The Pros and Cons of Cloud Computing A Tale of a Salesman that Convinced a CIO to Switch to Cloud Computing 1 – Introduction and DefinitionP. 2 2 – Pros and Cons of Cloud Computing, from a CIO – Salesman Point of View P. 4 3 – ConclusionP. 8 4 – ReferencesP. 9 1. 1 Introduction “Cloud” computing is the fanciest buzzword in the computer industry, currently surpassing the last big term “web 2. 0”. Every big player in the computer industry launched a cloud service last year.
Notable examples are iCloud by Apple, (Apple 2012) or Microsoft Cloud Services (Microsoft 2011), copying various innovators like Google or Dropbox, who offer similar services since much longer. The latter is the most successful company in the private usage of a file-cloud, since 2007 it has acquired over 50 million users (Dropbox 2012). The success of Dropbox lies more in its simplicity rather than its functionality, the company never uses words like sync or cloud, it simply works for the user (Carr 2011). But would business also use cloud services?
If we take Dropbox as an example, would a firm use a similar service and upload files on a foreign server, hence give away files to a different company? Even when functionality is easy, what about legal or safety concerns? The question here is a different one than for private usage. In this essay we will examine the pros and cons of the functionality of cloud computing (CC) possibilities in regards of the delivery of information system (IS) to the client by slipping into the role of a CIO on the receiving side and a sales person on the giving side respectively. “Cloud” is more a term than a definition, much like “web 2. ”, which describes a conglomerate of modern, dynamic and social web services. CC refers to a concept where the user gets computing and storage capacity without owning it, everything happens beyond his senses, in the “cloud”. The concept dates back to the 60s where the ideas of global computing networks shed the light (Cantu 2011). The first real depiction of a cloud in an Internet framework appeared in 1996 (Gillet 1996). In 1997, Prof. Chellappa provided the first definition of CC, with the implication that the boundaries of computing will be determined by economic rationale rather than technical limits (Goiuzeta Business School 2012).
This was an exact forecast of what happened. Within just a few years, companies began to switch from owning hardware to using cloud services because they were attracted to benefits like a reduction in capital costs as well as an easing in IT staffing issues. The recent hype came a decade later when private users started to own more than one internet device, and the boundaries of work/leisure time spend on a computer started to blur. Hence, companies that offered similar cloud services, started to incorporate the name cloud in their products.
Or as Larry Ellison, CEO of oracle put it in an interview with the Wall Street Journal in 2008: “The interesting thing about Cloud Computing is that we’ve redefined [it] to include everything that we already do. […] I don’t understand what we would do differently in the light of Cloud Computing other than change the wording of some of our ads”. (Armbrust 2009)This statement confuses me. How should I explain how CC can be used to better incorporate IS in businesses when it apparently has already been done before the cloud even existed? I need to take a closer look and find out what CC is exactly.
And then I can find out if Mr. Ellison actually was exaggerating – or CC is in fact just a buzzword. 1. 2 Definition of Cloud Computing The National Institute of the Department of Commerce of the US defines cloud computing as a “model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources”, and distincts three different service models: (Mell und Grance 2011) •Software as a service (SaaS), e. g. Google Apps, Dropbox, or customized software. We are going to focus on this type for this essay. •Platform as a service (PaaS), e. . Google App Engine, Microsoft Azure •Infrastructure as a service (IaaS), Servers & DBs like Amazon S3 for enterprises. Furthermore, different deployment models exist, we are going to focus only on the two different poles, the private cloud and the public cloud. The former means that the cloud infrastructure is owned and operated by a single and usually the same organization, while the latter stands for a public infrastructure where basically everyone can use it under different conditions. And this is the “cloud” we will be referring to in this essay.
Businesses can “outsource” the different services to other firms, by engaging into a business client relationship. This has three important implications from a hardware point of view: (Armbrust 2009). 1. “The illusion of infinite computing resources available on demand” – in contrast to the limited in-house servers, the businesses don’t need to plan on how much computer power they need beforehand. 2. “The elimination of an up-front commitment by Cloud users” – a business can start small, the resources are always perfectly adapted to their needs. Or in other words, the elasticity is very high. 3. The ability to pay for use of computing resources on a short-term basis as needed” – which is much more cost-efficient than having servers running all time – using more storage room and electricity. Those three points are quite evident, so why do businesses still settle for private cloud infrastructure? There are many problems, which will now be discussed from a point of view of a salesman and from the perspective of a CIO. ? 2. Pros and Cons of Cloud Computing, from a CIO – Salesman Point of View 2. 1. The Salesman Says, It Is Cheaper “Running your own servers is very costly”, said the salesmen to the CIO.
