At these events, we looked at how the internet could be used for business purposes. A wide variety of applications (apps) and facilities were appearing, leveraging the rapid improvements that had just been made in datacomms speeds with the availability of "broadband".
Given the cost, remote access and other benefits of cloud computing, it might have been predicted that cloud services would have become the norm by now. But they haven’t. Why?
Internet Access Speeds
Back then, internet access by larger organisations was already well established, using dedicated datacomms lines. The advent of “broadband” had made internet access by consumers, homeworkers, satellite premises and smaller businesses practical and affordable. Access speeds have since improved, which has tended to overcome “world wide wait” that is due in part to the shared (“contented”) nature of both consumer and the better business broadband offerings.
“Mobile broadband” appeared with 3G services running only slightly slower than fixed line broadband. Speeds too have improved dramatically with the introduction of newer 3G technologies, comparable with many people's fixed line broadband, but still slower than the best fixed line options. Nonetheless these are fast enough to run a whole range of apps now becoming available on the latest smartphones.
In many places, the availability of broadband based on BT’s infrastructure, Virgin’s cable network and 3G services means it is now possible to have at least two alternative means of fast internet access at each location. As this is essential for business reliance, business use has recently become more practical.
The problem remains that some rural areas either have slower offerings or are without some or all of these services. Even so, the vast majority of businesses do have at least two forms of adequately fast internet at all key locations.
So businesses are now poised to take much more advantage of cloud computing in 2011. But will they?
Trust and Other Concerns
Smaller businesses and apps like CRM (customer relationship management) have become very popular. This is because the benefits vastly outweigh any concerns, especially when the users are not aware of the pitfalls and risks.
Larger businesses take a more balanced view, and have often remained unconvinced for anything that can be regarded as business critical. Concerns about security of operation, reliability of operations, capability and processes, transparency of vendor identity and financial strength, and service level reporting need to be addressed by cloud service providers. The delegates at the recent ICAEW seminar placed “loss of control” as the number one concern after all the talks and discussions.
It all actually comes down to one thing - can the provider be trusted? Whilst many in-house systems do not have adequate backup and disaster recovery arrangements, over which cloud computing should be a distinct improvement, many systems in larger businesses do. Is the provider providing adequate facilities for access control, backup and resilience? How well are they going to sustain them? And there’s a whole host of other questions.
The cloud is effectively “outsourcing for all”. Traditional outsourcing involves the customer and provider in detailed talks, up-front audits and negotiated service agreements that are closely monitored. Conversely many cloud services are bought off the page on a “take it or leave it” basis, or otherwise via a reseller of some kind. What does a buyer need to know before committing to a provider?
Overcoming These Concerns - the Launch of the "Code of Practice"
In the absence of any existing standards for cloud computing, the Cloud Industry Forum has been formed to champion the use of cloud services. This is initially by defining the type of information that providers ought to disclose to potential buyers in a Code of Practice. Advice for providers on best practice within each category will also develop, as will best practice of what end-users need to do in addition.
The Code was officially launched yesterday, Monday 22 November. Providers can now download the Assessment Pack and register to certify they are complying with the Code. This is either on a self-certified basis, subject to audit, or certified by an independent body. Two different styles of logo can then be displayed by the provider on their website and other materials.
The Code of Practice is in three main parts:
A) TRANSPARENCY
- A1: Information for Public Disclosure on website, such as identity, company details and any existing certifications such as ISO9001
- A2: Information for Disclosure in connection with Proposals/Contracts, possibly under non-disclosure agreement, such as security and continuity provisions, and what happens on renewal and termination
Availability of auditable documented management systems, similar to ISO9001, for aspects such as Information Security Management and Service Continuity Management
C) ACCOUNTABILITY
- C1: Agreement to CIF withdrawing Certification if appropriate, subject to a defined process
- C2: Procedures for complaint resolution, internally and via arbitration
This should certainly make it easier for buyers to assess providers. It should also drive up standards across the industry, especially for the use of business-critical apps.
In support of these aims, I have agreed to join the 12-person Governance Board for the Cloud Industry Forum. I look forward to helping to develop the Code and accompanying best practice.
The combination of improved datacomms with improved provider offerings should then unlock the benefits of cloud computing for organisations large and small, across a wider range of apps.
.
