Confusion is not a good thing, at any time, in any sense. And yet, it may be what we face when talking about cloud computing.

Before going any further, let’s clarify one thing, so that there is no confusion: cloud computing is a very good technological advance, and in the long term, it has a good chance of fundamentally reordering the way companies handle and process information. Companies such as have already built a successful sales model and business using a software as a service (SaaS) implementation on the cloud-computing platform.

Moreover, leading analysts are already seeing signs that a fundamental reordering is taking place in that more companies are beginning to move away from traditional on-site computing. Indeed, some analysts are urging their clients to jump now or risk being left behind. Forrester analyst James Staten says, “If you’re a large enterprise, somebody in your organization is using cloud computing, but they’re not telling you. So there’s a good chance that in the next five years, you’re going to inherit things that were born in the cloud anyway, and now you’ll have to manage them.”1

Yet, in today’s immediate, “here-and-now” environment, cloud computing runs the risk of being a good idea that may not be applicable for some companies in today’s business environment…and it all starts with the term itself: the label “cloud computing,” when applied in a strictly ordered way, clearly delineates where it may and may not benefit end users. Moreover, there is concern that the term itself may have been misapplied in many cases, covering situations where it was never intended to apply, and in doing so, potentially confusing those who would consider taking advantage of it. There cannot be a “one size fits all” definition of cloud computing.

Depending on with whom you’re speaking, cloud computing “will be as influential as e-business,” or is nothing more than an “opaque, puffy concept.”2,3 It’s that kind of confusion over its definition, its application, its benefits and more that befuddles people as to cloud computing’s benefits and drawbacks, and leads some pundits to label it as just this year’s marketing buzzword, “used to suggest something new and better is going on, when in fact there may be nothing new about it,” even as industry analyst Mike Schiff says, “Ask six people to define cloud computing and you are likely to receive (at least!) half a dozen different answers.”4,5

The adoption of the term “cloud computing” has been largely driven by vendors such as Google, Salesforce and Amazon, all of which have service offerings rooted in data storage on their massive servers. The benefits are clear: cloud computing delivers what IT always needs - a way to increase capacity or add capabilities on the fly without investing in new infrastructure, training new personnel or licensing new software. Cloud computing encompasses any subscription-based or pay-per-use service that, in real time over the Internet, extends IT's existing capabilities.6

I agree with the first part of that statement and would argue with the second. The very nature of a cloud is blob-like. Data stored “in the cloud,” in its truest sense, resides somewhere. It is somewhere you’re not sure of, and you’re not sure you need to know. You just know that your data is stored and available to you for whatever reason you need, when you need it. The price point of such a schema has virtually hit rock bottom: consumers who store data using Amazon’s Simple Storage Service (S3) can pay as little as $1.50 per month to house 10GB of information, giving anyone access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of Web sites.7 Where, exactly, are its servers? For many consumers, it doesn’t matter; the location of the data is not a real concern, while access is.

The same goes with the wider concept of cloud computing: as an end user, you’re not really sure where the processing power resides. And you don’t really need to know. It’s sufficient to know that you can access your data, and do the work you need to do at a fraction of the cost and in the same time frame as before.

Some businesses, however, may not have that luxury. Many of them, both privately held and publicly traded, face regulatory compliance requirements (from governments and private industry groups) that require them to maintain tighter control over their data than ever before. The Sarbanes-Oxley (SOX) Act of 2002 may be the most well-known of the group: its Section 404 requires company managers to produce an “internal control report” as part of their annual Exchange Act report, affirming “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.” The control structure, by its very nature, must include steps taken to secure corporate data containing personally identifiable information (PII) about its customers, such as account numbers, Social Security numbers and addresses.

The paradox immediately becomes clear: storing PII in “the cloud,” regardless of how inexpensive that storage may be, potentially leaves the information open to assault from those unauthorized to access it. And because the data resides at locations unknown to its owners, there’s little way they can certify its security, other than to demand that the service providers clearly spell out a level of security in their service level agreements (SLAs) and provide consistent proof that they’re living up to those levels.

If companies are going to locate their data off site, they should consider storing this kind of data on servers that they (the originating companies) directly control, or through a trusted third party, a service provider with whom the company already has an established relationship with, rather than on anonymous servers. Beyond that, the provider may well choose to present the company with a SaaS offering, helping the company take advantage of the multiple advantages traditionally associated with SaaS: quicker time to deployment, lower costs of physical installation and operation, lower IT costs and more.

