The cloud gets teeth
AWS continued to evolve until 2006 when it launched its Elastic Compute cloud, which allowed small companies and individuals to rent computer space where they could run their applications. Amazon set the bar as the first widely accessible cloud computing service.
But they weren’t alone under the Web 2.0 concept. In 2009, Google along with others launched a variety of browser-based apps. Google Apps, which targeted Microsoft Office, was perhaps the most memorable. Suddenly individuals were doing things “in the cloud” that were only done on local computers before. This step is considered one of the most important and it drove Microsoft to respond with services like Office 365 and One Drive, massively spreading this change.
Assisting behind the scenes was the concept of virtualization provided by firms like VMware and Microsoft [Disclosure: Microsoft is a client of the writer], which allowed single servers to not only host multiple application loads but to be able to shift those loads dynamically and in real-time allowing these cloud implementations to both scale and to become increasingly less expensive. This rapid rise of capability and reduction in cost is largely what continues to drive cloud computing today.
The dark underbelly of the cloud emerges
However, the cloud isn’t perfect, a service driven largely on value and rapid scale-out has to give something up and that something is often security and reliability, both of which generally remain stronger when hardware is under IT’s direct control. Outages and breaches in a variety of cloud service providers coupled with laws and compliance rules that limit where data can flow (certain types of data can’t flow across boarders or needs extra protection as a result of regulatory requirements).
One of the most interesting stories about this came to me at a security conference several years ago. It was about a couple of engineers working for a large pharma company that needed to analyze a new drug. They went to IT and were quoted a cost of over a $100,000 and a time frame of six-to-nine months. They went to a cloud provider using credit cards and completed the project in three weeks for a cost of $3,500. At a companywide event they shared an award for saving the firm money only to be fired the following day for breaching company security because, apparently, the work had been done on machines in Eastern Europe, which weren’t adequately protected, putting the entire project at risk.
Even though this kind of an exposure was common it wasn’t unusual for an internal audit review flagging excessive credit card use to turn up massive unauthorized Amazon or Salesforce implementations as employees went around IT to use unapproved cloud services. We’d had a big shift of financial control to line organizations and these folks were using that power to build little secret and often illegal roads around IT.
Sign up for CIO Asia eNewsletters.