Servers

Will the cloud be the end of the IT department?

Thoran Rodrigues looks at the ways that the cloud is likely to change the nature of the IT department and the roles that it serves.

One of the great promises that cloud vendors make is that the adoption of cloud computing greatly reduces IT costs for any company. A crucial part of this promise, that you can find on most "cloud cost calculators" available on the web, is the reduction in manpower costs. If you host a server internally, you need a System Administrator to manage that server; if you hire a virtual server with the same specifications from a public cloud provider, you don't need anyone, and whatever you were going to pay that person becomes "cost savings". This naturally leads us to the following question: Will cloud computing be the end of the conventional IT department?

If we follow the vendor's logic to its final conclusion, we would end up in a situation where the only place where one could find infrastructure (server, networking, even operating systems) management jobs would be with the cloud infrastructure providers themselves. These crucial areas of IT would essentially disappear over time, as jobs became more and more scarce. The idea of not needing IT is a double-edged sword: on one hand, business users, especially those that have a poor relationship with IT, find this very appealing, and use it as a big reason to promote the cloud; on the other hand, it generates resistance from IT departments, who understand that the whole idea of not needing anyone is just a myth.

Reality check on cloud servers and apps

Several of the assumptions people make about cloud servers are simply not true, and some are actually being actively denied by cloud vendors. Backup is one such assumption. Many people still assume that cloud servers are automatically backed up, don't set up any kind of backup scheme, and end up losing a lot of data. The fact is that cloud providers don't perform any kind of automated backup unless you explicitly ask them to do so, which is something most users forget to do.

Security management is another issue. It's easy to think that, since your server is hosted on someone else's infrastructure, they'll worry about all the security matters for you, but nothing could be further from the truth. When you hire a cloud server, most cloud providers will deliver a virtual server with some sort of remote connection enabled. This means that, unless you set your server up behind some sort of firewall or with protection rules, it is basically open to attack from outside as soon as it goes up. While I don't have any stats on this point, I've seen some servers I set up with FTP access being attacked less than five minutes after going on-line.

This means that having someone from IT managing your servers, even the hosted ones, can be very important. Sure, you can do it yourself, but then you're in the same position as if you'd been trying to manage an internal data center yourself. The fact is that, for most people, a cloud server is just like an internal server, only it gets "stored" somewhere else. This means you need a systems administrator just as you would on any other server.

Cloud apps are, in a sense, even more problematic. With whom does responsibility for the environment reside? What happens if a user accidentally deletes important data or a user account gets broken into? Proper management of passwords, backup policies, access control strategies, and other issues is even more important. Solution providers limit their responsibility to making your data available at the predefined SLA; they say absolutely nothing about backing your data up, or being able to restore it later. The same goes for managing users and passwords: the responsibility is entirely on the hands of the user. If all your accounts are configured with default or weak passwords, you're running a real risk of someone invading them and stealing sensitive data.

As more and more data moves to cloud apps, they are becoming interesting targets, and attacks will take an upward trend. This means that, more than ever, you need IT people to manage your cloud application environment, just as you needed people to manage your infrastructure.

A changing landscape

The cloud, then, does not threaten IT jobs, nor does it reduce the importance of IT departments. If anything, the short-term trend is an increase in importance as users realize that they need the help of IT to manage the complex server and application environments that are being created ad-hoc in their rush to move to the cloud.

As with most new technologies, cloud computing won't promote a destruction of IT jobs, but rather a change in their nature. Just as developers have to adopt new mindsets to develop cloud-based applications and services, DBAs will have to adapt to cloud-based and big data oriented systems, and system administrators will move from the low-level infrastructure issues (which will be more and more the exclusive province of large providers) to managing complex environments, spanning multiple applications, cloud providers, virtual and physical servers, and even merging the internal data center with the public cloud.

About

After working for a database company for 8 years, Thoran Rodrigues took the opportunity to open a cloud services company. For two years his company has been providing services for several of the largest e-commerce companies in Brazil, and over this t...

96 comments
smlado
smlado

Just incase the cloud link goes down, are there any redundancies to sustain uptimes?

nmaluso
nmaluso

Hi - what this means, as with most evolutions, is that we must shift our skills to those that are most valuable. In the case of the cloud we shift from rack, stack and maintenance to security and backup. From less valuable to more valuable. Cloud enables IT to focus on the value contribution components and outsource the less valuable. Less costly it is not, more effective perhaps. .

chdchan
chdchan

Total controllability is still a major concern by corporations with stricter requirements.

