Cloud computing brings huge benefits in terms of costs as well as environmental gains. While each firm’s in-house IT resources require separate firewalls, switches, data storage, backup systems and so forth, the shared resource of a cloud computing company means this multiplicity of IT infrastructure, and the scarce IT talent required to build, support and grow it, is eliminated.
But cloud computing is also very green computing. Less electricity is consumed and e-waste is minimised. Globally, IT uses around 2% to 3% of all electricity produced. It is estimated that carbon emissions generated from the power provided for the use of IT is about equal to the carbon emissions resulting from airline travel.
Many IT industry studies have determined average server utilisation rates of 20% and less, prior to server virtualisation. Further, it is estimated that only around 10% of servers globally have been virtualised. If you add the unused storage and processing of company-owned PCs and laptops, overall utilisation is likely to be nearer 5% to 10%. That is a lot of waste.
All of that equipment still uses most of the input power while switched on, plus the power required for office air conditioning to maintain a set ambient temperature.
In contrast, thin clients, which just send keystrokes and mouse clicks to the cloud, to control the application being used, and receive screen updates in return, consume only about 15% to 20% of the power required for a typical PC. Browser-based smart phones consume minuscule power when used to access the cloud.
Specialised cloud computing companies, confronted with expensive power bills and limited datacentre cooling resources, are highly motivated to provide maximum computing power for each unit of power consumed.
Any power saved in the New Zealand national grid will, for simple economic reasons, come firstly from the most expensive form of generation, namely, the combustion of coal or gas. Therefore, the savings in carbon emissions can also be up to 80%.
Because thin client devices never run out of computing power, as all the processing is done on servers in the cloud, there is no need to upgrade PCs with every major software application upgrade. This dramatically lowers a firm’s IT capital costs and e-waste.
Security also beneifts from the cloud model.
Psychologically, it is well known in risk analysis that people feel more comfortable with risk if they feel they are in control. For example, people are often more comfortable driving a car on a congested motorway than being flown in a commercial jet, regardless of the relative safety of these two forms of transport.
Concern about the retention of data in-house, compared with data held in the cloud, is not unlike that of keeping your money in the bank versus keeping it under your mattress. Until you are confident of the bank, you feel like keeping your money under your mattress and defending it with your gun.
There is naturally a lot of nervousness around security in the cloud. After all, you cannot just check for blinking red lights on your server when it is held in the cloud. However, fear of cloud computing tends to be an emotional reaction that dissipates with transparency and knowledge.
The security question to be asked is not: “Where is my data?” The question should be: “How is my data treated and what is the security architecture and set of processes around it?”
The cultural issue of trust is a major barrier to the widespread adoption of cloud computing. Prospective cloud computing clients, who are well informed, should ask tough security questions and even consider getting a security assessment from a neutral third party before committing to a cloud vendor.
Prospective clients must demand transparency. Information about a cloud vendor’s shareholders, directors, company competencies and longevity are critical and legitimate questions. They need to ask questions about the qualifications and experience of the cloud vendor’s policy makers, key personnel and operators. They should ask about the cloud vendor’s industry certifications and seek current reference site contacts.
Prospective clients need to know about the risk-control processes and the level of testing that is being done to verify that service and control processes are functioning as intended. Ask your prospective vendor whether independent security audits have been performed, and ask to see the results. Ensure there are service level agreements (SLAs) or guarantees for system uptime, with financial penalties for non-performance.
Ensure the cloud vendor is able to completely restore your applications and data, and ask how long it will take.
Make sure you have a clear contractual understanding that you own your data, irrespective of the reason the cloud service comes to an end. Ensure there is a clear contractual process to move your data to another cloud vendor or back in-house, if you wish to do so at the end of a service period.
Ask the proposed cloud vendor about their controls over privileged administration rights for its systems, and ensure your data is held in a country which meets your approval. If necessary, also ensure that the cloud vendor follows any relevant compliance and privacy requirements on your behalf, or on behalf of your customers.
Several recent well-publicised reports of leading cloud computing vendors having system outages causes pause for thought. Much can, and should, be challenged about security in cloud computing. However, it should be noted that even in-house delivery has many security risks.
Downtime, either from over-taxed or faulty servers, or disk storage failures, is a serious problem there too. Cloud vendors with high-end services provide guarantees for more than 99.5% uptime. This is usually much higher than most firms with internal IT systems get today.
A cloud computing provider can invest more in security than most firms can, because the cost is spread over hundreds of clients. Redundant or duplicate firewalls, switches, power feeds, internet feeds, backups on disk, as well as off-site tape storage, all combine to enhance the security of performance, at a cost and complexity that few firms could even contemplate matching.
Indeed, leading cloud computing vendors consider security to be a core competency, rather than the “necessary evil” it is for most businesses.
Cloud computing also absorbs complexity and delivers simplicity.
The CIO’s primary driver for cloud computing is to simplify the IT environment. Cloud computing services, which provide the basic functionality of email, hosted applications and storage, allow the CIO to focus on added-value IT services which differentiate his firm against competitors.
Since these cloud services cannot provide any competitive advantage, there is no sense in retaining them in-house. Most of what businesses do with IT is not special. Why waste time and money competing with IT resources when your competitors can do just the same?
What you do with IT, in terms of processes for differentiating your capabilities, may be important, depending on your industry. But do you need to own and operate the IT infrastructure required for it any more than you need to own and operate electricity generation for your office lights?
Owning and operating IT resources gives you no competitive advantage. Even worse, it saps your resources, is very expensive to scale and gives you islands of function that easily stagnate.
Ironically, there is a lot of business downside risk from IT infrastructure failure, while there is very little payback or upside for the business.
Cloud computing means everything is about to change. Cloud computing offers a new opportunity for firms to reshape the relationship between IT and the business. It means users can focus on the value of the service, rather than on how systems are implemented or hosted.
One way to start cloud computing is to get out of the email business. Once you have gained confidence with that, you can move more applications into the cloud. Cloud computing is not an “all or nothing” process. Firms can select functions to go into the cloud, according to their confidence and need.
This means CIOs will be able to move more quickly, and with more flexibility, to introduce new technologies and processes to meet the demands of line-of-business executives. These executives will be able to request new technologies with more predictable costs and implementation times.
Firms using cloud computing can focus on running their businesses, instead of that very technical, risky and expensive “cash hole” called a computer system. Over time, the cost savings and business benefits from cloud computing will be compelling.
Snowden is managing director of OneNet, an Auckland-based provider of on-demand computing services and applications