A recent tweet by @sapnwcloud, pointed in the direction of a new promo video about the SAP Netweaver Cloud Service offering. The tweet was followed with a "Tell us what you think". I'm quite a cloud fan, and thought the video perfectly showcased SAPs Netweaver Cloud service offering. On the other hand, I also found that summarizing what's in the box doesn't completely cut it. Many IT managers are considering cloud solutions, but quite a lot of them still experience a feeling of discomfort with regards to extending their operations to the cloud.
It is quite a challenge to pinpoint the issues that these IT managers were referring to, let alone how they can be addressed (in a video). Because I think I'm not the only one struggling to answer questions about an "uncomfortable feeling", I decided to blog about it, of course hoping for excellent community feedback on how to get these IT managers to sleep better at night, while knowing their data is securely stored in the cloud.
When I came to think about the people I have spoken to about cloud and their reservations with regards to moving to the cloud, I believe these are their top-three areas of concern:
- The cloud is difficult to grasp
You could probably argue that they should buy a few good books from Amazon, or perhaps start with Wikipedia. I also believe the lack of understanding about cloud services is caused by the fuzziness and variety in cloud offerings (IAAS/SAAS/PAAS, Public/Private/Hybrid, the way they work, where they are located, SLAs etc), and unclarity about consequences of certain choices in terms of application management, compliance and accountability.
I think it takes quite a study to be able to ask the right questions and find the key challenges and considerations to select the right cloud model(s). And I don't believe many people are excellent cloud buyers by nature. Cloud service providers should articulate clearly what their service offering is about, how their solution helps and what its unique selling points are.
Another topic that always returns is security. Although technical security around cloud services is perhaps even tighter and better set-up than most corporate networks, there are more considerations than just firewalls, encryption and other tech. At a time when even better brands, like LinkedIn, Sony, Apple and Amazon are referred to in hacking reports, recurring topics are:
- "Because cloud service providers host multiple tenants, they're obviously a more interesting target for hackers than my own single-tenant datacentre"
- "If my neighbour's house is on fire, so is mine"
- Where is my data?
...and do I comply with EU data export rules ...and is it subject to the patriot act?
Just to outline the consequences: the Patriot Act allows the FBI to search telephone, e-mail, and financial records of any American legal entity without a court order, and the expanded access of law enforcement agencies to business records, including library and financial records.
Cloud service providers should be clear on where data of their customers resides and which legal entity is hosting it. Full disclosure on which laws and jurisdiction applies is a must.
Forrester, Gartner and IDC foresee a great future for cloud computing (see slide below), but before these numbers will be able to really materialize in that magnitude, cloud service providers should make sure IT managers sleep better with their data in the cloud.
Suggestions on how to make cloud buyers sleep better are very welcome. Please do not hesitate to comment if you have experiences in this area.