Advisory Note: Avoiding Lock-in and Availability Risks in the Cloud - 70171

Report Details

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer. The risks associated with Cloud computing depend upon both the service model and the delivery model adopted. This document focuses on two specific risks – availability and lock-in.

A major objective of IT services is that systems, applications and data are available to authorized users when and where they are needed. Benefits of the Cloud are that, because of its scale, it can potentially deliver services that are more resilient to failure, and more responsive to changing levels of demand. However adopting Cloud computing necessarily cedes some control of some of the IT infrastructure to the Cloud Service Provider (CSP). So how can an organization adopting the Cloud make sure that this will satisfy its need for business continuity?

KuppingerCole’s opinion is that organizations adopting the Cloud need to determine the business needs for continuity of any services and/or data being moved to the Cloud. They should have policies, processes and procedures in place to ensure that the business requirements for business continuity are met. These involve not only the CSP, but also the customer as well as intermediate infrastructure such as telecommunications and power supplies. These policies, processes and procedures for the Cloud should form part of a complete business continuity plan. Such a plan is part of the operations of what KuppingerCole defines as the “IT Management and Security” layer within IT organization, which is described in the KuppingerCole Scenario “Understanding IT Service and Security Management” (#70173).

It is often claimed that the Cloud provides flexibility but how easy is it to change CSPs? There are a number of factors that can make changing provider difficult. There may be contractual costs incurred on termination of the service contract. The ownership of the data held in the Cloud may not be clear and return of the data on termination of contract may be costly or slow. When data is returned it may not be in a form that can easily be used or migrated. Cloud services (built using Cloud Platforms, PaaS in particular) may be based on a proprietary architecture and interfaces making it very difficult to migrate to another provider.

KuppingerCole’s opinion is that organizations need to balance the benefits of adopting a particular Cloud model and CSP against the potential risks and costs of becoming locked into that provider. Contracts should be carefully reviewed to ensure that ownership of data is clear and the terms for its return on termination of contract are acceptable. The risks of building business services based on a proprietary technical architecture are high and technical standards should be adopted where possible.

When selecting a CSP how can the customer ensure that the claims (for example regarding service availability) made by the potential providers be substantiated? The customer may wish to perform an audit of the provider but it may not be practical for the provider to allow every potential customer to perform their own audit. Certification of providers by a trusted third party is a way to satisfy this need.

KuppingerCole’s opinion is that certification of providers can provide an independent confirmation of their claims about services provided. However it is important to understand what these service organization controls (SOC) reports cover.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Oct 06, 2011

Advisory Note: Avoiding Lock-in and Availability Risks in the Cloud - 70171

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a…

€295.00 Get Access
Mastercard Visa PayPal Invoice

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

Recapping CIW Seattle 2017

Last week we completed the opening dates on the Consumer Identity World Tour in Seattle.  To kick off the event, the Kantara Initiative held a one-day workshop to showcase the work that they do.  Kantara is an international standards organization which develops technical specifications [...]

Latest Insights

Hot Topics

Spotlight

Connected Consumer Learn more

Connected Consumer

When dealing with consumers and customers directly the most important asset for any forward-thinking organisation is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organisation the consumer typically does this with two contrasting expectations. On one hand the consumer wants to benefit from the organisation as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are accessing their [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00