Over the past year, I've had so many conversations about the merits of cloud computing -- a sales term that to be quite honest, is becoming rather tiring. Many comments are along the lines of: 'It's so much better than on-premise computing or software-as-a-service ever was' or 'Cloud computing is young and needs time to mature.' But I don't buy it.
I now find sales pitches around cloud computing funny rather than irritating, but I do tend to think that often the majority of the "innovation" is in the sales pitch not the service itself.
Read more on managing security in the cloud
Many years ago when I started in the IT industry, it was quite common to go through a period of "hazing." I'm referring to "haze tasks" that we would ask of any new employee -- silly yet amusing requests to go and grab a long weight from the store, some left-handed screws, stripy paint or a steam bucket.
The intention was to frustrate but it was also designed to test the mettle of the newcomer; to see how well they took the frustration and whether they could see the lighter side of it.
So let me test the mettle of the cloud and try to frustrate its boundaries a little. I'll start with where cloud computing gets its momentum.
Anyone in IT knows very well that the general consumer thinks the cloud is awesome (even if they don't know what it is). It's a huge hit that connects mobile-to-mobile, mobile-to-app or mobile-to-app-to-mobile, offering multiple solutions from the end user to the interface.
Many of the social electronics utilise the cloud so heavily that if you disconnect them, they become somewhat useless. Don't get me wrong, I'm all app'd up.
It's quite funny the comparison of a day at home in front of the television to a day out bush, camping with my family. Apparently today you can't watch the television without your mobile device, but when we go camping (out of range) the device is used as a glorified camera, if at all.
A huge percentage of the content on these devices require upload and download. Mind you, for the most part, this is done seamlessly, often across multiple platforms. Take Snapchat for instance. Ease of use and intuitive nature is the key to any socially connected device for today's minions.
In addition, the age group and social dissection of app users cannot be argued with: tweens, teens, parents, grandparents. And, with many apps being free, there is very little socio-economic favouritism. I feel pretty confident in saying that the consumer cloud has exceeded almost every expectation. The organics of the now "mega beast" have changed the software and music industry forever. Sharing was always going to work. We just needed to find a way to charge for it.
Okay, so that's all good and great. I get that the public love Facebook on a phone, that the Twitter-verse needs an update and that I can carry my music in my pocket. But what are the questions we, as an industry, should be asking about cloud?
The fact is that consumer solutions and corporate or enterprise solutions have, at the core, very different focus points. While I agree that, at some level, they are starting to merge through initiatives such as bring-your-own-device but there will always be the responsibility caveat for the enterprise that contains the issue of privacy and security.
Most salespersons, at this stage, would start berating me with features/mobile access/ease of use and all the support options. Three of those options should be supplied regardless of the pitch but the support option is one that is very important, alongside some others, which I have listed below:
Picking on cloud security
This tends to be a lengthy conversation and very quickly gets into severe tech speak, with bits flying and adding up all over the place until you have a 2048-bit twice encrypted "how to make a sandwich.docx" that apparently is spread across data-centres from Amsterdam to Australia.
Accordingly safety is said to be in the sandwich spread. In theory, it's very hard to piece it all back together due to the location diversity. Somehow the portal that you use seems to be able to tie all that remote diverse information together in millisecond -- something that a hacker would have no hope of doing (You hope).
Levels of security might not be a huge issue for some but with the Australian standards on privacy (and I'm sure many countries have similar) it is going to become necessary to prove how secure your data is in the cloud. This will require service levels and non-disclosure agreements that dictate what happens to your data in the cloud.
Physical access to the cloud
Who exactly has physical and/or remote access to my data (when it's between Amsterdam and Australia)? This is a question that the Google rep couldn't answer -- and I think even Apple and the iCloud would rather walk away than work this one out.
The fact is that physical access is one of the worst kinds of security risks. If I don't know who and how many people have physical access then how can I determine the risk? I have no control over the people or persons employed by the cloud provider, this leads me to do more digging.
One of the more important questions that had developed when I was considering physical access is, "Who owns the data centres?" I quickly realised after asking a few cloud vendors that several rented or leased rack space and data centres from other providers. This adds an entirely different perspective on who has physical access.
What happens if you want to back out of a contract?
This is particularly pertinent to your disaster recovery plan in the cloud but also relevant for email and documents, which are stored with a third-party provider.
How easy is it to migrate out of the cloud to another provider or back in house? If you intend on storing a lot of data you best make sure you understand this process before you start uploading, it will certainly affect how long it will take you to get your data out?
There are a raft of questions that can be tapped onto this line of questioning that should be covered off in any contract that you enter into. For instance, what happens if the cloud provider becomes insolvent? One thing's for sure -- don't ever make the cloud your only source for disaster recovery.
What level of physical support will you receive?
Vendors seem to be pushing well away from the traditional "call a techie" helpdesk and more towards the online chat, online ticket or email. The phone support, in some cases, is now a paid extra.
For many small to medium businesses, this may not be an issue. Nevertheless, you need to detail your internal requirements and make sure you get the level of support you need when it matters most. It's worthwhile checking the around-the-clock support if you have the requirement and making sure that the after hours helpdesk is not just an overseas call centre that logs a job for tomorrow's techies.
Ultimately, whether the cloud is right or wrong is not the point. My intention is to help you understand whether it's right or wrong for your organisation.
Having run the cloud around a bit you should have a clear understanding of what your options are as well as a clear definition of what your risks are in using certain providers with a comparison of cost versus risk per provider.
I can't over stipulate how important this is; you are entrusting your company data to a third party and possibly more. As a leader within the business, it's important that you make a clear decision based on well thought through information. Best of luck.
Rodney Byfield is the CIO at Metro Tasmania, a large passenger transport organisation in Tasmania. His blog, "Singular CIO", is at www.aussieicon.com.