Scattered cloud coverage bring rewards, risks
The idea behind cloud computing seems to make good sense, given the economic pressure businesses are under to do more with less. The cloud is just another way of saying "the internet." And cloud computing basically involves paying for access to internet-based services in order to share computing horsepower, information and programs, from word processors to complex accounting and customer-relationship-management systems.
So instead of buying and maintaining its own servers and programs, which can be an expensive proposition, a company can pay to use programs, crunch numbers and store information on servers that are owned and operated by a service provider. Typically all it takes is a web browser to get to these cloud-computing resources.
Major providers such as Microsoft, Salesforce.com, Google and Amazon make it seem like the cloud has become a ubiquitous force. But the reality is that when it comes to day-to-day business, most enterprises in Canada are proceeding into the realm of cloud computing with a great deal of caution.
Or so they think.
"With zero exception, when I ask executives from Canadian accounts how many have made a significant investment in cloud computing to date, no hands go up," says Jimmy Fulton, vice-president at CA Technologies Canada, an IT management firm based in Toronto. "If I ask who is considering it, there might be a couple."
What these executives may not know is that the cloud may already be alive and well within their ranks. It just can't be found in their IT budgets.
Just ask Steve Irvine, CEO of 80/20 Solutions, a software-as-a-service provider of cloud marketing-based services in Toronto. "Give me the name of just about any larger enterprise, and I can almost guarantee there will be three or four departments using cloud applications without them [the central IT department] even knowing it."
Hiding behind a cloud
He's not alone in making that statement.
"There probably are consumers somewhere in their organizations in the cloud," Fulton says of CEOs and CIOs who haven't officially made the move to cloud computing. "It may be a department or division that needed some computing capacity and went to a provider like Amazon or someone else."
The larger the organization, the greater the likelihood that projects are drawing on resources in the cloud without the CIOs and/or IT department's full knowledge, confirms Robert Miggins, senior vice-president of business development at ServerBeach for PEER 1 Hosting in Vancouver. "Usually it's just some manager with a stagnant budget trying to get a job done," Miggins says. The technology makes sense from a business standpoint, he adds.
"Cloud works like a utility. You just plug into the 'grid' and pay for what you use. … It just happens," Miggins says. "Sometimes a developer or someone else needs to make something happen quickly and ends up using cloud services without the knowledge of the CIO."
Irvine says marketing departments "love to outsource a lot of daily functions - and anything they can do to get away from IT makes them happy. It's fast, cost effective and easy to work with a cloud provider, rather than going through a lot of internal approvals and red tape. So those that haven't gone through their IT folks just do it … and ask for forgiveness later if they get caught."
A new tool of the trade
This is not some nefarious plot to undermine enterprise security. It's largely because infrastructure services for hire can easily be expensed the same way office supplies and printing services might be.
Like the early days of wireless, when people created their own WiFi networks in the office to bypass IT red tape and improve efficiency, cloud is becoming just another tool for making certain tasks easier and faster.
'We find that about one-third of enterprises are putting sensitive information in the cloud, and I doubt that anyone is fully able to enforce that.' —Jay Heiser, Gartner
The ability to buy infrastructure when you need it can do wonders for speed and efficiency, for example, when running in-depth analysis, crunching research numbers or offloading bandwidth-heavy tasks like video streaming applications.
"Cloud is much more accommodating for a wide range of workloads, which is what's setting off what's going on in large organizations," says Phil Shih, senior analyst for hosting at Tier1 Research in Toronto. "A lot of team leaders simply don't want to wait to go through the IT procurement process. Cloud services present them with a fast, easy and convenient way to turn compute power on and off when they need it by just expensing it on their credit card."
Overcoming the fear factor
Depending on the application and information being used — and the quality of the provider — this practice doesn't necessarily expose companies to risk. But it could.
The way the whole process of using these services is managed needs to be worked out in order to avoid sensitive information making its way to the cloud, according to Jay Heiser, research vice-president for Gartner in Washington, D.C.
"Ironically, it could be some of the most 'sensitive' groups going off and doing things like this," Heiser says. "We find that about one-third of enterprises are putting sensitive information in the cloud, and I doubt that anyone is fully able to enforce that. Brokers and corporate councils, for example, will take something out of their own budgets to get private email services. It's the digital equivalent to the plain brown wrapper."
Understandably there is a lot about the cloud that is scaring enterprises off, says Kelly Beardmore, chief operations and technology officer at Tenzing Managed IT Services in Toronto.
"It may sound like an oxymoron, but the nebulousness of the cloud is both its strength and its weakness, for Canadians in particular," he says. "For one thing, there's a general fear of loss of control of data. There's a lot wrapped up in the whole privacy issue and the jurisdictional requirements for data."
Accept and conquer
Despite the fears of security breaches and corporate intentions to keep information locked down, it appears inevitable that cloud services will make their way into the enterprise ranks, whether it's through the front door or the back.
Rather than fighting the trend, Heiser believes that enterprises would do best to accept the inevitable and start developing appropriate policies and procedures.
"You're fighting against human nature when you try to limit the 'tools' people bring to the workplace," Heiser says. "If you have to hop on the bandwagon, you can do it in a conservative way and establish cases where it's acceptable or not."
"Cloud just doesn't fit in with traditional risk management paradigms," Shih notes. "Certain parts of IT will inevitably end up in the cloud. Pockets in enterprise will experiment with it. Developers like to get on it for certain workloads that don't fit their IT infrastructure. CEOs need to know that they can move to the cloud piece by piece for workloads that make sense, not mission critical or sensitive applications."
Fulton says that CEOs and CIOs will remain stymied by a number of questions for some time: How do they manage the cloud? How do they secure it? How do they decide if it has benefits? How do they manage service level agreements?
"These are all questions that make [cloud] management solutions and [and processes] vitally important. Acceptance and education are good starting points," he says.
One of the biggest challenges for enterprises is figuring out who to put in charge of cloud-based initiatives, Heiser says. "It should be the business manager. If they can truly understand the ramifications of using external IT and accept it as part of their overall business risks, they stand the best chance of making the right decisions in controlling it."