Welcome!

@CloudExpo Authors: Harry Trott, Elizabeth White, Liz McMillan, Pat Romanski, Astadia CloudGPS

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Blog Feed Post

Cloud Computing Challenges and the Balance Between Risks and Benefits

Now let's now look at some Cloud Challenges (Part 2 of 2)

In the previous article we looked at some Cloud Security Advantages.

Now let's now look at some Cloud Challenges.

Cloud Challenges

Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations can’t be examined
Loss of physical control; Data dispersal and international privacy laws
• Need for isolation management
• Multi-tenancy
• Logging challenges
Data ownership issues
• Quality of service guarantees
• Dependence on secure hypervisors
Attraction to hackers (high value target)
• Possibility for massive outages
• Encryption needs for cloud computing

Let's look depper into a few of the major concerns.

How can you be sure your Data is Safe?

Data safety in the cloud is not a trivial concern. Some online storage vendors such as The Linkup and Carbonite have lost data, and were unable to recover it for customers.

Secondly, there are data access governance concerns, because there is the danger that sensitive data could fall into the wrong hands, either as a result of people having more privileges than required to do the job or by accidental or intentional misuse of the privileges they were assigned to do their job.

For example, how can you be sure that Cloud providers (especially external providers) apply the right patches, workarounds, access restriction, isolates systems in a secure way? How can you be sure that they are doing what they are meant to do (no more and no less)? Who establishes, maintains and checks audit trails (assuming they are being done in the first place)?

Data segregation is another major concern, because in the cloud your data is typically in a shared environment alongside with data from other customers. Find out what is done to segregate data, besides encryption.

Ensuring Compliance in the Cloud

When it comes to compliance, more questions arise than answers!
For example, if you have customer data in the cloud (files, documents, emails, memos, scanned images, etc.) what controls are available to ensure compliance with your published privacy policies and with the privacy and freedom of information regulations in all of the countries where you do business? Where does liability falls in the case of law suits?


Monitoring SLA's and Contracts

Before choosing a cloud vendor, due diligence is necessary by thorough examination of the Service-Level Agreements (SLA's) to understand what they guarantee and what they don’t. In addition, scour through any publicly accessible availability data. Amazon, for example, maintains a "Service Health Dashboard" that shows current and historical up-time status of its various services.

Regarding the level of performance, there will always be some network latency with a cloud service, possibly making it slower than an application that runs in your local data center. But thirdparty vendors, such as RightScale, are building services on top of the cloud to make sure applications can scale and perform well.

But even when SLA's are set and contracts are signed, there are some concerns that should not be ignored. For example, who is responsible for monitoring, auditing and enforcing the SLA's? Or if security is breached or audits fail, who is responsible for measuring and reporting those breaches? What liability for your business is there in the case of a breach of the SLA?

Since the Cloud Service consumer has no visibility inside the cloud, the only option is to trust the provider. Until an independent entity arises that performs those verifications, providers have little or no incentive to admit fault.

Integration with Your Legacy Systems

Of course you are not going to rely entirely on the Cloud, far from it. Therefore, there will be plenty of integration work integrating Cloud Applications with your Legacy Systems, as well as securing the applications as they move around the cloud and your legacy systems.


Can Applications Move From One Cloud to Another?

Yes, but that doesn't mean it will be easy, because there are two main issues here: interoperability and migration cost policies.

Regarding interoperability, Cloud vendors will have to adopt standards-based technologies in order to ensure true interoperability. The recently released "Open Cloud Manifesto" supports interoperability of data and applications, while the Open Cloud Consortium is promoting open frameworks that will let clouds operated by different entities work seamlessly together. The goal is to move applications from one cloud to another without having to rewrite them.

However, there are two sides to this coin: the massive capital investments Cloud Computing providers have made in their data centers, on hardware and software, on highly qualified personnel and so on, will not be generating revenue if customers leave, so customers may incur switching and migration costs.

Another reason this concern is very important is if your Cloud provider disappears, as happened with the provider Coghead:

“Then, on Feb. 18, 2009, came the death knell, in an e-mail to customers announcing Coghead was ending its cloud-based development platform service immediately "due to the impact of economic challenges." ERP giant SAP bought Coghead's intellectual property but pulled the plug on the development platform, giving customers until April 30 to retrieve their applications and data.

It took about 4.5 person-months for Shockey, founder and principal of Hekademia
Consulting, to port his CRM application from Coghead to Intuit's QuickBase database.
While he's philosophical about the forced migration, it's a stark reminder of how quickly a cloud vendor can go under.”

(source:
http://www.itworld.com/saas/66657/what-do-if-your-cloud-provider-disappears)


The Delicate Balance Between Risks and Benefits

Keep in mind that before moving to the cloud (as with any emerging technology and businessmodel) the most important aspect is that you know your team, know your solutions, and know the Cloud providers.

The decision to move to the cloud should involve at minimum enterprise architects, developers, product owners/stakeholders, IT leadership, and outsourcing teams.

Take into account that human capital in your organization may be lacking, because exploring new models requires an adventurous spirit and technical astuteness, and if your team is not willing to stretch and learn new things, Cloud Computing can be very frustrating. Also consider the chance that some of your team elements, may think (and with some reason) that Cloud Computing may place their jobs at risk.

Some business managers are simply too scared to move forward with Cloud initiatives! However, this concern, while valid, is not insurmountable. Solutions do exist and are being finetuned every day.

There are countless examples of successful Cloud Computing implementations, and that's what we will see at next article.

Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola


P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?
- What are the Cloud Computing Challenges and Risks? (Part 1: Cloud Security Advantages!)

Read the original blog entry...

More Stories By Maria Spínola

Maria Spínola is a Researcher, White Paper Author and Copywriter, and Cloud Computing Evangelist and Advisor with more than 15 years experience in enterprise information technologies.

She holds a Software Engineering degree and a "Marketing and Innovation in Retail and Distribution" pos-graduation.

@CloudExpo Stories
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
Any startup has to have a clear go –to-market strategy from the beginning. Similarly, any data science project has to have a go to production strategy from its first days, so it could go beyond proof-of-concept. Machine learning and artificial intelligence in production would result in hundreds of training pipelines and machine learning models that are continuously revised by teams of data scientists and seamlessly connected with web applications for tenants and users.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I will be talking about ChatOps and ChatOps as a way to solve some problems in the DevOps space," explained Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Karthik Lalithraj, a Principal Solutions Architect at Kinetica, discussed how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
"We want to show that our solution is far less expensive with a much better total cost of ownership so we announced several key features. One is called geo-distributed erasure coding, another is support for KVM and we introduced a new capability called Multi-Part," explained Tim Desai, Senior Product Marketing Manager at Hitachi Data Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-securit...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, will examine the regulations and provide insight on how it affects technology, challenges the established rules and will usher in new levels of diligence...
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, presented an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He then expounded on the industry issues he frequently came up against as an analyst, and ...
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, discussed the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information.
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.