Now that I work almost exclusively in the world of cloud computing, including SaaS, I see a much higher level of skepticism out there around cloud computing. This is best reflected by this recent CIO.com survey, which highlights the fact that reality is setting in.
"The June 2009 survey, 'CIO On-Demand Services Survey,' reveals that cloud computing fears regarding security, data management, total cost of ownership, regulatory and compliance issues, and vendor lock-in have actually increased as compared with results from a similar survey in August 2008."
The results were interesting:
Core to these issues are control, security, privacy, interoperability and compliance. There are really no easy ways around these issues. As you look at cloud computing you have to consider the architectural challenges with the opportunities.
Control issues are typically around the data. Placing your data in the hands of a cloud provider seems scary, but you're typically doing much riskier and scarier stuff with your data already. I don't think you'll hear stories about cloud computing providers who "leak" data, as much as data being compromised via stolen laptops, or a disgruntled employee who loads up those nice 10 GB thumb drives you can find at Costco and walks out the door. You just need to drive a bit of planning here, and you'll be okay.
Security and privacy are related to control, and control is what really drives the fear around cloud computing. In truth, a cloud computing system can actually be more secure than your on-premise systems if you do some advanced planning and leverage the right mechanisms. It works fine, but you'll never be at the same security level as if your systems were locked in your data center with limited network access. Either you get over that fear, or you don't do cloud computing.
Interoperability is always going to be a core concern with cloud computing providers; there are just no good standards in place or reasons to follow them. If you're thinking about creating code and data that can move from provider to provider while still leveraging native features to make the systems more valuable, dream on. There are no good options here. Either you use a least-common-denominator approach -- where the applications are less valuable to the end user but run everywhere -- or you create deep hooks into a particular provider to make the systems more feature-rich. But the latter also means you have a fat chance of moving the application from one provider to another without spending a lot of money and time.
Compliance is easy. Either it's legal, or not. Make sure to check out the actual laws and rules, including things like SOX compliance. I find that, in many instances, things perceived as compliance issues really reflect a lack of understanding of the law and the rules. Most laws and rules don't take issue with systems and data existing outside of the firewall, but there are privacy concerns to consider within verticals such as finance and healthcare.
A bit of skepticism is healthy, but arm yourself with the facts.A recent survey reveals that cloud computing fears regarding security, data management, total cost of ownership, regulatory and compliance issues, and vendor lock-in have actually increased...