Cloud computing: 10 hidden dangers
Davey Winder explores the downsides of the cloud, which are often overlooked, yet which could come back to haunt you.
1 - The cloud is not global in the eyes of the law
Don't forget to consider where your data is actually being stored. You might think of the cloud as being a global thing, but if the processing and storage centre that physical holds your data is located in the US (as many are) then the US Patriot Act could allow the FBI and 'other agencies' access to it without your knowledge. Indeed, the terms of the Patriot Act forbids the cloud provider from informing you that it has handed over your data at all. You might want to check how this gels with the Data Protection Act or your industry specific regulatory compliance scheme before signing on the cloudy line.
2 Beware of vendor lock-in
While the cloud computing model espouses greater freedom when it comes to accessing your data, the same cannot always be said about the technology behind the interface. Many Platform as a Service cloud models, for example, will be tied to a proprietary development platform: think Microsoft Azure with .NET or Salesforce.com with Force.com. Ask yourself if you are truly comfortable without an open application programming interface before committing to any proprietary cloud service.
3 Do you actually need to be in the cloud at all?
Fifteen years ago, when the Internet bandwagon had just started to really get rolling, businesses were queuing up to jump aboard in fear of missing out if they did not. Unfortunately, many did not have any real business case for making the relatively expensive investment required to move it online and as a consequence saw little bottom line reward. The same 'gold rush syndrome' applies to cloud computing, so don't let a combination of hype and fear override good old fashioned sense: make sure you have a solid business case for the cloud before committing your company to it.
4 Avoid cloud-based departmental data ghettos
The bigger the business the harder it can often be to get a panoramic view of what's actually happening at a departmental level. Actively discourage, through policy and enforcement, the establishment of cloud ghettos at an individual or departmental level. A proper business analysis to build the case for cloud adoption takes time, but some employees and managers will not want to wait. The hidden danger being that these people might be using consumer-grade public cloud services for data backup and access, without proper corporate consent. It doesn't take a genius to realise that the consumer cloud is no place for business data. But also be wary of managers signing up to business-grade cloud services at this 'local' level, which could introduce platform incompatibilities, vendor lock-in plus data management and integration problems when a corporate cloud solution is agreed upon.
5 Don't confuse platform and business architecture
There is a very common tendency to look at the cloud as being just a matter of data relocation: but cloud computing should not be viewed as just a change of platform. Avoid thinking of the cloud purely in terms of infrastructure, and instead ensure that you approach any change from a holistic business perspective which understands that 'how and where' are not as important as 'what and why'. If a consultant comes in and recommends Amazon or Microsoft, for example, before properly auditing and understanding the core business needs then your migration into the cloud is likely to be a bumpy one.
6 The cloud is still immature
Despite all the hype, the cloud is still a relatively young technology so do not expect it to act in a mature manner all the time. You would not entrust your mission critical website to a single server and host without some kind of coverage for unexpected downtime, so ensure similar contingency plans are in place with your cloud provider. Even then, immature operational systems could be problematical: I know of one cloud provider which used a well intentioned but automated rules-based malware monitoring system to flag an account as 'suspect' and so equally automatically suspended it without any warning or contact.
7 Don't assume your data is secure
It's tempting to think that if you've out sourced your data storage or application delivery to the cloud then you've out sourced the security of your data or application as well. The truth is that if you've contracted with an Infrastructure as a Service (IaaS) model then security of your virtual servers will likely be mostly your responsibility. Platform as a Service (PaaS) providers should shoulder more responsibility, but don't overlook ownership of encryption keys and users of Software as a Service (SaaS) clouds should double check to ensure the provider meets both enterprise and regulatory security expectations.
8 Don't forget the Service Level Agreement
Service Level Agreements are as important in the cloud as with any contracted service provider, so don't make the mistake of signing on the dotted line without first getting your lawyers to dot the i's and cross the t's. Ensure that business-critical issues such as availability, security and responsibility are clearly covered in black and white. While a legally watertight SLA will not prevent cloud downtime, it will provide help with after the event conflict resolution.
9 Slow, slow, not quick, slow
One thing you will probably not find in your cloud provider SLA is any mention of performance beyond uptime and availability expectations. If your applications have been developed with local data storage performance in mind, then don't be surprised if they falter somewhat courtesy of bandwidth and latency issues. When researching cloud solutions, ensure that real world end-to-end performance at the I/O level has been factored into your analysis.
10 What if it all goes wrong?
And finally, plan for the worse case scenario: and in the case of out sourcing all your data storage to the cloud that means the cloud provider going under, going down or otherwise going AWOL and taking all your data with it. The biggest hidden danger of the cloud is the notion that complete loss of data cannot occur. Unfortunately, the only failsafe solution is to retain a full data backup on your own servers or with a second remote provider. And that really negates the cost savings at the heart of cloud migration in the first place.