<

To Cloud, Or Not To Cloud

Published on
8,684 Points
1,184 Views
15 Endorsements
Last Modified:
Approved
     Moving to the Cloud is one of the major topics that is currently being discussed in companies all around the world. There can be strong opinions for both cases. These debates can be almost as strong as the Microsoft versus Apple debates of the past few decades. While there are advantages for many companies, there are also some disadvantages that many people may not have thought about when considering a move to the Cloud. To be upfront, before you read any further, I am against moving to the Cloud. However, it may not be for the reasons most people may consider, which is why I have written this article.

Advantages

There are advantages to the Cloud. These are more noticeable in small and mid-size businesses. In most cases, these businesses struggle with providing and maintaining their network infrastructure. These tasks not only involve determining the hardware and software needs, but also the purchasing, installation, and configuration of the equipment. The daily cost for these services typically does not justify hiring and maintaining a technology staff to provide support services for in-house systems. 

     Therefore, in the past, these organizations have relied on third party providers. These providers may be small local companies themselves or larger organizations. The problem with larger support organizations is that the customer may have whoever is available (not necessarily familiar with the site) provide the needed services. In these cases, moving to the Cloud makes good, financial sense. The services are always available, they can typically be purchased and configured by inexperienced people, and problems are handled by the service provider.

     This type of configuration allows for the services to be expanded and new features added dynamically with little or no impact to the company. The performance of the systems can also be improved “on the fly” for an additional cost. There is no longer the need for downtime to add additional storage space, memory, or compute power. This allows the systems to grow (or contract) to meet the needs of the company. In most cases, moving to the Cloud should also eliminate downtime for an organization. In the event there is a problem at the hosting services location, they simply redirect customers to a replica of their services at another data center. This type of flexibility, uptime, and ease of data access has made the Cloud very appealing to many companies.

Disadvantages


     The disadvantages to the Cloud are often not discussed or considered. First, many people feel that by moving to the Cloud, their data is safe from loss. The providers tend to speak about how they move data around, create duplicates, and provide alternate paths to provide constant access to give customers a feeling of confidence. This process is also supposed to prevent any unintentional data loss. 

     However, this has proven to be incorrect. There have been instances where Cloud providrs have lost customer data such as Amazon's E2 crash, T-Mobile's SideKick, and other less publicized incidents. While the percentage of data loss was small compared to the amount of customer data they actually house, there were some companies whose data was permanently destroyed. Unless a company had some guarantee written into their contract, the most they received was an apology letter letting them know data was unrecoverable. Admittedly, these incidents were in the earlier days of Cloud services. Since that time, there have been improvements in backup solutions for Cloud providers, but in the end, you are still at the mercy of the systems they have established. In most cases (and for security reasons) they will not disclose the processes they use to minimize data loss. 

     When a company’s data is hosted by a Cloud provider, the company must be able to maintain an Internet connection in order to access their data and enable their employees to perform daily functions. However, the company is still at the mercy of the ISP. If the company’s Internet provider has an outage, then how much of the business can still function? While these outages can happen when not using the Cloud, employees still have access to the files needed to do their jobs on their local machine or network drives.

     Another weakness in the Cloud was provided in the documents released by Edward Snowden. These showed that while the front-end infrastructure was encrypted and secured, the back-end communications between data centers was not. These circuits were tapped by the National Security Agency in order to spy and collect data. While general hackers would not necessarily have the ability to directly tap these circuits, it does not mean that another government does not have those resources, especially since many of these providers have data centers in various countries. However, while performance, uptime, and security are typically discussed, there is one area that seems to never be mentioned when considering a move to the Cloud.

Document Retention


     The one area that is not typically discussed or considered when moving to the Cloud is document management and retention. I spent the majority of my career managing backup and recovery systems. Having this responsibility has exposed me to dealing with legal hold, e-Discovery, and document retention. As a result, a few years ago I joined ARMA (Association Records Managers and Administrators). It was through this organization I realized there is a problem with storing data on the Cloud.

     One of the original, big selling points to moving a company’s data to the Cloud was the fact that it would always be available and almost impossible to delete. Hence, the Cloud was not designed to easily, permanently delete and remove data. While this is a great benefit, particularly for small, private companies, it can be a headache for larger enterprises. Many of these organizations are under specific rules and regulations such as Sarbanes-Oxley (in the United States) or various others for those businesses in the European Union, on how long to keep data and how it must be handled. In many of these cases, the complexity of document retention was not taken into account when the Cloud was developed.

     For those not familiar with document retention and records management, it means there is a policy, rule, or regulation that states you will keep a record (financial, human resource, email, etc.) for a specific period of time and then it will be permanently deleted. If a lawsuit is filed against a company and they are placed under legal hold, then those documents may now be discoverable. It does not matter if you are not supposed to have them. In fact, the company would be seen as violating its own retention policy and could be subject to fines and sanctions by the court for improper document handling. Depending on the size of the company, these can be anywhere from hundreds of thousands to millions of dollars, and cannot be appealed!

