The Challenges of Cloud Computing

July 24, 2008 at 10:07 pm Leave a comment

With so many people touting the advantages of cloud computing (me included), I thought it would be useful for my readers to also understand the dark side of cloud computing – issues to be aware of before consuming cloud based applications. Whereas I feel that cloud computing going to be disruptive for many business in terms of new business models, reduced costs and competitive advantage, there are genuine concerns with it today that also need to be openly addressed so that the consumer is aware of these issues and can make an informed decision as to whether or not cloud computing should be part of their strategy.

So without further ado, let us get in to some of these areas of concern:

  • Outsourcing: This is an ironic problem. SaaS allows enterprise customers to save costs by outsourcing the cost of managing infrastructure and operations to the SaaS vendor. However, SaaS ISVs, especially smaller ones are really not equipped to, nor would they like to handle their own data centers and have the financial resources to employ people to manage that investment. So when cloud computing comes along and offers that ISV the ability to outsource that piece to the cloud vendor, many ISVs will jump at that idea. This outsourcing is going to happen at different levels and what that means for you as a consumer is that you don’t really know who is handling your precious corporate data because it might not be your ISV as you imagine.
  • Data Security: The above point is a segue in to this issue. Your data is out there. Who has access to it? Who is viewing it? To make matters more challenging, many cloud vendors are not entirely transparent as to their infrastructure details, their server and storage configuration details, etc. So it is hard for you as a customer to really understand what goes on beneath the covers, resulting in (rightfully so), the consumer questioning the security of their data. So what is one to do about this? There are a few solution, one of which is to consider a hybrid deployment model, where you leverage the cloud for computation muscle and store the data in servers behind your firewall. Each approach has their pros and cons, which is a discussion on its own, so we will leave that for a later time. Another issue has to do with where your data is residing – whereas you can use SSL or PKI or SAML to encrypt your data using tokens or certificates as it passes through fibre optics, what really happens once the data reaches it’s destination. Is it still stored in encrypted form? If so, what encryption is being used? Who has access to the keys?
  • Compliance: No need to harp on this – SOX, HIPAA and other such government regulations are enough to keep the CIO up at night. Add cloud vendors to the mix and your data possible residing in the cloud and that leads to many eyebrows being raised. The solution here is to work with the cloud vendor to understand their willingness to provide the necessary security and audit logs that you will need to comply with such regulations. Any vendor that does not provide this is obviously not suited for your needs if you are an enterprise level consumer. If you are provding software for the end user (like photo storage) then this is not an issue for the end user.
  • Cross-country Data Migration: This has multiple implications. Since you do not know where your data is stored, this can impact performance of your application if your processing module is not close to your data that it is acting upon. What this also means is that now, since your data could be anywhere (literally), there are data privacy rights and acts that come in to play (for eg: if you data moves to Europe, are you complying with their data privacy laws?). So these issues need to be thought through. You need to be able to discuss these issues with your cloud vendor and ask if they are able to provide you the appropriate documentation that shows that cross-country privacy laws are being addressed and respected. Again, this also applies to the enterprise customers and not the person who is simply wanting to upload their family photos or use S3 as their personal MP3 storage because as far as I am concerned, I don’t really care if those photos are residing in Delaware or Damascus.
  • Data Availability: What happens if the cloud goes down? How do you get access to your data? What if you do not have an Internet connection at the airport, but want to access your data somehow using the application? Whereas the latter is an architectural concern for providing data availability, the former has to do with SLAs. You need to understand what your vendor will commit to in the form of up time and availability and what is the consequence to the vendor if those SLAs are not met. At the end of the day, a water tight SLA still does not guarantee downtime, it simply acts as insurance.
  • Data Recovery: This goes hand-in-hand with the above topic. If your data is not available or is completely wiped out due to a disaster, can they replicate that data for you? How soon? How much of it?
  • RASP: Whereas a lot of what I have discussed above are things you should ask your vendor, there are other things that you need to do yourself to make sure your cloud strategy is bringing you the desired results. RASP stands for reliability, availability, scalability and performance. Whereas the first two might be somewhat the responsibility of the vendor from an infrastructure perspective, the reality is that you are really responsible for all four from an architecture perspective. RASP should not be left to the cloud vendor. You can depend on them to provide some level of automatic RASP, but at the end of the day, you need to give thought to architected RASP and bake that in to your application architecture in the event that your cloud vendor goes down. There are many architectural decisions that need to be considered when designing an application in the cloud and these decisions are just as important as the questions you ask your vendor. Again, this is a topic on its own and we will discuss architectural implications of cloud computing in another post, but it is worth touching upon here.

So as you can see, these are just some of the issues to be aware of with respect to cloud computing. At Patni, we work with our customers to provide cloud computing workshops where we cover these and many other topics to provide guidance and service offerings around cloud computing to both the ISV and enterprise customers.


Entry filed under: cloud computing. Tags: .

Cloud Based Architectures (CBA)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Add to Technorati Favorites
July 2008
« Jun    

Recent Posts

%d bloggers like this: