News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Jeff Boles's picture
Jeff Boles

Virtual Frontiers

More posts | Read bio

February 20, 2009 - 8:00 A.M.

News flash - the Cloud is probably better than your data center

6 comments

It might depend on what dimension you're talking about, but in at least some dimensions, I'm confident the capabilities of many cloud providers far outpace our everyday data center capabilities.

The industry continues to buzz about a seemingly endless bucket of security concerns in the cloud, but 9 times out of 10 seems to miss the most obvious conclusion.  A real security assessment would likely turn up evidence that the cloud is a good bit more secure than your data center.  James Niccolai caught a story at a recent conference from one CIO (Doug Menefee, CIO at Schumacher Group) who had a great perspective.  

The thing is, the cloud has about 100 times fewer attack vectors than that data sitting inside your data center. Easy physical access? No. Thousands of services running on the network with little visibility into what they are? No. Rogue access points? No. Disgruntled employees? Maybe, but they're not yours, and probably have sweeter targets than your data.  The cloud is pretty much down to one attack vector - over the wire.

Meanwhile, data centers in the cloud are more likely to give you access to better security mechanisms than you could ever cost-effectively deploy and manage in your own data center -- ranging from authentication and access control to intrusion detection to file-level encryption and multi-location distribution. 

Every day we're seeing new approaches to slicing and dicing data, encrypting data, distributing data, and adding multiple layers of services to cloud infrastructures all in the name of better securing and obscuring data.  It is starting to look like cloud security could easily outstrip the best secret government program the most paranoid spy agency novelist could ever think of.  Moreover, through some careful investigation, you can find the right service in the right place where you are more likely to get better detection of potential and real security issues, and better guarantees that any issues or breaches will be disclosed to you.  Take a good look at your data center.  Are you confident about your level of detection, and that your coworkers, reports, or other employees will identify and disclose problems every day?

Personally, I'd put my money on the cloud securing my data way before at least as many as half of the data centers I've toured or worked in.

What People Are Saying

Add new comment

confidentiality

Submitted by BWright on February 23, 2009 - 11:13 A.M.

Watch this emerging issue: Will records in the cloud will be easier for a legal adversary (like a prosecutor) to get via a search warrant or subpoena? --Ben

Reply | Report this comment

Unfortunately

Submitted by Anonymous on February 21, 2009 - 2:27 A.M.

Unfortunately I have had much less luck with third party venders in several areas on competency and responsiveness vs our data center. Their may be superior opportunities but it will be some time before which clouds manage well can be determined from the ones that talk a good game but cant back it up.

Reply | Report this comment

Speaking of "backup" ...

Submitted by George on February 22, 2009 - 7:41 A.M.

The thing that concerns me most about clouds is the potential for data loss - not from failure to back up data locally, but rather from the failure of application vendors to maintain backward compatibility. What happens years from now when I need to retrieve my carefully archived data and find that the application quietly abandoned my file formats several versions ago?

Honestly I can't see how any business could place trust in an application over which it has no control ... if for no other reason than the fear of litigation. Few companies have the resources to routinely check archives and convert formats when vendors change software. And what happens if a vendor goes out of business? With cloud, the application just vanishes like smoke and any archived data the company may have retained becomes useless.

Case in point: Microsoft Word no longer reads Word 2.0 files. Are you certain you'll never need a document from 1991? Don't count on it if your business is sued. Sure, you can recover (ASCII) text from the document and maybe figure out what it was about ... but maybe not - any charts or other graphics that were in the document are gone forever unless you have a copy of Word 2.0 and maybe even an old copy of Windows to run it on (Vista no longer runs 16-bit software). God help you if the document used OLE linking - then you'd need the original data source and it's application as well.

Until now, IT operations haven't had to worry about access to old software - they always had installation media or archives of downloaded software, updates, etc. With cloud, they no longer have anything. The temptation will be great for vendors to offer only the latest version of an application and you can virtually count on this being the case for small vendors. Large vendors may run the last version in parallel - at least for a while - but you can bet that no vendor will be hosting software that's three versions old and you can also bet they won't much care that you suddenly need access to it again.

For the same reasons, I don't believe web articles can be trusted for scholarly citation - they are "corrected" with alarming frequency and, in most cases, the older version simply disappears, making it impossible to track corrections and updates to the material (unless, of course, you've saved it off-line).

Reply | Report this comment

Choosing cloud storage takes a new level of due diligence.

Submitted by Jeff Boles on February 23, 2009 - 9:34 A.M.

Hi George,

Thanks for the comments. For the record, I absolutely agree with your pragmatic take on the risks of the cloud when it comes to probably 90% of the cloud vendors we are going to see over the next couple of years.

The disruption that is relevant to the market though will be when the big guys get involved, and do it with long range services delivery vision. Is there somebody out there you would consider a trusted data partner? I bet there is. What if they were primarily archive and preservation focused, and managed that service the same way they manage their largest enterprise platforms? This will in fact shed new light on just what the cloud is capable of.

Food for thought - a preservation oriented partner with an established track record may provide you with long term digital access that far surpasses anything you could do internally. What if they had back end systems that you could buy into as a service for full content extraction or digital format conversion? Those might be capabilities you could never afford/obtain yourself. Moreover, if they are in the game for the long term, you'll likely find more consistency in the delivery of their service than you'll have across multiple generations of traditional storage and lifecycle management software - they'll be incented by their revenue stream to keep all changes transparent to users. Finally, with that front-end / back-end web model they have more back-end architecture freedom, the continuous revenue stream associated with a service may make them more profitable in the long run (even at lower cost to you). To me, that looks like a vendor that is better able to deliver gradual software improvements rather than massive version upgrades, and potentially makes them less subject to massive product shake ups or discontinuations.

From my vantage point, this is the core value proposition of this next generation of cloud solutions, but realizing these capabilities means you have to evaluate potential solutions and partners with a level of diligence seldom exercised with off the shelf solutions. That in itself may make us all better IT practitioners.

By the way, for all you emerging guys out there, including regional service providers, hosters, etc. your ability to address these doubts will be what determines whether you can be competitive with the big guys. Thinking about things like escrow, portability of back-end architectures, transparent multi-provider interoperability, and integration with third parties delivering other sophisticated services is what will sway customers. Simultaneously, if you are considering implementation of internal clouds, be aware that in many cases your users will see your infrastructure as a compromise to what is available in the marketplace if you can't harness some of these same capabilities for integration with comprehensive search, access, automation, collaboration, and information management.

Jeff Boles
Sr. Analyst
Taneja Group
www.tanejagroup.com

Reply | Report this comment

Lease your cloud

Submitted by Alfredo Arcieri on November 9, 2009 - 9:52 P.M.

Jeff, great post.

EMC, VMware and Cisco are others big guys that already bought the idea of the cloud. We will see mid size companies moving towards a private cloud very soon. A side effect of cloud computing is increased uncertainty about making the right decisions in IT strategy. Private cloud, federated cloud...I mean...it is very foggy... literally. I believe that we will see an increase in IT assets being acquired through leasing. Doesn't it make complete sense to lease your way into the cloud?

Disclosure: I work for a VAR that partners with EMC, VMware and Cisco

Reply | Report this comment

Same old, same old...

Submitted by Anonymous on October 12, 2009 - 1:29 P.M.

Cloud Computing sounds like outsourcing to me; outsourcing for the masses. If only the big guys can competently play in this marketplace, we'll all be outsourcing our desktops/laptops to IBM, Microsoft, or HP because we're not capable of making backups and safeguarding our data. We'll all be carrying around little dumb terminals (cell phones?) or alternative "thin clients". It's probably cheaper to buy a good backup software package and a fireproof safe than eternally pay a monthly "service" fee. A monthly "service" fee is big businesses best friend. This reminds me of an ex-colleague's (salesman) favorite anecdote: "You can't make any money leaving them where they're at!".

Reply | Report this comment

Related Posts

Cloudy clouds and standards
Security and the cloudy cloud: A revolution for the infrastructure?
The Cloud - staking out the infrastructure paradigm
Ubuntu 9.10: Linux for business

Today's Top Stories

IE9 to tap hardware to boost performance
Free Web apps to help organize your holidays
Report: Microsoft may pay News Corp. to delist from Google
KT to sell iPhone in South Korea
New attack fells Internet Explorer
Google's Chrome OS hits BitTorrent
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.