to a low monthly payment that mimics what you’d get with The Cloud.

Then, there’s IT headaches: They are not all eliminated. You are still subject to building power outages, network outages, and the like. In fact you are even more dependent on network outages because if your network circuit goes down in a cloud model, you are completely out of service. And you have to add in the cost of more reliable (and redundant) broadband Internet circuits.

Third, there’s performance: An internal client/server Ethernet network typically runs at 100 Megabits per second. A T1, which is a typical broadband circuit, runs at one-sixtieth of that speed, 1.5 Mbps.

Fourth, there’s services and alignment: The cloud provider has to provide exactly the services you need. It is very difficult to find a provider whose service offering will replace every business function that can be provided on internal systems. You are also subject to whatever software versions and service offerings that your cloud vendor provides, and that can change (or even stop entirely, which seems to be happening with Google Health). Software upgrade cycles also can be a problem. With internal systems, you can decide when (and even if) to upgrade your software. Cloud providers upgrade on their own time frame, and it might not match yours.

Next, we move on to outages and downtime: Some of the biggest and best-funded cloud providers have suffered significant downtime episodes. Typically those outages have lasted for many days or even weeks and have affected millions of customers. Some of them have resulted in permanent customer data loss.

Finally, there’s the issue of control, ownership, and security of your data: In spite of what it says in your contract, your provider has your data. If/when you want to get it back, either to move it internally or to another provider, it is very problematic to do so. And if they lose your data, it’s gone (unless you have somehow maintained a local copy). There are also reports of data being stolen or compromised.

The technology literature has generally being very enthusiastic towards cloud computing; however, it has been increasingly less kind recently. Below is a collection of recent articles from a surprisingly wide variety of authoritative sources that are outright negative:

A 2009 white paper, “The Future Is Partly Cloudy,” by Diamond Consultants (now part of PwC), notes the risks, stating cloud is “immature, providing far less control over SLAs (service level agreements), raising security and compliance concerns, and complicating back-end integration.”
 
“Where is your data?” asks an April 18, 2011 Computer World article, “5 legal gotchas in the cloud.”

Data stored (or even replicated) in a facility in another state or another country, which is more common than you might think, might subject you to different regulatory jurisdictions. Also, in the event of legal action (e.g., subpoena, court order, e-discovery), there have been reports of shared servers and storage systems with multiple customers’ data being seized by the authorities.

On May 1, FierceCIO ran, “Cloud outages: Just like yours and mine.” This editorial states that companies that outsource to the cloud still have to maintain some internal redundancy and infrastructure, to compensate for cloud provider failures that are no different than what happens in any typical corporate IT shop. Editor Caron Carlson writes, “…for any enterprise capable of handling these [IT] services in-house, it’s looking more and more sensible to keep them there.

Why pay someone else to make the same mistakes you can make on your own? Especially if you have to invest in and manage much of the expertise and technology yourself anyway?”

A May 4 Computer World article entitled “Fortune 1000 firms shun public cloud storage” says “Fewer than 10 percent of enterprise-class corporations are considering the public cloud as a place to store even their lowest tier of data …” Apparently the view that all large enterprises are migrating en masse to the cloud is incorrect.

A May 7 eWeek article, "Cloud Service Providers Say Data Security 'Not My Job': Study," described a “shocking” study that found that 73 percent of U.S.-based cloud providers thought their services “did not substantially protect and secure their customers’ confidential or sensitive information.” Cloud providers said they didn’t think their customers thought data security was important. Media outlet eWeek called this “shocking.”

Draft technology guidelines issued in May 2011 by the National Institute of Standards and Technology (NIST) summarized many of these issues: “NIST: Cloud computing has a number of technical issues.” It lists the following: network latency, (lack of) portability, lack of interoperability, compliance with regulatory requirements, and inadvertent data leakage.

In summary, The Cloud is not new, and it is not a panacea. It trades one set of problems for another.

Learn more about Marion K. Jenkins and our other contributing bloggers here.