Cloud computing has been all the rage since the middle of 2007, when the word came to define a concept of storing data online, on off-site servers, and accessing it remotely. Companies are tripping over themselves to come up with more and more services to store online and of course, to monetize that process either through service fees or advertisement revenue. The latest race is between Google, Amazon, and Apple to store consumers’ audio and other files online with built in audio and video players for streaming playback over the air to cell phones, computers, and other computing platforms. This race was set off by Amazon beating the others to the first mover’s advantage which might not stand the test of time against Google’s broader user base with promised larger storage or against Apple’s soon to be made public deals with entertainment companies on greater access to content.
For the corporate users large companies such as IBM are moving into the monthly service online storage segments of off-site backup and a myriad of other related online fee-for-service models that they previously ignored. Based on research from Wave Length Market Analytics and Winn Technology Group, Five Key Themes in Enterprise Cloud Computing Migration, 58% of medium and large enterprises are already using or planning to use the Cloud. Clearly this method of configuring corporate infrastructure is becoming more of a norm than just supplementation of existing local systems.
What are the underlining assumptions that IT managers and business owners make when they roll over parts of their work-flow to the Cloud? Are these assumptions even considered during the decision making process or are they so innate that they are not even verbalized or discussed?
Global Threats Become Local
Everyone has heard from the news media that China is an active player and some would say a leader in Cyber-espionage. North Korea uses its hacker units, specially trained in universities to be later incorporated as part of their armed services, to attempt to equalize its dire disadvantage against South Korea – USA coalition to improve its bargaining position by having the capability to inflict billions of dollars worth of damage. Just less than 2 weeks ago the National Agricultural Cooperative Federation, a South Korean bank with 5,000 branches, was attacked leaving thousands of customers unable to access their money for 3 days. Such examples are becoming an everyday occurrence. So now I would expect a question. Why are you bringing all this up? We read the news. How does this relate to my Cloud Computing decision? Let’s follow the thread further. At the beginning of the century, most of the hacking was being done on a private level, by private hackers with relatively limited potential impact. Furthermore, potential targets were less exposed and fewer than there are now.
Hacking has become industrial, political, and finally, militarized. Developing nations such as Iran, China, and Russia are using this tool to reduce their technology development time and cost by attempting to steal information. The US government admits that not only is it fighting to keep its technology secrets, but that its defense contractors have been bleeding secret information through network breaches for years.
Pentagon has recently announced that it will treat Cyber attacks as acts of war, thereby putting adversaries on notice that hacking on national level could warrant a traditional military response. Could US go to war over a Cyber attack? What the US government is saying is that if it can prove that an attack actually came from a specific country and then it can prove that it was originated by that country’s government, and if the damage is of the type that it would warrant killing people in mass for, than yes, we can go to war. As you can see, the perils of this approach are many and this is more of a warning at this time than a really credible defensive posture. The point to take away is that businesses and individuals can not be protected by our national defense systems from severe and widespread destruction.
Google Is Not Immune
At this point of time more than 3 million businesses run Google Apps, a cloud equivalent to Microsoft Office. Many people assume that a giant company at the core of US economy could not be vulnerable. The truth is that nothing and no company is untouchable. If the Iranian nuclear program which sits behind layers of secrecy, security, and at its final layer with off-net devices, can be brought down to a multi-year halt as a result of a “super-hack” attack, then it is inferred that Google and other core services Cloud providers can be attacked, disrupted, and your data stolen. In recent days Lockheed Martin, L3 Communications, and Northrup Grumman, have all been subject to organized espionage sourced penetration attacks. Google reveled yesterday that another attack that originated in China, recently compromised passwords of government officials and other users.
New World Order
The reality now is that we, consumers, IT managers, and business owners, can no longer rely on our national defenses to protect our internal “with in our own borders” commerce and data. The front line has shifted to your own planning, forethought, diligence, and preparedness. We, the commerce participants, have become the front-line warriors.The sooner we internalize this reality and take concrete, readily available to us steps to mitigate operational risk, the less difficult it will be for us to maximize the powerful potential of new Cloud services and products in a sustainable long-term way.
Planning Cloud’s Role in Your IT System
As far as individual businesses are concerned, severe destruction is not necessary. It would be enough for the hosting company that hosts your server to be taken down or your local Telco that provides your Internet access to have an outage and there goes that Cloud solution.
Why Do We Want the Cloud
There are many advantages to working in the Cloud.
- Freedom of Movement – Management has the option to have employee base be geographically distributed allowing for better utilization of labor and more responsive workforce to the needs of the clients.
- No Need To Maintain Equipment and Data – One of the biggest selling points of the Cloud is that the cost, the effort, and the risk of design and upkeep of internal systems is significantly reduced.
- Specialization – Cloud computing allows specific services providers to develop and maintain their service, thereby allowing the users to focus on their own business.
- Low Cost of Service – Because most of the services that are delivered through an online subscription service are designed for a large pool of customers, the monthly costs are usually very affordable to business users, turning the the service into a value.
The Proposed Approach
Now that we have described both sides of the Cloud computing model, we need to develop a viable methodology that will be both cost effective and efficient in planning the integration of online services into each business’ work-flow and information system. In our daily practice, we are asked all the time: What do you think of the Cloud? Of course, we answer: “It Depends.” The truth is that it depends on many factors. We, typically, recommend making a comprehensive IT analysis plan that will make the specifics of the Cloud decision much clearer.
- Flowchart the Entire Business Process
- The details of the flowchart must include all the hardware elements of the IT equipment
- The details of the flowchart must include all the software and online services that are part of the process
- The details of the flowchart must include all the data, its location, and its use
- The use must be specified by specific user groups
- Calculate the direct and the indirect costs of each of the above elements
- Direct costs are costs of equipment and software/online service
- Indirect costs are costs associated with each item, but incurred through overhead such as IT staff salary and time
- Question every aspect of the entire system equally as to the risk of downtime and data loss. Do not assume that online service providers backup your data, nor that they will not just disappear one day.
- This is the key to planning correctly for Cloud Computing. It is imperative to built into the entire process flow backup and redundancy capability.
- Add to the flowchart redundancy steps for all components that have valuable data and systems
- Calculate costs of all redundancy steps
- Now that the entire process is visible, calculate scenarios of using Cloud computing with redundancy versus using local equipment/software with redundancy.
- It is important to build into the model fail-over options for remote/Cloud solutions. Sometime these feature can become expensive and need to be fully explored and priced in.
- It is also critical to verify that whatever backup solutions are selected, can be actually restored, selectively restored for partial crashes, and that backup versioning extends for several months back.
Only after a detailed understanding of the appropriate mix of local and hosted solutions along with their costs is developed, can an intelligent decision be made as to how to utilize the wonderful capabilities of the Cloud. It has been my longstanding concern that the ease of use and the growing availability of online services has fueled the next Internet bubble. A mad rush to such services has occurred without proper analysis of the risks and costs of securing against those risks.
Future national conflicts are being waged today in the rear, in the enterprise arena. Business decision makers are not aware of that and the government is not capable of defending the economy against this new warfare. We are fully capable to protect ourselves because we have all the tools and knowledge necessary. What is required is a plan.