Hero-to-Zero

Let us set the scene. You are an IT Manager working for a very successful SME, who notwithstanding the economic downturn are commercially flourishing. Keen to maintain the competitive edge, Monday morning the MD sends out a mail to all teams to tease out any ideas which could improve their services, and/or reduce their operational running costs.

Driving home you start to ponder the opportunities, and looking up at the sky, in an instant of brilliance, the BIG idea hits you full frontal – the answer is in the ‘Clouds’. The next day you review the company spend, and do the math, and the savings are significant. Within a couple of days you write up a report articulating the benefits of Cloud, Paas, and SaaS, and in an instant your boss buys into the idea, and with no further consideration, the ball is set in motion to switch over into Cloud! With that in mind, you swagger back to your desk, eying up any available office space which could accommodate the next internal promotion.

Within an exceptionally short period, the entire company has morphed its way of working, and has embraced Cloud – users now pulling down their office applications on demand, collaboration and time management effected via Cloud hosted SharePoint, conferencing is supported by on-line services, and all those business sensitive, and time critical documents are now stored within the physical/logical facilities of Cloud, providing always on, and follow the sun access – and all of these benefits, are also actually representing a reduction on the bottom line running cost – why on earth didn’t we do this earlier!

A couple of months on, you are rushing into the office to finalise an urgent proposal, which must be completed by close of play. Plug in of the laptop, and fire up the browser, and ‘click’ on the office application icon, but to no avail. No panic, you place a call with Service Support who inform you there is a bit of an issue today with 5 early risers – no problem, just give me a call when it’s fixed. However, at 10:45 that morning it soon becomes clear that the company is suffering some down time with their Cloud Providers point of presence!

Whilst the aforementioned case is of course hypothetical, let us underpin this with a little reality check. On 17 August 2011 the Microsoft CRM Online Office 365 service suffered outages, with obvious impact on its International user base. Some users reported, whilst they who could still gain access to 365, they found the performance was so impacted the service was unusable! Thus the implications are loss of access to applications, services, and possibly in some cases, those critical information assets – a very real impact on productivity.

So, if I may, I would like to bring up a few observations. In 2010 I reviewed a document published by ENISA on Cloud, and did respond with a comment that notwithstanding the related security of the such extended-perimeter deployments, the one ‘common’ flaw in the entire solution was that of availability, and dependence on a remote providers delivery channels. The second observation was related to a dependency on an environment which does not enjoy any real level of SLA, or Governance – here I refer to the Internet.

So, notwithstanding the hypothetical case study, sadly, I am sure many readers are aware, such hurried deployment are not uncommon, and I personally observed  a number of examples where rushed decisions have manifested in significant impact on the operability of the organisation.

But let us get real and face it, ‘Cloud’ is here and it’s a big deal. Cloud will be embraced, and will bring many opportunities to the engaging organisation – FACT.  But, and ‘but’, be sure that any such engagement are effected with a risk based approach, which identify any potential opportunities which could impose insecurity, denial-of- service, or any other events which could impose an unwanted adverse condition on your organisation.

And returning to the above example, just one thought. If you use remote services today as a BC/DR solutions to back up your on-site operations – if you move your in-house BAU services into the Cloud, then what adjustments have been considered to balance your expectations of continuity? Just a thought!

Comment on this blog