3 key reasons for Enterprise Cloud Services

A couple days ago, HP unveiled their public cloud services. HP Cloud Services is building the next generation of public cloud infrastructure, platform services and cloud solutions for developers, ISVs and businesses. You may be interested in reading the details on Emil Sayegh’s blog post.

But should your choice be limited to private cloud and public cloud? Frankly, I believe there space for another type of cloud, the Enterprise Cloud. Now, you will tell me there is no such term in the NIST cloud definition, and you are right. If I need to define it, I would say that an Enterprise Cloud is a public cloud addressing the specific concerns of enterprises. So, where the public cloud is geared towards SMB’s, developers and consumers, the enterprise cloud focuses on the execution of more business critical tasks.

But what concerns are being addressed by these enterprise cloud services? I count three key ones.

Security and transparency

Security is the number one concern of enterprises regarding public cloud. Although the results depend on how the question is asked, more than 50% of enterprises cite security as the number one cloud barrier. A Harris International study released last October has 91 percent of respondents concerned about security issues in the public cloud, with 50 percent indicating security as the primary barrier to implementation. On the other hand, Toolbox.com in its mid-2011 survey says, “Security concerns are sited 51% of the time as the top reason enterprises have not yet moved to the cloud.”,. In my mind the top reason is the lack of transparency of the security measures that are put in place by large public cloud service providers. With that in mind it is worth listening to Google Apps security director Eran Feigenbaum discussing data security in the cloud. I read this as, “Trust us; we know what we do. We are happy to share our paperwork, but will not show you how it works.”

In my experience in meeting with customers, many larger enterprises are not ready to just accept SAS70 certification or take stated security levels for granted. They want to see for themselves what security procedures and precautions are in place. They expect permission to audit the environment in which some of their critical applications will run. They want to understand how multi-tenancy is implemented and how they can be assured they are properly isolated from other users in the shared environment. Some want dedicated environments for some critical applications. Enterprises are looking to take advantage of the flexibility and cost associated with public cloud, but for their more critical applications they require a deep understanding of what security precautions are taken. Enterprise cloud services provide that visibility and transparency.

Compliance

Last spring, ZDNet created some debate with its series on the USA Patriot Act, even pointing out that the Patriot Act affected European Cloud Adoption. This resulted in a statement by Microsoft that indeed, they might have to share information without notifying the owner, which in turn got the EU upset. The European Parliament kicked in and asked for this issue to be thoroughly addressed. This discussion is probably worth a blog entry on its own, but I just want to highlight some of the compliance issues associated with public cloud. It is often not clear in which geography ALL the copies of data reside in the cloud and what potential implications are.

Another area of concern is how privacy data is managed. Google faces probes over privacy issues;   Facebook makes headlines with moves that cause privacy concerns. Ok, these issues are not directly related with public clouds, but the moves concern many CIOs. They want to make absolutely sure they are compliant with legislation, and so are looking for cloud service providers that can guarantee that and are prepared to put it in their contracts. Again, having a formal contract with an Enterprise Cloud Service provider gives you more than T&C’s (10-15 pages in small characters) that you accept on a web page.

Service Level Agreements

Amazon had a major outage last April, Google Apps and Gmail were down last March, and Azure was out in April also. Yes, these systems occasionally go down, they are extremely complex and human error is often the trigger for such outages. The problem? Well, how do you get the news, how do you understand what happens? The answer is Twitter and Blogging. In many of these situations there is no other information available. Can you run critical applications this way?

Although Amazon improved its SLA’s in 2008, they are still far from service level agreements as they are known in the outsourcing world. In January Google removed the limitation of only counting downtime periods longer than 10 minutes. And I could go on like this. Enterprise customers are looking at true service level agreements such as the ones they have been using for years, and most public cloud service providers do not provide that. They also want a channel to get up-to-date information on what happens and when the problem will be solved.   They cannot rely on twitter and service provider bloggers for that purpose.

Conclusion

So, to address enterprise customer needs for critical application hosting, you need to look for an enterprise cloud service with the following characteristics:

  • Transparency in security processes and procedures and auditability of those on a regular basis
  • A clear description of where the service runs, where the data is stored and what compliance processes are in place
  • A clearly documented and signed set of T&C’s, including a proper set of service level agreements
  • A helpdesk in case something goes wrong

Such services exist, we call them enterprise class services and HP happens to have one, called ECS-Compute.  So, when deciding to put some of your workloads on public clouds, assess the sensitivity of the applications and its data. If it requires security and compliance levels not provided by public cloud services, think about an enterprise class cloud. Take a look at ECS-Compute and try it out…

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.