At SNW Europe, Steve Duplessie, founder of analyst firm Enterprise Strategy Group, attacked cloud computing for its lack of security and accountability, calling Amazon an "unknown, unsecure provider" and referring to putting data into its EC2 as putting it "God knows where." This is a valid argument, one that is used whenever change is mooted in the IT industry. Moving from centralised to distributed platforms, introducing thin client technologies and adopting the Internet have all, in their time, been targeted by critics worried about security and accountability.
As with all IT architectures, an agreed position on security and data ownership is fundamental for success. At the moment, there seems to be very little common ground on standards to cover all the traditional areas of systems management -- namely security, accountability and data ownership -- in a cloud environment.Without these in place, we will not see pure utility-based or virtual computing emerge.The Sceptics are right to highlight current deficiences of cloud computing, but this can be over overcome with proper standards and correctly-set levels of expectation.
CTOShoden Data Systems UK
Cloud types security
While the critics may be correct to highlight the security issues related to virtual data centres, we must not assume that the traditional methods of data centre management are perfect either. Every week brings another story of lost data: an insurance company losing a tape containing details of 50,000 of its customers, government losing a laptop with the personal details of 14,000 voters. We have all seen other examples, too: the Inland Revenue losing millions of customer details on two CDs, Barclays' chairman losing £10,000 in an ID fraud scam and a large number of customers' bank records found on the motorway.
How many CIOs are certain that their in-house disaster recovery procedures can safely and accurately restore a working IT environment within the terms of their agreed service-level agreements to meet the RPOs and RTOs needed by their business? One attraction of adopting a virtual data centre approach would be to negotiate successfully with the provider a binding, committed data protection and security strategy. As the pool of virtual data centre providers matures, one means of differentiation will be the quality of guarantees underpinning their services.
Again from SNW Europe, Duplessie said that those who run the infrastructure have a different mission from those who run the business and applications side, which ultimately causes clashes. He added: "Our (IT) world is about becoming cheaper, consolidating and being more effective at what you do. That mission is directly at odds with going faster to satisfy the immediate business needs."
For the virtual data centre providers, another opportunity now opens up. The data centre providers will (almost certainly) have access to a greater pool of developers and business analysts who can meet the business needs more readily than the incumbent IT organisation.
Virtual data centre flavours
Already we can see that there will be many flavours of virtual data centre, from basic outsourcing at one end through to complete IT redesigns at the other. Virtual data centre costs will also vary significantly.
In summary, the sceptics are right to highlight current deficiencies of cloud computing services and all the different cloud types, but these can be overcome with proper standards and correctly set levels of expectation. As with everything else in life, "caveat emptor" and "you get what you pay for" will apply to all cloud types and virtual data centres, too.
Phil Jones is the Chief Technology Officer at system integrator Shoden Data Systems UK and a Contributor to SearchVirtualDataCentre.co.uk.