You have to provide for everything, and you have to actually buy more than you need, since you should provision for the highest demand to always have enough capacity. The above equation shows the economical trade-off between public (left) and private cloud (right). It does only make sense to settle for CC when profit multiplied by user-hours is bigger than the same figure with in house datacenter. For the datacenter, the costs must be divided by the average utilization to compare it to cloud usage (Armbrust 2009). As a CIO, I know that in most cases a CC solution would be cheaper.
I wouldn’t waste any resources; the supply is perfectly elastic and adaptable to my demand. The problem is, my organization already owns an in-house datacenter, and I’m afraid that we would lose our initial investment if we’d move to the cloud. But after careful analysis together with the salesmen, I found out that my datacenter will be outdated soon, while the CC solution of the salesmen is constantly updated. In fact, I realized that an overhaul of the whole server system would be too costly. So the salesmen convinced me that his solution would be cheaper.
But maybe I’d rather pay more to avoid any conflicts, security risks and problems with the supplier. So before I decided for my organization, I rescheduled a new meeting with the salesman for next week, giving me enough time to do some research and confront the salesmen with those issues. During the next meeting, I confronted the salesman with a list of identified problems that my organization would encounter when changing to CC. We will now go through them one by one: 2. 2 Availability of Service and Criminal Attacks This is the most obvious obstacle.
What if the services are not available dew to a power outage or similar reason? Or worse, a criminal attack by a Distributed Denial of Service (DDoS) attack? Even powerful corporations like VISA or MasterCard are not immune against it (Computerworld 2010). And even Amazone, the biggest SAAS provider, fails once in a while (Gilbertson 2011). The salesmen then explained that their multiple servers are located in different parts of the world, which work independently from each other, and that every system is backed up. Though there never is a 100% guarantee of non-failure, his systems are better equipped than my domestic ones.
And he continued to explain that the cloud’s bandwidth is much higher, and that a criminal organization would have much more success blackmailing my company instead of theirs, since it would take the criminal organization much longer to uphold a DDoS Attack against a huge cloud provider than a organization with a small domestic server. (Armbrust 2009 estimates an attack on a Amazon S3 server to last more than 32 hours to make a 50’000$ payment attractive, which is highly unrealistic to maintain. ) So those concerns were put out of the way. Still, I was not convinced.
I had a lot of issues on my list. 2. 3 Problems resulting from Data Lock-In with respect to longterm availability So I assume that the provider does not have any unforeseen failures. But what if the provider goes broke and decides to shut down? I can’t just download my files to my own servers – I won’t have one anymore. This is the so-called Data Lock-In, I can’t easily transfer my files anywhere else, the APIs for CC itself are still proprietary or at least not standardized (Armbrust 2009). I’d be also locked in and vulnerable to a price increase, I’d have trouble switching to another provider.
What if my CC provider will go broke or get acquired and swallowed up? The salesmen explained to me that my data would remain available even after such an event. They’d be saved in a format that I could import into a replacement application. His organization is also currently working on a standardization of API’s, which could be executed simultaneously on my server as well. He then continued with the history and financial facts of his company, and assured me that it will never go broke, it relies on a good and beneficiary long-term relationship with his clients, and that unfair price increases would be a taboo.
To my question if data would be replicated fast enough, he assured me that with the premium product, a total transfer would not take longer than 5 working days. Happy with those answers, I continued to present my issues. 2. 4 Data Access, Location and Encryption I told the salesman that I was afraid of privileged user access. Sensitive data processed outside the enterprise brings with it an inherent level of risk, because outsourced services bypass the control of in-house IT. I want to know who can access the data. I also want to know exactly where my data will be hosted.
I want to know what laws apply in what country, and if they could uphold domestic laws when storing my data in a different country. The E. U. for instance has regulations about transferring in outside territory (SAAS-Forum 2009). So I ask him if they will will commit to storing and processing “my data in specific jurisdictions, and whether they will make a contractual commitment to obey local privacy requirements on behalf of their customers” (Gartner 2008). I further asked him if they would be exposed to outside reviews and security checks for the encryption of the data.
The salesman explained that they are only active in countries with a fundamental law system, but that he evidently cannot uphold domestic laws in different countries. But he assured me that the company was never involved in a scandal which involved the theft of data – and that they are checked regularly by outside security test, and that they even employ professional testers who try to hack dummy files. He also explained that no one has true access to data, since everything is encrypted before it is uploaded.
And with a customized virtual local area network, and network middle boxes, no one without sufficient owner rights would be able to access my share of data. (Armbrust 2009) This all sounded convincing, but what if I can’t access the network fast enough? I’m of course talking about limited network resources: 2. 5 Data Transfer Bottlenecks The rate of transferring data grows slower than computing power and storage. So increasingly, this is the bottleneck of CC, much like the hard disk writing/reading speed on a PC. (Armbrust 2009) In 2008, prices for data transfer were 100$/TB.
Hamilton actually suggested that it is sometimes cheaper and better to ship the actual hard disks by physical package than to upload them. (Hamilton 2007) . Another possibility to reduce the bottleneck probability is to actually make it attractive to keep the data in the cloud. So as the CIO of my company, I must make sure that computing and managing the data can also happen on the cloud, and must not be downloaded and uploaded again. The salesman affirmed all this, and presented me an integrated solution of an information system.
He also said that we could work out a shipping deal if required. 2. 6 Performance Bottlenecks With the data transfer issues out of the way, I can focus on performance bottlenecks. What if all the customers are using the framework at once? Will my data still be processed fast enough? The problem with storage is that the three properties that make CC so attractive, short-term usage, no upfront cost, and infinite capacity on demand, which all apply for consumption It is less less clear though how to apply those three points to persistent storage.
The usage of flash storage will certainly reduce this issue. Flash Memory for servers is already used, to some extend (Sengupta 2010), and will surely drive performance up as cost go down. Because of simple economies of scale, I can be sure that my organization will not be able to afford this new technology before a huge CC-organization, so I’ll definitely be on the safe side with a CC solution. Okay, I thought, so I pay for better storage, but how can I pay for computation? How can I make sure that the cloud can scale up quickly enough depending on my demand?
The salesman explained that they automatically scale up and down in response to load in order to save money, they have a Reliable Adaptive Distributed Systems Laboratory is the pervasive and aggressive use of statistical machine learning as a diagnostic and predictive tool to allow dynamic scaling, automatic reaction to performance and correctness problems, and automatically managing many other aspects of these systems. He explained that I would be in better hands at their firm, since I would have the same problems with an own server, but not the tools to mange this like they do. . 7 What About Bugs And Corrupt Files? Security and Responsibility? One of the difficult challenges in cloud computing is removing errors in these very large-scale distributed systems. I heard that a CC provider couldn’t debug their system because the bugs are not reproducible on smaller structures, and debugging on the same scale of the actual data centers is difficult. Human errors are accumulating on the server side (Rohner 2012). Is rescuing the data feasible? Today’s servers nest the files in a very redundant way, it makes it very hard to restore all of them.
I ask the salesmen what he thinks about this. He explained that they rely on virtual machines (VM), and that they are very keen about using VM, which reduces the problem since every user has it’s own box with limits “emulated”. He then assured me the following three points (Harauz, Kaufman und Potter 2009) •That his servers use a tested encryption method to ensure that the shared storage environment safeguards all data •Explained the firm’s rigorous access controls to prevent unauthorized access to the data •Also assured me that they have scheduled data backup and safe storage of the backup media.
This all made sense, and I went on to the last point of my list: 2. 8 Legal Issues and Reputation, Fate Sharing One customer’s bad behavior can affect the reputation of others using the same cloud. I don’t want to be affiliated with other customers of the same CC organization. So would an efficient investigation be possible? Because I read that “cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers” (Gartner 2008).
The salesman explained that they will get me a contractual commitment to support specific forms of investigation, and moved along showing me past examples when they successfully supported such activities, to reduce illegal activities to the maximum. Being relieved, I continued and asked him what the legal status of the data is. Who is responsible? What exactly happens if your services are investigated for criminal activity?
