Cloud computing is still too risky for CIOs to gamble on putting all enterprise applications out there. Although more and more organisations are experimenting with cloud-based applications, tech chiefs remain extremely cautious about putting mission-critical applications into the cloud, citing security, cost and reliability among their key considerations.
92 percent say ‘no’
When asked "Is it now a realistic possibility to run all the applications a business needs through the cloud?" the ZDNet/TechRepublic CIO Jury of tech decision makers responded with resounding ‘no’ by a margin of 11 to one. Most CIOs are using some elements of cloud computing in a hybrid combination of private and public, but none would trust their entire IT infrastructure to the cloud.
Gavin Whatrup, group IT director at Creston, said: "Aside from the discussion around the in-cloud ecosystem, governance, control and management, there is the much more basic fact that all those resources are only as resilient as the fibre that connects you to them. Any on-premise versus cloud discussion has to consider the weakest link, and this should be at the top of that list."
John F. Rogers, IT director at Nor-Cal Products, echoed this saying: "There are still many infrastructure issues (bandwidth, internet connection, etc.) and customer security requirements that make cloud computing a hit-and-miss proposition."
Organisations considering the cloud have to address a range of issues such as the long-term operating cost, security, the ability to integrate with other enterprise applications and the implications for a company’s long-term technical and information architecture, said Abby Hosseini, CTO of Mercury General Corporation.
"It is not only a matter of security or cost as a single dimension. As a result, each platform/contract needs to be assessed on its own merits with a long-term vision of cost and operational needs. Cloud is a matter of how, not where, and as such, in our company we adopt the ‘how’ and do not put much weight on where the compute platforms need to run. It is a competency not a destination."
Aside from the discussion around the in-cloud ecosystem, governance, control and management, there is the much more basic fact that all those resources are only as resilient as the fibre that connects you to them.
— Gavin Whatrup, group IT director, Creston
According to Jerry Justice, IT director at SS&G Financial Services, much depends on your definition of cloud. "We can and do run most of our apps in a private cloud," he said, but added while there has been good progress there are still a lot of gaps among vendors for ‘pure’ cloud services.
Paul Collins, director of ICT at the Australian International School Hong Kong, said cloud services should only be used where the applications or services are not regarded as a core or critical function of the business. Security and trust are not the only issues — CIOs should consider reliability and the ability to synchronise data between the local device and the cloud, he said.
"There are many places on the planet where internet availability is just not an option," he added.
Collins said security flaws such as Heartbleed and high-profile cases of password theft "shows that there is no such thing as an entirely infallible online cloud service… Let’s not even start talking about the NSA."
Rob Neil, head of communications and technology at Ashford Borough Council, said moving everything to the cloud was possible from a technical maturity point of view if was architected properly. But he added: "Whether [it makes sense] from a financial perspective when you’re a mid-size organisation like a district council is another question entirely…"
For John Gracyalny, VP of IT at SafeAmerica Credit Union, whether a company can move everything to the cloud depends on its size, complexity and the type of the business. He said his organisation — in financial services — would keep core account processing in-house "indefinitely", as it’s less expensive than cloud providers. "However, some ancillary services, especially web-related like internet ‘home banking’, online loan applications etc., make more sense in the cloud. I’m not sure I foresee a time when we would not be using a mix," he said.
Easier without legacy IT infrastructure
It may be easier for new businesses to make the leap to using cloud services much quicker than long-standing organisations, because they lack the long-standing investment in IT infrastructure that can make the benefits of such a migration less clear cut.
Florentin Albu, CIO at the Food and Agriculture Organisation of the United Nations, said that only businesses that has been redesigned for the current digital era will be able to take full advantage of the cloud. "Companies are already able to run most of their applications in the cloud – from ERP to more common office apps (email, document management). They cannot (yet) run all applications in this way and the reasons are cost, attitude towards risk, operating model, physical limitations."
Gavin Megnauth, group CIO at Impellam made a similar point: "If we all had the luxury to start all over again we probably wouldn’t have the legacy of incrementally added-to infrastructure split between on and off premise," he said, adding "I think cloud has come of age, but a mix of public and private cloud would be the preferred choice for us."
Finally, Chuck Elliott, CTO at Concord University, said that when it comes to cost versus benefit "it appears we’re not there yet". Some services make sense, but "other cloud services remain cost prohibitive and hopefully it’s just a matter of time before they become affordable for us medium-sized businesses," he said, adding: "Compliance issues may dictate controls that are not available when someone else has your data."