Cloud computing risks

Posted on October 16, 2012 11:33 am

Cloud computing technology has become one of the most discussed topic in technology circles over the last few years with accurate and at times distorted information.Very few analysts or industry experts want to discuss it.Having visited various organizations using such services,I can conclusively say that software intensive business considering cloud computing needs to weigh up the risks of the cloud against its reliance on in house legacy IT systems that have been in use for years.  Web based business software is redefining the story of organizational and outsourcing to an extent where business executives are no longer in any position to list all the software services that are consumed by an organization as was the case when I got my first job at a technology company a decade ago.

Most debates I have come across have revolved around risks that have been limited to using public cloud services from large global suppliers. In my own opinion, I feel time has come for constructive discussions over the quality of business to business software services from providers of business infrastructure services.Currently, customers facing business to business software interfaces of banks and telecommunication service providers have emerged as a main source of aggregated risk potential and many experts have failed to address the problem on who ends up bearing the impact of risks when banks and mobile network operators choose not to build their own systems as has been the case in Asia, Eastern Europe and Africa.The concept of resilience which involves building sufficient levels of redundancy into the designs of systems require a high degree of reliability and that has not been the case for many users. Also, the  concept of redundancy is well understood in domains that involve life critical systems such as health industry but concept are much less well understood in the software engineering of web based systems and banking solutions that I have come across. Almost every large organization has a slightly different approach to the amount of risk they are willing to manage with a contract. All too often I’m seeing warning signs that would suggest many organizations are over reliant on these agreements.

Cloud providers provide customers with the ability to deploy systems in different geographies and are explicit mechanisms in place for using technological redundancy to improve resilience but that redundancy invariably must be weighed up against increases in operational costs.The bottom line is that when excessive financial engineering is used to drive down operational costs, it invariably affects quality of service. Most organizations I have studied about are neglecting the resilience of systems are simply propagating the cost of risk mitigation downstream to their customers. In the absence of reasonably resilient customer-facing business applications, and in order to secure the savings achieved by cutting corners, legal contracts often end up being the focal point of risk management. Outsourcing contracts offer no risk protection for businesses and consumers that rely on web-based banking and telecommunication services while web service supply chains that cross several organization boundaries make it increasingly difficult to obtain compensation for service outages in a timely manner. Organizations in a web service supply chain have the mandate to offer an appropriate level of redundancy to minimize the risk exposure of customers and step up to the challenge of offering service level agreements that provide appropriate insurance against service outages. This would be a constructive form of legal engineering that benefits customers.

Contador Harrison