In an industry well-known for "the-year-of" hype around new technologies, many see the cloud computing buzz as an extension of previous "year-of" technologies, such as application service providers, software as a service (SaaS), and utility computing. In this case, the hype may be true. In an InformationWeek Analytics survey, 46% of companies surveyed say they'll use or are likely to use cloud CPU, storage, or other infrastructure services; this is up from 31% just one year ago.
Our mission as IT consultants is to understand: what the cloud is and what benefits it offers clients; what challenges and obstacles clients might have to overcome to tap into the cloud; and how their management of IT must change to secure and control their new cloud-driven infrastructure. When you migrate a client to the cloud, the issues you'll face fall into the following overall categories.
Security is an obvious threshold question; if the cloud is not secure, enterprises won't consider migrating their sensitive data to it, and the conversation is over. As Salesforce.com has proven, external SaaS providers can provide a level of security that will satisfy most customers. Migrating sales leads and prospect data is, however, quite different from outsourcing key competitive information, such as R&D specifications or corporate strategy documents.
As Craig Balding (author of the Cloud Security blog) noted in his speech to the security conference BruCON, many cloud infrastructures are composed of patchworks of open source code that may bring their own underlying vulnerabilities. He also states that since public clouds are multi-tenant, your application could be affected by the vulnerabilities or defects of your neighbors' code. You must ensure that you understand the underlying infrastructure of the cloud to which you migrate your clients; you must also advise clients to include security in their cloud SLAs and terms of service. If data center security is not your area of expertise, I'd advise engaging a security expert before migrating your client to the cloud, as service interruptions or vulnerabilities make for embarrassing and tense customer interactions. As Balding says, many cloud vendors are performing "onboarding audits" to reassure prospective customers that their level of security is sufficient.
When the cloud is your IT platform, and it's in the hands of an outside firm, how do you ensure that their technical or business problems won't become yours?
Speaking of SLAs and terms, the experience of migrating to outsourced providers should give you a good starting roadmap, but the terrain in the clouds is different. Since the whole idea behind cloud computing is to offer a standardized, multi-tenant infrastructure, cloud vendors may not offer the same level of custom SLAs as IT managers are accustomed to. Some of the large vendors, such as Amazon.com and Microsoft, are integrating management dashboards into their cloud offerings. As you can see from Amazon's Service Health Dashboard, the level of information offered is pretty basic and might not be enough to satisfy many organizations. For clients who need more information, Amazon offers Amazon Web Services Management Console, a customizable monitoring interface with a more robust set of data. Other cloud vendors are following, and cloud management startup firms are springing up to address this need. Still, you need to assist clients so the cloud services they dial up are manageable and can be monitored sufficiently to ensure they won't have interruptions and performance issues.
The technical issues are also complex. Most firms that migrate to the cloud do so in a hybrid model, keeping certain key elements of their infrastructure in-house and under their direct control, while outsourcing less sensitive or core components. Integrating internal and external infrastructures can be a technical quagmire.
Go to the Web site of cloud vendors such as Joyent, and you'll find on-demand cloud services that can be purchased in real-time with only a credit card. While cloud services can be easy to purchase, does that mean they'll be easy to integrate into your current IT infrastructure? Cloud vendors expect customers to provide, or to develop jointly, a "virtual image" that specifies their basic server configuration, which is then built inside the cloud and offered as a service. (This implies that the organization has a standard configuration!) It also requires the IT team to have the skillset to create a VM template that includes the infrastructure, the application, and the security required by the enterprise. Force.com, Salesforce.com's cloud offering, is leading the way by offering integration as a service on top of its cloud offerings.
You must help clients develop the "golden image" that will be the basis for their cloud server configuration, and then integrate that cloud into the "hybrid cloud" with their existing data centers and applications.
Process and culture
There are also the ever-present political and cultural landmines. When anyone with a credit card can surf to the Web site of a public cloud vendor and dial up teraflops of cloud capacity, how does IT maintain control of its application architecture (or does it?).
We've seen that cloud services are available with a credit card. When IT power becomes cheap and easily accessed, IT's control over its internal customers can be diluted, as we saw with the initial explosion of client-server computing. When a corporate department wasn't getting what it wanted from IT, or wasn't getting it fast enough, they simply went out and bought a server and a cheap, shrink-wrapped application and stuck it under the desk. The nightmare this caused in terms of IT consistency, integrity, and management is nothing compared to the potential for disruption of a dial-up cloud.
You must work closely with clients to ensure that when they bring the cloud into the enterprise it's done with all the required procedural safeguards in place. IT needs to be involved in the decision of which applications are cloud-eligible to ensure that sensitive data is protected and available. Most of all, you can help clients develop the processes that will keep them in control of their infrastructure while not becoming a roadblock to the innovation and cost savings that the cloud can offer.
Based on the uptake by major vendors such as IBM, Microsoft, Salesforce, and Amazon, and the energy evident in the startup community, it seems that 2010 may really be the year of the cloud. You must make sure that you're ready to help clients glean cloud computing's benefits, while avoiding the pitfalls.
Additional cloud computing resources on TechRepublic
- Understand cloud computing terminology with this guide
- Cloud computing and the build vs. buy question
- Storage in the cloud: Requires a different mind-set
- Sanity check: Why corporate IT will eventually embrace cloud computing
- Cloud apps are quietly winning over CIOs, but security still spooks many
Rick Freedman is the author of three books on IT consulting, including "The IT Consultant." Rick is an independent consultant and trainer, working, through his company Consulting Strategies Inc., to help agile teams and organizations understand agile practices and migrate successfully.