Chilidog67
Chilidog67

One of the real problems is management bypassing exisiting IT when making decisions about "going to the cloud". Cloud providers sell them on the idea that talking to their own IT is a waste of time because we're trying to save our jobs and they don't consider that at the same time the provider is just selling them a bill of goods. There are a lot of things that could be made "in the cloud" that make sense, and a lot don't. Does the provider know anything about your business? Backup? Security? Availability? Call for help? There are trade-offs for everything. Hey we outsourced email, great! Look at the money we're going to save in 7 years. What do you mean it will take a week and 6 levels of requests to get my name added to that group? I used to just call you and it was done. That's the thing about clouds, you can fly your plane through them but if you don't have instruments are you really sure there's not a mountain on the other side?

isimiryan
isimiryan

Who knows where your data are stored? Who knows how honest are the people managing the cloud are? How difficult is to still the Social security numbers, addresses and account information from the cloud? Medical history? All you need to create a fake Cloud and you have it all. And when you find out, it is too late. Be serious, the hardware and software cost very little if you have a brain. And managing it is easy and cheap too. The problem is that top management people are computer illiterate, and the IT people have knowledge about a very narrow area.

HypnoToad72
HypnoToad72

Data privacy, HIPAA, and other things that protect customers' data... I'm sure IT will be eliminated one day, but it will be a decade or so. There is still much value in the department... often more than in Administration, since the talent running the IT department probably knows what happens if you hit the off switch...

cybershooters
cybershooters

Basically, what happens is this - Previously, if you had a problem, you got hold of someone who could help you fix it. Now, you have to get hold of someone and nag them to fix it. They have x number of other customers so you are a low priority. Moreover you need someone at the client end who is technically proficient enough to explain the problem in detail in order for it to be fixed. How does that reduce IT jobs? My experience so far is that it increases them! Also, in the EU you cannot simply virtualize your servers and stick them in the cloud, because of the Acquired Rights Directive, which is a law designed to stop people losing their jobs due to outsourcing. By definition you either have to keep the staff, or transfer them to the cloud provider, which is impractical.

BizMan
BizMan

A headline like "Will the cloud be the end of the IT department?" is simply to get your attention. A lot of things change, but the need for someone local to do the hand holding and end user support is one constant that hasn't changed. The nebulous cloud does not take care of the local issues. How do you get to the cloud? Who builds and manages the network that gets you to the cloud? What devices get you to the cloud? Who sets up, updates, maintains, the workstations and other devices at the local level? What makes me laugh about all the new talk about the cloud is that the concept of hosted applications has been around since the early days of computing and the same questions have been raised for years. Likewise the debate of moving to the cloud sounds like an old discussion revisited. A similar debate over the model of centralized computing versus decentralized computing has been going on longer since before some of you were born. The roles of the IT department members will continue to change, but the need for a local IT department will still exist.

silicon_chip
silicon_chip

A doctor asked me what cloud computing was. I told him it was the equivalent of having your heart and lungs connected to you by pipes, leading to another room where you kept them because you thought it would save you a few bucks. Yeah, putting mission critical infrastructure in someone else s hands, only potential outcomes are all less than optimal.

doug
doug

The cloud is not some computer services company using a buzz word to convince you to let them host your servers, virtually or otherwise. Like Jeffpk said, the cloud is companies like Google, AWS, and Apple. Right now there is no reason for a company of under 20 employees to buy a server. An owner of average technical ability can go to google and set up a domain with email and office apps in about an hour, costing him only $30/user per year. If a software developer has developed a package for that company's niche, the developer can throw an image on aws, with minimal installation costs. And with Apple we're seeing the end of monolithic software. Executives are now using their ipads to run several small inexpensive apps to do their work. Eventually companies, instead of buying or creating one monolithic software package, will mix and match maybe a dozen small software apps. Granted, this isn't a path that fortune 500 companies can take now. But what happens when that small company of 20 employees becomes a fortune 500 company?

balu.mudhavathu
balu.mudhavathu

This may not happen really, but there would be some job cuts at admin level since cloud is giving opportunity to manage IT infrastructure remotely from any place. Since world is keep changing.. new demand and requirements comes as usually.

