|
There are waves of technologies that change the way we create and connect our system landscapes from bare metal platforms to applications levels. Some of the concepts are extremely smart but others tend to be very basic selling approaches. If you come across offers that are in the buzz word area you need to be on alert. Most of the sales persons will not be able to tell you exactly what you will get in return of spending money on their SOA, Cloud or other service. In this context it won’t be a surprise that the advertisements for these topics sometimes look like twins and are that generic that they easily will fit a next generation of services to sell.
Now let’s take a look at a not yet existing sales proposal....
The cloud 3.0 will incorporate all the things that were here before as single offering, the only change is that the services will get “virtual bundled” and become even more abstract than as the individual items we dealt with in the past.
During all the discussions that will arise, some topics will become more important than they are already now.
Q: If a company does not process its own information anymore how it then can assure that the access, processing and storage is done according to the confidentiality and protection requirements defined?
Q: How can critical information be passed on to some kind of cloud provider without giving away too much information that will in wrong hands be your death in the market? We have seen various ways of data scrambling or table re-referencing prior handing over to 3rd parties which then still would allow to run quantitative analysis on the data, sometimes even allowing to back-calculate to the original values without further help.
Q: How will be the risk of back in-sourcing of such information be covered if the customer is not happy with the service provider.
If you have given up on your own processing of the data, have lost the knowledge and systems to do so, it will become a nightmare to re-insource the processes again as you do not only need to rebuild processes and systems, but also will need staff that knows on the “business side processing” that you outsourced before.
To make the problem become a real issue needs one more vector – the mobility one. Making all information accessible from everywhere at any time with any device (I stole this one from some famous company’s advertisement) also opens the opportunity that if that mobile device is not appropriate protected (have you a decent pin on your iPhone?) it will allow unauthorized access to your stored data in the cloud(s). And yes, there is malware code available for mobile devices as well.
Q: If you give away the process of authentication to a third party, how will you ensure that allocation and revocation of user access is done in the way you defined it?
All the before mentioned points present a mix of challenges that stand against the benefits of lowering costs with outsourcing (do we really save costs in the overall calculation) and also have an impact on the cost side if they are addressed in the way they deserve to be looked at.
My personal option and opinion to “out-source and clouding with integration” would be to optimize the internal processes, keep the critical information under your control and also define what information can be disposed at what point in time. Last one will allow savings in datacenter space for the future. The moment you define exact boundaries and interfaces to an external partner with the information-types and service levels you start to know what would be given away. Without that knowledge, taking a decision to outsource will become a problem later on. The amount of money you will have to spend for these tasks is often underestimated and also will expose part of your core business processes to your outsourcing partner. On the other hand knowledge your own internal processes allow you to improve without going the path of externalization of your data. And, to have control over your company’s information at all times still would be ensured. |
