Despite the hype and the surveys that show client disinterest in cloud computing, it has the potential to deliver a significant part of the future of IT, writes BCS blogger Chris Yapp.
My own observations are that in time the cloud can contribute to lowering costs but also to a major contribution from IT to environmental sustainability. But, and this is a big but, a lot of work is still going on to define key supply side issues such as security and interoperability. These efforts will help the maturation of the technology over two to five years, I am sure. However, the move to cloud computing is as much about a change of business model as it is about technology.
This presents new challenges and will require new skills for CIOs and other IT leaders. If we look back to the late 1980s, we can learn some important lessons from the early days of IT outsourcing that will help here.
In the early days of outsourcing many contracts were written that turned out to be rigid and bound both parties in ways that proved unhelpful. Notably, many contracts had gold-plated service level agreements which proved expensive and beyond business requirements.
The legal implications of cloud computing, need to be addressed up front by the potential user community to ensure that we learn from past errors and that pioneers do not get damaged by their desire to innovate.
SLAs are a good place to start. What SLAs should cloud providers sign up to so that users can be satisfied with performance? What penalties will be available? Different classes of application/service will certainly have different requirements. It would be good to establish a dialogue now on this. Too high an SLA could eat up the potential savings, but if set too low, the cost of business continuity could easily eat up the savings too.
However, I suspect the major challenge is going to be over audit and compliance in the corporate world. Consider for instance a financial services company that moved to cloud computing. What restrictions and liabilities are available for the police, HMRC and regulatory bodies to access data and information to investigate crime and tackle fraud, for instance? This could be particularly tricky with offshoring of data. Of course, regulations change and therefore compliance regimes will change. How will cloud providers deliver these requirements to their clients?
One of the lessons of the credit crunch is that many organisations that look safe can very easily fall from their status. It is inevitable that some cloud providers will go out of business in the early days.
If a client buys a platform or infrastructure as a service from a cloud supplier that fails, what will be the IPR arrangements and escrow arrangements to enable a user to migrate to another service and access and transfer their data?
At the end of a contract, what will be the practice in regard to transfer of data from one cloud provider to another or back in-house?
These are not an exhaustive list of challenges. The supply side is looking at security, privacy interoperability and charging mechanisms. However it is in marrying up the technology with the business need that will determine if the industry can deliver on the promise.
I am giving away my age by quoting a song; "It's Cloud illusions I recall, I really don't know Clouds at all". I am convinced of the potential, but this is too big a change to existing business practice to believe that this can be fixed by supply side initiatives only.
The real challenge then is, if you agree with my analysis, is to determine what body is best placed to ensure we tackle the user challenges at the same time as the technology evolves and matures.
Chris Yapp can be contacted at [email protected]