     The other factor that most companies do not consider is that the laws that affect their data is applied to where the data is STORED, not where the company is located. Since many Cloud providers reduce cost by moving data around to various data centers, it is entirely possible that a company’s data could be in an entirely different state or even country from where the company is based. While there can be provision written into contracts regulating and restricting where the data is located, these typically come with a higher cost. As more restrictions are added, the cost benefit of moving to the Cloud is reduced. There is also the possibility, while remote, that a government agency could subpoena the Cloud provider for a copy of all of your data, without your knowledge (Broas, 2013). Some Cloud providers have implemented data encryption to minimize this possiblity. In these cases, the government must notify the data owner to obtain the encryption keys (Musthaler, 2014).

     There are those who would argue that many of these same problems will occur with an on premise solution, and they are correct. A company’s data is always subject to hardware failures, network hacks and breaches, rogue administrator actions, and other vulnerabilities. The difference is that by keeping the data in-house, the company can better control the management of their data. In the end, improper data and record handling can result in huge fines and penalties. As I heard one executive state, “those types of fines would be like an underwater torpedo coming at you that could take the entire company down”. Another point was made at a Gartner presentation I attended a few years ago. The analyst made a statement to the effect that CFOs love the Cloud due to the cost savings. However, if you let your in-house or outside legal team read the agreement, they will say, “No way!” Believe it or not, the agreements are written to benefit the provider.

Conclusion


     While this may be the first time someone has heard about the proper handling and management of documents and records, it is an important fact for every company. If you would like more information on why it is important, please read a previous article I wrote and published on Experts-Exchange called The Importance of a Proper Document Management and Retention Policy (http://www.experts-exchange.com/Software/Misc/A_10604-The-Importance-of-a-Proper-Document-Management-and-Retention-Policy.html ). While there can be a lot of advantages to the Cloud, each company needs to carefully evaluate if the cost savings and benefits outweigh the risk. For many small, and even some mid-size companies, the answer will be “yes.” However, for the other companies, the risks of record retention and e-Discovery issues may make the Cloud less appealing. Remember, if the documents or records exist, they are discoverable.
 
 

Reference Materials

Amazon Cloud Crash Data Loss
http://www.businessinsider.com/amazon-lost-data-2011-4
Sarbanes-Oxley
http://www.sec.gov/rules/final/33-8180.htm
European Union
http://www.arma.org/docs/bookstore/westerneuropeanbusinessrecords_intro.pdf
Information Governance and the Cloud
http://www.arma.org/docs/hot-topic/makingthejump.pdf
http://www.arma.org/r1/news/newswire/2014/03/25/increasing-cloud-adoption-increases-enterprise-risk

Broas, T. (2013). E-Discovery In The Cloud: Who Can Get Your Data? Retrieved from Law360: http://www.law360.com/articles/439600/e-discovery-in-the-cloud-who-can-get-your-data

Musthaler, L. (2014, September 5). Encrypted data in the cloud? Be sure to control your own keys. Retrieved from Network World: http://www.networkworld.com/article/2603122/cloud-security/encrypted-data-in-the-cloud-be-sure-to-control-your-own-keys.html
 
15
Comment
5 Comments
 

Expert Comment

by:Cid Petty
Great article. Finally someone else that has actually thought through this entire cloud solution from a real business functionality and liability position. I really was beginning to think I was the only IT person left in the industry that was not seeing the "silver" lined cloud solution as the end all answer everyone seems to keep portraying it as.
0
 
LVL 15

Expert Comment

by:David L. Hansen
Great information! Thanks.
0
 
LVL 1

Expert Comment

by:Mihai Corbuleac
Great article! IF someone of you is not sure that cloud computing is the future of our businesses, check out these facts.
0
 
LVL 32

Author Comment

by:Rodney Barnhardt
Mihai,

I did note that it is a viable solution for many companies. However, there are things happening that are changing the dynamics and cost. For example, hyper-converged systems are making the cost deltas for Cloud less appealing than they once were, especially for smaller companies. These products are not only reducing complexity, but costs as well. There are also some experts predicting that with the rise in attacks on Internet services, that the Internet could experience outages in the next year of up to a day or more. Something like this could impact companies decisions on moving to a Cloud service if there data is totally unavailable for long periods of time.
0
 
LVL 1

Expert Comment

by:Mihai Corbuleac
I agree that the number of cyber attacks will rise, but I also believe that public cloud will evolve because their main concern, after profit, of course :) is security.
0

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Join & Write a Comment

XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month