Cloud computing risks cannot be overlooked from SLAs to single vendors

There are many kinds of cloud computing models, each of which has a variety of ways to benefit. However, regardless of its benefits (such as cost savings, market and scalability of the speed of efficiency), cloud computing models have many risks and gaps, can not be ignored.

It involves an on-demand computing model, where an enterprise typically has a self-service interface, so that users can develop their own applications, or they can get external storage from a vendor that serves as the infrastructure. This gives users full authority and accelerates the project. But on-demand computing model itself is a dilemma.

But from another perspective: this service may be too easy to use. Burton Group analyst Drue Reeves at the company's Catalyst show last week and shared a story. The CIO in the story received a separate bill from 25 people in his company who used 25 different accounts from the cloud service provider. Are you financially aware of this? Or is it going to be a price hit?

Lack of governance is therefore a problem. The finance department may have to ask the user to simply add the service to the credit card, but there is also a problem with security and data privacy that does not comply with the company's mandatory processes and policies. Do the information that these nonstandard users submit to the cloud service contain sensitive data? Does the cloud service provider have any compliance responsibilities? If not, is this a problem for you?

There are still a few big problems with suppliers. For example, do they have service level agreements (SLAs)? Can you get a service-level agreement that covers security parameters, data privacy, reliability (availability), uptime, data, and infrastructure transparency?

"You don't see the service interface (cloud service provider) so you don't know what their storage capabilities are," said Anne Thomas-manes, an analyst at Utah State Midville Burton Group in the US. What is their infrastructure actually like? ...... So how can you make a service level agreement guarantee (to the user)? ”

In addition, can vendors respond to electronic search service requests? "Is this in the service level agreement (mentioned)?" she asked. Is the information classified? Easy to access and protected? ”

For some companies, no service level agreement is not a problem. CNS Response Inc., a pharmacological laboratory service that provides physicians with a test of symptomatic medications for prescribed behavioral conditions, has not received a service-level agreement from Saleforce.com, a pending issue.

"We've had a lot of downtime before choosing saleforce.com, so we know they can deliver better, and they do," says Mark DesRosiers, a senior vice president at CNS for the commercialization of its products. "And, in fact, it has helped CNS reduce the submission time of test results from 2-4 days to an average of 11 minutes."

But is it good enough for big companies? Problems remain, and experts say it is up to customers to push suppliers to deliver the right service-level agreements.

In fact, the big news at the show is pushing suppliers to do these things:

The application Programming Interface (API) that has been developed. Customers do not have the ability to monitor and manage APIs at many levels. Customers can't see where their data is in their cloud service provider, and more importantly, there is no application or service management that provides visibility into performance and application management.

"Management must exist so that customers can see what assets they are handing over to the cloud and where and what systems they use," Reeves said. It is the equivalent of taking the cloud as your own datacenter. ”

Establish an impartial authorization plan. Burton Group analyst Chris Wolf said companies should push cloud service providers to remove licensing based on physical hardware and computer resources, based on virtual CPUs, managed or installed instances, and user agent authorization.

Here's another important question: What if your data involves legal issues?

What if you forget to pay the bills, or decide not to pay the bill for a variety of reasons (such as dissatisfaction with the service)? Will you lose your data? Will your access to the data be suspended?

There are also a number of questions about who owns the data for the electronic search, or if you decide to switch to another supplier. For example: If you did not host the code, would you have to reinvent yourself?

Cloud computing has sold many benefits, but the Burton Group's experts said at the show that companies need to be aware of the existence of hypothetical conditions: what does this mean for my bottom line? How do I manage it? Who can access my data? And what exactly does a cloud provider have to offer?