Jumping into the Cloud!

Guess I have to admit that I am a cautious individual by nature. Given this, and the current predominance of positive views on Cloud Computing, I hope I can be forgiven for only giving reasons for caution here... just negatives, no positives! At worst I would hope to rebalance the discussion a bit!

So my question is: if I was evaluating the option of a cloud based system to manage my client/customer information what risks should I address? Here’s what I came up with:

Connectivity – access to your the system and data is 100% dependent on internet connectivity. In our experience here in Ireland broadband outages do occur with the major suppliers from time to time – there are recent examples in January 2012 and December 2011 affecting 22,000 and 10,000 broadband users respectively: http://pressroom.eircom.net/press_releases/article/eircom_Outage/  http://pressroom.eircom.net/press_releases/article/eircom_Outage_in_Kerry/

It is important to establish what loss of access to data can be tolerated by your organisation, staff and clients.

Depending on where your cloud service is based, and what data services they use, connectivity issues can be global rather than local. The high profile outages of Amazon cloud services last year are  interesting examples, see discussion at:  http://www.webmonkey.com/2011/04/lessons-from-a-cloud-failure-its-not-amazon-its-you/ and http://broadcast.oreilly.com/2011/04/the-aws-outage-the-clouds-shining-moment.html

Data Protection- the Data Protection Commissioner in Ireland requires that you “establish precisely where and how the data you provide to a cloud provider will be handled” (http://www.dataprotection.ie/viewdoc.asp?m=&fn=/documents/FAQ. Will you know where your data is stored and where it may be backed up to? Is it visible to cloud supplier personnel - as is the case currently with the popular http://www.dropbox.com/ service see http://www.dropbox.com/privacy#security: "we have a small number of employees who must be able to access user data"?

Data Security – this can be an issue and remains the responsibility of the organisation owning the data. Some useful considerations are raised in the document ‘Cloud Computing Legal Considerations for Data Controllers’ at  http://www.dilloneustace.ie/publications/Regulatory-and-Compliance  and a European perspective at http://www.iiea.com/events/fleischer-hawkes-regulating-for-the-cloud

Data Consent must be explicitly obtained from clients for processing of their data and it may be necessary to provide information on how this data will be processed (see Data Protection Acts 1988 and 2003 A Guide For Data Controllers at http://www.dataprotection.ie/docs/a_guide_for_data_contollers/696.htm )

Service Continuity - The continuing availability of a cloud based application over the medium to long term can be an issue. There are recent examples of high profile cloud based systems being discontinued at relatively short notice  e.g.  ‘Google Health’ closing down after 3 years: http://en.wikipedia.org/wiki/Google_Health or DabbleDB on online database system taken over by Twitter and discontinued: http://blog.dabbledb.com/2011/03/an-important-announcement.html .

Is your data safe in such circumstances and what is involved in moving to a new system? There is a good discussion of such an experience here http://cemerick.com/2011/05/12/recovering-from-and-avoiding-cloud-service-lock-in/  and outline of some of the issues here:   http://blog.alphasoftware.com/2011/04/problem-with-quickbase-caspio-zoho-and.html

Licensing Costs – for Cloud systems this is generally on a subscription by named user basis. Any person that requires use of the system, however intermittently, will usually require a licence and subscription. By comparison GoldMine Premium Edition uses concurrent licensing so you base your license count on the number of simultaneous system users you expect.

Lifetime Costs - While costs are spread over time in the cloud subscription model it is important to compare system lifetime costs, or at least costs over the first five years, to assess relative costs of systems. This is illustrated at  http://www.moreproductive.com/goldmine-vs-cloud-crm-goldmine-wins-in-the-long-run/ . Remember too that costs for installed systems, such as GoldMine Premium Edition, usually include specific customisation to suit your needs, training to ensure you get the best from your system as well as ongoing individualised support services. Unless the required system is relatively simple it is important to recognise that cloud solutions also require services for system setup, training and support.

IT Infrastructure – you still need an IT Infrastructure to access cloud based systems and this needs to be properly secured and maintained.

Payment Policies - It is important to check service discontinuation policies in case of subscription payment delay. Access to data may be blocked and some contracts state that data will be deleted if not accessed for a period of months.

Change Control - cloud based systems may be subject to software changes or functionality without your permission.

As I said from the start this blog is not intended to be an evaluation of the positives and negatives of cloud versus localised systems. However when we take responsibility for our client/customer information, how it is stored and managed, I think being fully aware of the possible risks and issues has got to come first.

Kevin