Perspective
It is all always interesting to watch as a new idea progress into a disruptive and then destructive one. Today we are witnessing several trends which seem to be ushering in nothing short of Copernican changes across many industries. IoT, robo-advice, block chain, bitcoin, robotics, personalized medicine, self-driving cars, Smart Grids and Smart Cities. Each of these has been enabled by massive advancements in computer processing that has over the course of the past few decades, driven the costs of computation power, data transport and storage to a fraction of what it had been even just a decade ago.
Welcome to the age of Commodity Computing. It’s not so sexy and not so marketable and a bit techy. So let’s instead call this what everyone else calls it: The Cloud.
Watching “the cloud” emerge as a construct into a paradigm has been fascinating. Early adopters were not enterprises. They were individuals who needed access to enterprise grade capabilities but at human scale and low costs. For example, they (we) were developers who needed server space beyond what was in our closets and under our desks. We needed collaboration capabilities (document sharing and source code vaults and version control) across multiple locations. We needed ticketing systems and email distribution list management solutions that allowed subscriber self-service.
The Cloud offerings adapted and matured in accordance with our maturing needs. At some point, we took this from our ‘stealth works’ into the light to our IT shops where the benefits of outsourcing – in our case, tooling flexibility, no capital expenditures and speed to market – were recognized as advantages and corporate IT adoption began to take off.
Out from the Shadows
As is often the case, our successes were noticed by our colleagues and peers outside IT, both through personal or ‘informal’ networks, and data intensive functional teams sought to learn from us and emulate our successes. Marketing departments were among the first few to do so and the proliferation of not less than 2000 products emerged to service them. This independence from IT (in many cases, these cloud providers and their in-house managers constituted ‘shadow IT’ organizations, a misnomer if there ever was one) allowed Marketing teams to deliver insights and results sooner, faster and at lower cost than traditional IT could, ushering in the rise of the CMO as a strategist driving business beyond supporting it.
Biotechnology firms also saw advantages. Processing genome files, which can be 20 gb each on the low end, require enormous amounts of power and space and fat pipes to move them around. The technologies to support them had been new and untested (er, ‘big data’) and represented huge undertakings fraught with huge risks. This was an opportunity for third parties to take on that technology risk and offer as a service these very capabilities in private clouds.
Financial services firms, necessarily pioneers of data privacy, are fundamentally data-driven. Financial products are ultimately just information and rules packaged and regulated in different ways. They are intangible though their benefits are very tangible. This intrinsic fungability leaves few natural barriers to adaptability in response to market opportunities. FS IT teams are among the most cutting edge in the world and yet privacy concerns have been a major impediment to their cloud adoption.
Valid Reasons to Resist Embracing Change
So let’s talk about that for a moment because that is the point of this posting.
The cloud is maturing rapidly driven by AWS who is leading the charge with more market share (recent defections of Apple Cloud, DropBox and possibly Netflix notwithstanding) than anyone else. According to Cloudmgr*, this is the year cloud vendors will consolidate or be consolidated to compete with the Hyper scalers (AWS, Azure, Google). That’s an indication that cloud adoption is on the rise and providers are maneuvering to increase their competitiveness.
Widespread adoption suggests that the benefits of cloud adoption are becoming obvious. Salesforce.com lists benefits that are representative across all cloud service types and they include flexibility, disaster recovery and business continuity, automatic software updates, capital-expenditure Free and global availability.
The demand is only held back by perceptions of risk. Risks are well-founded, as we have seen the number of breaches, people affected and damages levied grow each year. We interviewed representatives of a dozen cloud service providers of SaaS, IaaS, PaaS, colocation, and hydridization and each of them shared that perception of data safety was primarily behind this.
Re-Assigning Risk Where It Belongs….So You Can Address It
So how is the cloud less safe than on-premise? It is not. In fact, it is safer.
To understand risk, information Risk Managers speak about ‘technical, physical and administrative safeguards’ as foundationally important to protecting data. This nomenclature derives from the HIPAA security rule but it is being adopted beyond healthcare IT to other industries. It’s a sound framework to apply in general.
Cloud providers satisfy these criteria with perimeter controls like cameras, fences, alarm systems, and extreme weather proofing; backup power and safeguard systems; cutting edge encryption and monitoring; climate controlled environments; role based and biometrically controlled access to sensitive areas; constant third-party auditing. And because this is primarily what they do, they develop extraordinary competency in what they do. And because they attract so many customers with their laser focus, they command pricing leverage with power, real estate, talent and equipment providers that most firms otherwise do not which they can pass onto customers.
The real risks are not only poorly appreciated but also erroneously assigned by decision makers. Quite a few studies have been published that demonstrate conclusively that Human Error is behind the vast majority of breaches**. Regardless of code or network vulnerabilities, stolen or lost end-user laptops or mobile devices, sharing passwords or circumventing documented procedures, it was an OPERATIONAL FAILURE behind the incident.
The strongest argument against cloud adoption should be a lack of organizational readiness. Your people and processes are where the liability are – through no fault of theirs! they are just trying to make your company successful – so shift culpability to where the liability actually is and address it head on.
Focus on assessing your information management practices simultaneously for both risk tolerance and effectiveness. Over-communicate to them (sell, sell, sell!) through training, training refreshes, and monthly communications (‘policy of the month’) and ensure auditing and clearly documented and enforced sanctions for non-compliance are company practice. Make it easy, safe and worthwhile to comply while employees advance your organizational objectives.
Creative destruction clears the way for new ways of understanding needs and calibrating your organization’s ability to meet them. Those who do not recognize the new way may be left in the dust if they cannot get up to speed when they finally do come to grips with the changes. It is nothing less than evolution in action.
We are in the cloud to stay. Succeeding beyond survival require risk management to be built into your operational foundations. There is no reason to compromise efficiency for safety if you revamp your policies, processes and procedures with the big picture in mind.
* See Cloud Computing Predictions 2016
** For example, see