Hybrid Cloud Adoption Issues Are A Case In Point For The Need For Industry Regulation Of Cloud Computing

The concept of a hybrid cloud is an attractive one for many organisations, allowing an organisation with an existing private cloud to partner with a public cloud provider. This can be a valuable resource as it allows companies to keep some of their operation in-house, but benefit from the scalability and on-demand nature of the public cloud. There are, however, a number of issues that organisations must consider before opting for a hybrid cloud set-up.

The single most pressing issue that must be addressed is that, by definition, the hybrid cloud is never ‘yours’ – part of it is owned or operated by a third party, which can lead to security concerns. With a true ‘private cloud’ – hosted entirely on your own premises, then the security concerns for an IT manager are no different to those associated with any other complex distributed system.

Indeed, ‘Cloud computing’ as a term has become very overloaded – it is doubtful whether this type of internal system qualifies as cloud computing at all, as it does not bring the core benefits associated with cloud computing, including taking the pressure off in-house IT resources and providing a quickly scalable “elastic” solution using the new pay-as-you-go business model.

However, when this ‘private cloud’ is hosted by a third party, the security issues facing IT Managers become more complex. Although this cloud is in theory, still private, the fact that it relies on external resources means that IT Managers are no longer in sole control of their data. Security remains a major adoption concern, as many service providers put the burden of cloud security on the customer, leading some to explore costly ideas like third party insurance.

It is a huge risk, as well as impractical, to insure billions of pounds worth of company data – potential losses from losing major trading or logistical applications are enormous. Service providers should offer greater assurance to reduce the idea that insurance is even needed. Another issue that organisations must consider is interoperability – internal and external systems must work together before security issues can be considered.

It could be said, therefore, that a true hybrid cloud is actually quite difficult to achieve, when interoperability and security issues are considered. One solution might be a regulatory framework that would allow cloud subscribers to undergo a risk assessment prior to data migration, helping to make service providers accountable and provide transparency and assurance.

The computer industry should welcome the fact that members of IEEE, the world’s largest technical professional association, are working around the globe on a Cloud Computing Initiative to develop standards, helping enterprises of all sizes address the barriers that can potentially reduce the adoption rates of this game-changing technology.

Concerns with hybrid cloud are indicative of the anxiety that many companies feel when considering cloud computing as a viable business option. We need to see a global consensus on regulation and standards to increase trust in this technology and lower the risks that many organisations feel goes hand-in-hand with entrusting key data or processing capabilities to third parties. Once this hurdle is removed then the true benefits of cloud computing can finally be realised.

Vladimir Getov is a professor of distributed and high-performance computing at the University of Westminster, London. His research interests include parallel architectures and performance, autonomous distributed computing, and high-performance programming environments. After completing his PhD Dr Getov was Project Manager of the first Bulgarian IBM PC/XT compatible computer (1984). In 1989 he moved to England where he joined the Concurrent Computations Group at the University of Southampton. Since 1995, Vladimir has been an academic staff member at the University of Westminster in London where he was awarded the titles Reader (1999) and Professor (2001).He is a Senior Member of the IEEE, a Fellow of the BCS, and the area editor for high-performance computing of the IEEE Computer Magazine.

  • Robb

    No we don’t. We, in the industry, that is the real industry that do these things and not simply study and write about them, do not need any more legislation. We have years of experience securing data centres and dealing with compliance. As for the Triple E, I have no idea what it does as I have only just become a member. I know what I do and what hundreds of my colleagues world-wide do when it comes to securing the Cloud. We don’t. You can’t secure something that doesn’t exist in reality. Cloud is a metaphor. When we talk of Cloud we are actually talking about Managed Hosting, to all intent and purpose. The Delivery paradigm might have changed (a bit) but, nothing else has. By and large this is about managing hardware and software. Just as we have always done. The trick is to ignore the hype, the acronyms and the misleading information that masquerades a fact. As with most things in life, if you haven’t actually done it, how can you really know?

    I am one of the very few who designs Private and Hybrid Clouds across the globe. I am also responsible for the development of IP for Cloud and Virtualisation. I think that this hands-on experience is my authority to comment.The writer appears to have been hi-jacked by the hype and technobabble around this ‘new’ methodology. There’s lots of it about, much of it used to create a fog to protect ignorance.  I am happy to deliver a Cloud Strategy Workshop for him so that he will know what Cloud really is (for free, no less).

Our latest thought leaders

What would you like to submit?

Byline Article

Press Release