– David Malmborg, spokesperson for Dell (www.dell.com), says:
Cloud providers are always touting the benefits: dynamic storage and availability, scalable processing and computing power, and cost-effectiveness compared to traditional datacenters. Those highlights are real and tangible, but they do take a lot of work to get past the implementation details. Lack of control and flexibility in cloud applications is only part of the problem.
Security and Compliance
Governments are notoriously slow at implementing regulations governing data storage, retention, and security. Add to that the complexity of proving compliance, especially when you don’t control all of the assets involved, and you have quite a bureaucratic headache to deal with. Cloud service providers can ease some of the pain by offering reporting and security tools, but you’re chained to their ability to achieve compliance with new regulations as they appear.
Cloud computing has many of the same issues as traditional distributed computing, many of which are still open questions for IT security experts. Your security is highly dependent on the hardware and software maintained by your provider, which depends on the quality of their personnel. And the open-wide connectivity built into the nature of cloud applications adds additional worry about security, which has been justified by high-profile breaches that seem to be increasingly common over the past several years. A recent NIST report even recommended single tenancy for sensitive data, which tells you at just how fundamental a level that security considerations are being developed for the cloud at this point.
There’s a catch-22 here that many IT departments are grappling with, with rapidly increasing demand for open cloud services coinciding with the threat of security breaches. Numerous high-profile systems have been compromised, both as forms of online activism, vandalism and cyber crime. The instinct to limit new services, whose security may not entirely be under your control or time-tested, is understandable. It’s still not clear who’s winning the online security arms race, and introducing new services only increases the unknowns that you have to plan for.
Customization as Necessity
A cookie cutter approach is only going to get you so far in cloud services. Without customized applications and server configurations, it’s likely that you’re going to see a lot of overlap in functions. Some redundancy with cloud services is to be expected, but it could be a permanent state of affairs as your provider’s default services continually evolve and you remain without a customized set of configurations or services to evolve from. You’re stuck firmly at the tail-end of innovation in that instance.
Customization is also a challenge that requires you to envision what your requirements will be in the next two to five years, not just right now. Your cloud provider will need to be able to scale as you grow, and it’s hard to know when you’ve reached the point where it would be cheaper and more flexible for you to move some of those services in-house. Those in-house applications also take time to develop, leaving you reliant on your cloud provider until they’re up to speed and out of testing.
Then there is the rapid pace of change that you have to deal with, not just within your own organization, but with your cloud provider. Many organizations are hesitant to place critical services in the hands of a company whose services might be made obsolete in five years. Looking back just five years ago, the landscape was completely different. And while firms are moving ahead with certain technologies in order not to be left behind, more often than not, they give into the conservative position of sticking with the devil they know until a clear competitive advantage emerges for a particular cloud service or tool. Not everyone wants to be out there on the bleeding edge.
It’s hard to simply jump on board with a cloud-provider with no proof of concept to help you make a purchasing decision. Most companies don’t have the cash to spend on just trying something out, and setting up a proof of concept can be laborious as well as expensive. Then there’s the time and work required to determine what actual benefit you’re experiencing. Any cloud provider that can offer guarantees on their delivery of what you need within a short timeframe (and actually delivers) is probably a company you can rely on going forward.
If you can foresee immediate and mid-term benefits, it can be a lot easier to sell your organization on the upfront investments. Concretizing longer-term benefits is always more difficult, but companies that do push forward are often those that strive for and achieve that competitive edge.
David Malmborg works with Dell. When he is not working, he enjoys spending time with his kids. For more information on cloud computing, David recommends visiting here.