| Debunking the Cloud: Conference Reflections |
| Thursday, 30 September 2010 13:43 | |||
|
De-Bunking the Cloud? Thoughts on the Euro NFP Technology Conference, London, 28th Sept 2010 The topic of this years’ conference - cloud computing, and its potential to ‘save the sector’ - was extremely well chosen given the context of thousands of organisations facing mounting pressure to make cutbacks simply to survive, and it was good to hear the many views on offer. Regular readers might know from previous posts that I am personally a bit of a cloud-sceptic, and whilst this conference has not changed my mind, it has certainly sharpened my thinking on what ‘my issue is’ with cloud solutions! Clearly as a technology adviser I am not ‘against’ the cloud any more than I am ‘against’ the Personal Computer. We live in an environment where more and more computer functions that were once only delivered on the LAN are being outsourced to third parties and hosted on the internet. This is a fact of life and an inexorable trend in the industry. ESP can and does advise on cloud solutions where they are appropriate. What I am against though is the way the cloud is sometimes sold as a panacea for the sector. Four key claims about the cloud are worth considering in more detail…
CLAIM 1: Cloud Computing is better for the environment. I think this claim is the most spurious. Making any generic environmental claim is pretty difficult. It is legitimate to talk about the specific power consumption of one particular type of server being less then another, or of a virtualised server relative to a locally installed one, or even the production methods and carbon off-setting of one manufacturer being more green than its competitors. But claims about software are far, far harder to substantiate. How can the environmental cost of a web-based CRM be measured against an Access database? Consider here that the web-based CRM requires a dedicated data centre with scores of servers and 24*7 power, lighting and security, yet the Access database can reside on a single PC or a server that is used for countless other things? Certainly the cloud is a facilitator of home working and home working cuts emissions from transport in and out of work, but this is no benefit for cloud solutions per se, as it is perfectly possible to achieve home working without the use of cloud providers at all. And even then, who is to say that home-working is actually better for the environment? Sure, it will save transport emissions, but if the central heating and lights are on in the houses of home workers as well as back in the head office for the rest of the team, how much of a saving is really made? Cloud computing is not green of itself. One cloud provider may be greener than another, but let’s not pretend that making the transition to the cloud per se will contribute to the saving of the planet.
CLAIM 2: Cloud Computing is Cheaper This claim is demonstrably untrue in the general case. Let’s take the simplest cloud solution - online backup for an organisation with an average amount of data on a server, say 50Gb. A quick tour of online providers shows prices ranging from around £20 to £100’s per month. How can that ever be cheaper than a pair of 250Gb hard drives, which will set you back around £100 as a one-off cost? Yes you might need software too, but with an industry leading full server backup suite available from CTX at £75, and with some other excellent software available at a similar price for non-registered charities, the maths is simply not there. Even the convenience argument is not as strong as one might think - as I put to a couple of colleagues at the conference, how many clients have a laptop with 100’s Gb spare capacity which could be used as a backup medium that is guaranteed to be taken offsite every night, if no-one can be trusted to swap the USB disks? There is no doubt however that some Cloud solutions are exceptionally good value, sometimes even free to acquire. Idrive, Dropbox, CiviCRM, Google services etc.. are offered at incredible rates and often make brilliant financial sense. But it is not – indeed cannot be – the case that the cloud can be assumed to be a money saver for more substantial projects, even if the acquisition or licence cost is minimal. The main reason? Transition cost. Transition costs will be incurred whenever you switch any substantial technology solution to another provider, whether cloud-based or not. Transition costs are the – usually vast - amounts of time and money spent in planning, consultancy, coding, external support, testing, data migration, training and re-arranging policies, procedures and processes to suit a new system. These costs should never be dismissed as trivial.