tbostwick
tbostwick

Incredibly under-journalized article.... with no research. If anything, there's more need than ever with the explosion of devices and support for them, not to mention all the goodies that go along with it. The "cloud" is still very much in it's infancy and isn't a panacea for actual physical beings to assist, build and manage when & where needed. Please put more responsibly researched points into articles, rather than casting editorial opinions - especially in this world where everyone seems to have one and wants to be heard

andy
andy

I have to pass comment on the first sentence, as it is frequently quoted as one of the great benefits of cloud over physical servers supported by IT departments: "One of the great promises that cloud vendors make is that the adoption of cloud computing greatly reduces IT costs for any company" In my experience, this is not the case for all companies. I volunteer for a charity in the UK who are eligible for reduced software licencing prices as a registered charity. We recently looked at the cost of upgrading our servers to either new physical hardware or to move to hosted cloud services. Moving to the cloud had a total cost for us of approx £30000 over 5 years. Upgrading to new physical hardware had a total cost of a 3rd of this. Yes, a big factor in this difference is the reduced licencing costs as we are a charity, but even without this cloud was not cheaper than upgrading our physical hardware, for us at least. As a charity we have to keep our costs as low as possible, as I'm sure people can imagine!

Necker
Necker

The cloud (for gods sake what is it????) will be the end of this sites relevance. I reckon this site will fold before the cloud ends IT departments. Taking bets people.

george.hickey
george.hickey

Good article - well balanced. I've spent the last two+ years looking at cloud for my organisation and have done cost comparisons for several usage cases - the big one, shifting all of our virtual machines from on-site hosting in our data-centre to Amazon ECS showed no savings at all purely from a hosting (servers, storage, power & cooling) point of view, all other costs (sys admin for example) being equal. The only way to make savings on Amazon was to change our business processes and shut down servers at night and weekends - not something I would be all that comfortable doing and we would only be able to do it with a sub-set of our servers anyway as we are a 24/7 public service company. Of all the usage cases I looked at, the Amazon example was a similar cost to in-house hosting over 5 years but that didn't take into account transition costs as I couldn't even guess what they would be. The other cases all worked out more expensive. In one case (PaaS, managed SQL server instance, 24/7 availability) it worked out 5 times more expensive over 5 years than buying and hosting a SQL server ourselves. If you already have the people and have a decent infrastructure, cloud, even public cloud just doesn't make sense, and that is leaving aside the security, backup concerns that Thoran rightly pointed out exist. Public cloud is great from a point of view of small business, start-ups or for small scale developments or proofs of concept. Our government CIO council has produced a cloud strategy recently stating that public service bodies such as ourselves can only place non-sensitive systems in the public cloud. For us, that consists of our public-facing website and that is it - because of the nature of our business (we are a blood-bank) all of our systems have sensitive data flowing through them at some point and if we had any kind of data-leak, we run the risk of alienating our donors so we take data management extremely seriously. The government here is moving towards cloud - they are starting the process of building out a government community cloud in government-owned data centres and will allow private cloud operators to offer their IaaS, PaaS and SaaS products in those data centres. It's probably the best idea I've heard of for cloud yet, particularly from a data security point of view, but that is about 3-5 years away from being ready and the vendors are going to have to produce new business models to make it cost effective enough to be worth the risk and cost of transition - the existing ones won't work, not for us, in my opinion. Bottom line, take a long, hard look at all of the costs (including transition) before making a decision as to whether cloud is right for you or not. It isn't right for us, right now, but that will possibly change in the next 5 years or so. Speaking as a sys admin of many years experience now, I don't fear for my job as someone will have to manage these systems, the vendors and the SLAs and that person should understand the technologies... I'm just not sure I want to move from being a techie to being an account manager... ah well, I've a few more years to make up my mind!

rkollur
rkollur

I feel Cloud Computing will eventually replace internally managed Data Centers, Infrastructure Management Administrators of the current setup. We see the trend that software/application development and maintenance is increasingly becoming a commodity. The differentiators would be security/scalability/availability of the service. For this new type of jobs would be required to work in Cloud Computing environment. Hence, IT departments may still be existing but nature of work may be different from what it is done today and new skill training is required.

