Common concerns about moving to cloud computing
Posted by decipherinfosys on December 17, 2009
Cloud computing is no longer just a buzzword that can get a CxO excited. It is actually in practice in many of the shops now and it is here to stay. We have covered different forms of cloud computing along with other aspects related to it in some of our posts before. There are, however, several concerns that companies have about moving to cloud computing. More than a year ago, those concerns used to be very open-ended questions like: “What is the difference between Infrastructure as a service vs Development as a Service? What are the different types of cloud computing and what are the benefits to our organization by moving to the cloud?”. Some of these questions we had covered in a previous post here.
Lately, as more and more executives are becoming aware of the pros and cons of cloud computing, those questions are changing to be more probing questions about the actual details and ROI. The questions nowadays are geared more towards security and service level agreements as well as monitoring those services. And in addition to that, trying to understand the different options that the companies have when trying to pick a vendor for cloud computing whether it will be Google’s AppEngine or MSFT’s Azure or Amazon’s EC2 etc. Two such major concerns are:
- Availability – Any possible service interruption from the cloud service provider could severely impact the business. Users of Gmail for business have experienced this twice this year – once in March and then in September for a couple of hours. So, knowing your cloud provider and their SLAs well before moving your business critical applications to cloud is a must.
- Security – This is a huge concern for many in the IT industry considering the dynamic nature of the cloud. The area of concerns lie around the following :
o Confidentiality – Who has access to your data and application in the Cloud?
o Compliance – Where do your data and applications stored in the cloud?
o Liability – Who is liable in case of a security breach in your cloud infrastructure?
o E-discovery – Are the data and application immediately retrievable in case of a disaster at one data center?
o Perimeter/Host security – What type of security is implemented by the cloud provider on traditional DoS and other type of malicious attacks launched against the applications?
To overcome these concerns, there are best practices and solutions being developed by various vendors and non-profits in the Cloud Computing arena. They key one to be noted is Cloud Security Alliance. HP, Cisco, IBM and Microsoft recently joined Cloud Computing Consortium to address the concerns. There is an eWeek article on this which can be found here.
Best way to approach these initiatives is to do a prototype first on your own. Take one of the non-mission critical system that is used internally and move it to the cloud. Doing proof of concepts like these will help make your case to the management team and the board and will also help you in charting a plan to move towards cloud computing. Before you do that though, you of course have to do proper research to pick up a cloud vendor.
There are interesting articles in this area and few of them are listed below: