The recent problems with Amazon's EC2 (Elastic Cloud Compute) service have simultaneously highlighted both the risk, plus the increasing usage, of cloud services.
Amazon EC2 is a commercial service that provides servers, through the Internet, on which its customers can rent virtual machines on which they can run their applications. It provides a flexibility that businesses need to handle occasional spikes in usage needs, which go beyond the capacity of their own data centre resources, whether internal or outsourced.
Like all cloud services, EC2 is very flexible and paid for on an on-demand basis. This makes it attractive or maybe even essential for a business with fluctuating usage needs. It is part of the broader Amazon Web Services cloud computing platform.
For or against
Recent problems with availability of the EC2 service resulted in a spirited online debate between the supporters of cloud computing and those who are against the concept. The proponents have pointed out that this was a disruption, not a disaster, while the opponents have stressed that it highlights the risks of cloud services.
Without trying to answer or add to that ongoing debate, let's focus on looking at the real issues of cloud solutions, both positive and negative.
Firstly, a look at the negatives. In future Industry Insights, I will highlight the positives and offer input on how to steer a steady course between the two, maximising the value from investments in cloud technology without increasing risk.
Security, management and available bandwidth are the typical concerns that customers have when considering cloud solutions. Recent surveys show that this is still the case. Beyond that, there are less obvious concerns regarding skills availability, service quality, disaster recovery, regulatory requirements and the impact that cloud computing has on the traditional role of the CIO. While these are global issues, some are particularly relevant in the context of business in South Africa and the rest of the continent.
Security, management and available bandwidth are the typical concerns that customers have when considering cloud solutions.
Andrea Lodolo is CTO of CA Southern Africa.
Concerns about security and management can be alternately expressed as focusing on security, control and trust. This raises questions that customers need to answer accurately to make sure their cloud solution - or any cloud service - is right for them.
They need to know what security is in place to safeguard their data, as well as the overall service availability. This has to be balanced against the risk. In many cases, using public cloud services for information that is not business-critical or confidential is an obvious choice. Even then, it is advisable to make sure that content can only be accessed by authorised users, that it is encrypted and the service provider has sufficient measures in place to make sure it cannot be copied or deleted, whether by accident or on purpose.
Command and control
The issue of control is not as simple as it seems. Except where risk is not a large concern, customers need to have a very accurate assessment of who has control over data and services, both internally and externally.
Finally, it all comes down to trust. Do companies trust their service providers to provide security and reliable service? In many ways, this question boils down to looking at the service provider's track record and the size of their operation. What worried many people recently was that one of the largest companies in the business had a problem. However, it was a single event among a vast quantity of services providing for a very large list of customers.
Whatever side of the argument one takes - be it for or against the cloud, there is a consensus that certain types of information are too high-risk to be used on public cloud services. These include: intellectual property, financial information, health information, employee records, critical business information (outside of financial) and credit card records. The risk is more qualitative than quantitative. The chance of data being exposed or corrupted on even public cloud services is very low, but some information is just so essential - for business or regulatory reasons - that even the smallest risk is not acceptable.
For low-risk applications, services and data, the cloud remains a compelling choice. Even there, however, the customer needs to have a plan to cover the unthinkable.
That is the real lesson from the Amazon EC2 failure. Some companies lost their data. Depending on exactly what that data was, this could mean business disruption, reputational damage or even litigation and business failure.
Just as with any internal network, systems and processes, there has to be a fail-safe backup in place. Do not just assume that the service provider can infallibly supply disaster recovery. If the data and services that a company has moved to the cloud are anything more than once-off and disposable, there has to be a recovery plan that is independent of outside parties.
In the next Industry Insight, I will expand on how companies can maximise the value from investments in cloud technology without increasing risk.
Share