by Bernard Golden

Different Cloud Survey, Same Cloud Adoption Concerns

Aug 01, 20128 mins
Cloud ComputingData and Information SecurityIT Strategy

The Uptime Institute's 2012 Data Center Survey is the latest to show that companies remain reluctant to use the cloud because of security concerns. These firms seem to be waiting for an 'all clear' from some higher authority--but with a disruptive technology such as the cloud, that may never happen, columnist Bernard Golden says.

The Uptime Institute, a well-known and -respected organization that focuses on data center best practices and economics, recently released its 2012 Data Center Survey (registration required).

Uptime does an annual survey to determine overall data center spend and trends in investment, as well as major topics of concern to data center practitioners throughout the world. Two things leapt out at me from this year’s survey.

  1. There is little end-user movement toward using external data center space providers.
  2. The primary reasons cited by respondents about why they’re reluctant to adopt cloud computing involved security, compliance and reliability.

Both points are puzzling and, to my mind, represent practices that look toward the past rather than into the future.

To Build, Buy or Rent, That Is the Question

The sentiment is universal, according to the survey. Throughout the world, in every geography, end users are building data center capacity. Over the past five years, 80 percent of respondents have built new data centers or upgraded an existing facility. Despite this, 30 percent of respondents expect to run out of capacity at one or more sites during 2012—and most of them plan to meet the demand for additional space by “consolidating servers and upgrading their facilities infrastructure.”

It’s odd that these users don’t recognize the trend for what it is—unstoppable growth of demand for computing resources. (This will be addressed again below.) Server consolidation and facilities upgrade are a good stop-gap strategy, but they’re only truly viable if you expect that demand will peak. In other words, measures like these will get you through the next year, but they aren’t a long-term solution if you expects demand to continue growing.

Analysis: Fear of Change Impedes Cloud Adoption for Many Companies

Nothing in the survey, however, indicates that respondents are looking far enough ahead to create a long-term plan responsive to likely demand growth. “Consolidate and improve” is a classic “solve today’s problems and hope for the best” response. The question is, what will these IT organizations do next year, when the same growth dynamic exhibits itself?

More troubling is the continued emphasis on “own and operate” rather than “outsource and focus.” The data center industry is changing rapidly, with established and new operators alike constructing gigantic facilities to provide data center services. These companies can operate data center footage far more efficiently and cheaply than any entity can do for itself.

For example, Cyrus One is building a million square foot data center in Chandler, Ariz. Total headcount there will be 50 people. This is not to mention the cost advantage accruing to the large providers based on power rates, design efficiencies and bulk purchasing power.

The only justification for a small- to medium-sized organization operating its own data center is bandwidth latency problems with network traffic to and from one of these behemoth data centers. The choice is made even more stark by something else the survey shows: Most IT organizations have poor cost assignment and tracking, and only 20 percent of IT organizations pay their own energy bill.

I know from experience that very few IT organizations can provide a granular cost calculation due to scattered budgets and a lack of consolidated cost assignment. Continuing to pursue an “owned and operated” strategy without knowing how your costs stack up against the service provider alternative is like driving without a map—there’s lots of activity but no way of knowing if you’re heading the right direction.

Commentary: Why a CIOs’ Cloud Strategy Must Include Public Cloud Services

Building your own data center made sense in an environment in which service alternatives are not available or offer little cost advantage. Today, however, continuing an internal data center focus means you’re adhering to practices appropriate to the past but not paying attention to where the industry is heading.

Companies Looking at Where Cloud Is, Not Where Cloud Will Be

The survey also discusses cloud computing adoption. Here, again, respondent feedback reflects backward-looking practices and not, as Wayne Gretzky puts it, skating to where the puck will be. Not surprisingly, there is lots of interest in the area, and the survey found significant growth. However, when drilling deeper in the sample, when technology service providers, colocations and telecommunications forms are stripped out, the numbers of organizations adopting cloud computing was much lower. In other words, according to the survey, traditional enterprises are not nearly as far along on the cloud computing adoption cycle.

The reasons cited by most respondents for being concerned about cloud computing represent a familiar litany of security, governance, and reliability. Not surprisingly, these are the same issues that have been voiced for the past five years. I wrote about this a few weeks ago, expressing some frustration with a conference attendee who seemed to raise these cloud adoption concerns not as a challenge to be addressed but, rather, as an immovable barrier that blocks all possible progress.

This is how my post characterized this exchange:

I found especially dispiriting one exchange I had during a session I was leading on cloud TCO. I had no sooner started than an attendee put up his hand and asked, “What about security?” It wasn’t said in a tone of, say, “How can I address any security challenges I may encounter while placing workloads in a cloud environment?” It was a skeptical, mulish attitude implying an implacable resistance to any kind of public cloud adoption.

Having thought about that exchange further, and examining this survey, I’ve come to the conclusion that people who raise these issues aren’t just being stubborn, or at least only being stubborn. I think the implication of these questions is that the people voicing them want an answer. They want a final and definitive “the cloud is now safe” pronouncement from someone—that is, someone with sufficient authority so that the responsibility for any subsequent problems with a cloud application do not fall on the individual.

Analysis: Security in the Cloud Is All About Visibility and Control

As the Uptime survey rhetorically asked, “Why doesn’t every organization avail itself of the cost scalability and immediacy benefits and just outsource data center workloads to a cloud provider?” it then responded “right now, it’s still your job on the line” (emphasis original).

Disruptive Innovation Never Gets a Stamp of Approval

Clearly, there is fear associated with this reaction. Fear of losing one’s job is powerful—very powerful.

On my summer holiday I read a fascinating book called How We Decide by Jonah Lehrer. He discusses genetics, hormones and the like, but one thing that really stuck with me was his observation about brain research and decision-making. The fear of loss, Lehrer says, is much more powerful than the desire of gain.

Consequently, the reluctance to adopt cloud computing on the part of practitioners makes perfect sense. They understand that the negative consequences of something going wrong are much more powerful than the benefits of achieving better IT outcomes. Given that, the desire for an “all clear” sign about cloud computing is comprehensible. When a clear endorsement of cloud computing security is available, making any failures not the individual responsibility of the practitioner, then they will gladly move forward. Until then, however, resistance both covert and overt will be the order of the day.

News: US Lawmakers Question Cloud Security

Here’s the thing, though—disruptive innovation never is accompanied by a clear signal of its “acceptability.” It’s resisted and denigrated until an invisible tipping point is reached, whereupon it becomes the accepted norm. Choices in favor of the disruptive innovation are made piecemeal, one by one, until the mass of evidence is obvious. If one waits for an official announcement, a judicial decision, an executive proclamation, one will wait in vain. No IT group ever voted in favor of the PC, and the ultimate dominance of this mode of computing is testimony to how the adoption decision was driven despite IT’s objections and the fact that security issues never dictate the final outcome.

What this means in the real world of daily IT is that, three years from now, we will still be reading articles and surveys discussing the security and compliance concerns associated with cloud computing. At the same time, hundreds of thousands of projects teams will individually choose to implement their application in a cloud environment—because of the agility and economic benefits and despite the security concerns.

At some point, it will be obvious that cloud deployment is the customary method of deployment, and security will move to a checklist item in the project plan rather than a driver controlling the overall decision.

Bernard Golden is the vice president of Enterprise Solutions for enStratus Networks, a cloud management software company. He is the author of three books on virtualization and cloud computing, including “Virtualization for Dummies.” Follow Bernard Golden on Twitter @bernardgolden.

Follow everything from on Twitter @CIOonline, on Facebook, and on Google +.