Even the once-constant cloud skeptic, Larry Ellison, is now on board albeit reluctantly and behemoths in the making like Salesforce.com have the cloud to thank for their rise.
Moreover, every time a research firm studies adoption patterns or asks the IT community about their future plans, the cloud continues to trend upwards. A new Savvis survey found that 75% of companies will use enterprise-class cloud computing solutions within five years. A MarketBridge cloud survey echoed those findings. Of the 1,000 small-to-medium enterprises surveyed, 44% already have at least one business application running in the cloud, and more than 70% said that they intended to move more of their business into the cloud sometime in 2011.
However, concerns and questions marks abound. Every time I write a cloud story, I get emails and my stories get comments from cloud deniers. This comment from AngrySparrow on my recent cloud prediction story is representative:
Now, I dont want to pick on AngrySparrow here well, not too much, anyway. The rest of his comment makes some good points about regulatory issues in the European Union that will slow adoption there, but if youre not convinced that youll be heavily invested in the cloud sooner rather than later, you might also be a charter member of the Flat Earth Society.
Comments like these do serve a purpose, though. They point to the fact that there is still a lot of work to be done by cloud providers before the cloud can be truly considered a mainstream technology and not one on the cusp.
Here, then, are five questions to ask cloud providers before you commit to their services.
What, though, constitutes a private cloud? Can hosted services still be private?
Thats a debate I dont want to go too far into now, but your cloud plans need to cover these issues. If you classify certain data as verboten in public cloud environments, how will you know that the private and public clouds are kept separate?
Just as importantly, what if you change your mind? Is there an easy migration path from private to public and vice versa? What if regulatory compliance forces you to strip certain applications out of public clouds? Can the provider offer some alternative, such as air-gapping?
If so, how do you know that they have the administrative controls in place to ensure that the air gap isnt breached by something as simple as a misconfiguration?
It goes without saying (but Ill say it anyway) that few are proactively negotiating the terms of SLAs. SLAs, security, reliability and uptime can all vary greatly from provider to provider, said Rami Habal, Director of Product Marketing for ProofPoint, a SaaS security and compliance provider. Ensure that you can hold cloud vendors accountable through SLAs, not just operationally but at an application level. Insist on SLAs for applications.
If something important data privacy, disaster recovery and automatic backup, logging is not in the SLA, ask why its not there. Next, either go elsewhere or ask them to accept the revised SLA your management and legal team put together to cover all of your concerns.