Thoran Rodrigues looks at three major concerns that enterprises have with moving to cloud services or infrastructure from a provider's standpoint.
The case for cloud computing is pretty compelling: by moving services and infrastructure to the cloud, it becomes possible to optimize not only costs, but also resources such as processing capacity, energy, space, and time of qualified support people. If the advantages over the traditional model are so obvious, however, why aren't all companies going to the cloud immediately, especially in these times of economic trouble?
If we look at start-ups and small business, we actually see this move happening. Small businesses are quickly adopting all kinds of cloud-based solutions, from infrastructure to software solutions, and any start-up looking for funding should avoid phrases such as "client-server model" or "purchasing servers" in its business plan. The rate of adoption drops sharply with larger companies, however. They are usually very resistant to taking the plunge into the cloud, citing several concerns as reasons to take a "wait-and-see" approach. After a couple of years offering cloud-based services to companies of all sizes, here are a few of the most common concerns that I've heard.
Large companies place an enormous emphasis on protecting and restricting the access to information. The several recent high profile cases of data theft have made security the number one concern when discussing cloud computing. It is important as well to understand that the concentration of data that comes with the cloud makes the main providers ever more valuable targets. If everyone stores their data at Amazon, for instance, then hacking into Amazon servers becomes a very profitable opportunity for data thieves.
At the same time, the concern of these providers is greater than that of any individual company. They depend on being trusted to survive, so they must be much more careful with their security than anyone else. Also, most access restriction technologies can be easily deployed on the cloud, and cloud-based software offers the opportunity for a much more detailed monitoring of user activities. Security, therefore, is probably the easiest concern to address.
It is an universal truth that something will, eventually, go wrong. Accountability, as it relates to the cloud, means figuring out who will take the blame when it does. When all systems are internal, managed by the company, the blame will obviously fall with the IT department (regardless of it being at fault). When things are in the cloud, however, it becomes harder to determine who is responsible for what, and who is at fault when a problem occurs.
Perhaps the hardest part of dealing with this concern is that it will rarely be voiced openly; instead, it will show up as a paragraph in a contract, to be enforced "only when something goes wrong". The best way to address this concern is to be straightforward: clearly state who will be responsible for what from the start, making sure that everyone involved is on the same page.
#3 Previous investments
This is also the "legacy systems" argument. Most large companies have spent millions of dollars developing and maintaining the systems they already have up-and-running, and it's very hard for them to justify abandoning this investment for a new thing. But then, this is mostly a financial problem, not a technical one. For traditional systems, the cost of initial development must be offset by future usage, while in the cloud there is little or no initial cost, so the expenses remain steady over time. It's the same thing as buying a server or hiring a virtual machine: it's harder to get the money to buy the server in the first place, but after it's been bought, the monthly cost is lower than what would be paid monthly for a cloud server if we disregard upgrades, technical staff, etc.
And now what?
How would you feel if you had just spent a million dollars developing something and someone shows up with a cloud-based service that does the same thing for just one thousand dollars a month? How hard would it be to explain this to company shareholders? What makes these concerns even harder to deal with is the fact that a lot of the times the discussion about moving to the cloud will involve whoever made the original investment.
The best way to deal with concerns related to previous investments or legacy systems is to talk about total cost of ownership. By moving to a cloud-based model, where most things are purchased as services based on usage metrics, it may be possible for even large companies to reduce their total cost with different solutions, thus justifying any changes from the existing systems to cloud-based ones.
In the end, dealing with any one of these concerns is a matter of communication. What changes from one to the other is only how to communicate. For security, it's important to show that the cloud can be just as secure, or even more so, than any on-premises solution. For accountability, speaking plainly and taking responsibility is fundamental. Finally, for financial concerns, showing a detailed cost-benefit analysis can make the difference between getting a large contract and ending up empty handed.