What is the reality of cloud?

The cloud is probably the most hyped concept in IT right now, and also the one greeted with the most cynicism by wary IT pros. We spoke to three IT leaders to get their honest thoughts on three aspects of the cloud: the OPEX/CAPEX argument, end-user adoption of cloud tools and potential government surveillance of cloud data.

Is cloud really about OPEX vs CAPEX ROI models?

Cloud services typically allow organisations to move what would have been a capital expenditure (CAPEX) to operating expenditure (OPEX). Instead of forking out a big chunk of cash for equipment up front, organisations can instead pay another company a regular stipend to take care of whatever that equipment would have done.

This is one of the defining qualities of the cloud - in fact, cloud providers frequently talk about CAPEX models of ROI when spruiking their wares.

For Panazzolo, whose company SA Power is using services from cloud provider Accellion, this focus on OPEX was not a benefit when justifying a move to the cloud - if anything, it had the potential to be detrimental. This is because of the way the electricity regulator has structured the business environment.

“The way the regulator drives the utilities business, it’s traditionally been very CAPEX-focused. CAPEX is normally seen as a good thing, and OPEX not so much,” which makes cloud “a harder argument” for Panazzolo’s team to make, he said.

However, business requirements often override this factor. “The financial model doesn’t obviate the need for the business to have the capability that it requires. So we work around that. But it’s not so much that ROI driver for us, because of the way our market is regulated.”

Now, this favouring of CAPEX over OPEX is factor specific to the utilities industry and definitely won’t apply to everyone. However, Panazzolo’s experience highlights that the purported benefits of a technology - in this case, the OPEX focus of cloud - aren’t always as they appear.

A start-up formed in early 2013, SwipeAds chose to go with the cloud for many of its business functions from the get go - for both functional and expenditure reasons.

“It’s in our blood. As developers, in our other projects and in our own habits, we switched to cloud-based solutions a long time ago. So when we did start up, it made sense to use that as much as possible, just knowing we’d always be on the move - it just makes it a lot easier,” Ford said.

SwipeAds is hosting its Funcaptcha service on Ninefold and also employs various cloud services like Dropbox, SugarSync, Google Docs and GitHub.

“It also really makes it a lot cheaper. That’s really great when you’re a start-up - you want to save all the money you possibly can. That’s just the way the financials work. You don’t want to spend excess money at the beginning. Even $100 - if we spend $100 on a solution now, instead of keeping in equity, we’re giving up $1000 or $10,000 down the track,” he said.

How have users coped with your move to the cloud?

Across all technologies, one of the biggest challenges IT managers face is changing or managing users’ behaviour. According to several of our panellists, the cloud is no exception. Wishart, whose company Service Stream is using cloud-based ServiceNow for ITSM and other functions, describes user adoption as one of the bigger problems facing cloud.

“The biggest challenge you always face - the one that you’re most concerned about - is user adoption. Are people going to be able to transition to this? The problem is somewhat far-reaching. Now that they’ve got this new iPad device, are they really going to do work on it or use it for other things?”

Wishart said these concerns drive a need for mobile device management (MDM), something his team is now investigating.

“If you buy [cloud] … then be prepared that it will highlight significant gaps elsewhere in your frameworks, and one of them in our example is MDM.”

Panazzolo said his team was able to avoid most of these user adoption problems by deploying the technology to users when it was deemed helpful, on a case-by-case basis, rather than pushing it onto the entire user base all at once.

“A lot of the time a company will buy a really nice technology and they just let it loose and leave people to decide how they might make use of it,” a technique that will generally result in lower user acceptance, Panazzolo said.

“What we’ve done is deployed it out to users as they have a use case where that technology suits. Someone’s got a problem that they’re trying to get a solution to, and if you go there with something that solves that problem for them, they tend to be happy that you’ve given them something that actually get them out of a bind.”

By following this strategy, Panazzolo said he’s had a “generally positive” experience with user adoption.

Have recent leaks about governments spying on internet traffic changed your use of cloud?

Lawyers, academics and cloud providers are still arguing about how real an issue data sovereignty is (you can guess who says it doesn’t matter), but the recent leaks from Edward Snowden about the NSA’s ability to spy on internet traffic have caused many to again question the security of cloud services.

Dr Raffoul said that the main reservations about the cloud have so far been around security, particularly regarding the unknown location of data stored in the public cloud, and customers having little capacity in their contracts to dictate the security practices of public cloud providers.

Recent leaks will make people more concerned about cloud security, he said.

Dr Raffoul pointed out that “there’s always a way to break security from the technology perspective”, but he said organisations can limit this possibility by including certain terms in their contract with their service provider that, if broken, would open the provider up to legal consequences.

Specifically, he said you should:

1. Get your service provider to adhere to your organisation’s security policy;
2. Demand the capability to track how the provider is handling your security; and
3. Dictate to the provider the country in which your data is located.

Wishart said the company hasn’t had to face data sovereignty as yet, and the Snowden leaks haven’t bothered him because he’d already covered his company’s backside.

He said that “legislation is king” and that when he considers a potential provider, he’ll present information on them - like their encryption, security protocols, data centre locations and so on - to the lawyers.

“Then I ask the lawyers: does it pass? If the lawyers say you’ll be in breach of the legislation, I’ll say okay, we’re not doing it. Taking a risk is just silly.”

Ford was the only panellist who voiced significant concern about the leaks - but not as a business operator. This is because SwipeAds doesn’t keep sensitive information on customers using the Funcaptcha service on its websites - just basic information like email address, SwipeAds account password and website domain.

But personally, he said, “I think it should concern everybody, because I think that the internet should be a big public good, and it should have the confidence of its public, and part of that confidence is knowing that what you think is private actually stays private. So as an internet citizen, of course I’m concerned.

“Companies want to be confident that [providers] can keep trade secrets. It’s not just the government - it’s also espionage. If you can’t trust encryption, or if encryption has been broken with back doors, it just makes espionage that much easier. Espionage from other countries and other companies I think is also a very real threat.

“I think that’s more relevant to us as a start-up. We’d be concerned that if there’s some government somewhere that says ‘We really like this technology but we don’t want to buy or license it - let’s just go ahead and steal it’, are they able to get into our GitHub, our Dropbox? Are they able to get into our stuff to be able to use it themselves?”

Panel:

Dr Wissam Raffoul, Advisor at analyst firm IBRS

Adrian Panazzolo, Enterprise Architect at electricity distributor SA Power Networks

Craig Wishart, CIO at network services provider Service Stream

Matthew Ford, co-founder at software developer SwipeAds

Image credit ©iStockphoto.com/alengo