It’s become fashionable in the current technological environment to announce that everything is new again, reinvented or reconfigured for an outsourced implementation. Software as a service, storage as a service, platform as a service, infrastructure as a service, analytics as a service…indeed, every XaaS you can think of has been proclaimed as the next best thing to come down the pike.  (My favorite, introduced on April Fools’ Day, was analyst as a service.  You do the math.) The proclaimed advantages are obvious, and in many cases, real:  faster time to implementation and results, platform elasticity that enables rapid scaling according to need, the ability to shift lower costs to operating expenses as opposed to capital expenditures, always pleasing to CFOs and guaranteed performance to burn. In this environment, data warehousing as a service has begun to flourish. Allowing a trusted provider of managed or hosted services to take over the “heavy lifting,” i.e., physical construction of the data center, network connections between the client and the center, as well as providing the analytical database and software, is a likely solution.  For business intelligence professionals, these benefits and potential drawbacks must be weighed before deciding on how best to proceed (or if to proceed) in implementing a cloud-based data analytics and BI strategy.  The good news, however, is that companies have successfully designed, implemented and benefitted from outsourced data analytics for more than a decade, long before the acronym and buzzwords were in place; the cloud component has been easily appended, and the means to provide the needed security are already in place.

Businesses have been running and benefitting from DaaS-type infrastructures for years. For example, a global telecom provider has, for a 12 years, been outsourcing its call records for analysis and insight; the company needs millions of records rapidly processed and investigated to determine which call plans are working, which aren’t and which customers are most at-risk for churn.  The company’s volume of records has consistently increased over time, requiring the outsourcing firm to add additional computing and storage capacity on an as-needed basis and to handle the growth in an invisible manner to its client. On a more modest scale, a restaurant chain with more than 150 locations needed to process information from each site and determine which offers were driving additional revenue to its bottom line.  It needed to be able to access, on a variable basis, compiled data that would help it discover trends and correlations based on fact, rather than rely on the gut feeling of managers. In both cases, the companies outsourced their information to a third party, which did the work for them.  The vendor was able to perform the work in a manner consistent with the federal government’s newly released working definition of cloud computing in a recent request for information:  “Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The government, however, does not address security in its list of key characteristics, leaving it to individual vendors to answer questions such as, “Describe your handling of data isolation, data recovery and handling/security of data at rest and in transit,”  “Can you guarantee that data will remain within the continental United States, both in transit and at rest? If so, how?” and “Please explain how you provide physical security in a shared tenant environment.”  By not including security at its very base, we believe the government may unintentionally be underemphasizing its critical importance, especially given the ongoing debate that is raging about data security in the cloud.  That debate has raised multiple questions, ranging from who controls the data, where it resides, who has access to it, to if it is co-located with data from other firms, and more.  That concern is based, again, with CFOs and others who must put their name to any number of governance, risk management and compliance (GRC) documents required by laws and standards such as Sarbanes-Oxley, HIPAA, the Payment Card Industry’s Data Security Standards (PCI DSS), Basel II and more.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access