Cloud Computing Solutions - Barriers to Entry that Need Consideration
With all the hype that continues to swell around cloud computing solutions, I thought I’d look at what I see as three areas that pose a real barrier to entry. These hurdles warrant consideration for anyone looking at the cloud as an organizational opportunity.
1. Financial – If I look at the typical cloud computing case right now, EC2 is about $0.80 per hour per eight-CPU box. If you have your own data centers and fully populated them, your costs are most likely between $0.04 and $0.08. Having your own data center, you really have the budget and scale to blow away that $0.80 EC2 pricing. SMBs probably do not have that option. The cloud guys can produce tremendous margin for themselves by producing the scale of an entire data center and selling parts of it to SMBs. We’ve blogged in the past on the financial comparisons of private versus public cloud computing.
2. Technical – With cloud computing solutions, your in-house security techniques are used outside the company firewall. Your in-house systems typically have some integrated security baked-in—perhaps leveraging Active Directory. But once in the cloud, things are quite different. Developers need to think about both authentication and authorization early on in the process.
For example, if you store credit card numbers even AES-encrypted in its database and a security breach happens, PCI DSS auditors need access to the servers, which Amazon EC2 does not permit. You cannot be PCI level 1 compliant with Amazon EC2. We can store the card numbers elsewhere, but this opens a lot more security issues.
3. Operational/Organizational – With cloud computing solutions, you only have to worry about the business requirements for your applications, rather than the hardware and operating systems that those apps are sitting on. But this can also create less flexibility and potentially major changes operationally and organizationally.
One of the main concerns of security professionals anticipating an organizational switch to a cloud computing solutions model is the loss of visibility into attacks in progress, particularly with SaaS offerings. Performance management down to the end-user is also very difficult. What works well at your main facility might not be working well with your other outlying facilities.
What other barriers to entry do you see with cloud computing? Share your thoughts in the comments section below.