This, it must be made clear, is not cloud computing. It’s SaaS from a trusted provider, who can tell you exactly where your data is being stored and who has access to it, as well as who uses that information to further build an existing relationship. Let’s give it another name, perhaps “service-based computing.”

We’re not the only ones who are concerned with the idea of the cloud; Gartner analyst Donald Feinberg was quoted as saying he is “uncomfortable” with the concept:

With the cloud, it could be in Bangalore, it could be in Russia or it could be in Sao Paulo, Brazil. Amazon won't tell you where their machines are for security reasons. You have no control over what machine your database is running on. You're buying a virtual machine - that's what the cloud is - and I don't know or care where it is.

This presents problems that I don't have if I'm using a DBaaS [database as a service] that's at a vendor's site. Number one, at a vendor site I can specify whether I'm using shared hardware and I have more control over who is using the same machines. Security wise, if it's at a vendor site, I'm a little bit more comfortable; people use in part because they are comfortable that the data is at their site. From a scalability standpoint, with DBaaS, I'm using the vendor's hardware and infrastructure, and they can tell me exactly what they do to ensure availability, redundancy and recovery. When you're in the cloud, you may not have those assurances. EC2 went down the other day and everybody went down with it. 8

Industry expert Mark Anderson also weighed in earlier this year, saying:

While it would appear that everyone needs access to multiple farms, the real issues, as in the past, boil down to security, safety, reliability, consistency. If I’m Jeff Immelt (General Electric CEO), I’m happy to have my team use Google for their searches, but I won’t be keeping company confidential data on Amazon servers. Result: I need my own server farm. 9

There’s also the issue of hardware/software compatibility and maximizing the relationship between the two. There is a reason that some companies sell integrated data warehousing appliances; they’ve tuned the software to optimally work with the proprietary hardware. How, then, can you make this work in a cloud computing setting, unless the company storing the data and the company have previously worked out a deal to standardize? And what happens when (not if) one or the other change? In the cloud, you the customer are not privy to what’s happening; you’re paying a lower price and getting whatever the vendor chooses to use as the matter of delivery. Service-based computing providers, by contrast, are far more likely to work with their customers to maximize the delivery scenario and clearly communicate the means of doing so.

Service-based computing also allows for a key scenario that addresses Feinberg’s and Anderson’s concerns: it allows the company to maintain its data in its own data center, and allows the trusted service provider to establish a direct, secure connection to perform the contracted-for service, be it analytics, storage or something else.

So, let’s make sure that we have clearly stated our belief: cloud computing is a good idea, in the sense that it will lower time to implementation and time to results at a quantifiable, positive ROI. In that, I join with a growing group who believe that companies should now be studying its benefits and considering implementation.

However, I also believe that not every firm is currently able to take advantage of cloud computing, for reasons previously outlined. And the industry, including vendors, should delineate and differentiate what is meant by cloud computing. Lumping all the various permutations into one catch-all phrase is akin to saying that you’ve just bought yourself “a motor vehicle:” Compact? SUV? Truck? Scooter? Different vehicles are optimal for different reasons, and the same goes with cloud computing.

Before companies move down the road toward cloud computing, they owe it to themselves to fully analyze the costs and benefits of doing so in a given timeframe. While is a success in the marketplace, it took years for customers to feel comfortable with the concept of turning over their data and computing ability to it. Intermediate steps along the path may be the course you want to consider now; taking the plunge is something you can consider down that road, when the future is more (and less) “cloudy.”


  1. Tony Kontzer. “Cloud Computing: Anything as a ServiceCIO Insight, August 8, 2008.
  2. James Macguire. “The Many Dangers of Cloud Computing.” IT, July 23, 2008.
  3. Gartner. “Gartner Says Cloud Computing Will Be As Influential As E-business.” Gartner, June 26, 2008.
  4. Mike Schiff. “Hey! You! Get Onto the CloudEnterprise Systems, August 13, 2008.
  5. Mike Elgan. “Why 'Cloud Computing' Is for the Birds.”, August 18, 2008. 
  6. Galen Gruman and Eric Knorr. “What Cloud Computing Really Means.” InfoWorld, April 7, 2008.
  7. Amazon. “Amazon Simple Storage Service.”, October 21, 2008.
  8. Doug Henschen. “Q&A With Gartner's Don Feinberg on Database as a Service and Cloud DBsIntelligent Enterprise, May 23, 2008.
  9. Mark Anderson. "Corporate Clouds." Strategic News Service, June 16, 2008.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access