Monday, April 13, 2015

Why We So Afraid of that Cloud?

You'll hear a lot of folks flinging the term around today, some as an epithet, others as a panacea. Cloud computing, or simply The Cloud has come to mean a lot of different things to different people and industries.

Some will tell you that it's a magic elixir that opens a new age of computing and business solutions and makes things possible that never were before. Others will tell you that it's a dangerous trend and that it cedes control of our corporate and cultural data assets to a faceless service provider determined to dissolve our privacy and likely to compromise our proprietary knowledge.

Neither is completely true and we'll see a shift begin from dominance by the latter myth to dominance by the former. If the two camps were tasked with carving up Grandma's best pie, the anti-cloud forces would by far take away most of the delicious calories.

From my observations, and given my opinions about what's possible with The Cloud, it seems that perhaps the division should be canted slightly in the other direction.

Is it Good for You?

Whatever it is, and whatever it means, the real question around the stampede to Cloud Computing is, does it serve a need for me and my company, and does it serve that need in a way that's safe and effective. So the logical place to begin is to define what we actually mean when we talk about The Cloud.

What is it Exactly?

When it comes to The Cloud, we're like the blind men standing around an elephant and arguing about its true nature. One thinks it's a tree trunk, another a hose, another thinks it's a wall and one thinks it's a rope. A trivial view of the cloud model is that of  a computing system with both data storage and computation taking place offsite with the computing resources owned by someone other than the recipient of the service. This oversimplifies things.

The National Institute of Standards and Technology (NIST) published a widely accepted definition. It's not necessarily the truth. This is from one governmental body, one with a particular concern about information security for government agencies. But it is a useful model from which we could derive a sense of what makes The Cloud an important development in the timeline of Information Technology.

The NIST definition suggests 5 essential characteristics:
  • On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

  • Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).

  • Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.

  • Rapid elasticity. Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

  • Measured service. Cloud systems automatically control and optimize resource use by leveraging a metering capability1 at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

A couple of these characteristics raise questions, perhaps even startling concerns. Consider for instance, the movement of a company's financial records to the cloud (a possibility empowered by offerings such as that of NetSuite). At first blush, the implication of Resource Pooling means sensitive financial records are held on a computing system along with those of other tenants. That might seem provocative. The benefits of Broad Network Access would seem to be anathema for a company concerned with maintaining security of sensitive or proprietary data.

But a closer look dissolves these concerns for all but the most deeply entrenched of Cloud Haters. The idea that sensitive financial records can only be safe if held on a computing system in one's own corporate building protected by direct employees is a stone-aged view of security and one that has been disproven on many conspicuous occasions. In the cloud model, the costs for off-site data backups, and physical security for both data repositories is shared with others. The need to trust a vendor and their SLA is not necessarily a greater risk than that of putting that trust in your own employees.

Further, the principle that access to a key computing system should be localized rather than broadly available seems comforting at first blush. Upon consideration however, the costs of proprietary communications systems to handle such trivia as submission and approval of expense reports, or the volumes of data that come from distributed Point of Sale systems is staggering when compared with that of securing data flows over common information transport.

What Does it Make Possible?

Many of the characteristics of true cloud computing threaten established IT practices and may even seem unsafe when examined superficially. But the benefits often outweigh the phantom or myopic fears that arise from consideration of the possibilities.

Imagine that a company could provision and begin operating a data center, a customer call center, an accounting department, a fulfillment center, and a ubiquitously available sales channel in a matter of days. Contrast that with the several months, or even years, it might have taken in the past. (Self-service provisioning makes that possible.) Further, consider that a company might incur relatively small expense to establish such service, and only pay more as usage increased as a response to business growth. (Measured Service and Rapid Elasticity make that possible.) Speed to marketplace is a darling concept, and some aspects of Cloud Computing make it more than just an attractive buzzword.

Another implication is that of empowerment. When a small or mid-sized business can begin using resources that were once only possible for very large corporations, new things become possible. The value of this can outweigh security and privacy concerns, especially if the risks are mild or remote. In a way, this is good news for the little guy. A small, agile company with clear vision can outmaneuver a ponderous behemoth that rejects Cloud Computing in deference to nebulous fears and ham-handed security policies steeped in employee self-interest, superstition, and resistance to change.

Where Does This Leave You?

Cloud Computing is not a solution to everything. Indeed, it might not be the right solution to many business IT problems. But it does offer a good solution to many old problems, and the possibility of solutions to new problems that arise in a fast moving, fast changing marketplace.

New business models will be possible, and rapid answers to stubborn questions will arise because we can do this now. So take a good look for yourself. Be pragmatic (but realistic) about the security and privacy exposure that may be involved. But acknowledge the weakness in our current attitudes about these concerns.

This isn't a new equation. In the 1990's business didn't trust the Local Area Network. By the end of the '90s, business didn't trust the Internet. At the start of the millennium, business didn't trust wireless networks. Now we're fearful of The Cloud. 

Address that, and something new may be possible for you and your company. And if you look closely, a lot of the Fear Uncertainty and Doubt may come from voices that have something to lose from the rise of The Cloud. Many outdated business models will fade, just as new ones will evolve. Which view of the tar pit will you adopt? I like the outside-looking-in perspective myself.