Article written by Vladimir Kovacevic, March 2015
I believe that we are at the tipping point where more and more businesses are going to move their hosted infrastructure from in-house to one of the large providers.
Cloud computing has been around for more than 9 years, but it was 2006 when Amazon popularized the term with the introduction of “Elastic Cloud Computing”. This makes cloud computing mature and established technology – because as we all know 9 years in real life is like 1001 in techie years.
That makes the question of “to use the cloud or not?” more and more dated every month. However, even to this day there are many misconceptions and a fair degree of uncertainty surrounding the whole issue. The ones I hear all the time are: “Is it secure?”, “How do I get access to my data?”, “Is it compliant with regulations?” These are all great questions and as the technology has matured the answers to these questions have been evolving.
An example of the evolution of cloud computing, is that the services offered by Microsoft, Google or Amazon, the big three cloud providers, continue to be better, faster and cheaper. Most recently the costs have dropped to the point where it’s not possible to have a reasonable “in-house” configuration that’s comparable and competitive to what the cloud providers are offering. These recent changes make the cloud related questions even more relevant than ever.
So, what is the cloud? This is a question that doesn’t have a simple answer that everyone can agree on, but is clearly a question that needs to be answered before we see mature businesses and industries shift to the cloud infrastructure. So, rather than focusing on a complex and unavoidably techie answer, I think it’s better to answer the question with an analogy.
The best analogy that I recently heard was comparing cloud computing to the industrial revolution. I couldn’t agree more. Just like the industrial revolution, cloud computing is many different things to many different businesses and individuals, but overall it’s a powerful force of change that is enabling many technology start-ups to grow at astronomical rates. The best and most well-known example is Netflix whose entire infrastructure is running on Amazon’s cloud services. Last year Netflix did $5.5B in revenue and reached a truly amazing milestone of over $1M in revenue per employee. The same infrastructure they use is at the disposal of any start-up in the world for less than a cost of a new laptop per month. How awesome is that?
So why wouldn’t we all use cloud computing? Depending who we talk to there are different objections, questions and concerns that are raised. As it turns out, all of them can be grouped into two main objections:
Given the Netflix example, most people will agree that cloud computing is great, scalable and cost effective – but is it for “real” businesses? Is it for businesses that were around long before the cloud and all related technology even existed? How can such businesses entrust their customer and other sensitive data to something abstract like the cloud?
This intangible objection is something that I run into all the time – and I believe that it’s caused by the abstract nature of the name used to describe this awesome modern service that allows us to outsource our infrastructure to a trusted provider. The very name “Cloud” implies that our sensitive data is somewhere out there and that we can’t really control or trust who or what has access to our data. This is why I stopped using the word “Cloud” and started to refer to this great service as “Managed Infrastructure”.
Managed infrastructure is easy to explain and easy to understand. Take the servers you have today, which are most likely already virtual servers running on VMware, and replace the underlying hardware infrastructure that’s been managed and maintained by your in-house IT department with a hardware infrastructure that is managed by trusted providers. That’s it. It’s still your servers, completely managed and controlled by your IT department. Instead of running on your own hardware hosted at costly data centers (and most likely insufficiently redundant) these servers are now running on state of the art hardware managed by one of the big 3 providers. Better, faster, more secure and less expensive.
This is a Canada specific objection, raised simply by the fact that infrastructure used by the three big providers is physically located in the USA. So does this matter or not?
There are two federal laws that protect the privacy of Canadians – the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA).
The Privacy Act is related to the rights to access personal information that is held by the government and as such applies only to government institutions. Therefore it doesn’t apply in this case.
The second act, PIPEDA is the one that governs how private and public sector businesses that acquire personal data for commercial purposes need to manage such data. PIPEDA is a complex and long act, but in essence it states that a business that collects personal data for the purpose of commercial activity is fully accountable and responsible for the protection of collected data. However, it does not require all Canadian businesses to store collected data in Canada.
In addition to PIPEDA which is a federal act, there are other provincial acts related to personal information protection that address how public companies need to handle personal information or have acts that have been declared to be “substantially similar” to PIPEDA.
Considering the current Canadian legislation there is nothing that would prevent a private Canadian business from using managed infrastructure services offered by a company outside of Canada, as long as the Canadian business performs the same due diligence they should perform when hosting the data inside Canada. This due diligence should cover different aspects of data management such as physical security, data encryption, deletion of data after the contract is terminated, etc.
Given that both the legal and the intangible objection can be addressed in a reasonable manner and that the cost of managed infrastructure offered by cloud providers has dropped significantly over the past few months, I believe that we are at the tipping point where more and more businesses are going to move their hosted infrastructure from in-house to one of the large providers.
This trend has already started with a wide adoption of applications that are running on cloud based infrastructure. Odds are that either you or someone you know is already using Microsoft Office 365 and/or Salesforce.com to run their day to day business.
So why does cloud computing matter? It matters because just like the industrial revolution, it’s fundamentally changing how business is done and what it means to be a successful modern enterprise that can attract the best talent and provide the best customer experience.
Provincial Canadian Geographic Restrictions on Personal Data in the Public Sector – The Center for Information Policy Leadership – Hunton & Williams LLP, 2008 http://www.hunton.com/files/Publication/2a6f5831-07b6-4300-af8d-ae30386993c1/Presentation/PublicationAttachment/0480e5b9-9309-4049-9f25-4742cc9f6dce/cate_patriotact_white_paper.pdf
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT [RSBC 1996] CHAPTER 165 http://www.bclaws.ca/civix/document/LOC/complete/statreg/–%20F%20–/Freedom%20of%20Information%20and%20Protection%20of%20Privacy%20Act%20[RSBC%201996]%20c.%20165/00_Act/96165_03.xml#division_d2e3112
Office of the Privacy Commissioner of Canada – Acts and Regulations – Privacy Legislation in Canada https://www.priv.gc.ca/resource/fs-fi/02_05_d_15_e.asp