Welcome!

@CloudExpo Authors: Pat Romanski, Elizabeth White, Yeshim Deniz, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Blog Feed Post

Cloud Computing Challenges and the Balance Between Risks and Benefits

Now let's now look at some Cloud Challenges (Part 2 of 2)

In the previous article we looked at some Cloud Security Advantages.

Now let's now look at some Cloud Challenges.

Cloud Challenges

Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations can’t be examined
Loss of physical control; Data dispersal and international privacy laws
• Need for isolation management
• Multi-tenancy
• Logging challenges
Data ownership issues
• Quality of service guarantees
• Dependence on secure hypervisors
Attraction to hackers (high value target)
• Possibility for massive outages
• Encryption needs for cloud computing

Let's look depper into a few of the major concerns.

How can you be sure your Data is Safe?

Data safety in the cloud is not a trivial concern. Some online storage vendors such as The Linkup and Carbonite have lost data, and were unable to recover it for customers.

Secondly, there are data access governance concerns, because there is the danger that sensitive data could fall into the wrong hands, either as a result of people having more privileges than required to do the job or by accidental or intentional misuse of the privileges they were assigned to do their job.

For example, how can you be sure that Cloud providers (especially external providers) apply the right patches, workarounds, access restriction, isolates systems in a secure way? How can you be sure that they are doing what they are meant to do (no more and no less)? Who establishes, maintains and checks audit trails (assuming they are being done in the first place)?

Data segregation is another major concern, because in the cloud your data is typically in a shared environment alongside with data from other customers. Find out what is done to segregate data, besides encryption.

Ensuring Compliance in the Cloud

When it comes to compliance, more questions arise than answers!
For example, if you have customer data in the cloud (files, documents, emails, memos, scanned images, etc.) what controls are available to ensure compliance with your published privacy policies and with the privacy and freedom of information regulations in all of the countries where you do business? Where does liability falls in the case of law suits?


Monitoring SLA's and Contracts

Before choosing a cloud vendor, due diligence is necessary by thorough examination of the Service-Level Agreements (SLA's) to understand what they guarantee and what they don’t. In addition, scour through any publicly accessible availability data. Amazon, for example, maintains a "Service Health Dashboard" that shows current and historical up-time status of its various services.

Regarding the level of performance, there will always be some network latency with a cloud service, possibly making it slower than an application that runs in your local data center. But thirdparty vendors, such as RightScale, are building services on top of the cloud to make sure applications can scale and perform well.

But even when SLA's are set and contracts are signed, there are some concerns that should not be ignored. For example, who is responsible for monitoring, auditing and enforcing the SLA's? Or if security is breached or audits fail, who is responsible for measuring and reporting those breaches? What liability for your business is there in the case of a breach of the SLA?

Since the Cloud Service consumer has no visibility inside the cloud, the only option is to trust the provider. Until an independent entity arises that performs those verifications, providers have little or no incentive to admit fault.

Integration with Your Legacy Systems

Of course you are not going to rely entirely on the Cloud, far from it. Therefore, there will be plenty of integration work integrating Cloud Applications with your Legacy Systems, as well as securing the applications as they move around the cloud and your legacy systems.


Can Applications Move From One Cloud to Another?

Yes, but that doesn't mean it will be easy, because there are two main issues here: interoperability and migration cost policies.

Regarding interoperability, Cloud vendors will have to adopt standards-based technologies in order to ensure true interoperability. The recently released "Open Cloud Manifesto" supports interoperability of data and applications, while the Open Cloud Consortium is promoting open frameworks that will let clouds operated by different entities work seamlessly together. The goal is to move applications from one cloud to another without having to rewrite them.

However, there are two sides to this coin: the massive capital investments Cloud Computing providers have made in their data centers, on hardware and software, on highly qualified personnel and so on, will not be generating revenue if customers leave, so customers may incur switching and migration costs.

Another reason this concern is very important is if your Cloud provider disappears, as happened with the provider Coghead:

“Then, on Feb. 18, 2009, came the death knell, in an e-mail to customers announcing Coghead was ending its cloud-based development platform service immediately "due to the impact of economic challenges." ERP giant SAP bought Coghead's intellectual property but pulled the plug on the development platform, giving customers until April 30 to retrieve their applications and data.

It took about 4.5 person-months for Shockey, founder and principal of Hekademia
Consulting, to port his CRM application from Coghead to Intuit's QuickBase database.
While he's philosophical about the forced migration, it's a stark reminder of how quickly a cloud vendor can go under.”

(source:
http://www.itworld.com/saas/66657/what-do-if-your-cloud-provider-disappears)


The Delicate Balance Between Risks and Benefits

Keep in mind that before moving to the cloud (as with any emerging technology and businessmodel) the most important aspect is that you know your team, know your solutions, and know the Cloud providers.

The decision to move to the cloud should involve at minimum enterprise architects, developers, product owners/stakeholders, IT leadership, and outsourcing teams.

Take into account that human capital in your organization may be lacking, because exploring new models requires an adventurous spirit and technical astuteness, and if your team is not willing to stretch and learn new things, Cloud Computing can be very frustrating. Also consider the chance that some of your team elements, may think (and with some reason) that Cloud Computing may place their jobs at risk.

Some business managers are simply too scared to move forward with Cloud initiatives! However, this concern, while valid, is not insurmountable. Solutions do exist and are being finetuned every day.

There are countless examples of successful Cloud Computing implementations, and that's what we will see at next article.

Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola


P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?
- What are the Cloud Computing Challenges and Risks? (Part 1: Cloud Security Advantages!)

Read the original blog entry...

More Stories By Maria Spínola

Maria Spínola is a Researcher, White Paper Author and Copywriter, and Cloud Computing Evangelist and Advisor with more than 15 years experience in enterprise information technologies.

She holds a Software Engineering degree and a "Marketing and Innovation in Retail and Distribution" pos-graduation.

CloudEXPO Stories
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a member of the Society of Information Management (SIM) Atlanta Chapter. She received a Business and Economics degree with a minor in Computer Science from St. Andrews Presbyterian University (Laurinburg, North Carolina). She resides in metro-Atlanta (Georgia).
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world’s first provider of an Enterprise Linux distribution. Today, thousands of businesses worldwide rely on SUSE for their mission-critical computing and IT management needs.
Mid-sized companies will be pleased with StorageCraft's low cost for this solution compared to others in the market. There are no startup fees, our solution has a predictable monthly cost, highly competitive pricing and offers ongoing value for our partners month after month. By enabling pooling and StorageCraft's 30-days of free virtualization the company removes several concerns surrounding machine size management and disaster recovery testing costs that add to the complexity of implementing a disaster recovery solution. In addition, their One-Click orchestration makes it simple to recover when needed, as all the work to setup a network and different connections is already complete.