On the security question, I do think that probably the cloud vendors could do a better job. The problem is you the customer don't always know what kind of security you are getting and you don't know what level of service or what level of compensation you will get for the occasional breach. Plus there is a psychological element to security. If you are doing your own security on your own infrastructure and something goes sideways, blame can be assigned and a solution can be implemented "in house". If someone else is responsible for the security and you don't have direct access and control, you probably need to rely on the local court system and lawyers.
I have seen some TOS and licenses from cloud vendors that don't even mention what security they use, how it is implemented and how a breach is handled on the customer side of things. Obviously a smart business doesn't do business under those terms but it does have a chilling effect on all cloud vendors.
What I am most curious about is the issues presented in this blog are still relevant. Why hasn't the cloud community addressed things like security, compliance, quality of service, and failure remediation.
From a consumer's point of view, it's a mine field of these issues where some vendors offer some solutions and features to address some of the issues but not others.
As for cloud service brokerage, you have just traded a possibly highly competent IT staff for a staff of account managers who might end up not as technologically skilled and will give company managers excuses like "I know our e-mail service is down right now but I have called Google and they won't talk to me at this time." What kind of answer is that? Instead of being able to call up the IT department directly and chew someone out until the problem gets fixed, you are forced to wait until the vendor gets around to fixing the problem. People want answers in a crisis, not excuses. A vendor manager will only really ever be able to deliver excuses.
Security, compliance and auditing, contracts and service level agreements appear to be keeping 70 percent of companies with more than 1,000 employees from starting a cloud computing initiative, according to Gartner.
That tidbit was one of the big takeaways from a presentation on the cloud computing outlook. Here are the biggest concerns about cloud computing via a presentation at Gartner’s Symposium in Orlando:
- Security;
- Lack of compliance and auditing;
- Quality of service;
- verifying cost savings;
- Failure remediation.
In a nutshell, companies want custom contracts, something that doesn’t really apply when operating a public cloud service. Honestly, I was a bit surprised to see the security thing as a big worry. Cloud providers can probably do security better than your company can.
Nevertheless, Gartner’s findings illustrate why there are so many vendors talking about private clouds—also known as data center upgrades.
Other key tidbits worth noting:
- The global market for cloud services was $58.6 billion in 2009 and will hit $148.8 billion in 2014.
- Over the next five years, companies will spend $112 billion cumulatively on software, platform and infrastructure as a service.
- North America will be the largest market for cloud services for the foreseeable future.
- Through 2012, companies will spend more on private cloud than public cloud services.
- Few existing technology vendors will transition from a licensing to a cloud model.
- Accounting is a big hang-up for cloud computing. Say you’re an EBITDA company that focuses on earnings minus all the bad stuff like depreciation, interest and taxes. Well cloud computing is a real problem? If you can’t capitalize your equipment—and you can’t if you go cloud computing—there’s a financial hit. Rest assured no big EBITDA happy media company is going to go too bonkers for the cloud.
Managing cloud computing providers is going to get complicated. So complicated that you’ll need a brokerage. Gartner is pitching the concept of cloud computing brokerages. Here’s how this brokerage concept would work:
