Adopt the cloud, kill your IT career

It's irresponsible to think that just because you push a problem outside your office, it ceases to be your problem

It's safe to say that you receive many solicitations from vendors of every stripe hawking their new cloud services: software, storage, apps, hosted this, managed that. "Simplify your life! Reduce your burden! It's a floor wax and a dessert topping!" Some of these services deliver as promised, within fairly strict boundaries, though some are not what they seem. Even more have a look and feel that can make you swoon, but once you start to peer under the covers, the specter of integrating the service with your infrastructure stares back at you and steals your soul.

It's not just the possibility of empty promises and integration issues that dog the cloud decision; it's also the upgrade to the new devil, the one you don't know. You might be eager to relinquish responsibility of a cranky infrastructure component and push the headaches to a cloud vendor, but in reality you aren't doing that at all. Instead, you're adding another avenue for the blame to follow. The end result of a catastrophic failure or data loss event is exactly the same whether you own the service or contract it out. The difference is you can't do anything about it directly. You jump out of the plane and hope that whoever packed your parachute knew what he or she was doing.

[ Stay on top of the current state of the cloud with InfoWorld's special report, "Cloud computing in 2012." Download it today! | Also check out our "Private Cloud Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]

A common counter to this perspective is that a company can't expect to be able to hire subject experts at every level of IT. In this view, working with a cloud or hosted service vendor makes sense because there's a high concentration of expert skill at a company whose sole focus is delivering that service. There's some truth to that, for sure, but it's not the same as infallibility. Services can fail for reasons well outside the technological purview, no matter how carefully constructed it may be. Of course, they can and do fail without outside assistance as well. The Titanic was unsinkable, if you recall.

Let's look at LinkedIn, eHarmony, and Last.fm. Although they may not be considered cloud providers in the strictest sense, they're veteran Internet companies that employ many highly skilled people to build and maintain their significant service offerings. They are no strangers to this game. Yet in the past week, all three had major security issues wherein thousands or millions of user account details were compromised. LinkedIn reportedly lost 6.5 million account details, including passwords, to the bad guys.

Just imagine if LinkedIn were a cloud provider responsible for handling your CRM or ERP application. You now have to frantically ensure that all your users change passwords or have them changed and relayed to the right party. You have to deal with what could conceivably be compromised data, rendering the application less than useless. What's left of your hair is on fire — but you can't do anything about it directly. You can only call and scream at some poor account rep who has no technological chops whatsoever, yet is thrown to the wolves. Don't think that this can't or won't happen. It's guaranteed to happen — again and again

 

Now imagine where you'll be when you've successfully outsourced the majority of your internal IT to cloud providers. All your email, apps, storage, and security rest easy in the cloud. You have fancy Web consoles to show you what's going where and what resources you're consuming. You no longer have to worry about the pesky server hardware in the back room or all those wires. If a problem arises, you fire off an email or open a support ticket, sit back, and wait.
 
Once that becomes the norm, the powers that be might realize they don't need someone to do any of those tasks. I mean, if they're paying good money to these vendors for this hosted cloud stuff, why do they need an IT department? They'd be mistaken, of course, but frankly, they'd also have a point. After all, anyone can call a vendor and complain.
 
Don't get me wrong. I believe there are many areas in which the cloud brings significant benefits to an organization of any size. Data warehousing, archiving, and backup using cloud storage providers that offer block-level storage, tightly integrated security, and local storage caching and abstraction devices come to mind.
 
But on the opposite end of that spectrum are application and primary storage services that function at higher levels and can be compromised with a single leaked password. Aside from the smallest of companies, these services collected into any form cannot serve as a full-on replacement for local IT. Doing so places the organization in unnecessary jeopardy on a daily basis. 
 
Cloud vendors necessarily become targets for computer criminals, and however vigilant the vendor may be, at some point they're going to be compromised. Judging by the recent revelations of Stuxnet, Flame, and Duqu, this may have already happened. Don't think that I'm being overly paranoid, either. If I'd told you a month ago that several widespread viruses were completely undetectable by antivirus software due to the fact they were signed using Microsoft certificates, you'd have thought the same. But it happened.
 
If and when it comes to light that a major cloud vendor has been compromised for months and has divulged significant amounts of sensitive customer information to hackers over that period, we should not be surprised. I mean, City College of San Francisco had been compromised for more than a decade before anyone figured it out.
 
The fact of the matter is that a significant internal or external event occurring at one or more cloud providers can be ruinous for that provider and, by extension, its customers. That means you in IT. The best idea is to use cloud offerings wisely, and be ever vigilant about maintaining control over what little you can. Trust, but verify — and keep your cards close to the vest.
 
This story, "Adopt the cloud, kill your IT career," was originally published at InfoWorld.com. Read more of Paul Venezia's The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.