Make no mistake, despite very public emarrassments at Sony and Amazon, cloud computing is here to stay. IT providers need to embrace the paradigm and IT users need to see beyond the hype and plan the best delivery platform for the services their business depends on.
(In fact the cloud paradigm is not so new: BT deliver voice and the BBC deliver TV and radio from “the cloud” to customers who have no involvement with the technology or processes that the services depend on).
Sony left a security loophole which allowed thousands of Playstation users’ details to be revealed. Amazon carried out a network upgrade which went wrong and denied companies access to AWS services for 10 days.
There are two lessons that I would draw from these recent incidents:
One: No one is too big to fail
The first is not to make assumptions about the performance, reliability or security of cloud IT services just because they are delivered by a huge multinational. You would imagine that Microsoft, Google, Sony and Amazon has armies of highly qualified and experienced IT staff, manning vast datacentres providing the finest available IT services. You’d be right, but that didn’t stop all four organisations having falures in systems or security relating to cloud services in the last couple of years. There will undoubtedly be more.
An intelligent approach to using cloud services would be to ensure that you do not place too much reliance on one provider: Amazon client companies who handled the AWS outage best had actually planned for such an eventuality and had a failover plan ready. Some were able to get going again in less 15 minutes.
The same logic that applies to any IT system applies to cloud services: plan for the day when it will fail and don’t assume that it is immune because of a particular brand name.
Two: Reversed economy of scale?
The other lesson is that big providers, despite having virtually limitless resources, do make attractive targets for organised hacking campaigns. It wasn’t heavily publicised at the time but in January 2010, Google discovered that they were being comprehensively hacked by the Chinese. The doors were subsequently bolted and Google even took steps to hack the perpetrators back. However, given that the Chinese government are likely to have every line of Google code up to January 2010, at what point should businesses become confident enough to switch their email to the Google platform?
Oil & gas companies have plenty to worry about on this score since the global energy industry was targeted by a well-organised network hacking campaign in Februuary 2011 – dubbed Night Dragon by McAfee.
Our recommendation is that companies should examine the pros and cons of any IT service, cloud or onsite, from the perspectives of performance, security, service levels and features as well as cost. A knee-jerk reaction aimed at reducing the cost of an expensive IT department could easily backfire if the decision were entered into without some detailed analysis beforehand.