In a Financial Times story (behind their firewall – get it through Google News) Gartner executives Drue Reeves and Daryl Plummer go on-and-on about the unlimited liability of cloud computing, acting as though if someone pulled out a plug somewhere your whole business could go down.
Reeves, according to his biography, previously worked at the Burton Group, acquired by Gartner in 2010, and before that at Dell and at Compaq. His background is in server computing and security.
Well you may be a big Gartner wheel, Mr. Reeves, and I may be just a reporter, but I got a very simple response to your FUD.
For one thing we already have lots of law and procedure to protect customers if something goes wrong. And things do go wrong, even in areas like financial transaction processing, where money changes hands. It gets fixed, it gets dealt with. There is no difference in that regard between a cloud and any enterprise-scale system, and no real difference in liability.
What Reeves and Plummer claim as “cloud” risks are simply the risks inherent in any hosted solution, risks that have been around since before Frank Lautenberg was running ADP in the 1960s. What they seem to be implying is that, when you use a cloud, you're “giving up” control of your operations to some “cloud provider” who might be bought or go out of business.
There's also an assumption inherent in what these two bozos write that “cloud providers” are a bunch of small, fly by night operators. They're not. Building and running a cloud takes money, and expertise. Amazon and Google and IBM and Microsoft are not fly-by-night operations. You're going to be safe, there's going to be back-up.
Their conclusion is scary-as-hell. (I won't quote it directly because I don't want a nastygram from FT.) They claim clouds are a liability risk you can't absorb, that the risk goes to whole societies, that clouds are “too big to fail,” which is 2011-speak for likely to fail and take you with them.
See, on the one hand clouds are fly by night. On the other hand they're Lehman Brothers.
Now it's true that there are clouds and there are clouds.
If you look inside a data center and you see a bunch of expensive servers running a proprietary operating system, that's hosting and not cloud. (Maybe Dell's cloud is run like that, Mr. Reeves, but real clouds aren't.) Yes, a bomb can explode over that data center and everything in it can be lost. Just as is true in the data center your enterprise has now. (Although scaled enterprises usually have back-up facilities on standby.)
A true cloud has physical redundancy. It's not that the data could be on any of 100 servers in a cluster. It's that the data can be in New York and San Francisco as well as on the Atlanta cluster. Processing can be moved around. Just as there are multiple copies of the data there are multiple copies of the software running it. You don't have to know that the bits are even being processed in this country (although there are jurisdictions that specifically try to prohibit it).
How is this kind of redundancy possible? Well it's inherent in this Internet you're using. You're soaking in it. Once I hit send this file can live in literally 10,000 places – in my computer, in yours, in hosts and caches across the Web.
Cloud done right gives enterprise computing the kind of redundancy and tensile strength the Internet is famous for. It's not less safe than enterprise computing, it's not riskier. It's safer, it's less risky.
If, that is, it's done right.
Your job, as a CIO, is to make sure it's done right.