TonyReilly
TonyReilly

I don't fully agree with the comments that the cloud will get rid of the IT Department. There will always be a need for IT Departments even if the cloud does come into play. I work for the NHS and although certain aspects might be moving to the cloud you will always need the human factor. It will be interesting to see where cloud goes but for now I don't feel threatened.

kordoniss
kordoniss

The biggest economies on the foreseeable future are going to be in Asia, South America, probably Russia and some parts of Africa. Does anybody think that the infrastructure will permit any time soon cloud computing in those areas? An then take US and Western/North Europe. Cloud computing in small businesses in Kentuky or rural Dakotas? or even in parts of France, UK or even Germany not to mention Poland (!). You see not every country is Sweden or Finland when it comew to Internet infrastructure and usage. Then take businesses by size. Does anybody think thta giants like General Motors or other great companies will move to cloud computing? Not likely. Then who is going to move into cloud computing? Probably the small to medium-small businesses in US part where the Internet is properly working (when it works) or parts of UK. OK, let them have it. We are going to have the same situation with the one that developed in the late '80s early '90s when some "IT prophets" announced the death of the Mainframe, because "we had the PCs now!". Less than 15 years later tha Mainframes (smaller in size but thousand of times more powerfull) came back triumphantly! Who is going to deploy web-apps without a mainframe? Well, I say Deja vu!

VytautasB
VytautasB

Going to the Cloud seems to be a continuation of the "outsourcing" trend that started in the 1990's. For governments this has resulted in some cases in a loss of IT personnel and IT institutional knowledge. Governments now have a tough time dealing with Cybersecurity stratetgies and understanding cyber threats to critical infrastructure because of the erosion in IT institutional knowledge.

VytautasB
VytautasB

Cloud computing seems to be a continuation of the "outsourcing" trend that started in the 1990's. For governments this has resulted in some cases in a loss of IT personnel and IT institutional knowledge. Governments now have a tough time dealing with Cybersecurity stratetgies and understanding cyber threats to critical infrastructure because of the erosion in IT institutional knowledge.

VytautasB
VytautasB

Cloud computing seems to be a continuation of the "outsourcing" trend that started in the 1990's. For governments this has resulted in some cases in a loss of IT personnel and IT institutional knowledge. Governments now have a tough time dealing with Cybersecurity stratetgies and understanding cyber threats to critical infrastructure because of the erosion in IT institutional knowledge.

fkgaza
fkgaza

No the Cloud will not end the IT Department, it will just shift the emphasis to supporting mobile platforms such as smart phones and tablets, in the same way that the PCs shifted emphasis from the mainframe. And the reason the cloud becomes important is that it takes care of the different platforms the apps have to display on (iPhone, versus WinPhone, versus Google, etc.) and the wifi/transmission issues. IT then becomes the middle man between the usual suspects of Marketing folks, Finance folks, etc. and end users. Otherwise it is too inefficient. Again, very similar to the mainframe. Big difference is the ability of CIOs to realize this is going on and move to embracing mobile. May be time for some guys to retire. ;)

TsarNikky
TsarNikky

Any organization that takes its computer network systems will take a very jaundiced view of the cloud. Much better--take care of security and backing up as in-house functions and not trust some "entity" in the cloud. Use the cloud at your own risk and peril.

jimbo.starr
jimbo.starr

The proprietary software we deploy is something that runs on it. The policies in place don't change that much. Now my "hardware guy" has a little less to do (but not much less!). But I don't burn my CapEx dollars in something that I will be replacing in some middling timeframe... and when I do, it's hopefully for growth - which so far, has been generally painless. I haven't seen any major cost savings, except that when we need a test server, I can get it provisioned with nontrivial data very, very quickly.

Antony Awaida
Antony Awaida

There are other trends that are resulting in an increased workload to IT staff: App stores with their plethora of apps, multiple devices per user, Bring your own Device etc.... IT folks will need new tools to deal with these new developments!

hans
hans

Ik think 'cloud computing' has become a 'buzz-word', nowadays used for everything from SLA to even just a hosted server. I agree there is a danger in such buzz-words and this particular buzz-word DOES threaten IT-jobs. Maybe the best strategy is to go back to what 'the cloud' really means and just refuse to go along with the concept being watered down the way this article does. What the heck is a 'cloud vendor', if not a businessman using the buzz-word to generate interest? The cloud - that's it's very esssence - does not belong to anyone and thus cannot be sold, so anyone posing as a 'cloud vendor' is perverting the term and I think we just shouldn't go along with it. On the other hand, I think the IT community doesn't take 'cloud computing' nearly as seriously as it should. When i scourge the web in search of an answer to questions like 'does it work?' or 'does it pay off' I find very little indeed. So, despite reservations, I welcome this critical article.

