Welcome!

@CloudExpo Authors: Elizabeth White, Jyoti Bansal, Steve Latham, Jim Hansen, Jnan Dash

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Blog Feed Post

Cloud Computing Challenges and the Balance Between Risks and Benefits

Now let's now look at some Cloud Challenges (Part 2 of 2)

In the previous article we looked at some Cloud Security Advantages.

Now let's now look at some Cloud Challenges.

Cloud Challenges

Trusting vendor’s security model
• Customer inability to respond to audit findings
• Obtaining support for investigations
Indirect administrator accountability
Proprietary implementations can’t be examined
Loss of physical control; Data dispersal and international privacy laws
• Need for isolation management
• Multi-tenancy
• Logging challenges
Data ownership issues
• Quality of service guarantees
• Dependence on secure hypervisors
Attraction to hackers (high value target)
• Possibility for massive outages
• Encryption needs for cloud computing

Let's look depper into a few of the major concerns.

How can you be sure your Data is Safe?

Data safety in the cloud is not a trivial concern. Some online storage vendors such as The Linkup and Carbonite have lost data, and were unable to recover it for customers.

Secondly, there are data access governance concerns, because there is the danger that sensitive data could fall into the wrong hands, either as a result of people having more privileges than required to do the job or by accidental or intentional misuse of the privileges they were assigned to do their job.

For example, how can you be sure that Cloud providers (especially external providers) apply the right patches, workarounds, access restriction, isolates systems in a secure way? How can you be sure that they are doing what they are meant to do (no more and no less)? Who establishes, maintains and checks audit trails (assuming they are being done in the first place)?

Data segregation is another major concern, because in the cloud your data is typically in a shared environment alongside with data from other customers. Find out what is done to segregate data, besides encryption.

Ensuring Compliance in the Cloud

When it comes to compliance, more questions arise than answers!
For example, if you have customer data in the cloud (files, documents, emails, memos, scanned images, etc.) what controls are available to ensure compliance with your published privacy policies and with the privacy and freedom of information regulations in all of the countries where you do business? Where does liability falls in the case of law suits?


Monitoring SLA's and Contracts

Before choosing a cloud vendor, due diligence is necessary by thorough examination of the Service-Level Agreements (SLA's) to understand what they guarantee and what they don’t. In addition, scour through any publicly accessible availability data. Amazon, for example, maintains a "Service Health Dashboard" that shows current and historical up-time status of its various services.

Regarding the level of performance, there will always be some network latency with a cloud service, possibly making it slower than an application that runs in your local data center. But thirdparty vendors, such as RightScale, are building services on top of the cloud to make sure applications can scale and perform well.

But even when SLA's are set and contracts are signed, there are some concerns that should not be ignored. For example, who is responsible for monitoring, auditing and enforcing the SLA's? Or if security is breached or audits fail, who is responsible for measuring and reporting those breaches? What liability for your business is there in the case of a breach of the SLA?

Since the Cloud Service consumer has no visibility inside the cloud, the only option is to trust the provider. Until an independent entity arises that performs those verifications, providers have little or no incentive to admit fault.

Integration with Your Legacy Systems

Of course you are not going to rely entirely on the Cloud, far from it. Therefore, there will be plenty of integration work integrating Cloud Applications with your Legacy Systems, as well as securing the applications as they move around the cloud and your legacy systems.


Can Applications Move From One Cloud to Another?

Yes, but that doesn't mean it will be easy, because there are two main issues here: interoperability and migration cost policies.

Regarding interoperability, Cloud vendors will have to adopt standards-based technologies in order to ensure true interoperability. The recently released "Open Cloud Manifesto" supports interoperability of data and applications, while the Open Cloud Consortium is promoting open frameworks that will let clouds operated by different entities work seamlessly together. The goal is to move applications from one cloud to another without having to rewrite them.

However, there are two sides to this coin: the massive capital investments Cloud Computing providers have made in their data centers, on hardware and software, on highly qualified personnel and so on, will not be generating revenue if customers leave, so customers may incur switching and migration costs.

