How to make the right choice with cloud IT services
June 13, 2012
With all of the conflicting messages on cloud services coming from technology companies, it can be difficult to work out what is actually best for you. What are the pros and cons of the different models?
‘Beware of the false cloud," said Marc Benioff, the CEO of Salesforce, recently, taking aim at rival cloud service providers and their "fundamentally misnamed" solutions. But while such sniping is not unusual among cloud providers, who all use different definitions to cast their own narrowly focused "cloud" products in the best light, most customers just want something that gets the job done cheaply and safely.
For the purest definition of a cloud, turn to the National Institute of Science and Technology (Nist). It defines the cloud as a shared pool of computing resources that can be configured, provisioned and released quickly and easily, without the help of a service provider. The cloud is "elastic", which means services, such as processing power or storage, can be scaled up or down very easily depending on user need…
Those users can serve themselves through on-demand portals and are metered accordingly, just as homes are metered for electricity. These resources can be accessed from anywhere.
That seems simple enough. So why all the bickering over definitions?
The problem isn’t the destination, but the journey. There are several ways to reach Nist’s cloud nirvana. You can build your own private cloud, using management software running on your own computers, to help make it elastic and easy to provision. Or, you can rent other people’s software under a software-as-a-service (Saas) model, such as Microsoft Office 365. And there are a whole raft of options in between.
"Saas is maturing fastest," argues Rob Price, a director at systems integrator Atos Origin. It is agile, you can get up and running with it very quickly, and highly scalable. It is also usually accessed over the internet, so Saas is relatively simple to install and it can be operated on any connected device.
But it can be inflexible, says Tony Lock, managing director at IT analyst firm Freeform Dynamics. Companies can build software to help them integrate Saastogether with their own applications, but "relatively isolated things make the best candidates," he says.
And Saas means that every customer gets a single vanilla service, rather than a custom application to fit their particular business needs. Their data also sits on the same servers. Some won’t be happy with that.
Private clouds retain security and control, says Richard Blanford, managing director of services firm Fordway. "There will always be some apps and data where the risk will be greater when giving it to any third party," he says.
The alternative cloud models are platform as a service (Paas), and infrastructure as a service (Iaas). The former shields users from the servers and other equipment used to run software. Instead, Paas gives developers a set of programming languages, software libraries and other tools that they can use to create and set up their own applications. Well known platforms include Amazon EC2 and Force.com. Paas gives you the flexibility to set up the kind of software that you want, without handling the underlying complexity of servers and storage.
Iaas delivers computing infrastructure, such as networking capabilities, via hosted datacentres, and is for companies that want even more control over an infrastructure without having to run it themselves. It can be good for running non-standard software that is important to the business but can’t fit into a Saas or Paas environment.
Johann Strauss, Huawei’s director of IT product lines, says: "Our recent projects show that there is a big demand on Iaas, since datacentres and customers are facing the following problems: cost, speed, integration, security and energy management."
He adds: "When building datacentres, customers urgently need to raise the efficiency of IT systems and cut the total cost of ownership."
However, the key is integration. Interoperability between public cloud environments is becoming a differentiator among public cloud providers following the downward pressure on pricing, argues Steve Salmon, principal adviser with KPMG’s CIO Advisory Practice.
That interoperability will become increasingly important over time if, as Paul Casey, practice leader for cloud, virtualisation and automation at Computacenter predicts, companies end up taking multiple routes to the cloud.
"I think that people will choose different delivery models and a blend of different services," he says. This will happen as they stop struggling for short-term solutions and start building longer-term strategies around cloud computing.
Data security — setting standards
There is a tradeoff between convenience and security in the public cloud, which is a commodity service offered at relatively low cost.
Companies that do want to store data in the public cloud should ask their cloud service provider to prove their security by asking for compliance with security standards, but which one?
There are choices from organisations such as the Cloud Security Alliance, and the European Network and Infrastructure Security Agency (ENISA). These standards are relatively unestablished. No wonder cloud providers focus on more established ones such as ISO 27001, which is part of a series of best practice recommendations on information security published jointly by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC).
In a year or two, this may all be thrown into sharp focus. Today, if a company’s cloud provider loses its customers’ data, the customers can’t sue the cloud provider. Data protection regulation working its way through the EU will change that, explains John Armstrong, a solicitor at CMS Cameron McKenna. It will also open cloud providers up to large fines from data protection regulators.
That may not make the cloud any safer, but it will let customers at least hold cloud service providers to account.
DB
Storage — synchronisation and safety
Just over two years ago, the floppy disk officially died. Sony declared that it would no longer make the 3.5-inch floppy, which graced office desk drawers for almost 30 years. Now, people are increasingly storing their data not on disks, or on USB devices, but in the cloud.
Cloud synchronisation services such as Dropbox, SugarSync, and Apple iCloud, recently joined by Microsoft SkyDrive and Google Drive, copy the data from your local device up to the internet, and then beam them down to all your other computers, synchronising the data across all your devices, using software that runs in the background on your computer. There are unquestionable benefits.
Firstly, such services make your data more resilient. If one of your computers’ hard drives dies or is lost or stolen, your information is still available in at least one other place.
Secondly, they make your data more accessible, because you can get at it wherever you are. No more kicking yourself when you’re on the road because you left an important file on your office machine.
Thirdly, some of these services carry extra benefits, serving as a kind of electronic memory. Another synchronisation program called Evernote, for example, not only stores and synchronises all of your text files, but indexes them too, making them easily searchable.
There are dangers to these services too. A synchronisation service provider might be hacked, or one of your synchronised devices stolen.
Services such as Dropbox store files encrypted on their servers, so that thieves would need the decryption keys to read them – unless they guessed or stole your login credentials.
One answer is to encrypt the information before it is synchronised. Synchronisation is probably the safest way to protect your files from hard drive crashes, but a little common sense when first creating and storing files on your local device will also help.