In our last installment of our series on Cloud Sense, What Companies Should Know about the Cloud Capability Frontier, we discussed the importance of understanding the current capabilities and players in the Cloud industry, with a keen eye to its future. In this installment, we focus on the “dark side” of the Cloud Capability Frontier.
Understanding the limits, problems and pitfalls of the current state of Cloud practice and capabilities (the dark side) is a major element in developing Cloud Sense for the enterprise. Understanding the Cloud’s limits is a matter for all leaders, regardless of functional distinction or corporate position.
Here are ten limits, problems and pitfalls in the current state of Cloud practice that can trip up your Cloud initiatives and push you over into the dark side of the Cloud Capability Frontier:
- Not Establishing Clear Outcomes— Outcomes define the future state that measures your success. Without a clear future state vision, how will you know if your Cloud initiatives are succeeding? If you examine Cloud success stories, they start with clear outcomes that focus on delivering measurable payback.
- Exploding Demand. It’s a good news, bad news story. Cloud architectures expand capacity and enable better service models that please internal users and external customers. The bad news is that users and customers may over-embrace these newfound conveniences and services and drive demand through the roof. It’s a thorny issue. Do your best to estimate demand and avoid spikes in cost from unexpected need to increase capacity.
- Cloud Bursting – Interim or Temporary Demand. Cloud bursting is the use of public Cloud resources to augment private Cloud resources during peak demand events (e.g. retailers offering sale items on Black Friday). But there’s a catch. You need to find the right Cloud vendor, in particular one that understands the nuances of your industry. This may involve legal requirements for data privacy, migration and use, software compliance requirements (e.g. FDA or HIPAA compliance), or the unique patterns of your industry’s investment, demand and supply cycles.
- Can’t Move My Workloads. Workloads incorporate all of the processing to complete a given function. Examples of workloads include order-to-cash, production scheduling, or customer support. Ideally we want to move IT workloads anywhere based on the best economics, customer requirements, or competitive need. But that’s not possible with current Cloud capabilities because workloads are optimized for specific technical and business requirements. Experts say the workload movement problem should be solved in the next 2-3 years.
- Cloud Lock-in. Cloud lock-in occurs when you can’t move your workloads. It means the workload is dependent on some key factor provided only by certain Cloud providers. In some industries, regulatory issues cause lock-in. For example, retailers must use public Cloud providers that guarantee PCI DSS compliance. Use of proprietary content databases, proprietary software or proprietary business processes can also lead to lock-in.
- Weak Links in the Security Chain. Don’t assume that because your company is secure and your Cloud provider is secure that your entire security chain is secure. Other security risks abound as data goes to mobile devices, partners, tertiary Cloud service providers, or specific points of risk inside the company itself. It is important to examine all steps and possible paths across the entire security chain.
- Big Data Privacy Problems in the Cloud. A long known risk in data privacy concerns the “least list or least link problem.” In other words, what is the least number of critical pieces of data I need to know to link to other information about you? In the world of big data and numerous databases, a simple, seemingly innocuous piece of data, like hair color or visual acuity when combined with other data items enable the assembly of a detailed dossier.
- Cloud Shutdowns and Uptime. In the “old days,” aka, five years ago, we measured system downtimes in percentages ranging from 1 percent to less than .0001 percent. We thought that was good. No longer. Today, some systems must never be unavailable. The Cloud can help by redundantly distributing or duplicating systems across the Cloud. But costs increase radically for “no outage” reliability. And simply going with one provider may not be enough, even though they have multiple facilities. Cloud providers can go down.
- Unverified Cloud Consultants and Newbies. How do you know? As with any new industry, buyers beware. The growth in the ranks of Cloud consultants rivals the growth of the Cloud industry itself. Experience can be slim and claims about expertise can be inflated. The Cloud Capability Frontier is complex and daunting – even for the proven expert. Look for demonstrated experience and success. One mark of experience: a competent Cloud consultant should leave a Cloud control system behind.
- No Cloud Control System. Traditional IT and related control systems were made for in-house data centers, not widely deployed Cloud environments that deliver digital services to constituencies and customers. You need a management framework to handle this new structure. A Cloud control system provides a disciplined process to monitor Cloud assets wherever they might be. Ultimately, the auditors will want to know the architecture and resilience of the control model for your Cloud.
The Cloud is complex and vast, and growing every day. Knowing the pitfalls and problems makes for good Cloud Sense. We encourage you to share your own experience with the Cloud. What problems and pitfalls have you found in the Cloud Capability Frontier?
Click here to view all of the Cloud Sense series blog posts. Look for Part IV in January.