Eight cloud computing risks, and how to quash them

Eight cloud computing risks, and how to quash them

Summary: A series of 'what-if' scenarios for what could go wrong with cloud, developed by The Open Group.


What could go wrong with cloud?  Let's count the ways....

In their latest book, Cloud Computing for Business, Dr. Chris Harding and his team of co-authors affiliated with The Open Group — a key standards body for enterprise architecture — detail some of the key risk areas that need to be looked at with any cloud project:

Risk #1: The solution may not meet its financial objectives: Do your short-term and long-term ROI work. The key factors to consider when assessing cloud ROI risk probability include utilization, speed, scale, and quality. "These factors are built into most ROI models, and affect the headline figures for investment, revenue, cost, and time to return."

Risk # 2: The solution may not work in the context of the user enterprise’s organization and culture: Always a biggie. The best way to address is having "a clear executive vision and direction for business transformation," which includes top-level executive support. (Easier said than done, right?) This should include the establishment of "a clear roadmap for procurement or implementation of cloud services and applications that use them, and coordination of stakeholders and competing strategies to get consensus for storage, computing, network and applications to avoid islands of demand usage." Always start with pilots to create confidence and "build buy-in and usage in the user  community for cloud services."

Risk #3: The solution may be difficult to develop due to the difficulty of integrating the cloud services involved: "There is a risk that it will not be possible to integrate [multiple] cloud services with the existing system and with each other. This risk is critical; if the system cannot be built, it cannot be used. The service integration risk can be assessed by considering interface conversion cost, ability to change the existing system, and available skills." The skills part could stand as a risk on its own, as Harding and his co-authors point out that "significant skills are required to assemble and customize multiple cloud services from different providers in a flexible, adaptable way, while maintaining security, backup, and governance mechanisms."

Risk #4: The solution may not comply with its legal, contractual and moral obligations: "Dependence on an external cloud supplier can increase the probability of noncompliance. Even if you have contracts that  provide the necessary assurances on location and confidentiality, force majeure may prevent the supplier  from honoring them. For example, what would be the result of legal action for subpoena of data in a cloud environment that may not even be held under your tenancy, but have been placed on the same system by other tenants? And what would then be the impact on your corporate reputation?"

Risk #5: A disaster may occur from which the solution cannot recover: Along with the usual mayhem, this can be a business "disaster" such as bankruptcies or contract cancellations on the part of cloud suppliers. "As part of your risk analysis, you should identify the unplanned events that could harm you, and assess their probabilities and impacts. You may also wish to make general provision for unforeseen events that disrupt the cloud services that you use, or damage their data... you can build into your system design elements that will reduce their probability or mitigate their effects. For example, an effective backup and restore process, with the backup copy held in a different location from the data, or on your own rather than the cloud supplier’s system, can change the impact of a disaster from fatal to merely serious."

Risk #6: System quality may be inadequate, so that it does not meet users’ needs: "The system quality of an external service can be assessed using the same factors as for the system quality of your own solution." In addition, look at the track records of suppliers very carefully, just as you would any outsourcing provider, Harding and his co-authors advise."

Risk #7: Security may be inadequate: Need we say more? "Having your own information, on your own hardware and between your own four walls, provides a level of comfort that you lose in the cloud," Harding and his co-authors point out. "Cloud computing is not necessarily insecure, just that new considerations need to be taken into account and more modern security models developed and applied. You must adapt traditional security models to suit cloud computing needs and consider end-to-end security, including your own internal policies for access control and user provisioning."

Risk #8: I'm going to add an eighth risk to The Open Group's list, and that is, there may be an existing lack of service orientation. Not having full-blown SOA isn't necessarily risky in itself when moving to cloud, but the inability to move processes from current interfaces and underlying applications to more agile cloud services could really make a mess of things -- and ultimately make cloud more expensive than leaving things as is.

Topics: Hardware, CXO, Cloud, Servers, Virtualization

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Eight cloud computing risks, and how to quash them

    Although point #4 touches on the contractual/legal element, organizations moving to the cloud must have a COMPLETE understanding of how their current and future software volume licensing agreements are affected by the move to the cloud.

    Right now...even many software publishers are hesitant to give concrete answers in writing, or simply don't know what those answers should be.

    Understanding volume licensing understanding MUST be part of this equation...consult your friendly VAR for a hand in sorting this out through an effective SAM solution.
    • RE: Eight cloud computing risks, and how to quash them

      <strong><a href="http://www.freepuzzlegameonline.com/">freepuzzlegameonline.com</a></strong>

      <a href="http://www.freepuzzlegameonline.com/">Rolling Hero 2</a>

      <a rel="attachment wp-att-901" href="http://freepuzzlegameonline.com/puzzle-games/rolling-hero-2/attachment/rolling-hero-2"><img class="aligncenter size-full wp-image-901" title="Rolling Hero 2" src="http://freepuzzlegameonline.com/wp-content/uploads/2011/09/Rolling-Hero-2.jpg" alt="" width="300" height="190" /></a>

      <h3><a href="http://freepuzzlegameonline.com/puzzle-games/rolling-hero-2">Instructions to play Rolling Hero 2:</a></h3>
      Rotate the level to grab coins, gems, and the keys to the portal exit while avoiding spikes. Use Left/Right arrow key to move. Check the game for more instructions on how to play the game.<a href="http://freepuzzlegameonline.com/puzzle-games/rolling-hero-2"><em>Rolling Hero 2</em></a>
  • security is the biggest concern

    For the most part, the industry will solve most of these issues- as applications, vendors, and software manufacturers will mature and create simpler ways to integrate these service as well as create holistic solutions...no matter how many ways you spin it...security will always be an issue a true caveat to cloud migrations. ultimately you are now moving data away from your control onto another company's system...no matter what way it's stated this is a fundamental vulnerability/liability.
    That being said...the benefits outweigh the cons by too much.
    • Not quite the point of the article, though.


      I agree, security is always going to be a sticking point when determining if cloud solutions are the way a company should go. But as the article points out, just as with any technology decision, a company has to make an *informed* decision, weighing all of the benefits and disadvantages for the conceivable situations they'll need to deal with, including the need to plan for future infrastructure to help maintain the status quo and any potential replacement.

      For some entities, they will find that cloud computing will fit their needs. For some entities, they'll find it can fulfill their needs, but may end up costing them more than "traditional" methods. And for some entities, the security risks inherent with cloud solutions (versus keeping the data completely "in-house") will outweigh any potential processing advantages or even any direct cost savings.
  • RE: Eight cloud computing risks, and how to quash them

    Like most IT Consultants I am often confronted with issues related to moving data and services to the cloud. I feel it's a matter of picking your battles. For the small businesses I support, running an in house Mail Server makes less sense, but for something like simple file and folder data and the related security I don't feel there's as much need to move this off site. Many organizations see a loss in application performance and take on risk for certain items that are very simple to manage internally.
  • RE: Eight cloud computing risks, and how to quash them

    [ SOS ] Complaint with IBM China CSR on Centennial

    [ Review ] How Much IBM Can Get Away with is the Responsibility of the Media

    IBM Advised to Treat its People with Humanism in China

    Tragedy of Labor Rights Repression in IBM China

    Scandal stricken IBM detained mother of ex-employee on the day of centennial
  • best cars reviews price

    your comment is intresting and very usefull<a href="http://www.bestcarsreviewsprice.com/2011/09/acer-aspire-one-happy-2-netbook-review.html">best cars reviews price</a>