Cloud hype wanes while risk concern remains.

For a long time the hype around cloud computing has been more prevalent than the adoption with the enterprise take-up on any significant scale seeming to be stalling and up against some significant barriers.

More recently it seems that the hype around Cloud Computing is finally settling down and the discussion is being replaced by a more common sense dialogue on how cloud can be best leveraged as a legitimate component of the enterprise sourcing strategy.
Much of my work continues to be around assessing enterprise readiness for cloud, but typically cloud is being absorbed into the wider discussion around ‘outsourcing’, ‘right sourcing’, governance and internal vendor management capability.

While cloud adoption is widespread it is often piecemeal and enterprises are implementing cloud solutions in part, but significant inhibitors remain to a wider ‘boots and all’ adoption – issues such as: inflexible vendor licensing models; the lack of industry standards; concerns about service level agreements; questions on the portability of cloud services; the loss of step-in rights if a multi-tenanted vendor goes belly-up; vendor lock-in and increasing concerns around data security and privacy.

On the sell side most vendors acknowledge that there are outstanding issues but they still believe that the economics will be so compelling for their customers that on balance the customer will choose to accept and deal with the risks in the short term.

This may be true for many and the vendor optimism is based on the revenue projections for cloud, now measured in billions of dollars. As a result they are continuing to invest in the infrastructure to meet the demand as well as the marketing machines to create it.

But my experience as a CIO who has taken the large-scale cloud journey, tells me that whilst the economic case for cloud is compelling and this will generally get the cloud conversation started within the organisation the conversation invariably becomes one dominated by risk and law.

And the risk profile of cloud computing still needs to be considered, especially as the governments at all levels continue to tinker with the data privacy legislation that impact the sourcing decisions around cloud:.

As reported by @parisbcowan of @itnews_au  <here> …The NSW Government’s cloud policy explains that out-of-state storage is now permitted in cases where “an appropriate risk assessment has been made and where the records are managed in accordance with all the requirements applicable to State records under the State Records Act” – including active monitoring of the service provider’s obligations.

While these laws will not stop cloud computing adoption their existence means that organisations storing information that can identify citizens in overseas data centres to ensure that the hosting organisation offers the same protections as those that are located on-shore and in the home state.

So regardless of how strong the economic argument is for cloud computing there is an increasing requirement to undertake a risk assessment and this is required in three parts: 1) the organisation’s own readiness for adopting the cloud model; 2) the suppliers capability for complying with all the appropriate privacy provisions and legislation, and: 3) the ability of the organization to actively monitor the suppliers obligations and compliance on an ongoing basis.

These moves by the legislators continue to improve the appeal of enterprise cloud providers with in-country data centres but for some enterprises however it may dilute the economic case for adopting cloud.

Twitter: @CIOmatters

Leave a Reply