Here at ASG, we try to understand our clients’ needs before even considering the cloud as an option.
For example, we’ll ask, “What problem are you trying to solve? Do you know the cost breakdown for that problem?” This usually is a combination of budget allocations needed for the business application, such as the cost to generate certain products to customers – personnel, hardware, software, and facilities expenses. Without figuring this level of detail into your application stack, we aren’t likely to suggest that cloud computing solutions will save your IT budget…
Many customers don’t need a data warehouse 24-hours-a-day—they only need it two hours a week. Some companies are willing to spend a bit more on computational resources just to get those two hours. The analogy would be to analyze the cost of either purchasing a car or taking taxis to meet personal transportation needs? From the cloud user’s view, it would be as startling for a new software startup to build its own data center as it would for a hardware startup to build its own fabrication line.
For other CIOs, it’s all about focusing on their core business; they buy only the infrastructure that directly supports their unique contributions in the marketplace, what they consider their core business. Cloud computing is all about separating compute that’s not needed all the time—but can be ‘parked’ in the cloud and spun up as necessary—from data.
But remember, with cloud computing solutions, your in-house security techniques are suddenly used outside the company firewall. Your in-house systems typically have some integrated security baked-in, perhaps leveraging Active Directory. However, once in the cloud, things are quite different. Developers need to think about both authentication and authorization early on in the process. For example, if you store credit card numbers, even AES-encrypted in its database, and you experience a security breach, PCI DSS auditors need access to the servers. Amazon EC2 doesn’t permit this, so you can’t be PCI level 1 compliant with Amazon EC2. You could store the card numbers elsewhere, but this opens more security issues.
Security professionals anticipating an organizational switch to cloud computing solutions worry about the loss of visibility into attacks in progress, particularly with SaaS offerings. Performance management down to the end-user is also very difficult—so what works well at your main facility might not be working as well with your other outlying facilities.
Interestingly, at the Intel Developer Forum conference just a couple of years ago, two of Intel’s best and brightest engineers rained on the cloud-computing parade at a session entitled Intel Fellows: Live and Uncensored! Kevin Kahn, director of Intel’s Communications Technology Lab said, “We really have a lot of meta-questions to answer that affect how cloud computing rolls out, particularly in the areas of privacy and security.”
Ultimately, cloud computing solutions are often portrayed as a panacea for dysfunctional IT systems. But the ugly truth is that cloud computing can create as many problems with IT infrastructure, systems management, security, application configuration and data access as it solves. Cloud computing solutions are all about change to your environment, your control over asset storage, security, and workflows and data availability. The point is, though, that a lot of what runs across your existing IT landscape today is actually very predictable and probably doesn’t need the extreme flexibility touted by cloud technology and service vendors. Traditional infrastructure and hosting models will therefore co-exist with dynamic ‘private clouds’ and ‘on demand’ or ‘elastic’ cloud services for the foreseeable future.