CLAIM 3: Cloud Computing Cuts Down The Needs for Servers & IT Support It was a noticeable mantra amongst the cloud providers and advocates at the conference that transitioning to the cloud would obviate the need for the flashing box in the corner and the staff needed to keep it working (remember the NTEN ‘pyramid’?). This claim I think is the most controversial when you consider the nature of the audience of the conference. Now, if you happen to be a CEO or IT Manager for a large company with a server room and a whole bunch of servers, each of which is dedicated to a specific task, it is a fair claim that adopting a cloud solution for one of those tasks may allow you to dispose of the server that currently hosts it, and save some support costs to boot. This is an entirely fair comment and a great reason for that company to adopt a cloud solution, provided that the transition costs (see above) don’t outweigh the support & replacement costs of the internal hardware. But my hunch is that there were not many of those examples in the audience this week. I would put it that a far more common experience is that attendees worked for, or advised, organisations with 10-40 staff and with one or perhaps two servers at most. In many cases, the licensing would have been a minimal and one-off cost and even the server itself was less than £2k. Crucially, this/these servers are often handling multiple roles - file sharing, permissions, logon scripts, group policies, WSUS updates, mail server, print server, managing antivirus, backup and yes hosting the odd internal database. Moving one or two of those roles to the cloud will not make that server redundant for the simple reason that these other roles will still be necessary. Indeed, in these cases there is an increase in the support overheads, as the transition would introduce the need for another layer of support, on top of the existing one. Where this claim is perhaps more apposite, is for very diffuse or very small organisations where staff are spread across many sites and locations, or there are only a small number in a single office. Here the cloud is in its element and cloud solutions are vital to consider. But there is still a caveat as far as the claim goes. I was struck by the NTEN example, as well as our own example of a client who has strongly embraced the cloud , in that there was no server in the first place. No equipment has been saved or made redundant in these cases because these organisations do not - and never have - needed a server. The cloud for them is simply an enabler of improved sharing and collaboration in a decentralised and fairly tech-savvy organisation. Their experience does not easily generalise. As for cutting IT support costs , I was tempted to ask ‘Who fixes your computer if it doesn’t work?’! Until such time as we only ever use solid state devices to plug directly into the cloud, there will always be a need for IT support for PCs and Laptops, and the existence of the cloud does not change this.
CLAIM 4: Security is Not a Problem Lets be honest, the security angle of the cloud cannot and should not be glossed over. “I’ve used the cloud and never had a security breach” is no more convincing than “I’ve got a computer without an antivirus program, but have never got a virus”. Why have Windows, Linux and Netware devs been obsessed with security for years? Why do VPN’s and Firewalls exist? Why do Kerberos and SSL and WPA and IPSec and all the other security protocols exist? All of this is necessary because the collective experience of the industry shows that security flaws and weaknesses can and will be exposed on internet-facing services. Yet if you are storing data online, whether it be in an online CRM or an account with Amazon, your security is only as good as a username and password. The cloud therefore represents an increased security risk over traditional LAN’s for three reasons: Firstly you have no choice but to accept the security system on offer. By contrast, if you want flexible access to your Windows server, you can decide whether to allow this only through a VPN, only for specific users, or specific IP addresses, or set increased password complexity requirements. With a cloud system, these options are not so common and security is consequently lower. Secondly, the nature of websites means that options for ‘remembering password’ or ‘keep me logged in’ can be offerred. Whilst the casual user sees this as a useful option for not having to remember yet another password, us sysadmins know that that PC is totally compromised if it falls into the wrong hands. Thirdly, whilst we are all familiar with trusting our personal data to online providers and websites, trusting data we hold on behalf of someone else raises the game. Again, let’s be honest here… that personal data is compromised all the time! We lose £bns to internet fraud, phishing and identity theft every year. Most of us see this as an acceptable risk because such fraud is actually a crime against the bank, and we get our money back when it is discovered. But these protections will not apply for organisational and personal data held on behalf of others. There is no-one to compensate us if it is compromised - the organisation is directly responsible for privacy and confidentiality! Again, and just to be clear, I am not arguing that we shouldn’t use cloud or web-based solutions, they are vital in the modern era. But we as technology advisers DO have a duty to be honest about the increased risk they expose our clients to.
In conclusion then, the conference was a wonderful opportunity to think about what the cloud can and can’t do. My own issue is that the term is being used to sell products and services ‘as if’ adopting them represented some kind of natural progression to a greater efficiency of cost, time and environmental resources with little in the way of drawbacks. Yet in my experience, these claims do not always stack up. But I will not be avoiding the cloud! Instead, I will treat it like any other technology, and appraise it on its specific merits for each and every case where it is proposed. My advice to clients and fellow advisers is therefore as follows: Firstly, look at the full costs. The costs of cloud solutions are often hidden – hidden in the huge effort required to re-engineer current systems, and hidden in monthly fees which can easily amount to more than the capital expenditure needed for ‘traditional solutions’ in the first place. Secondly, we need to do more to facilitate awareness of existing remote and home-working technologies. It is vital that the sector does not conflate the cloud with flexible working, as many of the non-cloud solutions already in existence are cheaper and potentially more secure than the alternatives. Finally, we must extend and share our own experience of the cloud with impartiality and honesty. We urgently need more evidence of organisations that have – or haven’t!- adopted or transitioned to specific cloud solutions. We need more insight into the advice that was useful and not-so-useful for their decision-making, and how they feel about the whole thing 12 months down the line. In time, each of us must become aware of the factors – the constraints and considerations – that will determine whether the cloud is right or not. .. just in the same way we have done with countless other types of technology for many years!
Morgan Killick
|
