If you are not yet familiar with cloud computing, the basic idea is that instead of buying your own servers and creating your own infrastructure to manage and deliver your data and services, you can hire a third party to do it for you. The provider can then add processing power and storage capacity as your needs change, theoretically reducing the headache of scaling it yourself.
Amazon was an early arrival on the cloud computing scene with the Elastic Compute Cloud service. Google Apps was launched by Google as a way to develop software online and run the apps on the monster hardware at Google.
The idea of not owning and managing IT infrastructure can be very appealing to small and medium sized businesses and can be a great solution in some cases. The main benefit is if the cost of running your business from the cloud is less expensive than doing it yourself. It usually is.
But there are many concerns about security and justifiably so. What business wants to have sensitive data out of their direct control? Which businesses can legally put that sensitive data (like maybe your patient records) out on a cloud service? Many vendors are working on ways to make the customer data more secure in the cloud, but most experts agree that it is best to keep the important data close to home inside a private IT infrastructure and only send the less sensitive data, stuff that is probably already out on a web facing server, to a cloud solution provider.
Even Microsoft has been experiencing some pushback from experts who are not employed by the software giant, as I witnessed recently at the TechEd conference in New Orleans, a venue used by Microsoft to train and promote their products. Many of the speakers at the conference spoke at great lengths about the dangers of cloud computing, security being the first concern and availability being the second. What if the cloud provider needs to bring down the network, reboot a server, change a public IP address, any of which might interrupt your service? Can your business afford to lose internet presence and for how long? How long can your business function without an application or some data? These are some of the concerns expressed by the "non-koolaid drinkers", as one speaker put it.
Personally, I think it is a great idea. Much of our data is not too sensitive to be out there and there are ways to secure data out in the public domain. Which companies truly have data that is too sensitive to allow capture by random internet hackers? Of course some companies have true, legitimate security concerns but I think most have little to fear. And as far as availability, there are many ways to have multiple copies of your data and applications available to avoid being placed at the mercy of one cloud provider by using more than one provider and I expect we will see many solutions proposed and implemented in the coming year.
I do know that Microsoft's SQL Azure, a cloud solution for databases, is very easy to set up and connect to (for a pretty reasonable fee) and that many small companies will jump at the opportunity to have a serious, professional and scalable database solution for a fraction of the cost to do it yourself. The process to set it up was described to me by one Microsoft employee:
"First you export your data to a text file or something like that, send it to us, pay the fee and we send you the connection information." When I asked him to elaborate he said "That's all there is to say..."
It just doesn't get any simpler.
Since the vast majority of businesses are small businesses, I fully expect Microsoft Azure (web services) and SQL Azure (database services) to do a fair bit of business in the next business cycle, and many will choose to cloud compute.
- Peter Trast, SQL Expert; MCITP DBA, MCITP EA, MCT LinkIn with Peter
- Peter Trast, SQL Expert; MCITP DBA, MCITP EA, MCT LinkIn with Peter
Full disclosure: I sell Windows Azure for a living.
ReplyDeleteI would like to thank Peter for his generally positive comments about the Windows Azure Platform. Obviously I am biased, but I think it is pretty cool stuff. It represents an evolutionary new deployment model for service based applications. The dynamic scalability is going to allow small companies to do things never before feasible and medium and large sized companies will reap the rewards of a flexible, low cost, highly reliable platform.
I am a little troubled by the emphasis that many people are putting on the low likelihood outage events and the rather interesting faith that people have in the reliability of on premise data centers. Let me assure you that that is strictly a psychological comfort zone and not related to the specific implementations. To be sure it is possible for a cloud datacenter to have an outage. Azure has suffered a couple of brief ones due to growing pains as the load ramped. But by design our data centers conform to our own and industry best practices for reliability and availability. And where weaknesses might occur they are quickly diagnosed and resolved. And how many on premise datacenters can claim three-way replication of all data for fault tolerance purposes? Certainly none that can come close to providing the economic benefits that cloud datacenters do.
I do need to address one quote directly: “What if the cloud provider needs to bring down the network, reboot a server, change a public IP address, any of which might interrupt your service?” I can’t speak for my competitors, but I suspect that their policies and practices run along the same lines as ours. Our networks are redundant at all levels. There is no reason to take it down. Ever. When servers are rebooted is under the control of the user. And IP addresses would never be redefined without user action. People need to understand. Cloud datacenters are run with as good or better practices than most private datacenters. The only difference is scale.
The bottom line is that if the cloud paradigm is appropriate for your application you should absolutely look to take advantage of it. There is nothing inherently more secure about the average on premise datacenter. If data needs to be secure then special measures are needed (ex. encrypting data at rest) whether that data lives on premise or off. Do an objective assessment of where data can be compromised (ex. confidential information being copied to a laptop) and ensure that you have protections in place. Don’t assume that just because clouds are new and a little different that they are somehow inherently less secure.
Mark,
ReplyDeleteThanks for your response!
I could not agree with you more. I would like to re-emphasize in case anyone missed it, the doubts were expressed by some non-Microsoft people, specifically (yeah, I'm calling them out!) Mark Minasi and Laura Chappell, both of whom I admire and personally like. Now I would agree that they have valid security concerns but security is always an issue with every technology that handles sensitive information and I have no doubt that as the technology matures, so will the measures to make our data safe. Most of mankind's greatest endeavors involve risk and it is right that someone has many concerns and makes lots of noise about security. We need the people who charge ahead full steam and the level headed people who keep the hard-chargers on an even keel. This is normal and good.
Now, darn those torpedoes and full speed ahead! ;)