SANTA CLARA, Calif.-The promise of cloud computing is pretty darn alluring. You can ostensibly get your workload done everyday and not need to buy software or hardware; capital expenses start shrinking; maintenance and head count costs are lower; scalability is there if you need it; and so forth.
However, as in journalism, there are two sides to every story. On the other hand, there are legitimate concerns within cloud computing regarding application quality, portability and security; control over how the data is delivered; certifications and standards; and so forth.
Thus, a lot of forethought and due diligence must go into making the move from a conventional data center to one that's up in the sky somewhere-and possibly on another continent.
"When a company decides to add cloud services to its IT, the company has to open the kimono a little bit; there's a lot of trust involved," Peter Young, vice president and CIO of biopharmaceutical provider MedImmune, told the audience in the opening keynote of SaaSCon 2009 here at the Convention Center.
MedImmune is a 21-year-old biopharmaceutical company that went public in 1991 and is up to $1.3 billion in annual sales. It was acquired by AstraZeneca in 2007 for $15.6 billion. Headquartered in Gaithersburg, Md., it produces flu vaccines, antibodies and other products.
Young, who directs the global activities of MedImmune's IT business, recently made the move to add a cloud component to his company's multinational IT division.
Young laid out a list of key questions that IT managers should ask when considering such a move. A lot of IT decision makers are now considering adding cloud components, pushed by anxious C-level executives and boards of directors concerned with controlling costs in the worldwide recession.
"First of all, we're talking about exposing services-whether they be internal or from outsides sources-in a way that brings value," Young said. "Data services, application services, network services, hardware, storage, other services-that's what's being offered in the cloud today as a package. In the old ASP [application service provider] days, you got one thing at a time, and it got complicated and siloed.
"If we're moving beyond Cloud Computing 1.0, this [combined service packages] is where we're going."
Because these are all essential to any business in a proprietary way, they all must be kept sacrosanct when trusted to an outside IT supplier, Young said.
"Question everybody, everything," Young said. "Take nothing for granted."
Young said IT managers considering a move to the cloud should ask the following questions, for starters:
- How portable is the technology and data across international borders?
- Who is backing the service provider?
- Is the provider certified, and by whom?
- Where does the data originate?
- How is the identity management process set up?
- Who manages physical security at the provider's facilities?
- How is change management handled?
- What happens to your partnering model?
Question any assumption you hear, Young said.
"What happens as my data crosses international boundaries and different jurisdictions?" Young asked. "Regulations will face you at every turn, and you need to know that your service provider has accounted for that.
"IBM endured a painful transition from the hardware to the software-and-services business," Young said. "Being a multinational company, it was a rough time. Cloud computing is in its early stages but will face many of the same issues.
"Cloud computing is not an optional disruptor. This will become standard very soon. We can now provision a server in 8 minutes; it's all moving very fast. Because we have no closed standards at this time, this could be the downfall for some early adopters, but if they're aware of all these questions and ask them, they'll be better prepared," Young said.
SaaSCon continues through April 2.