boece
boece

"The Cloud" (as in a proper noun, as in marketingspeak, as in whatever you want "the cloud" to be) vs. cloud technology is an important distinction to make. Most IT guys, myself included, see a huge upside to virtualizing and cloudifying the infrastructure from storage to servers and even the network. This is taking best advantage of cloud technology; that is, turning all the infrastructure into more or less generic objects where it takes very very little time to deploy new infrastructure. It takes seconds to deploy complex infrastructure in AWS - storage, compute, load-balancers, CDNs... with prefabricated application stacks. It's super-easy. Today my current company is very, very far from that kind of ease-of-use that cloud technology could bring internally. We run a "meat cloud" - i.e., I ask the sysadmin to deploy a VM for me. And the fact is nearly all companies are in the same boat. Taking advantage of cloud technology - be it Openstack, Cloudstack, Eucalyptus, or Microsoft's SCVMM (all effectively programmatic engines to access the hypervisor, storage, and network) - is a slow process for most companies. Us old-school infrastructure geeks can be slow to learn and IT departments slow to adopt what may be perceived as a still risky unknown. CIOs/CFOs may hear a lot of 60,000-foot view praise of cloud but the on-the-ground reality is slower to make happen. You're probably looking at a minimum of 5 years before a significant majority of companies have what might be referred to as true cloud infrastructure internally. 10 years before most of the old cruft is gone and cloud operational layers from the network on up are actually widespread across a big chunk of corporate America. In short, I'm not hugely concerned about my job - yea maybe super-cool overfunded Silicon Valley startups who wouldn't dream of owning a server (or know what one was even if it bit them) will never understand dinosaurs like us - but the reality is most of the world's corporate IT won't be fully adopted into cloud technology for quite some time.

jeffpk
jeffpk

What really threatens IT is a combination of Google and Apple. Goggle provides all of the core enterprise services in a cheap, reliable and easy to administer manner. Going Apple on the desktop relives the burdens of Windows administration, and the Apple store/genius bar relieves the issues of equipment failure diagnoses and replacement. I have successfully run small development companies (up to about a dozen employees) with no IT person at all. What little admin was necessary i could do as CTO. When we needed to test under windows/IE we simply ran a virtual Windows session on the Imac. But if you rely on windows as your primary business environment, then you need a full time babysitter to keep it functioning.

zoso967
zoso967

To catch your attention, that's why ... The title of this article should have been "Ways that the cloud is likely to change the nature of the IT department and the roles that it serves" not the takeaway ... Besides, ur making the assumption that "a virtual server with the same specifications from a public cloud provider" costs the same or less to manage than a physical server minus the maintenance crew. Don't cloud servers need maintenance? Are cloud vendors going to absorb this cost for you? I don't think so .. if you hire , you don’t need anyone, and whatever you were going to pay that person becomes “cost savings”. This naturally leads us to the following question: Will cloud computing be the end of the conventional IT department?

Tony Hopkinson
Tony Hopkinson

precludes you from storing your data in a country where privacy legislation is less strong. There's no "it was him" get out clause for you to point the finger at your provider, you chose them, your problem.

Tony Hopkinson
Tony Hopkinson

It means different things to different people at different times though. As soon as you hear "Cloud is the death knell of the IT department". Cloud means cut salary and equipment costs, no matter what... The mix and match approach isn't new is it, It's nothing to do with cloud per se, and the cloud addresses exactly none of the issues around configuring a number of smaller software packages to achieve a specific result. Not being funny, well I am actually. It's the continual evasion of real issues by cloud proponents that irritates more than anything.

Deadly Ernest
Deadly Ernest

$50,000 in fines for breach of privacy laws etc.

Deadly Ernest
Deadly Ernest

many countries it isn't going to happen without major changes to many laws around the world. One thing that would do is to make industrial espionage easier for companies involved in it as many of their targets will then be co-located.

Deadly Ernest
Deadly Ernest

as a mobile service to handle just me email would cost me from double to up to five times the same cost of Internet access via a wired connection. Like most of the world the wireless broadband is based on a per MB charge that is 2.5 times for the basic account level then 5 times for each MB above your monthly limit. And that doesn't get into the bit about there NOT being a mobile device that will handle my IT needs as there is NOT a 23 inch notebook on the market at a reasonable price and I need the big screen for what I do on a computer.

jimbo.starr
jimbo.starr

... of something that may have required a mainframe. If you did, you'd realize that the applications that could go mobile (or in your wishful thinking: need to go mobile ) is but a small portion of the exposed surface area in that IT infrastructure managed by their CIOs. They can't be retiring if they have to leave the stewardship of the corporate information assets in hands like yours.

