Almost everywhere you look there is an article, interview, product release, or discussion on Cloud Computing. It seems to be the cool thing to do these days. The discussions are usually focused around benefits such as cost savings and simplicity of the service as compared with doing it in house. However, while I often see security discussed, I almost never see the real show-stopper mentioned. The lack of any real service level is a huge and important issue, and is largely ignored.
Think about it. Your data center could be running at five nines of availability, as could the cloud service provider. But this service runs over the Internet, which of course has no real or guaranteed service level. So you might lose access to your Cloud application at any time, without any warning or estimate on service restoration. It could be seconds, minutes, hours or longer! Most likely this will be far below what you consider acceptable, and could even damage your business.
I’ve been in discussions where CIO’s try to address this issue by saying they plan to have a dedicated network connection to the cloud provider. But isn’t that simply a Hosted solution rather than a Cloud Computing solution? Private Cloud isn’t the answer since I still need to purchase everything and could just as well do it myself and save money.
Cloud computing is a good solution for some types of applications, but for almost everything else it gets thrown around – no way. Just as with any service or solution, you need to very carefully weigh the pros and cons of the cloud. Eventually providers will get there, but it will take many years to address the security and service level issues. CIO’s shouldn’t feel obligated to add it to their project list just because vendors are trying to push a new service.