Posted by: peterhact | May 23, 2012

Above the cloud, looking down on the earth

There are so many articles about the cloud, talking about the long term benefits of cloud adoption and where the future lies with respect to business and government computing. I prefer to think that I am above the cloud, looking down on high through it to the earth, the physical layer at the bottom, where computing currently resides. My observations for the cloud and the physical layer below it are as follows:

1. The cloud will not be a going concern until there is stability in the offerings and connections to it: 

The cloud has an underlying assumption about its availability – if the internet or a VPN connection used to connect to a cloud service fails, there is no cloud access. There is no data, there will be no access and the users will be disadvantaged. Imagine if a Bank had all of its data in the cloud, the network had a problem and failed and it was payday across the country. How would the employees who used the bank’s services get paid? How would an employer be able to transmit information to the bank for processing? Until there is a stable environment for the cloud environment, a bulletproof, fail proof connection, the cloud will not be perceived as a reliable method for any service that is data reliant.

2. The cloud needs to be secured beyond web applications and connections – it needs to be a vault for data:

At the moment, users of cloud services like GMail need to regularly change their credentials – mostly after their passwords are compromised by attack. This is not an acceptable environment for data retention, certainly not for sensitive data like HR files, Identity files, personal banking details and medical records. The cloud needs to be a secure environment, but this creates a paradox – if the cloud is locked down, it must be connected to a regulatory mechanism that is most likely residing “off-cloud”, on a physical server. In order for a cloud environment to be secure, additional methods need to be employed to ensure that the data is safe, otherwise it will never be seen as a viable option.

The weakest point in the chain is the connection to the data from an external source. Imagine that you are a job seeker. The recruiter you have signed up with has put your job profile up into the cloud. Employers can see these profiles through a username and password. What happens if the employer is using GMail as their email and their account is compromised? Does this mean that your profile can also be compromised? could your identity be stolen? Cloud providers need to have specific mechanisms that identify users, be it from IP addresses, or another predefined method that prevents data being compromised. Only when a cloud environment is completely impervious from attack will it be seen as a viable alternative for data storage.

3. Devices to access the cloud still rely on physical connections: 

The cloud is a place where all data can reside. Humanity cannot access it without a device like a tablet, smartphone or computer. Whether or not access is via a physical server, the connection is still governed by the physical devices. With the invention of internet TV’s, fridges and other devices, we have broadened the methods of connection, but the connection still remains. If a change was made to thin clients, where no data resides locally and instead is purely cloud based, they would still need to connect to a provider that allowed access to the cloud, be it a wifi connection, 3G, 4G, ADSL, BDSL or Fibre. There is no escaping this connection requirement, unless there is a new method created in the future.

4. Cloud access still requires local support and management:

Even though you have moved all essential applications and data to the cloud, the requirement for a managed services provider will still remain. Thin clients still need to be repaired. Printers still need to be configured. Network hardware needs to be installed, configured and tested. Services won’t change, there will still be a need for the traditional providers and they won’t be put in a situation of “adopt the cloud or become obsolete”. This is one of the identified perceived fears that a provider has. If their clients move to the cloud, they will lose them as the client doesn’t need them anymore. Providers can survive post-cloud adoption. They just need to change their attitude towards what constitutes support of the client.

5. There are specific instances where a cloud solution will not be able to be adopted:

In an environment where data is sensitive, secret or of a type that cannot be put into a harmful situation, the cloud is not a viable option. The private enterprise cloud is not a true representation of the cloud, as it still resides within a boundary that is controlled, maintained and operated by the organisation who has created it. This situation is more like a common data repository, not a cloud solution. There are key components that have been deployed to ensure that data is not accessible from external sources, all data remains inside the organisation and it can exist in a datacentre that is virtualised or physically provided. I prefer to think of these instances as intranets, not clouds. Granted, the data is available to the entirety of the organisation, but it has no external access, thus is not a cloud concept.

6. Where is the data residing in the cloud:

One of the key concerns that I have heard being raised is where the data resides. Is the data in a cloud service on shore or offshore? is the data available to external users with access to the data via authentication methods? Can an organisation apply in a legal challenge to access another company’s data? With respect to data that is commercial in confidence, personal identity or legally required to be accessible only in the country of origin, Cloud providers need to provide accurate audit and storage facilities that ensure that this is the case. In the event of a failure, does the data still reside in the country of origin, or, based on the concept of the cloud, could it be replicated to another facility off-shore? This is one of the biggest hurdles for cloud takeup. if the data is offshore, can it be accessed by the government of the country the data now resides in? if a legal challenge is made by that foreign government, what safeguards does the cloud provider have to combat data leakage?

7. Physical computing is far safer than the cloud:

One of the current ways that managed providers are keeping their clients out of the cloud is to claim that physical computing is far safer than the cloud. This actually is not correct, if you have a physical environment that is not secure, a wifi connection that isn’t passkey protected, no endpoint management to prevent data loss via email or external device, then you can or will lose data. All data needs to be secured. Regardless of where it is stored, either a physical environment or the cloud, data needs to be accessible only by the owners of the data. Safer is also used for connectivity. If you have a physical server, or the applications installed on your device, you can save locally if the server fails. Cloud cannot do this. Unfortunately, local saves create an unhealthy and unsafe environment. if the notebook all of the data is saved locally to is stolen, your data is compromised, regardless of it being in the cloud or on a server as well.

8. Physical computing is actually cheaper than the cloud:

One of the things that many people are doing is calculating the cost to deploy a cloud solution and then compare it to their current physical environment. Most don’t take into account the original cost for the server, the software and the storage of their data. They take a now approach, which means that the figures are skewed towards physical computing. My advice to organisations looking closely at the viability of the cloud is to engage a consultant to analyze the information and provide a best practice recommendation as to whether the cloud is a viable option. If you feel that the data is not correct, get a second opinion. If the data from the second opinion matches the first results, they are probably correct.

9. The FUD Factor, the cloud and physical computing:

The Fear, Uncertainty & Doubt factor (FUD) is rife with respect to cloud and physical computing. Many companies argue that the cloud is dangerous. Others talk of the waste of money physical computing represents. There are components of truth within the ideals raised by providers. An accurate way to cut through to these truths is to employ an independent consultant, someone with no vested interest in the outcome. The answers you receive can arm you with the right information, allowing you to make informed decisions and gain a better insight into what is best for your organisation now and in the future. Remember, just because you didn’t adopt the cloud idea today, doesn’t mean you will never adopt it.

10. Summary:

Looking down on the cloud and the physical layer below it allows me to see that there are areas for improvement in both segments. The cloud is still in its infancy, whilst the physical computing environment has always been there. Security will play a major role in ensuring both environments are valid for organisations, connectivity will need to be available for the cloud to gain traction and ensure that organisations can use it to the best of its potential. Once the issues that have been touched on are sorted out, there is no reason that a cloud / physical hybrid could be the toe in the water to complete cloud adoption. At least by using a hybrid mix, an organisation can be weaned of the physical server dependence prior to adopting a total cloud solution.

One of the items that I have not really touched on is price, but the cost of cloud will become competitive as more organisations adopt it. There will be a moment in the future where cloud completely replaces the physical environment as the cost effective alternative. Until it does, the physical environment will still be the technology of choice. This does not mean that once the cloud is the new technology solution we will remove our physical environment – as i have already mentioned, there will still be services required for the items that cannot be cloud located and operated like printers, network components and thin clients.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: