There are also some issues that have slowed cloud adoption.

Ambiguity One of the most pressing issues that have kept people from moving to the cloud is a lack of understanding of what the cloud is and what it offers. This lack of understanding causes fear. Usually the fear is around potential hidden costs, lack of control, integration issues, and security concerns. However, all the issues can be mitigated if you have a good understanding of what to look for in a cloud provider and what to expect from one. This is what were going to help with. Were going to give you the knowledge you need to overcome the fear. Many of the concerns are really just questions that dont have a definitive answer. When youre dealing with your organizations ability to perform its business functions, you have to be wary of the unknown. You dont want to take risks that you cannot mitigate. If you dont know what the risks are, then you certainly cant mitigate them. Concerns Over Maturity There are often concerns regarding the maturity of the cloud and the various cloud providers. Many newer public service providers simply do not meet the needs of many organizations. Not only do public service providers need to offer services that customers want, but they also need to offer the right levels of service and support for those services. 14 CHAPTER 1 Introduction to the Cloud Services arent Robust Enough Yet Many of the services offered by cloud service providers are not robust enough to meet customer needs. Many public cloud services can be very specific. The provider may only offer a very niche service. If your organization isnt in need of a specific service presented in a specific way, you might not be able to take advantage of the service. As the cloud matures, so do its service offerings. Providers are continually adding and updating services to meet customer needs. SLAs Many service providers are not at the point where they can offer truly substantive SLAs. Some providers dont offer SLAs at all. Others offer SLAs, but the service guarantees they make are not suitable for many organizations. Your organization may need 24/7 availability for a particular service or application, but there might not be a provider that can offer that. One thing to remember is that if your organization cannot provide a certain level of availability because of a technical limitation, a service provider may face the same technical limitation for the given service or application. Integration When dealing with public service providers, integration is a key component. Since you will not own the systems used by the service providers, you probably wont have direct access to them. Without direct access, some sort of interfaces must be provided to allow for integration with your other systems. You may need both data integration and application integration. Data Integration Integrating data and reporting between on-premises and cloud-based systems can be costly. You will have to figure out a means of copying large amounts of data from one location to the other. The bandwidth used during

the copy process will almost certainly affect the cost you pay for the service. Lack of real-time data availability can present an issue in many circumstances. Real-time data is often needed for reporting. Moving data in real time can use a lot of bandwidth. This bandwidth usage can be very costly. Application/Service Integration Sometimes the Web interface offered by service providers is not good enough on its own. You may have a Web service or application that needs to take advantage of the providers service. Many service providers offer interfaces or APIs that can be used to access functionality. Secure access to these interfaces allows you to access the functionality you need programmatically. Cloud Adoption Inhibitors: What is Holding People Back? 15 Security Even though some people consider cloud implementations to be more secure in certain aspects than traditional deployments, other aspects are often considered less secure and more of a risk. The risk mainly comes from the fact that you will not have direct control over the systems and the data. You have to trust what the service provider is doing. Ownership of Data There are many questions when it comes to data ownership in the cloud. One big question with cloud implementations is, Who owns the data? Your company may have created the data, but now is it being stored at an external service provider. Do you still own it? What happens if the service provider goes out of business? How do you get access to your data? Does the company that takes over ownership of the systems then own your data? Is that company obligated to give it to you? What happens if there is a dispute and you dont pay your bill? Can your data be held hostage? These are questions that you must ask when youre considering a service provider. Different service providers will give different answers, so you must be aware of what you can expect from your provider. Auditing The ability to do proper auditing can vary among cloud environments. Depending on the implementation, you may or may not have direct access to the systems or applications you want to audit. The service provider may be able to provide you access to the desired log via some application interface or by exporting the logs and sending them directly to you. Privacy, Legal, and Compliance Issues Privacy is a big concern when it comes to cloud implementation. The cloud provider will have direct access to your organizations data. If this data is meant to be private, you have to worry about what measures are being taken to keep it private. In certain situations, you may be violating privacy standards simply by storing the data with an external provider. Legal and compliance issues can get very complicated when youre dealing with cloud implementations. Jurisdiction hasnt really been defined yet. If you are located in the United States and accessing servers in Europe, which regulations apply? In general, the guidance is to make sure you adhere to laws in both jurisdictions. One method you can use to ensure that the provider has adhered to the appropriate regulations is to choose a provider that has passed a SAS70 Type

II audit. This audit ensures that a provider meets a given set of compliance criteria. The audits are performed by an independent consulting agency in order to maintain integrity. 16 CHAPTER 1 Introduction to the Cloud Multitenancy Multitenancy can present its own issues. You have to be careful when you have different organizations using the same systems. There will undoubtedly be security issues and issues with customization. Security With multitenancy, you have very little control over or even knowledge of who may be sharing the same systems as you. You may unknowingly have competitors using those same systems. If your competitors were able to exploit some security flaw on the host system, they might be able to access your environment. The same thing goes for hackers. Hackers buy cloud space too. Their main goal may be to find and exploit areas that they can use to gain access to other environments on the same host. Lack of Customization When you share systems and applications with other organizations, there is a limit to the amount of customization that may be done. In some cases, you may not be able to do the customization without affecting other organizations. In other cases, the service provider may not be willing to support a customized application. You have to remember that the service provider may have thousands of customers. Supporting customization for each of those customers may be prohibitively costly. For these same reasons, you also might not be able to stay on a certain version of an application for as long as you like. You may be forced to take new versions of the application as they are released. These new versions may require additional training. This could affect your companys productivity. Technology Challenges Although there have been great advancements in cloud technologies, there is still a lot of room for growth. Many technologies have not yet been officially ratified as standards. This can lead to compatibility issues. Authentication is a good example. Although standard authentication protocols have been created, they are not widely used. Scale Out Cloud environments generally use commodity equipment for their infrastructure. In many cases this means that to add capacity, you need to scale out instead of scaling up. Scaling out can cause increased burden on a datacenter and increased environment-related costs in resources such as power and cooling. Summary 17 Corporate Policies If your organization has used only internal solutions before, your policies and procedures may need to be updated to take cloud environments into consideration. You must develop policies that can be applied when you have complete control over the environment and when you dont. You will need policies to determine what can be moved to the cloud and what cant. You will also need

policies around what will be required from service providers. Flexibility Choosing a cloud environment can be somewhat limiting. You have to consider how hard it would be to change providers if you are unsatisfied with one. It may be very hard to move from one provider to another. A big concern is how hard it would be to move your data to another provider if you needed to. In some cases, this may be so costly its impossible to do.