Tuesday, March 20, 2012

Keep An Eye On the Horizon When Looking At The Clouds

Nobody can deny there are several benefits to public cloud offerings. But, when looking to partner with an outside cloud vendor you need to tread wisely.

Businesses should look at cloud alternatives when they are looking to implement a strategic solution they currently do not employ in-house or do not have the technical expertise to deploy. A good example would be a new company seeking to start a customer relationship management (CRM) system or an existing company looking to enhance its current capabilities.  In many companies CRM is often disjointed between sales people, regional office leads, and department executives. Sales tracking and customer relations for many companies are on antiquated systems, spreadsheets, and compiled through e-mails which can place a lot of pressure on sales forecasting.

In comes a solution like Salesforce.com. The well known cloud solution provider for sales reporting. Now company executives have real-time sales tracking and they can enable their sales force with Salesforce.com's chatter for internal social media to provide sales tips, best practices, and leads. This type of 'dashboard' into sales can help corporate leaders make strategic decisions on current market data. 

A good analogy would be giving your corporate executives a Tom-Tom to help chart their path through downtown Boston instead of providing them a map of the city before the Big Dig. While the map delivers a general idea of downtown Boston, the street information isn't accurate which could waste valuable time when trying to navigate to your destination. In today's hyper accelerated business world that isn't an option.

But, you should only seek out a cloud solution when you are trying to address an existing issue! You shouldn't decide that you are moving your application to an external cloud provider because it is trendy. If you have the technical expertise and infrastructure to support an internal cloud solution then that is your best option.

Here are some things you need to consider when looking at a public cloud provider:

  1. Do security practices meet your industries regulatory compliance?
  2. Can they guarantee location of data? And isolation of data from market competitors?
  3. Are their systems reliable? Do their contracts provide uptime guarantees or SLAs?
  4. What are the SLA penalties if the service level is not met?
  5. What happens if their is a suspension of service?
  6. Can they ensure disaster recovery? What is the backup policy?
  7. How are systems monitored?
  8. And most importantly what is the liability if systems go down? (in most contracts it is just a return of the monthly charge)
If you are going to trust a third-party with company data, especially sensitive data, you need to make certain you understand the contract. Remember that liability of the company data relies with you and not the third-party provider. If there is a security incident it is your company that is going to be held accountable for the data breach. What happens if there is a loss of service?  

A recent example is when Amazon EC2 went down on April 2011. The massive outage took down Reddit, Quora, FourSquare, Hootsuite, parts of the New York Times, ProPublica and about 70 other sites. The crash happened at Amazon's northern Virginia data center, located in one of its East Coast availability zones. In its status log, Amazon said that a "networking event" caused a domino effect across other availability zones in that region, in which many of its storage volumes created new backups of themselves. That filled up Amazon's available storage capacity and prevented some sites from accessing their data.

Another public cloud provider outage happened on February 29, 2012 and this time it was with Microsoft Azure. The problem stemmed from the leap year, February 29th comes around only every four years, when Azure initializes virtual machines for customer applications a certificate is exchanged and given a valid-to date of one year. When certificates were issued starting 4 p.m. PST on February 28th, they were given a valid-to date of February 29, 2013 which won't occur and was therefore interpreted as invalid. This caused outages that lasted up to 16 hours for some consumers. 

Is the third-party provider liable for any lost revenue? In most instances they are just going to credit your account for the lost time of service.

Recently I was talking to the IT Director of the regional city high school. They need to develop a solution for refreshing 4000 desktop computers in 48 public schools before 2014 because they are running Windows XP. One of the schools is a technical high school that teaches inner city kids competencies in networking, microsoft technologies, development, and virtualization.

I gave the Director a couple of possible solutions. The first was deploying a VDI (Virtual Desktop Infrastructure) ecosystem and extending their clients lifecycle from 4 years to 6 years. The technical high school could host the VDI solution and the students could get hands on experience for administering and maintaining the environment. The second solution was looking into a DaaS (Desktop as a Service) cloud provider. DaaS has been a great solutions for many schools, the school's IT staff doesn't need the technical expertise to deploy a VDI solution and it can provide capital cost savings to schools with tight budgets. But there are several things to consider. What happens if the cloud provider has a 3 day outage? Is school out for 3 days? Do they need to cancel classes? With a VDI solution they are in control of any system outages, but the capital and operational expense is more significant.

You need to take the appropriate steps when evaluating a third-party public cloud provider to ensure you are willing to live with the inherit risk. There could be great benefits for moving to a public cloud solution, but be mindful that you are the person liable for the company data.

News: Top vBlog 2016 Trending: DRS Advanced Settings