The cloud continues to have a growing presence in the commercial space. With the continued interest and investment in cloud computing, there has been both commercial success and alarming failures. For the purposes of the discussion, we will use the National Institute of Standards and Technology (NIST) definition for cloud computing:
Cloud computing describes a new supplement, consumption, and delivery model for IT services based on Internet protocols, and it typically involves provisioning of dynamically scalable and often virtualized resources.
More simply, it’s a distributed IT architecture that leverages the Internet’s ability to access remote computing resources. When combined with virtual machines, virtual data bases, and virtual networks, we have a very scalable, cost-efficient model -- so why does implementing cloud-based solutions continue to be so challenging?
There are several factors that impact the appropriateness or “fit” of the cloud to your business model. In this article we will discuss cloud maturity, cloud integrity, Internet reliability and IT business maturity.
- Cloud maturity -- the maturity of cloud based computing.
- Cloud integrity -- the integrity of cloud based solutions.
- Internet reliability -- the predictability and robustness of the Internet.
- IT business maturity -- the experience and maturity of the business in terms of more open architectures; for example e-commerce vs. traditional in-house applications that have time-dependent SLA’s (service level agreements) for fixed services.
When terms like “cutting-edge” and “bleeding-edge” are applied to any technology, you know you are dealing with an immature or at least an incomplete technical solution. Cloud computing certainly falls into this category, but based on my experiences with several clients over the last couple of years, IT and business have not come to terms with what that means in terms of risk and overall reliability. Cloud computing is an immature technical solution whose boundaries, protocols and application have not been clearly articulated -- there is no industry standard. This does not mean that the cloud cannot be applied to meet your business and technical needs; it does mean you have to go into this space as an educated and cautious consumer.
Cloud computing re-introduces IT integrity challenges that have long been addressed in more traditional architectures -- these challenges encompass everything from overall performance, regulatory/ethical compliance, data security/integrity, application recovery, customer/client privacy, and financial auditing. There are well-documented examples of each challenge not being met by the providers of cloud-based solutions -- we will touch on some better known ones at the end of this section.
Gartner™ has identified several key risk areas within the cloud computing space, including but not limited to:
- Privileged user access to sensitive data.
- Regulatory and ethical compliance.
- Data location: different countries have different rules and regulations around data.
- Data segregation in terms of multiple customers in the same data storage area.
- Disaster recovery in terms of what happens to your application space when a site is “lost.”
- Investigative support: Gartner warns, "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers.”
Recent failures by cloud computing providers in 2011 have certainly highlighted these concerns:
- Google failed to meet the timeline and security parameters for moving LAPD (Los Angeles Police Department) onto Google Apps.
- Amazon Web Services (AWS) Virginia data centers in its US-East-1 region were down leaving many of its customers with no service and no service alternatives.
- Sony of Japan revealed that hackers accessed 77 million PlayStation accounts including names, addresses, passwords and possibly credit card details.
- Amazon’s “glitch” (the last week of April) that caused numerous website hosts to crash or run very slowly.
- Finally, one incident in 2009 involving Twitter where hackers had accessed a substantial amount of company data stored on Google Apps by first hijacking a Twitter employee's official e-mail account. While this really had more to do with weak password protocols, the cloud certainly made it much easier to take advantage of these security gaps.
These challenges to cloud computing integrity are not going to prevent, though they might slow down, the move to cloud-based solutions. The infrastructure cost savings are just too large to ignore. What they should mean to companies in the cloud computing space or moving into this space is that they need to truly understand the risks and rewards of cloud computing and take appropriate ownership of mitigating the risks.
A factor in cloud computing that is often overlooked, even though it is fundamental to implementing a cloud-based solution, is that communication occurs over the Internet. America has one of the slower Internet connections in the industrialized world -- especially when compared to Japan and Korea. Even worse, the trend over the last few years has been for slower not faster Internet connection speeds; in addition, we also have one of the more expensive megabytes per second rates.
Depending on your business model and the location of your users, this could have a significant impact on response times which may affect the viability of a cloud-based solution. As an example, if you have a business that has a fixed SLA for time-based delivery of a service and a distributed workforce, then poor Internet connectivity, either because of overall Internet load (i.e. Cyber Monday) or simple lack of bandwidth, may disallow a true cloud-based solution for that part of your business.
IT maturity with distributed architectures and the Internet can significantly impact the appropriateness of a cloud-based solution. For example, if your IT organization has extensive e-commerce experience, then the tools and techniques of moving secure data across the Internet is part of the corporate culture and IT processes. When dealing with the cloud-computing vendors you will be able to take the lessons you have learned as an Internet-based business and apply them to your cloud-computing partnership. That being said, the cloud is an emergent solution that should not be equated with anything that has come before.
The cloud -- Does it fit into your business model?
This is a question that only you and your business can answer. I would advise anyone moving into the cloud computing space to do so slowly starting with non-critical applications first. Once you have gained some experience in the cloud-computing space, you will be able to make an educated decision on whether you should expose critical business functionality to the cloud.
David W Johnson “DJ,” Senior Test Architect with over 25 years of experience in Information Technology across several business verticals, has played key roles in business analysis, software design, software development, testing, disaster recovery and post implementation support. Over the past 20 years, he has developed specific expertise in testing and leading QA/Test team transformations -- Delivered Test: Architectures, Strategies, Plans, Management, Functional Automation, Performance Automation, Mentoring Programs and Organizational Assessments.
This was first published in June 2011