GAProgrammer
GAProgrammer

It seems to me that this whole "mobile" trend is the same as the cloud - another buzzword for marketers. Most business does not work well on mobile (even tablets).Mobile may be a small peice of IT, but it will NEVER replace it.

sslevine
sslevine

I worked in an environment for 8 yrs. with hundreds of Macs. I can support any platform; I have no preference. HOWEVER - Apple had a serious logic board (motherboard to you PC people) and I had Ibooks coming and going day in and day out. PILES of boxes in the IT office that Apple shipped us after every support call to send them back for repair. Some my staff shipped back & forth (6) times, before an Apple tech told them "Oh! If the problem recurs more than twice, we are supposed to replace the iBook!" Some were replaced - with refurbs. Just sayin'. Can happen with any hardware. There are a whole set of root commands to reset the Apple O/S, just as Windows has it's own. And IBM, etc. etc. As I said, you have been a lucky man. :-)

doug
doug

Compare that with the typical company where most everyone in the IT department has the administrative password. Or worse, the computer services company they contracted with for the network have the password. Imagine that. A company network where the owner or CEO directly controls all access. I bet they would like that. :-)

srikanth231979
srikanth231979

Based on history of IE, before release of any IE Microsoft says that it is stabe and scured, but couple of weeks it will be attacked by so many, so how the Cloud is safe?. How MicroSoft IE is safe and reliable.. Think before commenting anything...

tech
tech

How does a 5 person shop comply with all those regulations? doug@... 1 day ago Do I hire a lawyer and a couple IT security experts? **** f you are smart and you need to comply with all those regulation, then yes you do hire a lawyer and an IT Consultant. **** Or do I have a professional software firm set me up with a virtual server on AWS for a monthly fee? **** I am quite certain that the 'professional software firm' will know and follow all of the regulations that apply to your little company. I am sure that they will take the time to figure out what regulations apply to you and setup your system to comply with them. The truth is many (such as Google) simply can't and others are not willing to take on that responsibility either. They want to sell you a service, but they aren't going to be responsible for your security read their TOS. **** The first option would cost me 300 grand a year. **** I want to come work for you! (And I will start for half that, and I will include all the needed hardware and software for a 5 man shop) for that price. **** The second option would cost me, say, a grand a month. **** Boy, that vendor saw you coming! And will not comply with all the needed regulations or best security practices. **** Let's say there are some advantages for me to going to the first option. Is it worth paying 288 grand a year for? **** Well not if you are making 10G a year, but if your company is making a few million a year, you bet it is worth every penny (If you assume that is the cost for an IT Consultant and a 5 man shop [Hint it isn't]). **** Let's look at security. If I put my back office system on aws, and my office apps on Google apps, I, the owner with only average technical ability, have complete control over security. I can control logins and passwords thru the AWS control panel, and do the same on Google apps. **** Sure lets look at security. If you are an average Joe, you won't even understand what needs to be secured or why. So you will have the keys to the kingdom but not know what doors are open, what doors are closed or why or even who to give copies of the keys to. "Oh gee I want to do X, ah here is the button that says allow X" *Click*, "What's that 'Set Security Button', nah that doesn't apply to me, I don't understand it. **** Can I do the same with an in-house IT staff? Not unless I can handle Active Directory. How many owners or corporate execs can do that? Probably everyone in my IT staff is going to end up with the root or administrator password. Even the kid who comes in at night to run backups. And don't forget all the vendors with backdoors allowing them to log into the system for remote support. **** First of all for a Five Man shop you will have one part time consultant, not a department. Secondly, an IT professional will know how to set up "Least Privileged access". Third, the IT Professional will appropriately limit access by outside vendors. Fourth, you will have a scapegoat if you follow the IT Professionals advise and are hacked (unless of course it turns out that you were social engineered to get access). **** Now, what's more likely to get me into trouble with the authorities? A massive security breach on google affecting 100s of thousands of customers? Or someone on my staff slipping the root password to the kid from college because of a backup problem, and the kid taking some corporate plans and using it to buy stocks on insider knowledge? **** The authorities will not care which one happened, neither will the people who's information was stolen (or their lawyers), since you are an average Joe, you will probably have your password taped to the bottom of your keyboard, or side of your desk drawer. You will also probably share it with your secretary, add it to your phone, home computer (which is probably infected), tablet... All with no thought to security at all. The lawyers will bankrupt your company and the Government will go after you, just in case there is anything left over. But hey, maybe you will get lucky and whoever hacked your 'Cloud System' will just empty your bank account and you will be closed down before everyone is aware of the security breech (since it is highly unlikely that you will be reviewing security logs). Do what you want. I have plenty of business anyway, and I don't see it going away any time soon. ****

