JanWiersma.com

Our Trust issue with Cloud Computing

Recently SDL (my employer) did a survey on customer ‘trust’ for the marketer.B0AgpWXIAAA5mZm

Being in the IT space I tend to deal a lot with ‘trust’ the last few years. Being responsible for the Cloud services delivery for my companies SAAS & hosted products we deal with clients evaluating and buying our services. My teams also evaluate & consume IAAS/PAAS/SAAS services in the market, on which we build our services.

The ‘trust’ issue in consuming Cloud services is an interesting one. IAAS platforms like Amazon abstract complexity away from its user. It is easy to consume. The same goes for SAAS services like Box.com of Gmail; the user has no clue what happens behind the scenes. Most business users don’t care about the abstraction of that complexity. It just works….

It’s the IT people that seems to have the biggest issue with gracefully losing control and surrendering data, applications, etc., to someone else. Control is often an emotional issue we are often unprepared to deal with. It leaves us with a feeling ‘they can’t take care of it as good as I can…’ Specifically IT people know how complex IT can be, and how hard it can be to deliver the guarantees that the business is looking for. For many years we have tried to manage the rising complexity of IT within the business with tools and processes, never completely able to satisfy the business as we where either to expensive or not hitting our SLA’s.

Mark Burgess points out in his book ‘In Search of Certainty’;

Our planet’s information systems have now reached a level of scale and complexity at which we can no longer simply decide how they will behave. They are so sophisticated and so interconnected that humans can neither steer nor comprehend them with certainty.

As IT people understand the struggle to manage IT and the rising complexity, a big leap of faith is needed to give up that (illusion of) control.

Nick Carr (book: The Big Switch) and others highlight the fact that Cloud computing is an Industrial Revolution, which means that markets are changing rapidly. Who would have thought Amazon was a dominant IT player 5 years ago, going after large enterprise accounts? IBM and HP didn’t. As with any Industrial Revolution companies that don’t change will disappear. The first cars produced got push back from the traditional market on ‘not being safe’. The same goes for the introduction of electricity for factory use; ‘you shouldn’t use that, as it isn’t safe’. The traditional IT players are using the same FUD tactics to protect their market share.

Initially the traditional market owners used every service delivery failure from Cloud providers to show the failure of the Cloud delivery model. Amazon’s downtime 3 years ago received lots of attention, and I even got calls from account managers pointing that failure out to me at that time.

The public v.s private Cloud debate has been even more surreal. Traditional vendors have succeeded to take the word ‘public’ completely out of context, make it a dirty word and then label Amazon AWS, Google Cloud Platform and Microsoft Azure with it. It completely ignores the fact that AWS is just as ‘private’ when you launch a basic instance, as SoftLayers instances, which IBM after acquiring them quickly labeled as ‘private Cloud’. (or a system in your own datacenter for that matter)

But the revolution continued.

The latest area’s for FUD is security & privacy. The ‘NSA – Snowden thingy’ did the Cloud critics a great favor. Snowden is definitely the patron saint for co-lo datacenter providers around the world as they see an uptake in companies wanting to host their data within their own country, with own hardware.

Governments around the world couldn’t ignore the Snowden issue, specifically when it comes to privacy of their countries citizens. As technology is advancing at light speed and Gov regulation doesn’t, the current clash was bound to happen. Potential Gov regulation on Cloud consumption and data flows creates uncertainty for Cloud business consumers. As they try to mitigate that risk, they create the strangest internal rules for Cloud usage. ‘Data storage within a country’ is one of those rules, which completely ignores the nature of data flow on ‘the Internet’ and the fact that it doesn’t really mitigate any risk at all. It just assumes ‘within borders’ equals ‘more secure’. While localization requirements may serve some national Gov goals, they can also serve as disguised trade barriers when they unreasonably differentiate between domestic and foreign products or services.

But the revolution will continue… Pandora’s box for real utility computing is already open and can’t be closed again.

So how do we get out of this mess?

  • Government needs to balance between protecting personal & business data v.s promoting the free flow of information while avoiding localization requirements. Everyone will benefit from clear law & regulation that balances both.
  • Companies need to use risk-based approach on Cloud consumption, using data classification. Only after identifying information streams and the knowing the type of data a service contains, a real risk assessment can be made for moving to Cloud consumption. A one-size-fits-all data & privacy policy will qualify out real Cloud opportunities, without good reason and therefore isn’t helpful.
  • Companies need to get some real legal advice. Too many CIO’s just rehash what ever they been told by peers, without actually knowing what law & regulation says about their own data.
  • IT people should be open to change. It will happen anyway. Try to support the business without turning in to ‘Mordac – the Preventer of Information Services’ for Cloud services consumption. (None of us IT people every liked the Mordac person in our IT department anyway, so why act like one?)
  • Cloud vendors need to provide transparency on their service delivery. Yes, things will fail, systems crash and people make mistakes. Be open about it and show the effort you put in risk mitigation.
  • The Cloud market should work on better audit controls and labels. It will create more trust in the ecosystem, just like people don’t second-guess CE-labels for electrical appliances or motor vehicle safety inspections like MOT.
  • And finally, IT people should not try to force their perception of good service design on Cloud vendors. Put 10 IT people in a room and ask them to solve a technical issue and they will come up with a 100 ways to solve the problem; all roads lead to Rome. Step back and look at the service business guarantees and have a little faith in the thought that the Cloud vendor has put in his service design.

 

The revolution will continue. And as the business tries to move ahead of the competition by utilizing the benefits of Cloud computing, the IT department is at an important junction: prevent Cloud consumption and increase the gap between IT & business or try to enable the business.

Go on… jump in.

 

Article based on my Dutch blog in 2011 around Trust & Control in Cloud Computing: http://janwiersma.nl/?p=728

Image courtesy of CloudTweakers.com

Leave a Reply

Your email address will not be published. Required fields are marked *