In some ways shifting from on-premise to cloud computing requires a leap of faith. The former involves physical IT equipment located on your site. You can see, touch and feel it whereas in a cloud environment, the really grunty hardware and software is nowhere to be seen. Although still running your essential business applications, the servers, the backups and the applications are managed by a third party and could be housed anywhere in the world.
Because the infrastructure is no longer under your roof or directly under your control, cloud computing raises many questions about systems performance, data ownership, management and responsibility. If you can't see the system, how can you be sure you're getting what you pay for? How secure is the data? What happens in the event of a crash? Fortunately it's a model that has been evolving for some time now and many of these questions have been resolved in practice.
Profit vs performance
One of the first concerns when considering the cloud is the profit motive. People may think a cloud computing supplier is there to make money so aren't they going to be tempted to create an environment that maximises the number of users while skimping on performance?
The short answer is no. When a company enters into an agreement with a cloud supplier, the company's IT needs are ascertained by a range of factors including the number of users and the specific needs of applications. Requirements such as system performance and service arrangements are decided upon in advance. They are documented in detail in service-level agreements. Under the terms of these agreements, failure to meet minimum performance levels can involve penalties that actually cost the cloud supplier, so it's in both parties' interests to make sure they map out a realistic, reliable service agreement from the word go. Therefore, if your needs are for intensive computing, rich media and complex graphics, make sure they are accounted for in the design of the service.
Security is another common concern but for most companies, it's an area that is only likely to improve under a cloud service. When it comes to external threats, cloud providers know they can't afford to let their customers down, so they employ significant security, resilience and recovery systems. Within their own organisations they also apply strict security measures. Only authorised personnel who have passed security checks are given access to core back-end systems. Audits ensure the policing of security procedures and where necessary, raw data is encrypted so even those charged with maintaining the systems cannot view a client's confidential information.
Similarly, disaster recovery measures are likely to benefit from the move to the cloud unless your organisation is fortunate enough to already maintain a secondary off-site backup system ready to restore services at a moment's notice. The cloud supplier will ensure that data is backed up according to an agreed schedule, and they'll have multiple systems in place to alleviate the impact of any failure including secondary firewalls, switches, SANs for data storage and application services.
Storing data in the cloud
There's been a big debate in the media over the past year regarding the ramifications of storing data in the cloud, particularly if the data is to be stored overseas. The articles cite a raft of acts that apply to areas such as privacy, spam, archiving, freedom of information and electronic transactions. Although there are many different views, the one thing that everyone seems to agree on is that working with the cloud does not absolve any organisation from a need for governance.
When selecting a cloud supplier, make sure they adhere to the Australian Privacy Principles in relation to technology, platform, data and recovery. Acquaint yourself with the security and storage policies of your cloud supplier, then select the right level of protection for your data. Remember to check if you provider has the capacity to meet any compliance requirements which your company and industry may have to physically store data locally.
Locked in or flexibility of choice?
Some organisations worry about having to commit to their future IT requirements. There's lots of talk about flexibility to scale up with a cloud supplier but what happens if your computing needs go down?
Most agreements commit both parties to a minimum level of service. What that level is, needs to be agreed on, based on anticipated computing requirements. The idea is to give the cloud supplier a realistic idea of the resources that need to be committed while leaving room for the business to increase or decrease service according to demand. The minimum level commitment doesn't give the flexibility to go from average billings one month to none the next, but it is eminently more flexible than an unchanging on-premise IT infrastructure. What's more, computing in the cloud doesn't require a substantial up-front capital investment.
It's understandable that organisations may experience some hesitancy when first considering cloud computing. The involvement of an external party to manage a key company asset and the need to trust that your data is being looked after – somewhere – out there in the cloud can take a bit of getting used to. But once you start to analyse the differences between on-premise and cloud computing, it soon becomes apparent that the cloud is a cost-effective environment that delivers stable, ongoing IT services for significantly less commercial and operational risk than the on-premise alternative.
Shane Muller is the managing director of cloud servcies provider, OBT