There’s an interesting and short article by Maxwell Cooter at IT World about cloud computing. Seems that a survey turned up some CFOs who were eager to reap the financial advantages of the cloud but less than sanguine about potential security issues. It was fine, in the survey’s findings, to send the web site to the cloud but most CFOs developed hives when the subject turned to the company’s financial data.
Well, LOL for that bit of common sense.
It’s no surprise, and probably an indication that the CFO is a sane individual, that so many consider the cloud a bit risky. Back when the cloud referred to Salesforce.com and its ilk (i.e. multi-tenant operations in redundantly secure data centers with the lights turned off), the idea was so new that many parties were suspect, even though the security was always top notch. But this is something else.
In the last couple of years, cloud computing has become the flavor of the month with almost as many permutations of the idea as there are vendors, and new ones spring up like mushrooms. The issue is that the security in many cases comes down to not just the vendor of the software but the reseller/partner. A company like Salesforce provides the soup to nuts solution including mirrored data centers, software security and power from sources that are as secure as they can be. Reseller partners do what they want and what they actually provide in up time, security and fallback — the holy trinity of the service level agreement — is variable.
OEM’s sell the core software as a service to any partner who wants to get into the business and it is the partner who becomes responsible for power, physical security, data security and the rest. So the marketplace has become much more fragmented than before with the result that the CFO — and everyone else in the organization — ought to be skeptical and perform due diligence on the specific solution offered.
I am not saying that it is impossible to assemble a secure cloud solution from the components available today, I am simply saying that it’s more challenging. It’s also not a job for a novice. As Chuck Schaeffer, a guy who really knows this stuff, recently told me in a Thought Leader interview, there are a lot of audits and certifications you need to acquire to prove that your operation is secure and that’s another reason to leave it to the guys who have done this kind of thing before.
In every market there is a time, early in the lifecycle, when you can start a business on a shoestring and improve it as you go along. That gets harder as time goes by because the barriers to entry rise with every new certification and wrinkle that the early guys add. I think we are at the point now where if you haven’t already gotten on board as a cloud computing vendor, it’s too late. You might be able to physically get the job done in cloud computing, but it may be at a cost that would make the effort unprofitable.