Every cloud has a silicon lining | Part 2(a)

In this F2MKE.co.uk blog series I explore cloud computing.  What is it?  What are the advantages versus risks?  What must businesses and schools check before putting their heads in the Cloud?  Does Cloud make sense in these times of austerity?

To read Part 1 of Every cloud has a silicon lining go to http://www.f2mke.co.uk/2011/01/18/every-cloud-has-a-silicon-lining-part-1/

The emergence of Cloud computing posed a threat to some of the largest and most powerful IT businesses in the world… And it may still do so?  It was inevitable that cumuliform clouds would reign before settling into cirrostratus.

And this tempestuous climate was fuelled by arguments about security and supplier lock-in, reliability and capacity, cost and efficiency…  The arguments continue.  Part 2 of Every cloud has a silicon lining aims to distil the key arguments and offer an objective view.  Oh, and perhaps start off a few more debates? 😉

Let’s tackle security first.

Security concerns are an all too familiar first line of defence against change in the IT world.  Often this is to protect current preferred working practices, or a sound profiteering business model, but mostly because change means risk.  Oh and change!  However, security should not be downplayed and should play a key part in any decision-making process.

Trusting all of the important tools and data that you rely upon to deliver your business, or run your school, to a group of masked cherubs sitting on a cloud somewhere in the ether deserves an initial gulp!  But step back for a moment and meditate upon that gulp…

Masked Cherub on a Cloud

The majority of security breaches are caused by humans.  A cloud provider’s business model relies upon massive economies of scale, ergo less humans, ergo less room for human error – be it deliberate or not.

You would typically enter into a contract with a third party – cloud provider or not – with some, at least basic, clauses and penalties around loss of data or service.  Would you have similar reassurances within your own business?   

There are cost implications to consider here too.  When searching for your perfect cloud providing partner you can specify all manner of security standards that must be contractually adhered to.  The likelihood is that they are geared up for this to be able to appeal to as wider market as possible and achieve the aforementioned economies of scale – it’s a core part of their business – but are you?  How much would it cost your organisation to achieve and maintain the ISO/IEC 27001/2 standard?

How much more would it cost to be certain that your hardware, software and the place(s) that it’s all kept stays as secure as possible?  ‘Simple’ patch management alone can be a surprisingly bulky overhead.  Large cloud suppliers will afford better security tools, experts and infrastructure.

The risks to focus upon are browser vulnerabilities – most cloud services are accessed through the web browser and these are a favourite target for hackers.  A large cloud provider may well pose an interesting target for hackers or even terrorists too!  These risks are mitigated by the highly competitive web browser market and the importance that a cloud services provider must attach to their reputation.  In both cases, even if a vulnerability is not exploited, the knowledge that it existed will be damaging.

And what about supplier lock-in?

Moving all of your services and critical data into the cloud could leave you vulnerable should you decide to switch supplier, or wish to share data in your systems with another service provider?   Your supplier may decide to increase costs, or decommission a service that you rely upon?  You may become dissatisfied with the service, or a better alternative could enter the market?  You may wish to pick and choose services from multiple suppliers for a best of breed solution?

For example, your main cloud provider may offer you an integrated Management Information System and learning platform, library, catering and cashless systems.  However, you want to switch learning platform and integrate with an alternative library system.

The immediate question is, “how do I get my data out?”.

There are some actions that you can take to mitigate these risks.  As well as sensible contractual exit clauses, insist upon services that offer industry, better still open, standards for data interoperability.

In the UK (and US, Australia, Norway, etc…) education sector there is the Systems Interoperability Framework (SIF).  For more information search for SIF at F2MKE.co.uk or visit http://www.sifinfo.org/uk/.

Furthermore, the likelihood is that competing suppliers will be eager to win your business and will already have tools available to migrate your data from competitor systems.

In some ways there are parallel risks where an organisation develops and maintains services in-house.  For example, data can be ‘trapped’ in bespoke systems and require bespoke, often expensive, solutions to migrate the valuable data out.  A key employee may decide to leave the organisation and take their specialist expertise with them – or hold you to ransom!?

In Part 2(b) of Every cloud has a silicon lining we’ll delve deeper into the advantages of Cloud Computing versus the risks.

One Response to Every cloud has a silicon lining | Part 2(a)

Leave a Reply

Your email address will not be published. Required fields are marked *