Managing Risk in the Cloud
Before we dig into this, let me say up front, I am looking for a little reader participation on this one. I know what the clouderati think about this topic, but I really want to hear from regular folks–the ones that will be writing checks and putting the reputations is not their jobs on the line.
Over the weekend, I got a chance to catch up on my reading and ran across a couple of articles on online backup services, one in Macworld, and one in Time magazine, the latter is about as mainstream as you can get. Both articles were well done and covered things like pricing, ease of use, but both missed what I think is the most salient point.
What I want to know is what the heck is at the other end of the connection. To paraphrase a tweet I read a while back, how do you know your data is not being backed up by two guys over a chip shop (that would be a fish & chips place for my American readers). There seems to be a general perception that the cloud is some magical neverland where nothing bad ever happens, which is about as far from the truth as you can get. The problem is, unless these mis-set expectations can be nudged back into reality, market adoption of cloud computing will be battling waves of stories from disillusioned customers–its called a “chasm” for a reason :). I continue to hear from customers with analysis along the lines of: right now, storage costs us X cents/MB, but in the cloud, it only costs us Y cents/MB (where Y < X), so we are looking at moving our storage into the cloud–what do I need to be able to do that? While we can certainly help customers do that, it often turns out that they have not priced in the risks of moving something to the cloud into their analysis. In the end, moving the to cloud might still be the right thing to do, but the more rigorous analysis makes sure everyone has made an informed decisions and continues to stay employed if something goes wrong.
A number of folks have noted that the consumer market is ahead of the enterprise in adopting cloud infrastructure, cloud apps, etc (Facebook, Flicker, Mozy, etc). I think one of the reasons for this is that terms of service are pretty one sided–if your provider loses your data, you’ll get a sincere apology and that’s pretty much it. While this may fly in the consumer market, its not going to work in the enterprise market. If you are an enterprise buyer, you are probably looking to establish some basis for liablity and damages. While you are at it, yo might want to see about things like security, auditabilty and how you get your data back.
So, that brings us back to the two guys over the chip shop–just because they are a startup does not mean they aren’t running a solid operation. At the same time, we have not shortage of stories of large service providers with less than rigorous operations. As a company looking at these services, which are certainly quite enticing, how do you choose? How do you measure and validate the “goodness” of a cloud provider’s offerings?
To that end, I’d like to hear from folks that moved some portion (or all) of their organization’s data or apps into the cloud to see what they did to manage risk. Similarly, for folks that have yet to make the plunge, what kinds of things would you like to see to increase your comfort level.