Aha!

The bottom line is the bottom line apparently is not always the best way to make a business decision. I began a key sentence in the preceding paragraph with “All things being equal.” And there's the rub: All things are not equal. There simply are too many “features” of cloud computing that make corporate users shy away. The negative (perceived or real) compromises one now must make for the cloud outweigh the benefits for most potential customers.

First

Corporate IT is by its very nature highly conservative and unwilling to relinquish any control it now has over existing processes and procedures. Consider the data center. I have been in world-class hosted data centers. I mean data centers with multiple redundant Internet connections, redundant electric grids, backup power supplies, chill units, and 24×7 handholding. Some even are “bomb-proof.” These are very cool facilities. Nevertheless, most corporate IT departments make the decision to host their own data center. They usually are not as reliable or protected as a remote hosted facility, but they are on premises or at least in a company building.

I got over the need to touch and feel a server about 10 years ago, but most of corporate IT hasn't. There is something about all those cables and flashing lights that make IT managers drool. Seriously, there is a real reason for the reticence to allow servers and their data off premises or off site. A major responsibility of any IT manager, director, or CIO is to maintain the safety and integrity of corporate data. A few years ago, I was in Connecticut at the corporate headquarters of a major insurance carrier. I was there to install an application we had sold the company for its corporate intranet. The server we were going to use for proof of concept/staging was a big, ugly box sitting next to a desk in the IT cube farm. I sat down and placed my fingers on the keyboard to begin the process of installing the application. My hands immediately were jerked away from the keyboard, and I was told, in no uncertain terms, I did not have permission to touch any corporate IT resources.

Consider that I had a signed non-disclosure agreement, and I was a trusted person who provided services for this firm for a number of years prior to this moment. Needless to say, this firm will not be rushing to move to the cloud. Many IT departments are based on control–and control does not work well in the cloud.

Second

It isn't just resistance to change we are discussing. There are valid concerns. Every organization has unique proprietary data that is essential to the continued operation of the company. Coca-Cola is not going to upload the “formula” for Coke to a cloud file share or collaboration site. Boeing is not going to store the specifications and CAD files for the 787 on the cloud. I am not going to keep copies of my personal tax returns on my free storage on Google Apps. I won't not because I believe Eric Schmidt wants to see how much money I made last year or how much I reported to the IRS but because the Internet is a very unsecure environment.

Last month, my wife got a call from folks at her credit card company. There were some small iTunes purchases they were curious about. My wife doesn't own an iPod or iPhone (I do, and it wasn't me). Someone had snatched her credit card information (including the CCV code) from some online purchase she made. Someone even had purchased a snow blower and charged it to her card (we live in Atlanta where snow blowers are not useful). The snow blower passed the credit card companies scrutiny as did a large charge for a new motorcycle for me (thank you, Nancy).

Fortunately, credit card companies know when thieves steal card credentials, they first test them out with small purchases at places such as iTunes. I suspect once the credentials are validated, the information then is sold to other parties who do the real damage. I also understand chances are her card information actually wasn't snatched during an SSL exchange over the Internet. Chances are an employee of some firm she did business with stole, tested, and sold her credit card information. But SSL isn't all that secure from dedicated hackers, and the nefarious employee scenario is valid with any organization. Once I trust my data to a third party, I implicitly trust all of the third party's employees who may have access to that data. The upshot is there is no good business scenario in which it makes sense to keep sensitive and important information anywhere but on premises. This is the single, biggest hurdle cloud computing must conquer, and it is one that is not likely to be conquered in the immediate future.

Third

How much control do you require over your IT environment? Is your business dependent upon custom applications? Do you currently work with development, QA, staging, and production environments? Do you have a rigorous process for testing, training, and UAT? If so, how are you going to manage that with the cloud?

These questions raise some very interesting scenarios. The cloud largely is dependent on virtualization. Cloud service providers typically do not give anyone their own dedicated physical machine. If you contract for a particular platform on the cloud, you are going to be provided with a Virtual Slice–a virtual server built on VMware of Hyper-V or something similar.

Although it is not typically “allowed,” you theoretically could design, build, and test your application on your development, QA, and staging servers and then package the whole thing up as a virtual image that then could be deployed on the cloud. And why would you want to do that? I am not sure. After doing UAT locally, you are going to need to do it all over again on the cloud. If it is a real application, it is going to require a database, and that means cloud storage as a service as well as the additional platform for the database. Cloud service providers do offer “database as a service,” but the terms are a little fuzzy. The ones I have looked at are a little unclear. Do you really get your own dedicated database server and storage, or are you sharing it with Larry the Bail Bondsman? Call me paranoid. Or call me cautious.

Fourth

Maybe I have been a little harsh on cloud computing. Maybe not. However, there may be legitimate reasons to embrace the cloud. Consider a small to medium-size insurance agency, an MGA or independent, with 50 employees. It has online applications it uses to quote and write policies but is too small to have more than a rudimentary IT department. The agency may have a domain controller and a file store server and may be running its own mail server. But it can't even afford a full-time employee to manage its meager IT department. The cloud may be an ideal solution for parts of its IT structure. It could maintain its secure internal network for sharing data within the agency. It can continue to use that internal network to provide access to the various quoting and policy managing applications it uses. The cloud offers an organization such as the one described above the ability to function like a much larger organization.

For relatively modest fees, small organizations can move their mail services to the cloud. If they desire, they also can use cloud-based office productivity software. They can create a company intranet for information sharing and collaboration. They even can leverage their cloud services to provide a platform and hosting for an Internet site. And those are valid use cases for cloud computing.

Finally

Big players–Microsoft, Google, IBM, and others–have invested fortunes on their cloud offerings, and they are not going to go away. My information tells me the big guys lost a lot of money on the cloud last year and are going to lose even more this year. And that just has served to make them more determined to make this whole cloud thing work. I don't believe corporate America is ready for the cloud. I know a few big organizations have bought into the cloud, but I suspect they simply were made an offer they couldn't refuse. Organizations without enough revenue to support a real IT department and ma-and-pa businesses will find real value in the cloud. For the rest of us, I don't think the cloud is ready for prime time. Let's circle back next January and see how the cloud is doing.

Please address comments, complaints, and suggestions to the author at [email protected].