It's irresponsible to think that just because you push a problem outside your office, it ceases to be your problem
It's safe to say that you receive many solicitations from vendors of every stripe hawking their new cloud services: software, storage, apps, hosted this, managed that. "Simplify your life! Reduce your burden! It's a floor wax and a dessert topping!" Some of these services deliver as promised, within fairly strict boundaries, though some are not what they seem. Even more have a look and feel that can make you swoon, but once you start to peer under the covers, the specter of integrating the service with your infrastructure stares back at you and steals your soul.
It's not just the possibility of empty promises and integration issues that dog the cloud decision; it's also the upgrade to the new devil, the one you don't know. You might be eager to relinquish responsibility of a cranky infrastructure component and push the headaches to a cloud vendor, but in reality you aren't doing that at all. Instead, you're adding another avenue for the blame to follow. The end result of a catastrophic failure or data loss event is exactly the same whether you own the service or contract it out. The difference is you can't do anything about it directly. You jump out of the plane and hope that whoever packed your parachute knew what he or she was doing.
[ Stay on top of the current state of the cloud with InfoWorld's special report, "Cloud computing in 2012." Download it today! | Also check out our "Private Cloud Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
A common counter to this perspective is that a company can't expect to be able to hire subject experts at every level of IT. In this view, working with a cloud or hosted service vendor makes sense because there's a high concentration of expert skill at a company whose sole focus is delivering that service. There's some truth to that, for sure, but it's not the same as infallibility. Services can fail for reasons well outside the technological purview, no matter how carefully constructed it may be. Of course, they can and do fail without outside assistance as well. The Titanic was unsinkable, if you recall.
Let's look at LinkedIn, eHarmony, and Last.fm. Although they may not be considered cloud providers in the strictest sense, they're veteran Internet companies that employ many highly skilled people to build and maintain their significant service offerings. They are no strangers to this game. Yet in the past week, all three had major security issues wherein thousands or millions of user account details were compromised. LinkedIn reportedly lost 6.5 million account details, including passwords, to the bad guys.
Just imagine if LinkedIn were a cloud provider responsible for handling your CRM or ERP application. You now have to frantically ensure that all your users change passwords or have them changed and relayed to the right party. You have to deal with what could conceivably be compromised data, rendering the application less than useless. What's left of your hair is on fire — but you can't do anything about it directly. You can only call and scream at some poor account rep who has no technological chops whatsoever, yet is thrown to the wolves. Don't think that this can't or won't happen. It's guaranteed to happen — again and again