How to battle Cloud fear, uncertainty and doubt

Time is the enemy of any decision maker that doesn't want to become irrelevant. Don't let your fear and uncertainty about the cloud keep you from taking action now.

One of the issues facing enterprises today is the fear created by vendors around the unknowns of the rapidly morphing cloud environment. The fear, uncertainty and doubt (FUD) only gets stronger as one heads toward the more regulated end of business, given the service administrators' task of ensuring anything and everything from HIPAA, FISMA or PCI compliance. 

So where is the priority for the decision maker? Is it on the security front? Is it on the reliability front? Is it an all-or-nothing deal – whereby every feature of a technology is needed, since the chain is only as strong as the weakest link? 

As a consumer, the choice can be overwhelming. Similarly, as a Service Provider, the simple task of providing an service-level agreement (SLA) to that expectant consumer can mean taking on hefty responsibility. The short answer to these questions can be found in the confidence of knowing your target constituents, that you are best setup to service.

Naturally time is the enemy of any decision maker that doesn't want to become irrelevant. Therefore, unearthing a trusted advisor can help you figure out the next pain point and opportunity worthy of investment. The optimal choice is in finding a vendor that knows your business, and offers both simultaneously.

Eliminating FUD can come down to understanding three fundamental dimensions of your business: 1) the business drivers and operations model; 2) where the best bang for the buck is in the market, or who is the customer that can best be served by your core competencies; 3) what products and services are truly needed, in advance of the markitecture pitch.

The right business model

When all is said and done, most purchases should occur within the parameters of your business model. Acquiring a technology that gives you the ability to generate new services is perfectly healthy – as long as those services are a natural fit to your roadmap, or strategy. 

Investing heavily in security measures, for example, when the intent is to produce a low cost public cloud offering are contradictory measures. Similarly, knowing the confines of your internal governance, budget, and core competencies is obvious, but necessary constraints by which to make decisions. 

Even more noticeably missing from many purchases is the long term perspective – and long term in the tech field meaning a three year time frame. If a business requires an archiving system today, that accumulates to such a degree that the cost of storage in three years time will become overwhelming, then what decisions can be made today that will the company and its constituents satisfied in three years time? Knowing where you want your business to be, and how you plan to evolve it is core to today's decision-maker.

The right customer

Often the FUD is self-induced. Many individuals involved in the managed services space pound the drumbeat that service providers should prevent commoditization of their offerings and move upstream rapidly. 

However, if your traditional business model has always been to service SMB's with simple, low cost, cookie-cutter services, there is no point in spending money on high-end technologies in a desperate attempt to move up to the next level. Align the product purchase to resolving issues, or having new revenue, driven from some material form of an existent customer base. Otherwise, standing in a field of dreams can be lonely.

The right vendor

Cloud washing is typically driven by a vendor's fear of being left behind in the race toward leadership and mindshare. When companies come from behind (See Oracle's about turn on the topic of Cloud), that is when the FUD technique is maximized. FUD does not always appear obviously as misinformation or an undermining of competitors; sometimes it can be a justification for the upsell of a vendor's technology suite. 

Therein lies one of the benefits of buying from smaller vendors that are less motivated by large and more convoluted deals. That's not to say that point products are the way forward either, since the ambition can be equally severe. 

So how to adjudicate a trusted vendor with an appropriate solution set, versus a FUD creator? A well-balanced vendor can be judged by their motivational factors. For example, look at the way in which the vendor charges for its products. A vendor that has all inclusive functionality, whereby you use as little or as much as you want without financial implications, would be less inclined to recommend specific functionality if it weren't appropriate for your business. That's not to say that vendors aren't looking to lock-you in to their product, as that's a natural direction for most vendors. 

A few fuddy tactics of your own

Turning the tables on the vendor is a tactic that should make your vendor comfortable too. In other words, how easy is it for me to pull my data or application out of your cloud environment? Where are the review periods in our contract that allow me to discuss features or functionality that are truly underutilized. And, most of all, do your own research in outlets such as research analyst reports, peer networks and even non-competing technologies that know the vendor. Be highly suspicious of vendors that are going against the grain of the industry; when the market speaks, the best supported technologies and services move that way too.

In this manner, enterprises can eliminate the vendor-induced fear, uncertainty and doubt. All it takes is the right knowledge to find a vendor relationship that will support your business needs and requirements.

By Antonio Piraino, CTO of ScienceLogic.


As long as "terms of service" state that my data is now there data... No Cloud for me!


I find this article mildly disturbing, as it exacerbates the FUD problem.  Antonio Piraino has advocated the tactic of countering fear of adopting cloud technologies with a greater fear of what might happen to you or your company if you do NOT opt for a policy of cloud adoption, and thus get left behind.  A number of years ago, someone in Germany had that idea, and we are still cleaning up after the atrocities - so fighting fear with fear is to be avoided.  Realistically; one must analyze the extent to which adoption has taken place, when balancing costs and benefits.

Extremely early adopters bear the brunt of initial costs for making the tool robustly adequate for the job, while moderately early adopters reap a higher benefit for a given cost.  The need for fear of being too late comes in around the halfway point, when the market for a given product is dwindling and growth is slowing.  It is doubtful cloud computing is anywhere close to that point, so a blind panic and a band-aid solution like 'all you need to do is find the right vendor' seems inappropriate and a bit naive.

And hlhowlell's comment is apt too.  With the NSA looking into everyone's business these days, more and more American companies are looking to host their cloud operations elsewhere.  If I were suspicious, I'd wonder if the author is perhaps working for Deutche Telekomm - trying to drum up business (lol).  But seriously; finding the right mix of business in the cloud (and on the ground), the right vendor or mix of providers right for your kind of business, and knowing the right time to jump in with both feet, are all crucial decision drivers.  So it is not as simple as you would imply, Antonio.


NSA loves cloud computing.  Go on, give everything to the government, they're here to help. And if that doesn't strike fear into your heart, you are either already working for the government or you just don't know the issues well.


I thought I should add that the impact of our national "sequester" and foreign austerity measures are growing rapidly.  Much of my work is institutional and I'm privy to inside stuff about the impact on colleges, universities, government agencies, the military, et al, and the pattern is familiar. 

Money gets tight or disappears, pressure builds and panic ensues, important decisions are rushed, and tech decisions are made according to political criteria, ensuring bad decisions; tech services get cut or outsourced and security suffers. 

A chain IS only as strong as its weakest link, but where the cloud is concerned, the metaphor breaks down because global security isn't made of one chain, but countless chains, and there's no way to know when and where a link has broken in another organization, private or public, in another country, and has caused a situation that's making its way back to you.

It's often said that you're not paranoid if they're really out to get you.  As far as I know, no one is out to get me, but I can't assume that to be true for my clients, so FUD has taken on a whole different meaning for me and my work.  Fear, uncertainty, and doubt - as separate words or as our familiar acronym - is no longer automatically and simply something unreasonable or unwarranted.  It may be on its way to becoming prerequisite.


For me, the importance of the data determines the importance of security, and this is best assessed by considering a practical worst case.  After that, it gets complicated, because the cloud breaks down into different technologies in different countries with different laws, and all this is developing and changing even as I'm writing.  For me and my clients, the applicable law comes first, then compliance with that law, including any readily foreseeable changes in the law. There is no business model that can insulate us from our responsibilities under the law, so wherever money and law collide, the law must come first.  Every year I lose and have to turn away lots of lucrative work simply because clients want me to assume legal risks on their behalf, so they can save money.  I understand this.  Sometimes their businesses are at stake.  But I can't afford to deal with, or in, anything less than the hard and scary truths of our current global security situation. 

Editor's Picks