Cloud computing (CC) is explored by most organizations today and is a $150 billion industry. Essentially CC is levering the power of Internet for computing needs using different service models (SaaS, PaaS, and IaaS) and deployment models (Private, Public, Hybrid and Community). While CC brings some benefits such as reduced upfront costs, collaboration efficiency, resource pooling/scalability, and rapid deployment, among others, it has some serious downsides as well. Questions regarding the maturity of the CC ecosystem, the track record of the Cloud provider, the stability of the Cloud solution, and security of the Cloud provider’s data center are typically asked. While these “external” questions are very important, the fundamental question is this: Is your organization prepared for undertaking the Cloud journey? This article is about the eight key “internal” aspects an organization has to consider while adopting CC. The solutions to some of these issues will be covered in my upcoming posts.
1. Information Security and Data Privacy/Compliance is not the responsibility of the Cloud provider
Security is often the most discussed topic in CC. CC relies on storing and processing data over the Internet using virtualization technologies that enable sharing of hardware. This makes the hypervisor “the lynchpin of CC” as the single point of failure. Additionally given the reliance on Internet it is not just the hackers or Denial of Service (DoS) attacks that pose a risk; it can be even simple acts such as sharing Dropbox links that could make data accessible to unintended users. In addition, the user provisioning process without integrating with Identity and Access Management (IAM)/Active Directory combined with a lack of transparency into the Cloud provider’s process and staff poses risk on access to the sensitive information for unauthorized users. Finally, numerous laws and regulations such as PCI, HIPAA, PIPEDA, and SOX require sensitive and personal information to be retained only as long as necessary for the fulfillment of purposes for which it was collected. Hence organizations should identify the sensitive data that can be hosted on the cloud, level of privacy needed, and the degree of protection for it as the responsibility for the data in the cloud still rests with the organization and not with the cloud provider.
2. In CC, Cost and Customization do not go together
Although there is a general lack of cloud standardization, service standardization from the cloud provider is one of the key reasons why Cloud costs are attractive. In general standardization and customization are mutually exclusive and CC is no exception to that. This is primarily because a CC offering is based on pre-configured solutions listed in the provider’s catalogue that is normally the prevalent or current technologies. It is difficult to get legacy technologies such as Windows NT servers on the Amazon cloud (AWS) and still be supported by Amazon as part of their standard Cloud offering. On the software side, the SaaS offering is pretty much a Commercial off-the-shelf (COTS) solution in the cloud. An organization can ask for a custom Workday SaaS application on the Cloud. But that will cost significantly more and defeat the low-cost and rapid deployment value propositions of the Cloud model. Hence if an organization’s business process is its differentiator, moving to the Cloud either jeopardizes its competitive advantage or the organization might not harness the real potential of the Cloud.
3. Alignment of Cloud Solution to the Business process is essential
CC creates a significant shift in the business processes as it empowers the IT end user. But this benefit comes at a price that the organization never sees in the cloud provider’s contract or invoice. For instance invoicing for consuming the Cloud is different from conventional IT invoicing as Cloud billing is typically based on metered service. The people who requested and used the systems generally are in a better position to verify and clear the invoices than the traditional Accounts Payable (AP) department in finance. Unlike in a conventional IT where the relationship of the organization with the IT vendor declines after the sale, in CC the relationship of the organization with the IT vendor, i.e., the Cloud provider, picks up after the sale.
4. The CC Service Model impacts the Organization structure
One of the benefits of the cloud is that when a new version is available, it is rolled out quickly and efficiently. The organization has to accept the upgrade; it has no option of not having or even postponing the upgrade. For example, if a key feature has been removed or a report has been redesigned it might take the user days to understand the change and its impact. If there are any changes that impact the Application Programming Interfaces (APIs), the downstream systems will also be impacted. In addition, most IT organizations are still stuck with manual and archaic change management processes, and the speed and process of deploying a solution in the cloud by the cloud provider might not be aligned. Hence CC requires organizations to adopt a more vertically integrated organizational structure (IT and business) across the entire CC stack, basically in line with the Cloud provider’s operating structure.