Another reason this concern is very important is if your Cloud provider disappears, as happened with the provider Coghead:

“Then, on Feb. 18, 2009, came the death knell, in an e-mail to customers announcing Coghead was ending its cloud-based development platform service immediately "due to the impact of economic challenges." ERP giant SAP bought Coghead's intellectual property but pulled the plug on the development platform, giving customers until April 30 to retrieve their applications and data.

It took about 4.5 person-months for Shockey, founder and principal of Hekademia
Consulting, to port his CRM application from Coghead to Intuit's QuickBase database.
While he's philosophical about the forced migration, it's a stark reminder of how quickly a cloud vendor can go under.”

(source:
http://www.itworld.com/saas/66657/what-do-if-your-cloud-provider-disappears)


The Delicate Balance Between Risks and Benefits

Keep in mind that before moving to the cloud (as with any emerging technology and businessmodel) the most important aspect is that you know your team, know your solutions, and know the Cloud providers.

The decision to move to the cloud should involve at minimum enterprise architects, developers, product owners/stakeholders, IT leadership, and outsourcing teams.

Take into account that human capital in your organization may be lacking, because exploring new models requires an adventurous spirit and technical astuteness, and if your team is not willing to stretch and learn new things, Cloud Computing can be very frustrating. Also consider the chance that some of your team elements, may think (and with some reason) that Cloud Computing may place their jobs at risk.

Some business managers are simply too scared to move forward with Cloud initiatives! However, this concern, while valid, is not insurmountable. Solutions do exist and are being finetuned every day.

There are countless examples of successful Cloud Computing implementations, and that's what we will see at next article.

Thanks, and please let me know how can I help you.
Maria Spínola
http://www.twitter.com/MariaSpinola


P.S. Also see:
- Cloud Computing, in Plain English, to IT Directors, VP's, CIO's and CEO's
- Why Should IT Directors, VP's, CIO's and CEO's Care About Cloud Computing?
- Cloud Equals SaaS, Grid, Utility Computing, Hosting...?
- What Exactly is Cloud Computing?
- Why Large Public and Private Sector Organizations (not just SMB's) Are Seriously Considering Cloud Computing?
- What are the Cloud Computing Challenges and Risks? (Part 1: Cloud Security Advantages!)

Read the original blog entry...

More Stories By Maria Spínola

Maria Spínola is a Researcher, White Paper Author and Copywriter, and Cloud Computing Evangelist and Advisor with more than 15 years experience in enterprise information technologies.

She holds a Software Engineering degree and a "Marketing and Innovation in Retail and Distribution" pos-graduation.

@CloudExpo Stories
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and atten...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
MongoDB Atlas leverages VPC peering for AWS, a service that allows multiple VPC networks to interact. This includes VPCs that belong to other AWS account holders. By performing cross account VPC peering, users ensure networks that host and communicate their data are secure. In his session at 20th Cloud Expo, Jay Gordon, a Developer Advocate at MongoDB, will explain how to properly architect your VPC using existing AWS tools and then peer with your MongoDB Atlas cluster. He'll discuss the secur...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buyers...
Imagine having the ability to leverage all of your current technology and to be able to compose it into one resource pool. Now imagine, as your business grows, not having to deploy a complete new appliance to scale your infrastructure. Also imagine a true multi-cloud capability that allows live migration without any modification between cloud environments regardless of whether that cloud is your private cloud or your public AWS, Azure or Google instance. Now think of a world that is not locked i...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, will present a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to m...
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., will discuss how these tools can be leveraged to develop a lasting competitive advanta...
Building custom add-ons does not need to be limited to the ideas you see on a marketplace. In his session at 20th Cloud Expo, Sukhbir Dhillon, CEO and founder of Addteq, will go over some adventures they faced in developing integrations using Atlassian SDK and other technologies/platforms and how it has enabled development teams to experiment with newer paradigms like Serverless and newer features of Atlassian SDKs. In this presentation, you will be taken on a journey of Add-On and Integration ...
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.