Gartner

Top five cloud computing adoption inhibitors

Bruce Robertson focuses on the most critical inhibitors to the adoption of cloud computing and the means of mitigating the risks

Many enterprises are intrigued by cloud computing’s attractive benefits, including elastic scale, low cost and fast implementation. They should not, however, fail to consider the risks involved. Gartner has identified what it believes are today’s top five most critical inhibitors to adoption and the common approaches to reducing the risks.

Risk testing

Testing is difficult to arrange and conduct and often isn’t offered by the provider. If you don’t have enough information to determine just how well a provider is managing risk, then the only prudent conclusion is that it is not.

You must do due diligence. One client reported visiting a provider site far from a major city and seeing a system administrator kenneling his dogs and another employee making ammo for his shotgun. Some vendors will be loath to allow visits. More-mature cloud service providers are now improving their ability to show how they operate behind the cloud to reassure customers. Get a tour and develop assessment criteria.

Data location

You may not know where your data is being stored. The question may be which disk farm, which data center or which country? Some enterprises may have policies or laws that require some level of control over this. Many governments, for example, are by law required to keep data on servers in their own country.

Some providers are now offering features to enable sticky location of data across their distributed data centers. Push your targeted providers to offer a simple level of control over locations. Do not force them to avoid their own economies of scale and availability approaches by insisting that data be located in a single place. Know which data such location constraints apply to. Do not assume they apply to all cases.

Data and code portability

Once you’ve put your data into a system, it can be difficult to get the data back out. Beyond the data, it may be hard to get process (and the code that executes that process) out of the provider.

Review bulk data extraction and code copy options before signing a contract for SaaS or application cloud services. If you are leveraging infrastructure oriented cloud services, consider supporting more than one provider’s offering simultaneously, and duplicate data across them. Some cloud-enabling middleware services can help manage this.

Data loss

Any system and any provider can lose your data. Cloud providers may be better or worse than your own internal IT organization regarding this issue—but given the low maturity and simple age of cloud service offerings, it is prudent to assume the worst. There have been disturbing cases of providers suffering a complete technical meltdown or going out of business—resulting in non-recoverable data losses. Many cloud services do not come with backup/restore capability included—you have to add that as an option, often on your own or with another cloud provider.

Make sure your data is backed up or replicated. Make sure your backups are usable, whether they are done in-house, with yet another cloud service or with optional services from the same vendor. Do this regularly.

Data security

Others can access an enterprise’s data more easily when it is stored externally, making it more vulnerable to being accessed or copied. Most enterprises underestimate the results of their internal data security, but it is not without risk. Still, storing data externally could be worse.

Have competent security and information personnel vet your approach before you sign contracts. Know which data you are allowing onto cloud services. Data that has strong restrictions about who should be allowed to see or change it should never be stored externally. If data needs wide dissemination, it will need to be more available, making it a strong candidate for migration to cloud services for scale and availability. Look for security capabilities that are similar to your internal ones and have third parties test them. Although data security is often the most visible fear of customers and enterprises, it shouldn’t stop all use of cloud services.

We’ve added a sixth inhibitor (vendor viability risk) to accompany the top five, but given it is not yet generating concern among a significant number of clients, Gartner was hesitant to classify it as a current inhibitor. However, vendor viability represents a significant level of risk.

Vendor viability

The provider may fail and completely go out of business. Even large vendors might decide to stop offering a particular cloud computing service. Also, the “cloud” of providers may hide some viability risk, as some service providers may leverage others that in turn could go out of business.

Verify vendor viability via common reasonable methods. Develop a plan for change in case of vendor failure and make sure you have a backup of your data.

Summary

There are of course many other risks inherent in cloud-computing services. Over time, enterprises’ perceptions may change and other risks will become greater inhibitors to adoption. Also, other risks exist for other stakeholders—such as the providers of cloud-computing services and their investors.

None of the risks discussed here is a “showstopper” for all enterprises and for all specific use cases within any single enterprise, but they will be for some. Confirm that these inhibitors are understood and reasonably mitigated to get stakeholder approval for investments in cloud computing services. Then tackle others that may also apply.

Bruce Robertson is a Research Vice President at Gartner in the Enterprise Planning and Architecture Strategies (EPAS) group. He focuses on integrated solution strategies to leverage technology appropriately for applications