Is Public Cloud Computing Evaporating?
For us in the IT industry we all know that “cloud computing” has been around for decades now ever since Citrix and RSA gained a foothold in companies. Some may even claim even longer with SSH and some of the older UNIX protocols that allowed remote access to systems. The term cloud was a new buzzword to get companies to open up their wallets to new types of IT spending and it has been a success in doing so.
It’s a great notion where everything is web centric, where data flies across the internet and companies can just throw out their servers and do their work online. It also has the idea that all of your IT departments can be replaced by anything that has AAS on the end of it (AS A SERVICE). Everybody can do spectacular things and everything sits on a cloud somewhere magically being backed up by trustworthy people.
Sounds Great! Where do I sign up?
Well…. now it’s time to bring those thoughts back down to reality.
When it comes to public cloud computing the reality is you are not in control of your own destiny. Why should you trust the lifeline of your business to the cloud? That’s a huge commitment and especially by some of the fly by night vendors that have been popping up lately giving you all kinds of promises that have no solid reputation or controls in place to make these guarantees. Do you understand their internal controls and does it match the performance you’ve been expecting? The point being is that you have now given the proverbial wheel to someone who may operate at a much lower value structure than you and when you ask them to be more efficient they upsell the pants off of you.
So what happens when your in house or external auditors comes to check on your IT department and they ask you where an application lives or where is your data being housed? Is that when you say “don’t worry I got a great deal at Ray’s cloud shack”?
When your insurance company does an audit to see if you are being SOX compliant and says “where is your data”? That’s when you can really show them something cool as you lean your head out of the window and point to the sky and say “somewhere up there”.
I’m obviously joking around right now but I am also kind of serious. These are some hard questions to answer for and how will it reflect on the business itself when these can’t be explained.
So now what if you want to bring it back in house, how much fighting do you expect to do with sales people? What do you think it’s going to cost in integration consulting to put the data back into the systems in house? What effort will need to be put forth to take them back from the cloud.
It reminds me of the whole offshoring thing that was big about 5 plus years ago when companies were trying save money with this wealth of overseas talent that would work for half the price. People were lining up until they got hit with the old bait and switch; for those of you who have gone threw it will remember this quite well. The first wave of talent was wonderful, things seemed to flow well and people gave up more and more control of their business until the talented ones started vanishing for better jobs. Salaries started to rise since it was such a boom there and all of a sudden you got stuck with the not so talented staff. The good ones no longer wanted to work on US time zones because frankly they didn’t have to pull all nighters there was plenty of new work and opportunity. Then the next wave after that was more like “well they seem to have built up such a big middle class over there so now we are going to pick a new country and retrain them”. Needless to say the offshoring model became a big mess and the on-shoring process started bringing data back to businesses. Except for some of the unlucky ones that is, who have yet to bring it back onshore.
So why is this on a Disaster Recovery blog you’re asking? Well Ok then from a DR perspective it sounds great as well. I don’t worry about my data because company XYZ handles everything for me. I no longer care about backups, RTO’s, RPO’s etc because it’s being handled by some big name and all is well. Well that would be a great answer except that even the biggest have fallen short Amazon, and Microsoft to name a couple.
So what is an acceptable point of loss on your data? What does the cloud provider promise in exchange for your downtime if anything? Obviously with the companies affected in the above links you are talking millions of dollars by the minute so where would your business list in a priority order of recovery behind them? If your company is big enough I’m sure they’ll send a Sales Exec of some nature to take you out for a night on the town so you will hopefully forget about it. The way I see things is fool me once shame on you; fool me twice I just lost my job. In the midst of this rush to the cloud, businesses now have higher bandwidth requirements, reliability on 3rd party vendors and service levels that may or may not provide anything. Security has become a big factor along with call quality and who is actually going to pick up the phone on the other end when you have an issue.
The 800 pound gorilla in the room and my inspiration in writing this is also around security. Ed Snowden’s revelation around the NSA’s spying program called prism brought a lot of attention to the cloud. It is estimated that US cloud service providers will lose 10%-20% of the foreign market which clocks in around $35 Billion dollars. Facts are facts and some articles are saying that a lot of people haven’t moved it in house yet and that it’s no big deal and I say they are really just kidding themselves. I think most companies are dealing with some of the above examples I gave about moving in house and most of the PR firms are just trying to calm the anxiety. I must have seen 20 plus articles a day on security problems from Microsoft giving the NSA their security bugs before the actual users to default backdoor accounts on SAN devices etc. I don’t play the stock market too heavily but in the ebb and flow of the IT world I’m guessing security is making a comeback and will be the next big ticket item.
Another security concern is logging. This also plays into DR because you don’t know who is actually logged into those systems at a particular time and what information they have entered. Do you have batch scripts running to validate users or can some kid take their parents cell phone and open an app to wreak havoc? When the power goes out was anything collecting the cache of that user who may have just put in a full day of entry only to have it disappear? These are some things to consider before putting all of your eggs into one basket and take it from an expert that’s the last thing you want to do.
When DR is handled in house or with a failover site you have much greater control over your own data and SLA’s. When someone with a stack of spreadsheets corners you and asks questions about your data you will have actual answers. When security is a concern you can have 5 firewalls, SSL certs, a German Shepard the possibilities are endless. I would take all of the questions I just raised and bring them to your (AAS) and find out if it’s really worth it and what’s truly acceptable for your company. If the benefit outweighs the cost then have at it but if not then use my ideas to look like a rock star when you are in your next delivery meeting.
Until next time.