Cloud Computing: Proceed with Caution

IT Infrastructure - Other
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

It may be to your financial advantage to utilize the cloud, but do your homework first.


Small enterprises are often able to make higher-risk investments in emerging technology for lower costs and to take advantage of large enterprise capabilities, such as security and flexibility. Cloud computing is one such technology that can offer immediate benefits for small-enterprise pioneers.

Risk vs. Reward

The idea of managing an IT infrastructure without owning the physical infrastructure is enticing and carries some cost and risk benefits for small enterprises, but there are still some areas for concern, including:


  • Security of data and accountability
  • Service availability and reliability
  • Ability to move data between third-party platforms


Info-Tech sees the cloud as significant within the larger context of the IT move to highly virtualized utility infrastructure. The future is in the cloud (both internal and external), so proceed, but with a clear vision of the potential risks.

The Top 4 Challenges

Info-Tech has identified four challenges to cloud service implementation. These challenges have a vastly different impact depending on the size, complexity, and regulatory needs of the enterprise. Small enterprises are more often able to take advantage of several areas that would normally be more of a challenge to support internally, such as security and availability.


1.    Security and Accountability


Data is a critical resource that the enterprise will take extraordinary measures to protect. In cloud computing, this resource is now entrusted to a third party. In fact, enterprise data may be entrusted to more than one third party.


Various regulations have very stringent about auditable compliance requirements. The enterprise needs to be able to clearly show who and what touches the data throughout its lifecycle. This is difficult when the data is being processed and stored in the cloud.


For example, a Software-as-a-Service (SaaS) vendor may contract raw computing resources from a cloud provider. An enterprise could be using the SaaS provider's application for a critical business process and neither the enterprise nor the SaaS provider knows where the data really is or who might have access to it.


2.    Location of Data


Data stored in the cloud could conceivably be stored anywhere in the world. This includes places where laws about privacy and data security are different from those where the company resides.


In addition, distance adds latency, which will have an impact not only between the user and the application, but also between the parts of a multi-tiered application. For example, enterprise applications will likely evolve into hybrid architectures, combining on-premise applications, pure SaaS applications, and customized applications hosted by third parties. Distance between coupled applications will add a latency factor that will impact performance.


For example, a Canadian organization or enterprise doing contract work for the government will not want to store critical data on U.S. soil because the data could be accessed by the U.S. government under the U.S. Patriot Act.

3.    Availability and Reliability


There have been unexpected outages of cloud-based services through the years, but failures and outages are inevitable with any technology and no data center is invulnerable. Make sure that the best-effort SLA of the service provider is adequate for enterprise needs. Below is a comparison of SLAs from competitors Rackspace and Amazon Web Services.


For example,'s EC2 services were affected after a lightning strike brought the service down for some users in June 2009 for about four hours. The S3 service was offline for about six hours in July 2008. Users of S3 noted that no data was lost, and both services have been very reliable.



Server Capacity Availability SLA Comparison


Rackspace Cloud Servers 

Amazon EC2

Uptime/Availability Guarantee



Time to Resolution

1 hour

Not specified


5% of the fees for each 30 minutes of network or data center downtime, up to 100% of the fees


5% of the fees for each additional hour of downtime past time to resolve, up to 100% of the fees

10% of bill per eligible credit period

Source: Web Host Industry Review



Storage Availability SLA Comparison


Rackspace Cloud Files

Amazon S3

Uptime/Availability Guarantee




99.89–99.5% = 10%

99.49–99% = 25%

98.99–98% = 40%

97.99–97.5% = 55%

97.49–97% = 70%

96.9 –96.5% = 85%

<96.5% = 100%

99–99.9% = 10%

<99% = 25%

Source: Web Host Industry Review


To put these numbers in perspective, in a 30-day period, 99.9% availability is equal to 43.2 minutes of downtime, and 99.95% is equal to 21.6 minutes of downtime. 96.5% (the point at which Rackspace offers a 100% refund) is equivalent to more than a full day's worth of downtime: 25.2 hours. For some enterprises, the 100% refund means little to nothing if access to business-critical data is lost.


The worst-case availability scenario is where the provider literally ceases to exist. Enterprises should consider the longer-term viability of any service provider as a potential caution area.


4.    Data and Application Mobility


There is only one Internet, but currently there isn't one ubiquitous cloud. An analogy often used to describe the evolution of utility computing is the historic migration of electricity production from internal power plants to external utilities. But in this analogy, electricity is standardized. It is the same commodity whether internally or externally generated. For applications and data to migrate easily from internal to external service providers, there have to be standards and commonalities between the two.

Key Considerations

A number of things are going to have to transpire before the internal utility and external cloud can be leveraged as one. These will be the challenges that companies such as VMware and Microsoft will be working on in the near future.


  1. Application mobility has to be seamless. Live Migration is currently available in VMware and Xen hypervisors, but these tools migrate applications within a single aggregated data center. The same seamlessness has to be available for moving an application from one data center to another. Not only the application, but all associated policies have to be mobile.
  2. The economic model must be clear. In theory, economies of scale mean that the cost per customer of sharing a large, aggregated computing resource will be less. How this theory becomes reality is still under construction. Vendors have yet to fully decipher how to effectively monetize the cloud, how to make enough from the utility to justify the investment in the underlying infrastructure.
  3. Clouds have to become more transparent. In a utility infrastructure, the business still takes comfort in the knowledge that somewhere behind it all, there are owned disks, processors, and switches, and somebody is responsible for managing that layer and associated risk. Cloud providers need to be able to show what's behind it all and how they will guarantee availability, security, and recovery.
  4. Be aware of shadow IT in the cloud. Low cost means low barriers to entry. The cloud will be attractive to anybody within the enterprise who can't get support for their pet project. You don't even need to buy servers anymore. These kinds of projects are not necessarily a bad thing. They could be precisely the kind of small one-off projects that will help test the cloud. However, central IT's concern should be the same as with any shadow IT department—namely, what are the security and liability risks opened by deploying this solution outside of enterprise IT infrastructure? Also, if this project is a success on a limited scope, will it be able to scale to become a larger enterprise-wide solution?

Bottom Line

The lower costs and immediate benefits of emerging technologies such as cloud computing often appeal to small enterprises. The key to success is to be cognizant of all the ramifications.