25/06/2015

Who’s (not) afraid of cloud computing?

The risks of cloud computing? Vendor lock-in, data security and compliancy, and quality of service (i.e. availability, continuity and performance) are most commonly mentioned as intrinsic risks. The most significant risk of cloud computing, however, is the denial of its actual and future importance. Let us explain why.

Risks

Not surprisingly, all of the above mentioned risks also exist in traditional computing models. Choosing a development language for bespoke applications or buying a storage enclosure means vendor lock-in. Data security is of major concern in client-server computing systems. Compliancy and privacy rules are applicable for on premise computing platforms as much as for cloud computing platforms. And service quality has always been a primary concern in IT delivery.

Shift of responsibility

The change with cloud computing is that many of the responsibilities of realizing these conditions are now the responsibility of the provider/vendor, and not of the end customer/IT organization anymore. Compare this with driving your own car or taking a plane. Which option feels the safest? And which one actually is the most safe?

An important implication of this shift of responsibilities is that it also requires a shift of roles and ITIL processes in the IT organization (from operational to tactical processes). This is because the IT organization remains accountable for the secure and performant delivery of the IT services.

What are the benefits of cloud computing?

From an IT perspective, we can sum up the following advantages:

  • “Unconstrained” scalability, independent from initial investments
  • Availability and continuity guarantees are imbedded in the service
  • Network complexity and associated costs can drop seriously
  • License compliancy is easier

Of course, these are all very nice to have. But the real advantages of cloud computing come from the business perspective:

  • Capex to Opex shift / Better TCO
  • Faster Time-to-market for new applications
  • Best-of-breed solutions more and more available in the cloud only

Shadow sourcing

For many industries, these are not nice to haves, because this is actually what is expected on IT. As cloud solutions are ubiquitous, those TCO lowering, innovating and business thriving applications will be sourced by the end-users, not seldom without the involvement of the IT department.

And here is the main threat of cloud computing: in the shadow sourcing of cloud services by the end-user community. Shadow sourcing namely adds quite some risks in terms of security, network traffic and costs, data integration, integrity, consistency, etc. And the intrinsic cloud risks and challenges (lock-in, data privacy, service quality) are of course still there, but are now not under the control of the IT department anymore.

Because the IT department has experience with most of the risks concerning cloud computing, they should be involved in the selection of cloud vendors, contract negotiation, migration and integration services, governance, etc.

Deny and die!

IT departments should take the lead in the journey to the cloud. Denying cloud computing can have serious implications:

  1. Missing competitive advantages i.e. faster time-to-market, access to best-of-breed applications, lower IT costs;
  2. Exposing the company to serious risk inherent to shadow cloud sourcing.

 

Knowing all this, how can an IT department prepare for the future? This will be the content of our next article on .