03-09-2012, 04:21 PM
Challenges of Cloud Computing
challenges of cloud.doc (Size: 34.5 KB / Downloads: 36)
Is cloud computing the savior of business? Is it a threat to data security? Does it signal the demise of the corporate IT function entirely? These are some of the questions executives are asking about the use of remote servers in the cloud, which enables organizations to access on-demand computing capacity, software and business functionality.
Cloud computing is a young phenomenon, and it is suffering through the growing pains typical of its age. It’s also subject to many overblown claims in the marketplace, from ardent supporters and detractors alike. Although the upside of cloud computing is considerable (see “The promise of cloud computing,” Outlook Point of View, April 2011), numerous challenges lie ahead—among them, safeguarding data security and privacy, defining the contractual relationship with providers, dealing with lock-in and exit strategies, and managing the cloud services.
New research from the London School of Economics and Accenture—based on surveys of more than 1,000 business and IT executives, as well as in-depth interviews with more than 35 service providers and other stakeholders—takes a rigorous, data-driven look at cloud computing trends and usage. It is telling that the IT executives interviewed were almost uniformly more cautious about realistic timeframes for cloud implementation than were the business executives, who are especially interested in agile and cost-effective IT solutions in the near term. This caution is rooted in several implementation challenges.
Challenge #1: Safeguarding data security
Our survey asked IT executives to identify the biggest risks in cloud computing. The top answer, named by two-thirds of respondents, was “data security and privacy.” Potential adopters are concerned about the security of data outside the corporate firewall. A related issue has to do with offshore data housing, which can pose problems of legislative compliance when data crosses borders. In the short term, most companies can avoid these issues by using domestic cloud facilities.
The cloud carries some new risks, however—notably, as one of our interviewees put it, “People hack brands or hack applications regardless of what the infrastructure is underneath.” Because a cloud provider hosts multiple clients, each can be affected by actions taken against any one of them, as in distributed denial-of-service attacks—server requests that inundate a provider from widely distributed computers. This is what happened, for example, in the wake of the WikiLeaks activities: when attacks came into the provider hosting WikiLeaks, all other clients were affected as well.
However, some of these risks are mitigated to a degree by new security applications such as encrypted file systems and data-loss prevention software. Cloud providers also have the ability to invest in more sophisticated security hardware and software, such as using analytics to examine unusual behavior across vast numbers of virtual servers. Beyond this, a provider’s scale enables effective responses to large-scale server attacks through high levels of redundancy.
Concerned enterprises can also mitigate risk by employing hybrid clouds—a situation in which most servers are in the cloud, but key data is hosted internally—and by improving data governance.
Challenge #2: Managing the contractual relationship
Cloud computing contracts are a mix of outsourcing, software and leasing. Some observers have argued that contracting for cloud is simpler than traditional approaches to IT sourcing because only one contract is required instead of multiple agreements for software, hardware and systems integration. In reality, however, few software, platform or infrastructure providers meet all of a client’s functional requirements, so contracting for cloud services typically involves ecosystems of providers that must be integrated to provide complete solutions.
Cloud contracts generally focus on service-level agreement (SLA) guarantees, but the network of interactions within the overall ecosystem increases the complexity of SLAs. Software-as-a-service providers, for example, often share a single platform for all users, and so they cannot provide each client with a differentiated SLA. At present, relatively low compensation is offered by providers for breaches of SLAs, but competition should improve this situation, as should the development of cloud standards.
Our research also found that cloud providers are currently not adequately focused on providing enterprise contracting requirements. As one respondent told us, “The problem with cloud services today is that many of the service providers have not evolved to the point that they are comfortable being custodians of data.” That is, many providers have historical roots in product development, not service provision, so they often do not adequately understand what it means to have service liability.
In response, companies should evaluate cloud SLAs in relation to their company’s risk management profile and the ecosystem of cloud providers. When the offered SLAs are insufficient, companies can seek to exploit multiple cloud providers for the same service. In this way they can fashion their own guaranteed uptime by creating virtual points of presence at extremely low cost. Also, companies can engage a service integrator to perform management and contractual functions.
Conclusion: Resolving the tensions
Our interviews have exposed potential tensions between enterprise executives, who express the desire for command and control over business services, and IT executives, who must adopt new modes of operation when it comes to leveraging the power of the cloud. Other tensions exist as well: for example, if cloud suppliers are looking to commoditize their services, how will clients achieve the customized services they desire to support business agility and differentiation?
These tensions are not insoluble, but they do suggest that providers and clients alike must consciously address a suite of cloud challenges in the planning, contracting and management of services.