Deadly Ernest
Deadly Ernest

out of house IT as the regs are very strict on the in-house storage. Thus going out to the cloud means you can't work in that field or with that type of data, end of story.

doug
doug

Do I hire a lawyer and a couple IT security experts? Or do I have a professional software firm set me up with a virtual server on AWS for a monthly fee? The first option would cost me 300 grand a year. The second option would cost me, say, a grand a month. Let's say there are some advantages for me to going to the first option. Is it worth paying 288 grand a year for? Let's look at security. If I put my back office system on aws, and my office apps on Google apps, I, the owner with only average technical ability, have complete control over security. I can control logins and passwords thru the AWS control panel, and do the same on Google apps. Can I do the same with an in-house IT staff? Not unless I can handle Active Directory. How many owners or corporate execs can do that? Probably everyone in my IT staff is going to end up with the root or administrator password. Even the kid who comes in at night to run backups. And don't forget all the vendors with backdoors allowing them to log into the system for remote support. Now, what's more likely to get me into trouble with the authorities? A massive security breach on google affecting 100s of thousands of customers? Or someone on my staff slipping the root password to the kid from college because of a backup problem, and the kid taking some corporate plans and using it to buy stocks on insider knowledge?

tech
tech

If..."It seems to me that a computer network, with all the possible points of failure, like dns servers, active directory, etc, is more likely to go down than google or the internet." then... The data center has every one of the failure points you mentioned and about 50 more. Now when they have a major failure (like Amazon and Microsoft cloud services have both had more than once) and your a little 5 man shop, I am sure you will be at the top of their priority list. If your company has to comply with? HIPPA, Sarbanes–Oxley, or a ton of other regulations you will certainly have problems with Google doing your hosting (at least if you want to comply with regulations). But hey, maybe your small company doesn't have to worry about that. Have you ever actually read the terms of service on some cloud services? Many of them have the rights to parse your data, others even go so far as to claim ownership of your data. But I am certain that your data is not that important to you in the information age. Oh, and most people don't think about it, but guess who is responsible for backups? (Hint, it normally isn't the hosting company). What happens to your data if you miss a payment or two? It just goes poof in a cloud (pun intended) of smoke, and your out 5 years worth of data. Most small young companies can never recover from that. Yeah, that is just exactly what a young upstart needs. Role the dice if you want to... The smart money will hire an IT Professional to choose, setup and maintain the proper solution for your specific situation. The idiot with a pen may sign up for some cheap cloud service, but that is most often not the cheapest long term solution, nor is it the most stable solution.

Deadly Ernest
Deadly Ernest

in-house option you can get it fixed asap, but when it's outsourced it's a real problem getting it fixed out of their hours. recent case I know of all servers for a pay site hosted in Canada. had a minor tech issue late on Friday Canada time. It was a long weekend in Canada and everyone went away early. It was 24 hours before the site owner could get a response from the hosting company and another 36 hours before they got a tech back into town and get the server working - problem fixed by cycling the system after switching to a new PSU unit that was working properly, total time on site 5 minutes. But site down for 64 hours instead of the half hour it would have taken if he'd kept it in house in the back of his office where he started it. That's a lot of lost business there.

doug
doug

For a couple hundred a month we have both verizon and cable internet connections. And even if they both went down the owner could always get to Google Apps using his cell phone. It seems to me that a computer network, with all the possible points of failure, like dns servers, active directory, etc, is more likely to go down than google or the internet.

Deadly Ernest
Deadly Ernest

the system will be accessible 100% of the time due to a perfect always up Internet connection. Talk about a quick way to see the system fails.

Tony Hopkinson
Tony Hopkinson

Not to mention most browser security is about securing yourself from those who provide the service....