5. Integration of Cloud and On-premise Systems is inevitable
Enterprises are typically integrated with different types of systems to function as a coordinated whole. Hence cloud systems need to be integrated not only with other cloud systems but also with on-premise business applications, IAM systems, etc. In the end, organizations end up with a Hybrid Cloud where interoperability and portability are the key operating pillars. However, in most SaaS level integrations, the APIs are not well defined. At the PaaS level, there might be two different databases or the same database with different versions. At the IaaS level, the OS on the Cloud systems might be Windows while the on-premise systems might run on Suse Linux. Integration of the Cloud and On-premise Systems should not be an afterthought. It should be factored in during the evaluation.
6. Cost benefits comes with the Scale of deployment
CC is tied to economies of scale. If the deployments are of large size, there is value. However if the scale of deployment or contract is small, the overall value is questionable. Basically the leading Cloud vendors want big contracts and provide little room for contract negotiation. Another value proposition in cloud is “buy just enough” and scale up as the demand grows. But this comes with the cost of managing your vendor contract amendments. Hence organizations need to be cognizant that benefits of cost savings with CC come with economies of scale.
7. System control can be with the Cloud Provider
One of the benefits of CC is that the Cloud provider will manage the organization’s IT and only a small team is needed to oversee IT operations. This means organizations do not have an easy and quick access to qualified and experienced people on the ground if things go wrong—say a security breach. In such an event you call the cloud provider’s helpdesk to turn off the Virtual Private Network (VPN) who in turn reaches out to their Level-2 or Level-3 support depending on the SLAs. It is an established fact that having an internal team brings loyalty and better service than relying on third parties. Moreover the Cloud provider may increase their service costs, or change the terms/conditions, or shift their data center to an un-preferred location that can conflict with some legal requirements. Though the level of system control decreases from IaaS to PaaS to SaaS, organizations should be aware that they are at the mercy of the terms and conditions laid out by the Cloud provider when operating in the Cloud.
8. Switch-over costs can be expensive
For many years, the IT industry worked on establishing common standards and protocols such as Service Oriented Architecture (SOA) for vendor neutrality. But CC is reversing the effort. Going with the Cloud solution is essentially agreeing to the specific protocols, standards, and tools of the Cloud provider. A majority of the Cloud providers keep their technology proprietary, and this locks customers into their environment. This makes future migration expensive and challenging especially in the SaaS service model. Hence when organizations calculate the cost of deploying Cloud, they should factor in the costs of system migration (say to another cloud provider or even to bring back to on-premise) as part of the TCO and exit strategy.
Despite the above concerns, industry experts believe CC will mature and grow even further in the coming few years (and perhaps address the above aspects).The Obama administration has adopted the “Cloud First” Federal IT policy. IT vendors such as IBM, HP, Microsoft, Amazon, VCE, SAP, Oracle, Salesforce, etc. are betting heavily on cloud for their growth. IT Consulting companies and System Integrators have started new practices to provide Cloud services. But CC is not for everyone every time, as Cloud offerings come in different shapes and forms. Organizations considering CC should do a proper risk assessment without getting carried away with the Cloud provider’s marketing rhetoric. According to a study by Booz-Allen-Hamilton, many Cloud solutions actually fail a business case on TCO and ROI. Hence the amount of Cloud in an organization should be a balance between risk, cost, and flexibility.
I look forward for your comments. For consulting and speaking opportunities on this topic, I can be reached at firstname.lastname@example.org or +1 587 434 2581.
Dr. Prashanth Southekal, PhD
PS: Some of the points are references from CSA, Wikipedia, v3.co.uk, Joe McKendrick (Forbes) etc.
Prashanth Southekal will be presenting a free webinar with ITMPI on May 26! Sign up here: Are You Ready for Your Journey to the Cloud?