Experts urge caution on cloud computing

A number of leading authorities have been urging caution on the adoption of web-based services as a new wave of vendors unveil cloud initiatives.

Cloud computing involves computing resources hosted in an off-premise 'cloud' rather than an in-house computer room.

The system offers organisations a low cost alternative to buying and maintaining a computer infrastructure and allows users to access the applications from their mobile, anywhere and anytime.

However, the advantages are now accompanied by growing concerns over data privacy, regulation and interoperability issues.

A number of vendors have announced cloud computing offerings in recent weeks, notably Amazon, Google and Oracle, and this was closely followed by IBM's launch of new social networking tools called Bluehouse.

The launches have spurred warnings from analyst firms which advise businesses to adopt such offerings with care.

Consultancy Global Secure Systems (GSS) said that organisations should review their IT security arrangements before jumping, even on a trial basis, into the world of cloud computing.

GSS managing director David Hobson pointed to provisions in the Data Protection Act that oblige companies to state clearly where they are storing customer data. The legislation also means that companies cannot store their data outside the European Union.

The problem with signing up to a cloud computing vendor is that company data could be stored almost anywhere in the world, particularly because vendors need to replicate the data around the world to maintain their own disaster recovery and backup plans, said Hobson.

"Our caution here at GSS doesn't reflect on the integrity of these new cloud computing services in any way," he said. "It merely reflects the fact that corporate governance rules and, of course, data protection legislation needs to play catch-up with the real world."

Richard Stallman, founder of the GNU project and the Free Software Foundation, voiced more grave concerns about allowing a third party to host private data. He advised organisations to keep private documents in their own hands "for your freedom's sake".

Stallman also noted flexibility issues stemming from organisations being locked-in to a particular cloud vendor. "If you do your computing using someone else's server, the server operator has control over it," he told vnunet.com.

"It's just as bad as running a proprietary program, and worse, because even the painful option of patching the binary is impossible."

Butler group analyst Roy Illsley raised deeper technical problems with cloud computing.

"We are still working on the model for cloud computing and in reality we are still at the infrastructure layer," he said.

Illsley brought up a number of interoperability areas that need to be addressed before organisations should invest too heavily in a cloud storage infrastructure.

He gave the example of VMware's VMotion product that allows a live migration of running virtual machines from one physical server to another with no downtime.

If this is to work in the cloud, the cloud provider will have to have the same chip generation and the same supplier as the customer.

"Although you can now move between generations of Intel chips, you still cannot interchange between Intel and AMD," he said.

Meanwhile Butler Group's Richard Edwards, advised organisations to consider their export strategy when taking to the cloud.

"Think about what strategy you will take if you need to move the operations back in-house," he said. "Does the software maker make it easy for you and how costly will it be?"

But if organisations decide that the cloud is for them, software-as-a-service provider Salesforce.com is keen to make known the benefits.

Woodson Martin, vice president of strategy at Salesforce, said: "Ease of use, flexibility, scalability and a reduction of management and infrastructure overheads are beneficial to businesses of all sizes. With cloud computing businesses can use whatever they need and only need pay for what they use."

Martin said concerns about a loss of control of data are unfounded because many companies lack a control over their data on-premise.

"Many companies don't even know how many PCs they have connected to their network at any time, let alone what data resides on those PCs and how it is being accessed, used and transported," he said.

"Companies' own IT teams are already stretched to breaking point and simply cannot do everything themselves to the same high level as specialist companies. "

Copyright ©v3.co.uk

cautioncloudcomputingexpertsonsecurityurge