Part 3: Breaking through the Cloud - What barriers to greater deployment remain?

In this special report, the editor of Manufacturing & Logistics IT Magazine, Ed Holden, interviewed 13 leading vendors from the world of IT software, hardware, consultancy and infrastructure to ask them what they consider to be many of the current key talking points within this fascinating technology space.

Demystifying the concept - Key selling points - What barriers to greater deployment remain - Serving the marketplace - The Cloud on the Horizon

This article is the third in a 4 part series. You can link directly to the full article in the digital edition of the magazine.  Click here... 

Cloud computing is one of the most revolutionary paradigm shifts of recent times within the IT world. End-user organisations are now able to run their preferred software applications on a highly flexible, shared data centre in the Cloud (Internet), rather than having to configure, customise, test, run and regularly upgrade these apps on their own servers. 

Champions of the Cloud architecture concept will also comment that this type of virtualisation enables companies to benefit from the rapid deployment of sophisticated, flexible and highly scaleable software solutions without having to commit to the up-front capital expenditure of the software licences. Instead, they are able to simply enter into a pay-per-use, monthly or quarterly billing arrangement with the vendor. But there remain some concerns related to security & confidentiality, compliance, quality of service, integration and long-term costs.

What barriers to greater deployment remain?

What are some of the remaining stumbling blocks regarding greater uptake of Cloud services, and what perceived concerns need to be debunked?

Jimmy Harris, Accenture
The larger enterprises are worried about their privacy, security, guarantees of performance, intellectual property rights and limits of liability. And they are coming from a perspective of traditional outsourcing kinds of relationships, because these really are services were talking about. Its not like premise-based software where the software provider doesnt manage to a data; once it goes out to the cloud the provider becomes the custodian of the data. On the other hand, the providers themselves may or may not have the same view as to the risk inherent in their offerings and services. So theres a gap I think between what providers today are willing to sign up for and what the market is demanding in the enterprise space. If you look at a small to medium-sized business they may in fact be getting better data privacy, security and performance than they had before. So the decision to move to Cloud services is not necessarily constricted by those concerns.

Michael Klemen, Cisco
Security is definitely the big topic. But as long as you guide and protect your network and your environment and Cisco and other companies are offering services for this then you will still be on the safe side and you dont need to have any concerns. Of course, if somebody puts lets say creative criminal energy into jeopardising your security, like everywhere in life you might be in danger of something going wrong. But because of a very small minority of people are doing these things the question is: do we need to over protect billions of people? So security is definitely and issue, but I think we can handle this. And the same applies to governance. There are business rules and legal aspects to consider in various countries. Regardless of where you do business you need to follow these rules and comply with governance issues. And, once again, the network can help you in this regard. For example, if something explodes on the production line the network captures the alert. You automatically receive information concerning when the information was captured, who reacted when and how they reacted. And if you have all this data on file and stored somewhere you have a perfect event chain to discuss with your insurance company. They will then likely say you did everything right and now unfortunately we have to pay for the damage. So in these types of circumstances the network can react faster and to greater benefit than you could in a purely human environment.

Colin Bannister, Computer Associates
Certainly security is the number one concern, and this is on a whole host of different levels. There is the data integrity issue, so depending on which country you are in you are regulated by all sorts of data protection laws that may or may not permit you to have data held outside your country boundaries. However, as a provider of SaaS offerings we can make sure we have local-based hosting of those SaaS offerings. So certainly were looking at building up partnerships with hosting organisations in order to get round this type of problem. Another concern is once youre putting part of your business process outside your firewall there is the whole identity and access management issue of can you trust the public Cloud service provider. There are also concerns around availability and performance, and its interesting that many of the SaaS offerings out there dont offer a guaranteed service levels; but Im sure this will change in the future. Additionally, a company isnt going to put everything in the Cloud for example, I believe very few organisations will put their business-critical differentiating information in the Cloud so the question they ask is how do we integrate what we have in the Cloud with what we have on our own servers?

Ron E Brown, CSC
There is a gap between perception and reality around the public Cloud. I personally believe the level of security is a lot better than many think it is. Some of the technologies available such as virtual computing which Amazon offers and the secure data connection that Google offers actually provide very good security. And there are providers out there that offer users the opportunity to extend the firewall from their private enterprise virtually around their slice of the public Cloud. So the Cloud can be very secure indeed. However, there are lots of regulatory compliance issues that prevent people from leveraging the public Cloud, whether its secure or not. For example, if legal compliance means you are not allowed to keep your data out of the UK for whatever reason, then the public Cloud is closed off to you.

James Norwood, Epicor
Security is a concern certainly from what weve heard over the past 18 months or so has started to become less of a major barrier to why people will or will not use Cloud-based technology. And at the same time if you consider your own data centres, theyre only as secure as you make them. And in terms of confidentiality concerns around certain types of data in the Cloud, business for the past 20 years have been using ADP Payroll as a Cloud service and putting their entire companys employee base and remuneration details up on the Cloud. And the applications that seem to have done very well in the early days of SaaS-based delivery is CRM where you put your entire customer base and everything you know about a customer and its purchasing history in the Cloud. Then you have e-mail servers in the Cloud Hotmail, Gmail etc. containing your personal information. This practice has been going on for years and few people have had an issue; then you get to finance or accounting and everyone starts to have these massive concerns. Maybe its because of some of the big corporate scandals of the past few years, together with this new renewed focus on governance and risk and legal compliance. But to me, your accounting ledgers shouldnt be of such a concern in the Cloud compared to those other things.

