How cloud computing is like the credit crunch

Over-hyped, complex and potentially toxic

The recent financial crisis and the cloud have a lot in common, says Gartner's Jay Heiser. Let's just try to learn from the former how to avoid a complete collapse for the latter.

When global financial services firms melted down in late 2007, much of the blame was attributed to an over-reliance on a highly leveraged financial abstraction called collateralised debt obligation (CDO).

As described in a recent blog entry by fellow Gartner analyst Andrew White: "Cheap money, sloshing around the place, feeding an insatiable growth in demand for property, by people that had little or no ability to support the creative mortgages on offer, managed by creative new financial instruments that spread risk around the globe."

Those "creative" and "new" things melted, leaving behind puddles of toxic loans.

I don't actually expect cloud computing to experience the spectacular meltdown that the financial service markets did, but I can't help noticing multiple similarities between that situation and the reliance of today's enterprise on ambiguous 'black boxes'.

Parallels between the near fatally high levels of trust in the integrity of CDOs by banks and the growing use of public cloud computing include:

• Hype:
  Market urgency encouraging everyone to jump on a new bandwagon or risk losing their competitive edge.
• Complexity:
  Abstracted and virtualised products that are impossible to fully understand, making it impractical to carry out customary and proven forms of risk assessment. Even the maker can't anticipate emergent risks.
• Free lunch:
  Products offered as providing better returns at lower risk in comparison to traditional products.
• Non-transparency:
  Minimal information as to the constituent elements, which change in significant ways on a real-time basis.
• Formal risk ratings:
  Large, expensive and prestigious audit/assessment firms provide standardised ratings pronouncing risk to be acceptably low. Assessments are performed by inexperienced staff, addressing only a subset of the risk factors.
• Significant providers:
  Size and visibility of providers is taken as evidence of product reliability.
• 'Your people aren't as capable as our people':
  Business critical decisions and activities outsourced to abstract chains of providers, instead of relying on trusted and experienced employees to do planning, acquisition and service maintenance.

Would you buy a new car without actually driving it - would you just trust that it will be exactly like the brochure on the website?

Would you buy a house without a positive report from a home inspector?

Some people do buy pigs in pokes, and sometimes the pig turns out OK, but if my business depended on having a meaty and healthy pig, I'd want to inspect him thoroughly before accepting delivery.

Commercial cloud computing offerings remain undocumented black boxes. Most of them are actually nested black boxes, and some are a pyramid of black boxes from multiple providers.

Of course, just because these virtual pigs are in cloudy pokes doesn't mean that the provider actually is hiding something from you.

For background on the role of financial derivatives in the economic crisis, a Harvard Business Review article summarises the results of a Harvard Business School study, The Economics of Structured Finance, explaining that it "offers a close examination and clear explanation of how the process of securitisation transformed trillions of dollars of risky assets into securities that many considered to be a safe bet… the paper analyses the difficulties of rating structured finance assets and the perils of relying on ratings to determine prices."

Note the irony of the use of the word 'security' in the context of finance.

Jay Heiser is a research vice president at analyst house Gartner.

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an 'as-is' basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.