The case for slowing a move to the cloud

I was sitting in a keynote last week at the TechMentor Conference in Orlando, where I speak twice a year on a variety of topics (mostly Exchange-oriented), and watching Mark Minasi — the tech author famous for his Windows tech talks, support newsletter and forum– discuss the cloud in a talk called “Cloud Computing: A (Lapsed) Economist’s View.” In that one session, I felt like Minasi ripped the rose-colored glasses from my face. He wasn’t trying to expose the cloud as a fraud but to force admins to question the validity of some of the claims we hear about the cloud saving us billions or making our network more “agile.”

Obviously, the word “cloud” is often just another way of saying “Internet.” But the notions of cloud computing and cloud-based services go well beyond the days of old where we might put a website on a server somewhere. Now, we’re looking at enterprise-oriented services: SaaS (software as a service), PaaS (platform as a service), and IaaS (infrastructure as a service). Adopting them requires a great deal of trust.

[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in the InfoWorld editors’ 21-page Cloud Computing Deep Dive PDF special report. | Stay abreast of key Microsoft technologies in our Technology: Microsoft newsletter. | For more insight on cloud security risks, read Jon Brodkin’s “Gartner: Seven cloud-computing security risks.” ]

The hype around cloud-based services has been going on for a couple years now, and Microsoft — like every other vendor — has jumped on the bandwagon. The promises: a reduction in infrastructure expenses, pricing based upon consumption, deployment flexibility with a reduced need for personnel (which some might translate as a ticket to the unemployment line).

Trust remains a big issue for using the cloud I left the session pretty much scared to death of the cloud, and I think that was Minasi’s intent — not to frighten us away, but to set us straight and to make those in attendance think a bit before we put all our trust into this cloud idea.

At the same time, I received an email from Andy Cordial, managing director of Origin Storage, with safety tips IT should take before moving data to the cloud. His view was not so scary, instead likening the shift to the cloud to our preparations before lifting off on a plane (into the clouds, as it were). He outlines his top tips:

• Data: Not all data may be suitable for the cloud. You might consider holding on to “sensitive information, that, if compromised, could damage your organization.”
• Security: You need to ensure security measures are solid and clear with your cloud provider, regardless of the service, whether it is a repository for data, a hosted messaging environment, or collaboration tool (like Exchange and SharePoint).
• Encryption: In truth, you don’t know how safe the methods proposed for the safety of our data really are. Time will tell, but in the meantime you want to take every measure to ensure the data is secure; encryption is a key aspect in that effort. With virtual storage, Cordial says “with AES 256-bit encryption accepted as the most secure option in the real world, I wouldn’t recommend anything less should even be considered for virtual storage.”

Should I recant my support of Microsoft’s cloud services? Between Minasi’s session and Cordial’s email, I have to say I’m feeling a little deflated. I’ve been pushing the move to the cloud for so many services — especially Exchange as a BPOS (Business Productivity Online Standard) admin and Office 365 promoter. Should I step back and warn people away from the cloud, especially with many admins worried that this move could cost them their jobs in the long haul?

Well, I’m a little afraid of flying too, but that doesn’t stop me from hopping a plane to Las Vegas when it’s time for the next conference. It’s true: Things can go wrong on a plane and that seatbelt isn’t going to do much if we hit anything more than a modicum of turbulence. However, I still strap in, like everybody else.

Panic is unwarranted, and so is hiding in your data center cave. However, we should all listen to messages from people like Minasi and Cordial, who are trying to shake us out of the cloud hype trance we’re getting from vendors, consultants, and pundits: Be careful. Make sure you have everything in writing. Know how you would reclaim your Exchange or SharePoint or whatever data, in the event you decide it’s best to bring this stuff back in house or move it to another, more cost-effective (perhaps), or more polished provider.

You have to qualify your provider — it’s a key element. After all, we’re talking about a vendor that will be handling your data, so you cannot afford to be lazy. How long has it been in business? What platforms is it using, and what encryption is exercised for your data? Where is your data stored and what disaster recovery processes are in place? What happens if your vendor is acquired by another company, either local or abroad?

Practicing what I preach: Checking Microsoft’s cloud commitment It’s one thing for me to tell you to be careful about what you do and who you buy from, but it’s quite another for me to follow my own advice. Truth be told, I haven’t done so. I’m a BPOS client with an eager desire to move to Office 365 and a platform for telling others to use these online services from Microsoft, but I’ve never read Microsoft’s SLAs.

After the Minasi presentation and Cordial email, I realized I had to practice what I’m preaching, so I read through the commitments Microsoft makes in its SLAs. If Microsoft doesn’t live up to those commitments, its SLA is clear that Microsoft owes customers service credits against the monthly service fees. The SLA spells out what is considered to be downtime, and it commits to those credits if the monthly uptime falls below 99.9 percent. For email, Microsoft also provides service-level guarantees for virus detection and spam blocking, including maximum acceptable levels for false positives. Microsoft’s Forefront Online Protection for Exchange (FOPE) also has service levels for uptime and email delivery.The bottom line: I was pleased with the SLAs.

Despite all the hype, it’s clear the move to the cloud will be a bit slower than hoped for by those putting all their weight behind it. IT will — or should — be methodical and cautious in making this transition, which will certainly result in a mix of on-premise and cloud technologies in IT’s arsenal. The key for IT is to make the transition to the cloud, regardless of what degree makes sense for your organization, go smoothly. Please share here what you are doing along those lines.

This article, “The case for slowing a move to the cloud,” was originally published at InfoWorld.com. Read more of J. Peter Bruzzese’s Enterprise Windows blog and follow the latest developments in Windows at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.