Beware these risks of cloud computing, from no SLAs to vendor lock-in

By Christina Torode, Senior News Writer 06 Aug 2009 | SearchCIO.com

IT news and analysis for CIOs Digg This!     StumbleUpon     Del.icio.us

More cloud computing resources for CIOs Latest cloud computing trend: End users buying IT as a Service The real cost of cloud computing services

The on-demand computing model in itself is a dilemma. With the on-demand utility model, enterprises often gain a self-service interface so users can self-provision an application, or extra storage from an Infrastructure as a Service provider. This empowers users and speeds up projects.

The flip side: Such services may be too easy to consume. Burton Group Inc. analyst Drue Reeves, speaking at the firm's Catalyst show last week, shared a story of a CIO receiving bills for 25 different people in his company with 25 different accounts with cloud services providers. Is finance aware of this, or will it be in for a sticker shock?

Lack of governance can thus be a problem. The finance department may have to address users simply putting services on a credit card, and there's also the issue of signing up for services without following corporate-mandated procedures and policies for security and data privacy. Does the information being put in the cloud by these rogue users contain sensitive data? Does the cloud provider have any regulatory compliance responsibility, and if not, then is it your problem?

There are several other big what-ifs regarding providers. For example, do they have service-level agreements (SLAs)? Can you get an SLA that covers security parameters, data privacy, reliability/availability and uptime, data and infrastructure transparency?

Even in cloud, beware vendor lock-in Even in the cloud, there is still a risk of vendor lock-in. The Platform as a Service model includes providers such as Microsoft Azure, which is tied directly to .NET, and Salesforce.com, which is tied to its own proprietary development platform, Force.com. "Force.com is available to SaaS customer of Salesforce.com for developers to build other systems [and applications]," said Burton analyst Anne Thomas-Manes. "It's a great service for users to share apps, but it is a proprietary system, so there is a trade-off in that you are locked down." -- C.T.

"You can't see behind the [cloud providers'] service interface so you don't know what their storage capabilities really are, what their infrastructure really is ... so how can you make SLA guarantees [to users]?" said Anne Thomas-Manes, an analyst at Midvale, Utah-based Burton Group.

Furthermore, would the provider be able to respond to an e-discovery request? "Is that on the SLA, and is that information classified, easily accessible and protected?" she asked.

For some companies, a lack of an SLA is not an issue. For CNS Response Inc., a psychopharmacology lab service that provides a test for doctors to match the appropriate drug to a behavioral problem, not having an SLA with Saleforce.com Inc. was a moot point.

"We were already experiencing a lot of downtime before we went to Saleforce.com, so we knew what they could provide would be better, and it has been," said Mark Desrosiers, senior vice president, commercialization at Costa Mesa, Calif.-based CNS. And, in fact, it has helped: CNS cut the delivery time of test results from two to four days down to 11 minutes on average.

But is this good enough for a large enterprise? That question remains, and experts said it will be up to customers to push vendors to provide appropriate SLAs.

In fact, a big message at the show was pushing vendors to do such things as:

Have open application programming interfaces (APIs). There is an inability to monitor and manage APIs on many levels. Customers cannot see where their data resides at their cloud provider, and more importantly, there is no application or service management layer to gain visibility into the performance and management of the application.

"There has to be a management layer so customers can see what and where their assets are for the cloud, what systems are used by which applications," Reeves said. "Just think of the cloud as your own data center."

Create fair licensing schemes. Enterprises should be pushing cloud providers to move away from licensing based on physical hardware and compute resources to licenses based on virtual CPUs, managed or installed instances and user seats, said Burton Group analyst Chris Wolf.

Which brings up another significant what-if: What happens to your data in a legal entanglement?

What if you miss paying a bill, or decide not to pay a bill for various reasons, like dissatisfaction with the service? Do you lose your data? Is access to your data put on hold?

There are a lot of questions as to who ultimately owns the data for e-discovery purposes, or if you decide to switch providers. Will you have to start all over if you didn't put the code in escrow, for example?

Cloud computing touts many benefits, but Burton experts at the show said enterprises need to be aware of the what-ifs: What does this really mean for my bottom line, how do I govern this, who really has access to my data and what do the cloud computing providers really have to offer?

Tags: Cloud computing for enterprise CIOs,  Contract negotiations and legal issues,  Vendor selection and management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Cloud computing for enterprise CIOs IT exec's best practices for application consolidation include SaaS Sidekick data and 'balloon boy' Disaster recovery is dead; long live continuous business operations Gmail outage raises issue of control Technology is changing IT disaster recovery outsourcing Wary of public cloud, CIO builds private cloud and transition plan Investigating public cloud could inspire overdue housecleaning A disaster recovery plan meets cloud computing Latest cloud computing trend: End users buying IT as a Service If cloud computing companies form ecosystems, users will benefit Contract negotiations and legal issues Free IT outsourcing templates: SLAs, RFPs and more How Virginia's new CIO is fixing the state's IT outsourcing problems Botched IT outsourcing contract shows need for governance, SLAs How to build IT innovation, flexibility into your IT outsourcing deals Why IT can be OK with users managing their own SaaS services contracts Failure to track virtualization licensing terms can cost you Virtualization licensing terms: A call to arms Solid governance model key to IT outsourcing contract success Internet traffic overload: What does it mean for cloud computing services? Addressing compliance requirements in cloud computing contracts Vendor selection and management How Virginia's new CIO is fixing the state's IT outsourcing problems BPM tool selection: Strategies for success IT outsourcing pros and cons for Latin America Failure to track virtualization licensing terms can cost you Pros and cons of IT outsourcing in popular Asian countries Enterprises fill client virtualization gaps as client hypervisors bake Virtualization licensing terms: A call to arms PPM software vs. SharePoint: Myths and user-vendor disconnects IT outsourcing trends 2009: Latest deals for the recession and beyond If cloud computing companies form ecosystems, users will benefit

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary