A Dark Side of the Cloud: Breaking Up is Hard to Do
Why enterprises must have contingency plans for their data before moving to the cloud.
- By Mike Schiff
- August 6, 2013
There is little doubt that cloud competing has brought many benefits to organizations both large and small. Once positioned as a technology for enabling small businesses to cost-effectively obtain and utilize previously unaffordable computing power, today it is also embraced by large organizations, enabling them to economically augment their own on-premise computing power to accommodate peak demand or special projects.
By allowing organizations to quickly provision additional resources, cloud computing enhances an organization's overall agility. It also allows organizations to offload systems management to third parties. For example, in a software-as-a-service environment (SaaS), software updates are normally the responsibility of the service provider; in a platform-as-a-service environment, service providers maintain and operate the hardware platform.
Of course, cloud computing is more than just on-demand computing power. For example, it also encompasses application software, remote storage, backup, and e-mail. From a data warehousing perspective, a growing number of vendors now offer business intelligence software and data hosting as on-demand services.
Despite the benefits, cloud computing also raises several issues, including data privacy, security, reliability, and vendor lock-in. One of the most important issues is data ownership in the event the cloud vendor and the customer part ways. Although almost all cloud-service agreements call for the client's data to be returned to the client when the agreement is terminated, this needs to be done in a timely manner and in a format that can be processed and accessed by the organization.
I am aware of horror tales including one in which a service bureau, claiming that the agreement only specified that the data would be returned to the client upon termination, returned the customer's data in an encrypted format and on a medium that required special, non-standard input hardware. In another example, a company that stored customer data in a SaaS application had its access cut off when it informed the cloud vendor that it was having cash-flow problems and would pay its overdue bill "when it had a chance."
Organizations entering into cloud computing relationships, in particular those involving data hosting, should realize that the relationship might not be permanent. Enterprises must have a contingency plan prior to executing anything more than a trial. Most vendors will go out of their way to provide assistance to customers migrating to their cloud service, but they are not likely to provide similar assistance to organizations that no longer wish to deploy their cloud services. At a minimum, these plans need to take into account how to migrate from the cloud service provider and how to maintain control of the organization's data. If not already doing so, organizations should give serious thought to maintaining timely copies of any cloud resident data at their own premises.
Organizations utilizing cloud services should track and monitor all cloud usage and try to establish a corporate edict that IT and/or the CIO must be involved (or at least approve) all cloud vendor procurements. It is all too easy for individual departments to enter into cloud agreements on their own and, in doing so, to inadvertently place their organization's data or operations at risk unless proper safeguards are established.
Although service-level agreements can provide for monetary penalties for prolonged service outage(s), organizations must have contingency plans in place should a mission-critical application suddenly become unavailable. There have been several highly publicized cloud outages involving major cloud vendors this year, and although an on-premise data center can also fail, well-managed on-premise environments have contingency plans to handle such events. That said, many cloud vendors highlight their extensive backup and redundancy plans as a major selling point, arguing that they have resources that individual (especially small and midsize) organizations could not afford.
Cloud computing is no longer just an industry buzzword; it is now a viable component for almost all organizations overall computing architecture. Organizations should consider cataloging their applications portfolio and evaluating which ones are most appropriate for cloud deployments. Evaluation criteria should not be based solely on cost savings or productivity gains. They must also include risk factors and worst-case scenarios such as service outages and data unavailability. Your organization should also take into account how difficult it would be to migrate from one cloud vendor to another or back to an on-premise environment.