Cloud computing is changing the way in which computing and data communications operate. The availability of high speed low cost communications through fibre optics means that remote hosting of computing and IT applications is economically possible, and there are clear cost benefits for both users and providers. The migration from in-house computing to cloud has not been as fast as expected. Putting aside the usual over-optimism of marketing spread-sheets, what holds users back when they think about cloud adoption?
Firstly, there is much conflicting hype in the market and many variations on which type of cloud – public, private, bare-metal, hybrid and so on, and the user must first find his way through all the hype. Then he must decide which applications to migrate. In general, applications with low communications requirements, important but not mission critical security needs and a low impact on the business if they go wrong are a good place to start.
Security is always the first concern of users when asked about the cloud. When an organisation has its intellectual property and critical business operations in-house, its management (rightly or wrongly) feels secure. When those are outside and controlled by someone else who may not share the management’s values of urgency about problems or confidentiality, management feels insecure. When critical and confidential data is sent out over an internet connection, no matter how secure the supplier claims it is, management feels insecure. There are battles going on in parliament at the moment about how much access the British security services should have to user data via “deep packet inspection” – in other words spying on users’ confidential information when it has left the user’s premises, even when it is encrypted. The “Independent” newspaper in London recently reported that “US law allows American agencies to access all private information stored by foreign nationals with firms falling within Washington’s jurisdiction if the information concerns US interests.” Consider that for a moment and note that it says nothing about the information being on US territory. Any IT manager considering cloud would be well advised not to put forward proposals to management that involve critical confidential information moving to the cloud. There are easier migrations to do.
Regulatory and compliance issues are barriers to adoption. For example, EU laws require that certain confidential information supplied by users be retained inside EU borders. If it is held on-site, there is no problem. If it is in a cloud store, then a whole set of compliance issues arise and need to be addressed, consuming time and resources and creating risk.
Geographic considerations are important. For a low bandwidth application with few transactions per user in any given period and limited user sensitivity to delays, it may be possible to host the application on a different continent to the user. A CRM application such as salesforce.com is an example where that works. For many other applications, the delays introduced and the differences in presentation to the user of identical transactions may not be acceptable. As a rule of thumb, applications for a user in London should be hosted in London and applications for a user in Glasgow should be hosted in Glasgow.
When applications are hosted on-site, management feels in control. If management gives its critical data to someone else, it risks lock-in – in other words, it becomes difficult for management to get its data back again or to move its outsourced operations to another supplier. Different providers have different ethics and processes around this, but there are some real horror stories around and management’s fears are not always misplaced.
Where cloud implementations involve standard general IT functions provided by standard software optimised for cloud, the user can have confidence it will all work. Where there is special purpose software integrated with them, life can get very complicated. Things designed for in-house are not usually designed to be exported. There will be unexpected undocumented dependencies and the complexity of the integration grows geometrically as the number of dependencies grows. Cloud has different interfaces and controls and ways of doing things and the organisation may not have those skills internally.
Like the introduction of any new way of working, cloud throws up unexpected problems, challenges the old order and challenges the people whose jobs are secure in the old order. The long term benefits of cloud are sufficiently high for both users and providers that, over time, most of the objections and barriers will be overcome.
The way in which organisations employ people has changed over the last thirty years or so from a model where everyone was a full-time employee to one where the business is run by a small, tight team pulling in subcontractors and self-employed specialists only when needed. Perhaps the future model for IT is the same – a small core of IT in-house handing the mission critical operations, guarding corporate intellectual property and critical data and drawing in less critical or specialised services remotely from cloud providers when needed.