Steve Strutt, IBM
Security issues such as confidentiality and legal compliance are concerns for many organisations, especially in the context of data that needs to be audited. So in the case of financial data where the legal offices of the company are legally responsible for it to exist, there is a lot of caution about moving this type of data to the Cloud. Historically, when this type of data has been stored in-house they could own and manage the risk themselves, whereas by moving to an external provider its a different relationship. Therefore many companies are not yet ready to move this type of data to the Cloud. But in the case of other types of data, where there are less concerns about compliance, confidentiality or commercial advantage, then were seeing a lot of customers starting to move in that direction. So there is a lot of take-up of things such as email services and collaboration services where there are usually fewer security concerns attached. But correspondingly those sorts of security issues I have outlined mean that there is quite a lot of interest for many organisations in actually building internal Clouds rather than going to an external provider.

Raghavan Subramanian, Infosys
Many countries have legal requirements in place to keep data from leaving their shores. So in the case of a global Cloud provider who is handling a companys data across multiple data centres, you could potentially have a non-compliance situation. Most companies are used to storing their data in their own data centre, as so it is solely owned and accessed by them. But with a public Cloud you dont necessarily know on which particular server your virtual machine is running. Its like living in an apartment and not knowing who your neighbour is.

Steve Farr, Microsoft Dynamics 
As software vendors we have to consider that some people may try to break through security barriers, or that mistakes in security can occur. So anybody who is looking at a Cloud platform to hold commercially or personally sensitive data for customers needs to prepare those systems in a rather different way. It is not simply a case of taking an application you had before, hosting it and providing access because the nature of the access is very different. OK, even if you store data on your own servers you have to ensure sensitive data is secure. However, when you take this type of data outside there are new sets of security implications. I dont like to use the phrase thinking outside the box, but in the Cloud its not your box anymore and therefore you have to.

Simon Black, Sage Pay
Security is sometimes cited as remaining concern. However, over the past five years there have been huge advances in this area. Also, in terms of integration there are advances through things such as XML 5, so the ability to customise and integrate with web-based applications has come a long way. So, in terms of security and risk generally around data security etc. theres always some level of risk, but even if youre managing your data privately within your business and you try to protect it with firewalls theres nothing thats absolutely foolproof. In the same way, if somebody really wants to get into your house, ultimately they will do it. But if you have an alarm, window locks and extra security locks on your front door potential thieves will be less and less motivated to break in. At Sage we have put a lot of resource into all kinds of penetration testing and inscription. We also have in-house competence available, so we use third-party experts to try to break through our system, just so we can ensure it is as safe as it possibly can be.

Andrew Bond, Oracle
One question companies might ask is if we abstract the location of our data away from ourselves and from our application how can we be sure that this data is then secure; how can we be sure that people cant get to our valuable customer information, for example? So you place a lot of faith in the Cloud itself because youre now deploying information to something that is faceless, whether thats the public or private Cloud. How do I know for example that this shared resource has the same support for encryption of the data as it would have within my own silo application development? Oracle can help with identity management and data security, thereby alleviating a lot of these concerns. Another area is compliance. There are lots of compliance reasons why maybe you cant legally ship your data beyond a certain geographic region. And this could be a major drawback if you have complete abstraction, so you need something that is slightly more granular than this. Other concerns are quality of service how do I know that the provider is going to give me the same capability as my current data centre does. Oracle has done a lot here in terms of being able to both manage quality of service through tuning and diagnosing, etc. and also in terms of scalability capability.

Kaj Van De Loo, SAP
For security-related reasons, some companies might be somewhat hesitant today to put certain types of data in the Cloud. However, I believe these issues can all be solved, and I think we will see a rapid evolution or maturation of the infrastructures. Today, if you look at the contracts that some of the providers offer they dont guarantee the total security of your data. But over the next couple of years new players are going to enter this space directly targetting mission critical enterprise applications. Some of the big big telcos are going to launch Cloud service offerings, and the traditional IT service providers such as IBM and HP are going to offer Cloud infrastructures with enterprise qualities. And security is one of those enterprise qualities, so I think many of the concerns surrounding security will become less and less.

Dave Carmichael, Sterling Commerce
We have certain security standards in place http and xml, etc. but we still need to be aware that some security risks remain. Nevertheless, I think the time we can pretty much be 100 per cent dependent on the Cloud providers in terms of their own security is probably coming, and using any weaknesses on their part as an excuse for lack of adoption will probably run thin soon.

K Ananth Krishnan, Tata Consultancy Services
All of these concerns are around public Clouds. There are also alternative deployment models possible such as private Clouds, which do not have such similar concerns.We have to start with the premise that not all applications are suitable for Cloud, so one has to select the right application portfolio. As with many concerns around a new technology, a few may be real concerns, while the rest may be a matter of perception, so a careful analysis has to be done. It is also clear that some of the concerns, such as data location and legal compliance in different territories, may not go away soon and may even need the intervention of legal authorities to formulate a policy, while issues such as quality of service may need a careful analysis to see if the applications really need that kind of quality of service and what kind of quality of service is provided by the users IT department.

There is a trade-off between the price point and the quality of service provided by the public cloud providers, and based on the analysis it may be possible to choose an enterprise-class public Cloud provider, or use third-party products in combination with public Clouds to meet many of the concerns. Finally, the public Cloud providers are rapidly improving their offering, so we may hope to see many of these concerns addressed in the future.


Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter