Information technology (IT) is a rapidly advancing field. New information technologies introduced into a business organization often have a disruptive effect. These disruptive technologies provide benefits and present risks to the business. One of the many disruptive technologies that are emergent today is service or cloud computing. In the 2006 article, “IT Education in the Flattening World,” Wang defines service computing as, “the science and technology that underlie business services and bridge the gap between business services and IT services.” (Wang, 2006) Service computing is also known as cloud computing. The National Institute of Standards and Technologies offers the following draft definition of cloud computing,
“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” (Mell & Grance, 2009)
Cloud computing is a disruptive technology that presents significant potential benefits to business. However, achieving the benefits will require organizations to understand, plan for, and mitigate the associated risks.
Cloud computing represents a change in paradigm for business and the means by which organizations make and utilize IT investments. Under the cloud computing model, companies purchase IT services, much like purchasing electricity and other utilities, rather than developing services internally. Providers of service computing are able to leverage economies of scale to provide significantly lower costs. Geir Ramleth, Chief Information Officer for Bechtel, provided the following example of cost savings during a Chief Technology Officer roundtable discussion sponsored by the Association for Computing Machinery (ACM),
“I can buy a gigabyte of storage on Amazon S3 for between 10 and 15 cents per month. Our internal corporate charge to support a gigabyte is $3.75 per month. While it is not an apples-to-apples comparison, the delta between 15 cents and $3.75 is too big to ignore.” (Creeger, 2009)
Cloud computing also offers significant improvements to scalability over in-house IT. Lew Tucker, Chief Technology Officer for Sun Microsystems, describes the scaling efficiency in an example from the ACM CTO roundtable,
“Animoto is a new company that makes movies out of photographs synced with music. It started with 50 instances running on Amazon. They launched it on Facebook and had very high success. In a matter of three days they went to 3,500 instances. Can you imagine going to your IT department and saying, ‘We’re running on 50 servers today, and in two to three days we want to go to 3,500 servers.’? It just would not have been possible.” (Creeger, 2009)
The benefits of cloud computing are not limited to storage and servers. The cloud computing paradigm offers similar benefits for implementation and deployment of infrastructure, platform, and application services.
Disruptive technologies, like cloud computing, also bring business risks along with the benefits. Security is a major concern when evaluating service computing. Businesses utilizing cloud computing are placing important and potentially sensitive information into resources that are shared with other organizations. In the 2009 article, “Toward Cloud-agnostic Middlewares,” Maximilien, et. al. describe the importance of managing security risks,
“Security and privacy are thus the paramount concern. This not only means securing access to the deployed application instances and their data but also to the middleware itself. Modern security best practices of public and private key encryptions for all transactions and for communication channels also become a key issue to constantly address.” (Maximilien, Ranabahu, Engehausen, & Anderson, 2009)
As indicated by Maximilien, et. al. the encryption of communications and storage are important strategies for ensuring security and privacy when utilizing service computing. Another significant risk to cloud computing is vendor lock-in. The degree of standardization across service computing providers is limited. As a result, service components are not easily migrated from one cloud provider to another. Businesses looking to utilize cloud computing must plan for the possibility of migration between providers. As Maximilien, et. al. describe,
“From a business point of view, standardizing on a single cloud provider is a worrisome proposition as it can lead to data lock-in or application architecture or application development lock-in. For instance, standardizing on the Google App Engine (GAE) in early 2009 means developing your applications exclusively in the Python language and using the GAE libraries for data storage and data access.” (Maximilien, et al., 2009)
As the authors explain, the lock-in to specific technologies is contrary to what businesses are seeking,
“And, from a technical point of view, using multiple clouds means spreading your risks for quality of service over vari- ous providers. That is, if one cloud provider suffers a catastrophic failure your entire operation does not need to suffer the same consequence.” (Maximilien, et al., 2009)
Over time, there is an industry expectation that portability will improve and there are organizations like the Open Cloud Consortium (http://www.opencloudconsortium.org) that are working to establish better standards for cloud computing. Businesses adopting service computing would be best served by requiring providers to be participants in activities that further standardization.
Service or cloud computing offers significant cost and scalability benefits for businesses. Businesses leveraging service based information technologies must mitigate privacy, security, and portability risks. The risks are manageable and, in light of the benefits, businesses should pursue a cloud computing strategy where feasible.
Creeger, M. (2009). CTO Roundtable: Cloud Computing. Queue, 7(5), 1-2.
Maximilien, E. M., Ranabahu, A., Engehausen, R., & Anderson, L. C. (2009). Toward cloud-agnostic middlewares. Paper presented at the Proceeding of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications.
Mell, P., & Grance, T. (2009). The NIST Definition of Cloud Computing Version 15: National Institute for Standards and Technology.
Wang, A. J. A. (2006). IT education in the flattening world. Paper presented at the Proceedings of the 7th conference on Information technology education.