Today, many organisations are being asked the question “when are you moving to the cloud?” But this is the wrong question to ask, as it assumes the cloud as a kind of ubiquitous computing capability, a mythical utopia with unparalleled benefits located somewhere in the computing ether.
Instead, we need to look at cloud computing as an architectural and technological approach that can be hugely beneficial when used strategically alongside existing computing assets. To some, destination cloud is cheaper or more flexible or faster. But to others it presents specific and seemingly unbridgeable challenges, with security and compliance often top of the list of common obstacles to adoption for public cloud services.
The result is that many organisations err on the side of caution, avoiding cloud computing as an official strategy as the perceived risks are seen as being too high.
So what is the right question to ask?
Organisations are continually being asked to balance the equation of risk, security and compliance against needs like cost, agility and new business opportunities when making technology choices. However, simply focusing on the obstacles can result in opportunities being missed.
To illustrate this just cast your mind back ten or so years. Internet banking was a new, tentative and – for some people -- dangerous idea. Today it seems almost laughable to question if this was a worthwhile strategy, as the benefits have far outweighed the challenges; it’s now a must-have capability for almost all consumers and financial institutions.
Given this, perhaps the question should be “where does cloud computing technology fit in your organisation’s landscape?”
The different types of cloud infrastructure
Cloud computing is in fact a spectrum of technologies that can be a total solution or simply a part of the wider landscape of your technology assets -- you can choose, and to help you understand, it's useful to recap on the different types of cloud options available...
Non-cloud on-premises – what exists today for existing apps in your datacentre. Typically delivered with little transparency in costs, or any burst expansion capability.
Private on-premises – your own machines, on-site and only used by your organisation but delivered using cloud principles of on-demand and pay-as-you-use consumption.
Private off-premises – third-party servers located off-site. Almost certainly managed by a third party. Delivered using cloud principles of on-demand and pay-as-you-use, often for commodity services but dedicated to a single organisation.
Public off-premises – the cloud as the public widely understands it. Run and managed by a third party on behalf of multiple organisations. Commodity-based, pay-as-you-use.
The key here is to start thinking about cloud computing, in its entirety, in your application and infrastructure landscape. Consider the opportunities, the challenges and the options to ensure you can take maximum advantage of this disruptive technology in your IT architecture and technology choices.
Opening up choice
The advent of cloud computing models has created a level choice for all enterprises through scale, flexibility and choice. For example, for parts of a bank using email for external marketing, public cloud might be the right option but for risk and compliance or customer interactions, it might well be that on-premise solution may be the right choice. One thing is clear here, the cloud has democratised IT; it creates a level playing field and expands the opportunities for innovation and creativity
Financial Sector concerns
Avanade UK sees that there is currently a climate of concern around public cloud services, particularly in Financial Services, but really there should be no more misgivings than for any other new technology.
Financial Services companies may limit the use of public cloud due to regulation concerns, the right to audit, data location and sovereignty, security and access. While these concerns should not be ignored, Financial Services companies should however consider the regulations, implications and technology provisions at a level that will enable an informed decision to be taken. For example, The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) do not prohibit the use of cloud services. However, they do require organisations to take reasonable steps to avoid undue operational risk. Therefore, the key to adoption is for organisations to understand their data, their systems as well as the risks and implications associated with them.
About the author
Nic Merriman is the CTO of financial services at Avanade UKwhere he is focused on the development and delivery of solutions. Nic has 22 years’ experience in the IT industry and prior to joining Avanade Nic held senior positions in enterprise IT organisations including the CTO of HBOS Retail.