Last week I participated in an excellent round table hosted by www.meettheboss.tv with the CIO’s of several large European organisations. As with most IT people of that level I meet, one of the main topics of discussion was how to take advantage / avoid the risks of ‘The Cloud’. No doubt, on paper (or should that be screen these days?), the proposition on offer from Service Providers and the Hyperscale companies – mainly Amazon Web Services – is tempting. Limitless compute power, cheaper to run, simple pricing, pay as you use, global access, end-user transparency. It does indeed sound like a fabulous place. However, there seems to be quite a few catches that need careful thought before heading lock, stock and 2 smoking barrels towards The Cloud. And most of them have to do with your data. I could think of 9 major topics.......
- Who in your business ‘owns’ overall data governance and what do they think? IT, Privacy Officer, Security Director, others?
- What happens if the NSA or GCHQ want access your data? Is that a concern?
- What happens if you want to change suppliers – either in an emergency like what happened with Nirvanix or 2E2, or simply because a newer service might be better for your needs – e.g. the recently announced Google Compute Engine or VMware Hybrid Cloud Service?
- What data structure(s) will you use? Open standards or otherwise?
- What level of performance guarantee and Quality of Service do you have? Like broadband, is your service level dependent on how others choose to use the same Cloud?
- Have you considered any network distances involved, the speed of light and latency?
- Are you going to be breaking any laws - Data Privacy, Data location, etc. – by moving your data to the cloud?
- How will you audit your data in the Cloud, or across multiple Clouds, if you need to? If you have one, what does your regulator think?
- And, even if the cost for storing it is next to nothing, what does it cost to retrieve your data when you need it? How long will it take?
Despite all this, for many workloads, especially those with fluctuating and/or very high scale resource requirements, no doubt the speed and cost benefits do or will outweigh any of these risks. And, unlike traditional IT, Cloud services don’t have to be purchased by the IT department. So there is no real way of stopping them even if the IT or Security departments want to. Most organisations should plan a Hybrid of Private Cloud – essentially better run internal IT, Cloud Service Providers - who can offer bespoke IT and Applications run ‘as a Service’ in their data centres, and the Hyperscale players - who can offer global economies of scale for IT infrastructure that are going to be difficult to replicate in any other way. The key to this will be building a data platform that allows the IT department (led by the CIO) to offer users choices of service they have come to expect, but with the appropriate [long term] risks and 9 questions above taken into account. Phil Brotherton, Vice President, Cloud Solutions Group (CSG) at NetApp explores here why everyone needs to think like a Service Provider.
Over the past 6 months, I’ve heard a few very senior IT people recently say they are ‘all-in’ for the Cloud. I don’t really know what that means, but I do hope they have thought about what they would do if they decide they need to be ‘all-out’ at some point in the future. The Cloud should be an extension of your IT strategy, not a replacement for one.