The SME/Small Business Guide to Cloud Computing
The hype surrounding cloud technology is raging yet thousands of bosses are still in the dark about what it means for their businesses.
According to statistics from the Cloud Industry Forum (CIF) – an independent body set up in 2009 to regulate cloud operators – UK business is divided when it comes to their adoption of cloud-based IT.
Of a 450-strong sample, made up of senior IT and business decision makers in enterprises, SMEs and public sector organisations, polled in January 2011, almost half had consciously used a form of cloud computing within their organisation.
And the private sector is leading the way, with far more having adopted cloud already than its counterparts in the public sector. Private firms employing 20 people or more are at the forefront of the current cloud revolution.
Those who have decided to trial or commit to a cloud platform have been attracted to the benefits the internet-based technology offers.
Basically, “cloud” refers to IT systems that are run across the internet. Instead of buying software licences, storage capacity or infrastructure and bringing it in-house, under a cloud model these functions are effectively leased from remote operators and supplied across the internet.
The nature of cloud gives IT users access to a more scalable and agile IT infrastructure that can be accessed on a pay-as-you-go basis.
Andy Burton, the CIF’s chairman explains:
“Cloud is less about technology and more about challenging the fundamentals of how you manage IT operations efficiently in an online world.”
“It is as open to a single person or one-man-band firm as it is to an enterprise or government. The barrier to entry is so low because users pay for what they require for as long as they require to use it.”
Simon Howitt, channel business unit director at Outsourcery said the cost savings and the opportunity to extend market reach should be an “obvious sweet spot” for SMEs.
“It’s very difficult to see why or how any business would not benefit from a cloud strategy. It can increase efficiencies and competitiveness and reduce IT costs.”
“How quickly they deploy it and what type of applications they use it for are other questions but thinking of the broadest use of the cloud as a delivery mechanism, I struggle to see how it can’t have an appeal to every business.”
Ian Moyse, IT security expert and EMEA Channel Director at Webroot commented on the opportunities cloud creates for businesses:
“It flattens the availability to businesses because they can access applications that they couldn’t before because to use a particular vendor app you might have required four servers and database storage and the implementation was too expensive. Now they can get a five user pack of that application that previously only an organisation of 500 users and above could afford.”
The CIF’s research indicates that the flexibility the cloud offers – helping them adapt to the ever-changing business climate – is the key driver for businesses large and small to move to a web-based system. The fact that cost savings can materialise over time and it allows for rapid deployment and scalability are secondary benefits.
“Business people don’t wake up in the morning thinking they have to get into the cloud, they wake up with other business issues that need a solution and the cloud becomes a means to deliver that solution easily.”
But the future of cloud technology is not cut and dry. Concerns around data security, privacy and sovereignty are preventing many small firms from considering a move to the cloud. Businesses are wrongly assuming that every cloud platform offers the same levels of security.
Neil Lathwood, UKFast’s IT director said:
“There have been stories dominating the press recently, including that of Sony’s leaked client data, that have suggested the use of cloud technology has contributed to the security blunder. In fact, in many of those cases, it wouldn’t make a difference if it was a cloud service provider or an on-premise system. Issues arise in organisations without the right security processes not just in those with a cloud-based infrastructure.”
“Typically security incidents occur either because someone is gaining access to credentials illegitimately that allow them to get into a system in the first place or because they hack through inadequate security on the perimeter. Outsiders might also intercept traffic in transit because it’s not going through secure pipes. These issues exist whether you run your own data centre or you’re in the cloud.”
“The thing that is fundamentally different about the cloud, however, is that it is run across the internet so arguably that presents other points of vulnerability.”
“The level of security in the cloud depends on the type of cloud you choose. With a private, dedicated cloud you can lock it down securely and be confident that your data is safe.”
“With anything else there are question marks around the definite security of data. In a public cloud or a hybrid cloud where more data is aggregated and there are multi-tenancy issues, there are different levels of risk.”
Lawrence Jones, managing director of UKFast agreed that small businesses should definitely consider how they can use cloud technology but they should invest time in finding out what type of cloud is most suitable to their business needs. He said:
“For some organisations a public cloud with some elements of shared resource is fine. For others, only a private cloud with wholly dedicated resources is appropriate for their requirements. In any case, business owners need to research the marketplace thoroughly.”
“Don’t be fooled by slick websites of firms you don’t know or trust. The incredible popularity of cloud technology means there will be cowboys taking advantage of businesses that don’t know everything about this kind of technology so it’s wise to adopt some caution.”
“There are a lot of companies, old and new, that are jumping on the cloud bandwagon. Work out who is best for you. Cloud is a heavily service-based offering so you need to work out which hosts or cloud vendors are the right fit for your business.”
Burton suggested the business community’s attitudes towards the technology are changing from “hype and early adoption to pragmatic expansion” but he admitted that concerns around data security, privacy and sovereignty are slowing down the pace of adoption.
“Customers want to be confident that their data isn’t going to be misused by the people they’re placing it with and they want to know where their data will physically reside and under what jurisdiction because there is more of an emotional concern about it going offshore at the moment.”
Understandably, business owners and IT directors are worried about the popularity of cloud giving rise to cowboy companies without the reputation or expertise to manage the transition from a traditionally-hosted infrastructure. Industry experts agree that a code of practice for the industry would encourage trust in legitimate vendors and suppliers.
Ian Moyse continues:
“The key thing for businesses looking at cloud is that they know who they are dealing with. Like in any industry, there will be good and bad players out there. It’s very easy to become a cloud vendor because of the nature of the technology. There will be lots of innovative companies springing up and customers will be dealing with someone they haven’t heard of before.”
Andrew Corbett of the UK IT Association added:
“Businesses want to see an easily recognisable badge that shows a supplier or vendor has met the demands of an independent external testing and verification process. The business owner doesn’t have to know the ins and outs of what it all means, they just want to know that they should look for ‘level A’ for example.”
Burton champions the CIF’s code of practice and guidance from the Cloud Security Alliance, but urges decision makers not to relinquish all control when outsourcing projects.
“There is this natural human behaviour that says when you put something out to a service you delegate responsibility subconsciously. You don’t do your due diligence and you don’t ask for validation on certain things. We need to educate the marketplace so customers know when they take on any service, they still have a responsibility to prescribe exactly what they require and take steps to monitor the service they are receiving.”
Moyse offered some comfort to businesses, suggesting unscrupulous cloud vendors will be exposed quickly:
“There is also an element of self policing that vendors have to do. If you are a cloud vendor and you get it wrong, everybody knows about it pretty quickly. If it happens to one customer, people on the same service will be asking questions. With most cloud services it’s pretty easy to move, so get it wrong and you can lose thousands of customers overnight.”
Entering the cloud?
6 top tips for businesses considering the cloud.
- The "one-size-fits-all" solution doesn’t apply, even with something as flexible as cloud. Choose the service that’s right for you
- Do your due diligence on suppliers. Look for memberships/accreditations including the Cloud Industry Forum Self Certification
- Check the terms and conditions in the supply contract and service level agreement (SLA) to ensure your commercial and operational needs are met.
- Ask if they will provide out of hours support
- Understand how the service will integrate (if required) with your wider IT strategy.
- Check where the data is stored (UK, Europe, elsewhere?) and assess the implications on your business.
Author details: Hosting specialist UKFast