Cloud computing: the lessons learned

Concerns over vendor lock-in and performance tend to increase after cloud adoption, finds a Computing survey

Just a couple of years ago, some prominent analysts would have had us believe that cloud computing was poised to sweep all before it. Firms would be queuing up to fill roadside skips with newly-redundant hardware, and IT staff would be rede-ployed as strategic information workers, while server rooms would be refitted as high-tech breakouts or Google-esque "snugs".

While there have been major advances in the use of the cloud, even its most ardent advocates would admit that take-up has not been as rapid or as far reaching as most had imagined.

Among 150 IT professionals in medium-to-large organisations surveyed by Computing, two-thirds have adopted some form of cloud computing (figure 1). But of those that have, more than half said adoption was "to a very limited extent" while just one in 20 had placed more than half of their operations in the cloud.

[Click to enlarge]

In particular, moving legacy and mission-critical applications to the cloud remains a minority pursuit. So what are the sticking points?

With many IT ventures, difficulty in making the business case can be a stumbling block, but this is not to blame in this case.

Among survey respondents using cloud services, the decision to adopt came directly from senior business executives in 10 per cent of cases, while in a further third the board was persuaded by either the financial or operational advantages, or by a pilot study. In most of the remainder, the board trusted the IT department to produce the goods.

Instead, the reluctance to fully embrace cloud services stems from fears by IT leaders that shifting mission-critical applications to the cloud may offer few advantages and merely put essential operations at risk.

The survey found that, despite a concerted effort on the part of cloud suppliers to persuade businesses that there is a cloud to suit every business and regulatory scenario, generalised concerns about security and control remain stubbornly in place.

The barriers to increased adoption

Data security is still by far the overriding concern among IT decision makers, cited by over 70 per cent of those who say that cloud services will play no significant part in the make-up of their IT systems any time soon. This will come as a disappointment to PR departments at cloud vendors, who have spent significant energy and resources trying to paint a picture of enhanced security. It seems that that no amount of assurance will convince a large subsection of punters that the type of world-class infrastructure cloud suppliers deploy will make their data any more secure than if it were kept on-premises.

"Security of confidential data [is the main reason for keeping key data onsite]; cloud solutions generally give relatively poor guarantees around data security/availability," said one respondent.

After data security, over-reliance on a third party (37 per cent, with vendor lock-in also cited by 12 per cent), compliance issues over datacentre location and data transfer (31 per cent), and infrastructure security (28 per cent) were perceived to be the next most serious obstacles.

Such concerns, which are making a significant number of organisations wary of going further with the cloud model even after they have dipped in a toe, have remained stubbornly fixed over the past two or three years. So do these fears melt away on closer acquaintance with the cloud?

Lessons learned

Among IT heads who have taken the plunge and moved important functions to the cloud, the survey suggests a subtle shift in the nature of their concerns. While security fears lessen to a degree, there is some evidence that concerns over performance and contractual issues actually increase (figure 2).

[Click to enlarge]

Starting with security, the message is clear. While they remain relatively high, data security worries do tend to lessen after moving to the cloud.

Cloud computing: the lessons learned

Concerns over vendor lock-in and performance tend to increase after cloud adoption, finds a Computing survey

What keeps fear levels high, even after a successful migration, may be simply that the IT department is effectively outsourcing security and availability of core systems to a third party, which will always be a source of anxiety.

Such concerns are best faced by choosing a reputable cloud supplier with a long track record, ISO accreditations and a verifiable security audit trail. In addition, the SLA should be clear about the sort of recompense available should the worst occur, with any extenuating circumstances laid out, and the procedures to be followed in the event of a buyout, merger or other substantial changes to the cloud provider should all be made clear.

Ultimately, though, security concerns may only be laid to rest once the industry can find a way to hand back some control over data security measures to the CIO, perhaps through an insurance scheme that quantifies risk in a meaningful way, guarantees recompense and provides some real choice and viable options to customers.

Don’t lock me in

Cloud experience seems to allay worries about regulatory compliance too, with 16 per cent of users voicing concern compared with 32 per cent of non-users. Once negotiations have been concluded and a trained legal eye passed over contracts and SLAs, with boxes ticked and liability established in the event of a breach, compliance issues becomes less of a concern.

However - and this will also trouble cloud providers - fears about vendor lock-in actually seem to increase with experience (see figure 2). While it would be unwise to read too much into the results of a single survey, it stands to reason that any organisation that entrusts mission-critical data, applications or functions to a third party is, to some extent, over a barrel. It may be much more trouble than it is worth migrating core applications to an alternative provider or taking them back in-house, and it could be that some less-scrupulous suppliers are pressing home their advantage.

Anecdotally, some readers mentioned that service providers are more than happy to accommodate customers while they scale up cloud operations, but are much less accommodating when they wish to scale back. Other customers have found themselves paying hidden charges to cover services they had assumed were included in the contract.

Customers need to be sure they have a clear and workable exit strategy in place, while for their part, cloud providers can help their long-term prospects by introducing greater transparency into their Ts & Cs, as well as working to ensure standardisation and interoperability.

Go slow

Before leaping into cloud-based provision of high-performance database-intensive applications where latency tolerances are measured in microseconds, organisations need to take a careful look at the cloud’s suitability for such applications. Latency and performance issues were cited as barriers to further cloud adoption by 23 per cent of serious cloud users, as opposed to just 11 per cent of those with no mission-critical applications in the cloud.

A move to the cloud implies virtualisation. While improvements to hypervisors and processors have been made, there will always be a price to pay, however small, in the performance of virtualised applications. The physical distance that signals have to travel from cloud datacentre to end user will also, inevitably, introduce latency. For this reason, the cloud may never be suitable for applications such as trading systems.

The survey results, showing that concerns about performance rise post-migration, indicate that this is a problem that might be too readily overlooked.

Growing up

Cloud computing is now reaching the next stage in its maturity. The familiar service subdivisions such as SaaS, PaaS and IaaS are standardising and merging around specific functions to form what is known as business process as a service (BPaaS) - effectively cloud-based platforms that are designed to support industry-specific business processes.

It will be interesting to see whether this latest iteration breaks through the logjam of concerns to create the cloud-based future that many have predicted for so long.

@ComputingJohn