But a recent survey also shows there remains a lot of confusion among business executives on what cloud computing brings to the table.
The survey, “The Future of Cloud Computing,” showed only 40 percent of respondents are experimenting with cloud computing today, while another 26 percent said they are waiting for the market to mature before taking the plunge.
IT organizations also view cloud computing as an effective means to keep up with application backlogs and business demands. But the folks who write the checks — the C-suite executives — remain concerned about security and compliance issues, such as HIPPA health information privacy rules. The survey showed 31 percent of survey participants cited both as key obstacles to adoption.
“Cloud computing is a multibillion-dollar industry today, but many companies are still unclear on which technologies they need, how they work together, who the main vendors are and how to implement cloud technologies effectively,” said Derrick Harris, senior analyst at GigaOM Pro, which helped conduct the survey among 413 industry experts, users and vendors of cloud software, support and services.
Cloud computing experts in Michigan, however, contend the technology is safe, cost-effective and complies with federal regulations that mandate personal information be safeguarded from public exposure.
“The advantages of the cloud are you only pay for the IT resources you are using,” said Nathan Owen, CEO of Blue Medora, a Grand Rapids company that developed IBM’s Tivoli Software that helps business executives see and understand business infrastructure in real time, like a dashboard.
“In old days, you’d buy your servers and host them in your data center,” Owen said. “Companies discovered they were only using 10 or 20 percent of their capacity, except during rare peak times. With the cloud, it is metered consumption. So you have less capital hardware, you’re not paying the power bills, you’re not doing the patches and software updates, you’re saving a lot of money.”
The downside is the perceived security threat, Owen said. Companies must rely on the cloud vendor to maintain firewalls, security updates, and the like. “It’s not less secure in the cloud, just a different paradigm.”
J. Wolfgang Goerlich, who handles cyber security for a Michigan-based financial services company, said the attacks by the bad guys wanting to get into servers is the same whether the servers are in a company’s on-premises data center or one hosted by an outside provider. But the difference is when your data is stored in the cloud, it’s like your data is stored on a shared server.
“If someone breaks into your house, it doesn’t necessarily put your neighbors at risk,” Goerlich said. “But if someone breaks into your apartment building, that’s a much higher level of risk. Now we’re seeing hackers break into the cloud, pivot and attack the neighbors around it.”
In the end, it comes down to doing technology and controls better, he said. From a business perspective, working with a cloud vendor to store your data becomes more an issue of contract law or of buying insurance that reimburses a company if there is a data breech, he said. The cloud vendor then is held liable for any damages incurred from a successful attack.
Whether your data is stored in your back room, or elsewhere, Goerlich said, “the common problem remains. Security researchers pointed out what needs to be done, but companies are not implementing the changes. Companies don’t want to spend the money or haven’t invested enough money in training staff.”
Before you move your data to an outside data center, warns Mark Stanislav, a senior security consultant for NetWorks Group Inc. in Ann Arbor, you must perform due diligence.
“Go with trusted companies, especially in the cloud computing space,” said Stanislav, who spends his days performing penetration testing on websites to see if they are secure. “There are a lot of fly-by-night companies. In the public cloud, go with Amazon, Microsoft, Terremark — they are hiring the best security talent out there and have had a long-standing focus on computer security. They know how to do it.”
He said Amazon is great for security, particularly when eCommerce is involved. Terremark is more focused on business, he said.
Owen from Blue Medora said businesses need to evaluate their requirements. He said different vendors specialize in different platforms. Software as a Service maintains your software for you. Infrastructure as a Service lets an organization outsource the equipment used to support operations, including storage, hardware, servers and networking components. Platform as a Service is a way to rent hardware, operating systems, storage and network capacity over the Internet.
“Often, Infrastructure as a Service is a good starting point for small to medium businesses,” Owen said.
Software as a Service might be a better approach for a company with only occasional big data demands, he added.
“When you build cloud-enabled applications, a big advantage is if you’re a vendor that twice a year has an online catalog, and you need 100 times more web server capacity than normal. Software as a Service allows you to scale up capacity for short periods of time,” Owen said.
Many companies also are using the cloud for disaster recover, he said. In this example, companies continue to maintain a traditional data center in-house, but by storing the backup in the cloud, they get a second data center for much less money. This is the so-called hybrid approach, Owen said.
For those companies that still use tape backup, Amazon has recently offered its Glacier service. With Amazon Glacier, customers can reliably store large or small amounts of data for as little as $0.01 per gigabyte per month, a significant savings compared to on-premises solutions. It’s when you retrieve the data that the price goes up. Amazon Glacier charges $0.12 per gigabyte per month for up to 10 terabytes of information.
Mike Brennan is senior technology writer at MiBiz. His day job is editor and publisher of MITechNews.com