Despite the hype and the surveys that show client disinterest
in cloud computing, it has the potential to deliver a significant
part of the future of IT,writesBCS
blogger Chris Yapp.
My own observations are that in time the cloud can contribute to
lowering costs but also to a major contribution from IT to
environmental sustainability. But, and this is a big but, a lot of
work is still going on to define key supply side issues such as
security and interoperability. These efforts will help the
maturation of the technology over two to five years, I am sure.
However, the move to cloud computing is as much about a change of
business model as it is about technology.
This presents new challenges and will require new skills for
CIOs and other IT leaders. If we look back to the late 1980s, we
can learn some important lessons from the early days of IT
outsourcing that will help here.
In the early days of outsourcing many contracts were written
that turned out to be rigid and bound both parties in ways that
proved unhelpful. Notably, many contracts had gold-plated service
level agreements which proved expensive and beyond business
requirements.
The legal implications of cloud computing, need to be addressed
up front by the potential user community to ensure that we learn
from past errors and that pioneers do not get damaged by their
desire to innovate.
SLAs are a good place to start. What SLAs should cloud providers
sign up to so that users can be satisfied with performance? What
penalties will be available? Different classes of
application/service will certainly have different requirements. It
would be good to establish a dialogue now on this. Too high an SLA
could eat up the potential savings, but if set too low, the cost of
business continuity could easily eat up the savings too.
However, I suspect the major challenge is going to be over audit
and compliance in the corporate world. Consider for instance a
financial services company that moved to cloud computing. What
restrictions and liabilities are available for the police, HMRC and
regulatory bodies to access data and information to investigate
crime and tackle fraud, for instance? This could be particularly
tricky with offshoring of data. Of course, regulations change and
therefore compliance regimes will change. How will cloud providers
deliver these requirements to their clients?
One of the lessons of the credit crunch is that many
organisations that look safe can very easily fall from their
status. It is inevitable that some cloud providers will go out of
business in the early days.
If a client buys a platform or infrastructure as a service from
a cloud supplier that fails, what will be the IPR arrangements and
escrow arrangements to enable a user to migrate to another service
and access and transfer their data?
At the end of a contract, what will be the practice in regard to
transfer of data from one cloud provider to another or back
in-house?
These are not an exhaustive list of challenges. The supply side
is looking at security, privacy interoperability and charging
mechanisms. However it is in marrying up the technology with the
business need that will determine if the industry can deliver on
the promise.
I am giving away my age by quoting a song; "It's Cloud illusions
I recall, I really don't know Clouds at all". I am convinced of the
potential, but this is too big a change to existing business
practice to believe that this can be fixed by supply side
initiatives only.
The real challenge then is, if you agree with my analysis, is to
determine what body is best placed to ensure we tackle the user
challenges at the same time as the technology evolves and
matures.
Chris Yapp can be contacted at
chris_yapp@hotmail.co.uk