He explained that, like all the other customers, I myself would be liable and not they. But, they implemented rules that would reduce this problems to the minimum: If a customer causes downtime problems, by an investigation for possible criminal activity, the customer will pay a monetary fine to the CC Company and all the customers that suffered downtime. This argument made sense, now I was sure I could trust the company and happily sign their offer! ? 3. Conclusion with the focus on Information Systems
The main part of this essay, between the definition after the introduction and the conclusion – of this essay was a combination of academic facts and my own inputs packed in a scene where a CIO of a fictional firm and the salesman of a fictional cloud computing company. With cloud computing, a firm can outsource all their computer and IT problems to another firm, and only pay per usage, nullifying huge own investments in computing infrastructure. Economically and for the sake of simplicity, switching to cloud computing makes sense.
But many other problems emerge, and only the best companies, like the one with the salesman, can provide a sufficient solution for them. This implies a better service, and impacts on the price, weakening the economic argument. Some might think that a cloud computing solution is not as safe as in-house solutions, but we learned that private clouds are exposed to the same extend as public clouds to data loss, and even more to cyber-criminality. In the end it depends in what industry you’re in.
If you were the CIO of a bank, where discretion is the highest good, you would never sign an agreement for a cloud computing solution. But many start-ups and small and medium-sized companies (SMB) benefit from better, cheaper external solutions. Why have the desire or the ability to provide IT resources for your business? Why develop your own IS, or get your customized IS if you can be part of Multi-Enterprise-Information-System? Of course, with the reasons I researched and put in the words of a fictional CEO, a private solution might be the better way.
With all the solutions the fictional salesman presented– he really is “the perfect salesman”, as a CIO I would definitely agree to this. Or as Matthieu Hug the CEO of RunMyProcess. com a Process-Centric PaaS provider puts it: “While becoming steadily a paramount viable choice, Software as a Service has lead the way to a variety of “X-as-a Service” offerings accessible through the Web: from infrastructure to business information and partner management. “Cloud computing” takes its entire dimension when SaaS is also read as “Services-as-a-Software”.
Multi-Enterprise Information Systems is about making these services useful and valuable to any business, big or small. ” My final thought on this – also to put it in relation to the Information Systems Implementation course – is that businesses should in the general rule opt for a cloud based information system, and information system firms should invest in cloud based infrastructure or out swap resources of their own to other cloud computing firms. ? 4. Bibliography Apple. Apple – iCloud. 2012. http://www. apple. om/icloud/ (accessed 05 15, 2012). Armbrust, Michael. Above the Clouds. Technical Report, Electrical Engineering and Computer Science, UC Berkeley, Berkleey: UC Berkley Digital, 2009. Cantu, Anta. Forbes. 11 20, 2011. http://www. forbes. com/sites/dell/2011/12/20/the-history-and-future-of-cloud-computing/ (accessed 5 15, 2011). Carr, Austin. Why Dropbox Avoids Industry Buzzwords Like “The Cloud”. 04 25, 2011. http://www. fastcompany. com/1749693/why-dropbox-avoids-the-cloud-other-industry-buzzwords (accessed 5 15, 2011). Computerworld.
Update: MasterCard, Visa others hit by DDoS attacks over WikiLeaks – Computerworld. 12 8, 2010. http://www. computerworld. com/s/article/9200521/Update_MasterCard_Visa_others_hit_by_DDoS_attacks_over_WikiLeaks (accessed 5 20, 2012). Dropbox. Dropbox. 2012. https://www. dropbox. com/news (accessed 05 15, 2012). Gartner. “ntnu. ” Seven cloud-computing security risks. 7 2, 2008. http://www. idi. ntnu. no/emner/tdt60/papers/Cloud_Computing_Security_Risk. pdf (accessed 5 22, 2012). Gilbertson, Scott. Lessons From a Cloud Failure: It’s Not Amazon, It’s You. 25, 2011. http://www. webmonkey. com/2011/04/lessons-from-a-cloud-failure-its-not-amazon-its-you/ (accessed 5 22, 2012). Gillet, Sharon Eisner. “The Self-governing Internet: Coordination by Design. ” MIT Press, 8 1996. Goiuzeta Business School. Goizueta Business School, Emory University. 2012. http://www. bus. emory. edu/ram/ (accessed 5 15, 2012). Identity Theft Awarness. Employing Ex Hackers. 2012. http://www. identity-theft-awareness. com/ex-hackers. html (accessed 5 22, 2012). Hamilton, J. “Cost of Power in Large-Scale Data Centers. “