The top 3 showstoppers of cloud computing – and an unexpected one
Cloud computing is the hot buzzword of the day and is currently at the very the top of the hype cycle. I do believe that there is more to the cloud than that hype, meaning that some companies could benefit greatly from cloud computing. In spite of the hype and those real opportunities that the cloud brings, some things may stop companies from actually adopting cloud computing.
Below I will briefly describe what I believe to be the three most common showstoppers, plus one that I stumbled upon and – quite frankly – was a little surprised to learn about.
Trusting the cloud provider
We (that is humans) have a tendency to trust ourselves more than we trust others. We like to hold the steering wheel by ourselves. We can be intimidated and scared when we are not in control. Consider flying in a commercial aeroplane: The flight captain makes a living out of flying. She has great education and training. Statistics tells us that flying is way safer than driving a car. We have a tencendy to feel that doing something by ourselves is safer, but in reality we can create a tremendous mess. When we think about how somebody else performs a task we also have a tendency to compare that to how we would be able to do it given an abundance of time, money and other resources – and that is unrealistic most of the time.
The fact that cloud provider is a relatively new service is bound to reduce the trust further. Many cloud platforms are immature, despite the fact that they are built upon more mature technologies and products. At most the cloud providers have been running their cloud based services for a few years. This will definitely be a warning sign for companies that shy away from adopting new technology.
One way to increase the trust is to have the provider sign a contract that would give you as a consumer a very large economic compensation should something go amiss. It may seem to be a good idea, but would make contracts with cloud providers much more difficult to agree upon. Also, with the prescence of such a contract and in the event of an incident, the provider may have to pay up large sums of money – maybe so large sums of money that they will be bancrupt. And then you will be without a cloud provider, even if the provider didn’t let you down. If you are able to negotiate this kind of agreement you can be sure that others have too.
If you live (like I do) outside of US where most of the big cloud vendors work, legal issues may be more difficult to handle when comparing cloud computing to regular hosting. This has to do with the fact that regular hosting can be confined within one country, whilst cloud computing is often international. Some kind of information comes with legal demands that it must be saved and stored say within the borders of EU, or even within the borders of one specific country. Even if you do not have to take such regulations in mind you may want to think about legal issues anyway.
Some laws in the hosting companys country may apply for the information that we store in their servers, even if the actual servers are located in our own country. One example is the Patriot act. The Patriot act demands US government access to information upon suspicion of terrorism, and may affect data that is stored in Europe by a European customer if the cloud provider is a US company. It is important to notice the word may here. To know for sure somebody needs to
- Store data in the cloud using a cloud provider from another country or continent.
- A law, e.g. the patriot act, must be waived.
- There must be a dispute that is not resolved through negotiations.
- The courts will decide what laws apply.
Until something like this happens we simply do not know. To make matters worse laws change. To keep up with how laws change in one country may be difficult. To keep track of and adapt to complex international law is not to be underestimated. Some initiatives, like the safe harbor framework, aim to reduce these insecurities.
Convoluted enterprise architecture
Companies that have little or no enterprise architecture (that is they do not have a fair amount of control over their information, processes and existing services and applications) will find the adoption of cloud computing to be very troublesome. In order to do that they need to literally rip out parts of their existing system landscape and / or open up parts of their existing landscape and then do complex integration efforts. Integration is no easy task, and with a convoluted enterprise archtecture the task is extremely difficult, time consuming and costly. Sometimes you may get away without complex integration, but security will stop you. A lot of companies have invested time and money in creating a Single-Sign-On solution. It may be a very big challenge to extend that Single-Sign-On into the cloud. Not extending it to the cloud would lead to extra efforts in managing access rights, with the added risk of making mistakes and thereby compromising security. Sadly, too few companies have a Federated Identity solution in place today and that will be a great showstopper. SOA may help companies be better prepared for the cloud, but most companies that I have heard about are very far away from the taget state of SOA.
The unexpected showstopper is OPEX
Elasticity can be described as the ability to rapidly scale out to unprecedented demand without big up-front investments, plus the ability to save money when scaling in. Elasticity and pay-per-use are the most important selling points for cloud computing. A consequence of elasticity is that expenses are moved from CAPEX (Capital Expenditure) to OPEX (Operational Expenditure). It should come as no surprise that some companies would prefer to spend some capital up front, (that is investing in hardware and software, to be able to save money in the long run) while others prefer to pay as they go and thereby reduce risks as well as the need for capital up front.
A conversation that I had revealed another way to think about this that I hadn’t thought of before. A CIO claimed that he didn’t want to be in a situation where his superiors could tell him to cut his operational costs by reducing the amount of cloud resources he consumed. To him the fact that his services and applications were hosted in the cloud actually meant that the risk of loosing those resources was much higher than if he had invested capital to buy his own servers and software. I guess he is right. OPEX isn’t automatically better or safer than CAPEX. It all depends on how you see things and where you come from.
What do you consider to be the biggest showstopper? Please let me know!
[Thanks to Thomas Rischbeck for commenting on a daft of this post]