At the ICAEW IT Faculty’s seminar on Cloud Computing last Friday, several questions were voted on at the end by the delegates. Having listened to various presentations, their main concern about using cloud computing was “loss of control”.
The industry itself, through the “Cloud Industry Forum” (CIF) is launching a Code of Practice on 18th October. This seeks to provide advice to buyers so they can make an informed choice on what they call “Cloud Service Providers”. This includes certification of specific providers against agreed criteria and information. CIF says it’s about “trust”.
Trust and control go hand in hand. If you cannot control the systems directly, who can you trust to do it?
One of the speakers at the ICAEW seminar usefully compared traditional outsourcing with SaaS Cloud (Software as A Service). There are several similarities, such as buying in specialist expertise. and moving from up-front capital to monthly expense.
But there are also substantial differences. The key one is that outsourcing agreements are typically negotiated one-to-one, whereas most SaaS services only offer standard terms. Take it or leave it.
So if you are going to outsource running any of your business applications (apps) to a SaaS cloud provider, especially business-critical apps, who are you going to choose? Who are you going to trust?
As I’ve said before I am “positive but cautious” about using SaaS cloud, and therefore about recommending clients to do so. There are substantial benefits possible, such as remote access worldwide, improved disaster recovery and typically lower costs. But there are some key risks and pitfalls that need to be managed by the provider and/or user.
My discussions with leading members of the cloud provider community have concluded that, in general, industry “best practice” is not yet good enough for business-critical apps such as accounting and ERP. There are however some providers with first rate offerings.
The CIF initiative is effectively a good first step in defining “best practice” for the industry. The Code of Practice is asking providers to set out aspects such as how they provide “Provisions for Service Continuity”, the exit paths available, and the level of liability insurance carried. It also asks for background information about the provider.
Let’s see how this develops. In particular let’s see whether it adequately defines “best practice” and engenders trust. Then let’s see whether more people are prepared to cede control and grasp the benefits of the cloud.
No comments:
Post a Comment