Even if your data is secure, one glitch with a cloud computer provider could scare off your customers
Posted on Harvard Business Review: June 21, 2011 7:45 AM
Like many road warriors, I often catch up with work-related reading on the plane, and on a recent flight to the U.S. from London, I was proud of myself for squeezing the maximum work value per pound out of my carry-on materials, which included e-books and other lightweight techno platforms.
But when I pulled the Kindle from my bag, it looked as though a child had scribbled on it with a black marker. The screen was stone dead. Next out was my iPad: One click produced the cover of the book I planned to read during my nine-hour flight, and the second click revealed that the book had not been downloaded. All I had was the cover art. Out came the trusty laptop, but the battery promptly expired.
This experience reminded me of one of the crucial issues surrounding the cloud-computing phenomenon.
Cloud computing offers a value proposition based on convenient services that you pay for as you go. Customized solutions can be offered in a flexible and secure environment. Companies can offload their noncore technologies and focus on their core businesses, providing a better product for their customers.
But cloud computing is based on the premise that users will always have access to the cloud service. Managers need to ask themselves what would happen if the service were unavailable. What if the cable from their internet provider were cut or—as has happened with alarming frequency lately—the service were disrupted by hackers or technical glitches?
The key issue is access to the data. Servers and technology can be found at secondary sites, but if the data is locked in the cloud, the business's ability to function may be severely compromised. On my plane, which had no Wi-Fi, I was without access to the source data. The format of the data on the Kindle probably wasn't compatible with other devices, even if I could have extracted it and the software licenses had allowed it. I did have the data (the book) on my iPhone, but reading a book on an iPhone screen didn't appeal to me and I had no way to connect the phone to the iPad.
A fellow passenger told me my quandary had put him off investing in such a device, which brings me to another point: Even if your data is secure, your customers might be scared off if they heard that your cloud provider had suffered an event like the outage that occurred on Amazon's Web Services platform.
While some AWS clients such as Netflix were unaffected, the errors within AWS's Relational Database Service prevented some companies, including Foursquare and Reddit, from performing at full capacity. In the eyes of many executives and their customers, this type of outage severely damages the perception of the cloud as a citadel. Clearly, hack attacks and data-lockout scenarios make assessing and managing the risks of the cloud a very complex proposition.
So far, few organizations have stepped up to help companies understand and deal with these risks, so your company will probably have to take on the task itself. First, managers need to ask vendors where and how the data would be stored and how the vendors would guarantee the data's availability. Second, companies should bring in specialists who are well versed in the technical issues of cloud platforms to closely read the service-level agreements offered by vendors. Like most terms-and-conditions contracts in the tech world, these SLAs tend to be complex and to strongly favor the vendors. The specialists should work in conjunction with corporate technology leaders and, if need be, the board of directors to assess the value of the vendors' offerings.
Next, managers should consider cloud-based processes along two dimensions: operational dependence and risk tolerance. Your biggest concern is with processes that the organization is highly dependent on and that have a low risk tolerance—in the case of an airline, for example, the reservation system. Placing these processes in the cloud would require fail-safe, redundant solutions that can be accessed via a second vendor. This level of duplication, known as cross-cloud backup, allows companies to move their data from one cloud (such as Amazon S3) to another (for example, Rackspace Cloud Files) and must be built into the strategic planning of any move to the cloud.
Cloud computing is the future. It is winning over entire industries — including traditional late adopters such as health care. The keys to success are careful planning of a migration strategy and understanding that the cloud approach is adolescent in places (remember the early days of the internet?) and that problems will occur. If you're still window shopping, it's time to start catching up on your reading about the cloud. But if you do so on a plane, remember to take a real book along, too.