Alpha & Omega Consulting

Managed IT Services

Is the “The Cloud” pain-free and risk-free?

I’ve been an advocate of cloud services since 2001, before CEOs and execs knew of the technology. “The Cloud” is a catch phrase and can mean several different IT services from something as simple as hosting a website on an Internet connected server to as complex as moving severs to a datacenter connected via a private network and everything in-between. Several years ago I realized it was still early as CEOs were interested but not ready to take the leap. Over the past few years, as CEO magazine and other publications featured Cloud articles, CEO interest has risen and large businesses began moving IT services to the cloud. So is “The Cloud” “The Solution” for all businesses, now, today? The answer is yes, no and maybe. It depends on the organization’s internal processes and operations, applications, data infrastructure and business goals. In some cases cloud services cost less and sometimes they are more expensive. The dynamics that change during a move to the Cloud are more complicated than a Cloud salesperson would admit, as sales people historically over-promise and under-deliver. Businesses need guidance through the decision making process. Be careful to become overly committed to a current trend, not because it is a good or bad idea, just make sure it is the right move and the right time for your company to make the move.

Let’s take an aspect of Cloud services, outsourced email hosting. Gmail (and others) is used by (a couple of) large and small companies alike to provide anti-spam and email hosting. Below are some of the questions you’ll want to ask the Cloud salesperson and your corporate leadership team. Also the question below apply to all Cloud services. If you feel these items are adequately addressed by the Cloud vendor and it is the right time for your company, then the Cloud is a viable option. So here is a basic list of Cloud discussion items:

1) Uptime. Gmail has outages 1-3 times per year for 1-4 hours every outage. Meanwhile most Microsoft Exchange servers are down for 0-1 hours per year. Outages for some companies are not acceptable (such as Financial Services or Medical) but maybe others can tolerate it, can your business tolerate untimely outages?

Outages happen every year, one recently happened to gmail. Here’s an example from 2009 to show it’s been happening for awhile, not just this year. 2009 outage. Update #2: April 22, 2011, Amazon cloud services has been down for over 24 hours, read it here. The Yahoo article states, “…cloud computing isn’t immune to failure, either.” Update #3: Another outage, this time at Microsoft’s cloud services – here. Update 4: MSNBC asks, “Amazon outage casts a cloud over cloud computing?”

2) Security. Gmail (and similar) cloud accounts are targeted by hackers and you, the cloud client, has zero control over security. The cloud security issues to consider are:

• Vendor employees having access to your hosted data (Update see this post Another Reason to Second Guess Moving to the Cloud/)
• The NSA has access to cloud host vendors (which has been well documented)
• Hackers

When lots of people/businesses use a web based service, hackers are drawn to it like moths are drawn to street lights. Look at Sony, one of the world’s largest corporations can’t keep hackers out (LulzSec hackers leak personal data from Sony servers, mock the FBI). So there’s three different sources of security issues, let’s add a fourth:

• Company employees trying to access a senior-level’s account.

On an in-house email server admins will see failed login attempts and with the auditing software they can track down hackers. This isn’t possible with gmail and most cloud hosted solutions (unless you are paying for it and they can prove it). Here’s an article on the current Gmail hacking epidemic. Some business owners don’t care about security or privacy so if that is your company’s approach this section of questions may not apply.

3) Disaster Recovery & Backup. A business owner should want a backup and occasional local copy of corporate email and corporate contacts. Gmail recently lost the information of 30,000 users. (http://www.time.com/time/business/article/0,8599,2061080,00.html ) This wasn’t the first time either and historically when these people contact Google, Google claims to have no record of that person’s information nor can it be restored. How would your business be impacted if the entire company’s email and contacts were lost?

4) Throughput/Speed. If large databases are put into the cloud, how will they be accessed? How will speed be for large documents, PDFs and spreadsheets? If the desktops AND servers are in the cloud then this shouldn’t be an issue except for the art/graphic/CAD department. If you have an art/graphic/CAD department how will their data be backed up? External HD (hope not)? Most likely it will be a local server, but wait, all servers should have been in the cloud but now with new/more local servers you’ll need the infrastructure to support the local equipment which defeats the cloud sales-pitch of no-more-local-servers. I expect in the future this challenge will be overcome as VMs and RDP are being tuned for these functions but it’s not ready yet.

5) Control. A general sense of control is lost. Sometimes there is more to be gained than lost but what if the Internet goes down? All staff productivity goes to zero. At least with a local server the staff can do all or most of their work. What if security or data forensics needs to be performed to find who stole what? Will Google let you into their data center to perform the forensics work? Perhaps certain IT services can be moved now and the rest later? It depends on the level of control your business needs to be safe, secure and protected.

6) Processes. How would your company’s internal processes be affected by switching to cloud services? This consideration takes time to vet and could be the most important as it will directly influence on the organization’s ability to operate efficiently and produce.

7) Support Desktops and Network Devices. Finally cloud service do not eliminate the need for desktop and network devices support. From web based applications, to printers, smartphones, desktop maintenance and similar items still require support. The company should consider the cost of such services as part of the move to the Cloud, these expenses do not go away. That said smaller organizations can cost justify the cloud strategy but larger and more complex organizations might pay the same or even more money and receive less IT services.

These seven risk should be reviewed and discussed transparently with your cloud services vendor. If the Cloud vendor does not have solutions to the above risks or (says, it’s of no concern) then wait on signing. Clients have should know the risks associated with “The Cloud” and the vendor’s solution to address each risks. It is ultimately a risk that can negatively impact your company’s bottom line.  Trusting a cloud salesperson without understanding the risks is what most cloud vendors hope for…that the risks can be swept under the carpet because most don’t have the answers to these questions AND they hope that CEOs purchase cloud services from the current hype and excitement surround “The Cloud.”

The point here is one size does not fit all. We want to see companies vet whether the move makes sense, in full or partial. I speak from experience as AOC has performed several “unCloud” installations. We have unwound several client’s network from the cloud vendor. In these situations I’ve seen this trend; the client buys the cloud salesperson’s assurances and doesn’t have the technical expertise to vet the situation. Then 12-24 months later experiences buyers remorse as “unexpected problems” plague business productivity. This story comes from an SMB, which had just phoned their cloud vendor to restore some server data. The Cloud companies response was, “Oh, I don’t see that data, it appears The Cloud backups haven’t been working but I have your data on my USB keychain flash drive from 2 months ago!” The client’s loss of control over data backups resulted in 2 months of lost financial data. I’m sure that would never happen on an enterprise level but at the end of the day your tech team isn’t in control, so how do you know it isn’t happening?

Alpha & Omega Consulting provides guidance these projects like these and we also provide cloud services but only implement them when appropriate. Contact Mike Pasatieri at mpATacosol.com or here for more information.