It’s funny to read the fine print included in some ads. I guess I never thought of trying to get double meat on my fast food sandwich for the same price. After all, a double is a double and a single is a single. I think we can all appreciate that there are some options that we can choose when ordering which will be included in the price, and there are other special asks that might cost a little more.
Now you might ask: “what’s he on about fast food sandwiches and disclaimers” in a technology oriented blog. Great question! The connection lies in a recent presentation I made at a conference on “Cloud Computing Law.” I have to admit that as an engineer, I felt a little out of place in the roster of legal professionals that followed my kick-off session, but having worked with IT as service for the better part of 10 years, especially focused on cloud and legal/policy issues for the last four I could provide a practitioner’s perspective. Of course I always start off with the “demystifying the cloud” messages that help everyone appreciate the variety of technologies, processes, business models and locations that cloud services can refer to. There is still confusion out there and it’s making business leaders wary of going to the cloud. It’s also perpetuating some of the myths I’ve written about earlier. As organizations look to take advantage of the opportunities of cloud computing they have the choice of whether to build cloud capabilities in their facilities, ask a service provider to host their cloud services or make use of public cloud services over the Internet.
Moving from internal cloud services to the public cloud services allows economies of scale to kick in and decreases, often dramatically; the costs associated with the IT service (see Economics of the Cloud paper). However, as you move from private, through hosted to public cloud services your ability to obtain customized solutions decreases. Generally, the broader the audience the solution serves, the more that you’ll have the simplicity of configuration.
This takes us back to the presentations at the cloud computing law conference where there were several suggestions around what organizations should demand from their cloud services provider. In many cases cloud providers have already packaged these requirements into the baseline services offerings or the business agreements that are struck with customers. In some cases, well, it just doesn’t work that way. One example that stands out in my mind is the suggestion that cloud consumers demand a private right to audit the operations of the cloud provider. Trustworthy cloud operators will have already had independent validation of their operations against one or more audit standards, be it SAS 70 or ISO 27001 to provide a consistent, industry recognized measurement of the trusted operations of their facilities. These worldwide recognized audit standards have been developed to provide confidence without requiring separate independent reviews. Think of it like the health inspector checking out the restaurant so that you don’t have to go through the kitchen yourself. Can you imagine what the operations of a cloud service provider would look like if each of their thousands of customers audited their facilities? My sense is that on any given day there would be 10s, if not hundreds, of audit personnel in the data centre. Operators would have little time to actually operate their facilities and would be kept busy shepherding people throughout their facilities and documentation.
If you really want to have your own audit capabilities, you may need to look to a provider who is more specialized to meeting your custom requirements and that, of course, may cost extra.