The industry that ballyhoos its innovations the way others unveil new cars or nutritionally enhanced yogurts has created its latest, highly amplified buzz around cloud computing. A Microsoft Corp. TV commercial has brought awareness of “the cloud” — portrayed as a wondrous if amorphous source of limitless programming and processing potential — to a mass audience. After a few years of buildup, the concept gained credence last summer when Internet auctioneer EBay announced it would be one of the first customers of Microsoft’s Windows Azure platform for cloud computing. But in keeping with information technology tradition, there remains a cloud of hype to cut through. That may explain why just 23 percent of corporations have bought into cloud computing, according to an Ernst & Young survey of 1,600 companies worldwide. That’s up from less than 10 percent in 2008, but the early adopters are gradual and cautious. Although millions of dollars could be saved by moving data and software onto shared utilities in the cloud, more than a third of survey respondents were concerned about unauthorized access to, or loss of control of, their data.
A report last year by the World Economic Forum and consulting firm Accenture concluded that cloud computing has “tremendous potential” both economically and through process improvements such as speedier product development. Yet users are wary that “unauthorized parties [will] gain access to sensitive data” in public clouds.
Consider that a victory for IT managers who are hesitant to entrust critical operations to networks that need to be shored up against data theft and cyberattacks. “People are enamored with the cost benefits,” notes Philip Lieberman, president and CEO of Los Angeles–based IT security company Lieberman Software Corp. But he says auditing and governance are insufficient, and he has concluded that “the cloud is not mature for security.”
Peder Jungck, chief technology officer of Sunnyvale, California–based CloudShield, a unit of Science Applications International Corp., says it will be “some years” before companies won’t think twice about putting their most sensitive data in the cloud. That attitude should ultimately be beneficial, pushing service providers to deliver on the cloud’s promises.
In a sense, cloud computing is not new. It has evolved from earlier versions of outsourcing, starting with the service bureaus that off-loaded corporate data processing as early as the 1950s. In the 1990s network, or utility, computing promised to move personal computers’ intelligence and applications onto networks — in current parlance, clouds — which would free on-site systems administrators from the Sisyphean burdens of maintenance, upgrades and patches.
In 1999, Salesforce.com introduced its pioneering “software as a service,” which transformed into what the company now calls the Sales Cloud and the Service Cloud. In the same vein, Google apps — including e-mail, spreadsheets and calendars — are now available to enterprises via the cloud. Amazon.com, like Microsoft, has positioned itself as a cloud technology provider.
It’s hard not to see momentum here or to ignore the impact of the Obama administration’s chief information officer, Vivek Kundra, saying in a February report that the federal government, in the process of closing hundreds of data centers, could move a quarter of its $80 billion IT budget onto the cloud.
EBay looks to the cloud for excess capacity that it can draw on when volume spikes, paying only for what it consumes. David Cullinane, EBay’s chief information security officer, said in February at the RSA Conference, a data security industry convention in San Francisco, that the cloud will save EBay $90 million a year in electricity costs alone.
From an IT professional’s standpoint, however, the trend is evolutionary, says Jose Granado, leader of Ernst & Young’s information security services consulting practice for the Americas. It may look “more like a revolution,” he says, “if you are an IT user and it’s available on the Internet, all the time, everywhere, and you no longer have to go to a hardwired PC in the office.” He believes it will take two to three years for half of all companies to be using the cloud, typically “dipping their toes in” at first.
Hoping and helping to address that overriding issue of security, EBay’s Cullinane serves as chairman of the Cloud Security Alliance, formed in 2008 to promote security standards and controls. Ernst & Young recently became the first Big Four consulting firm to join the alliance. In March, Lieberman Software became its 76th corporate member. The more critics and skeptics, the better. • •
Jeffrey Kutler is editor-in-chief of Risk Professional magazine, published by the Global Association of Risk Professionals.