Risk considerations - cloud or in-house

Cloud Computing

Risk considerations - cloud or in-house

There are a number of issues to consider when deciding on which cloud provider to use or whether to remain in-house. The issues and the related risks tend to fall into 3 basic categories: system and data security; performance management and service level agreements; and vendor lock in.

System and data security is the most frequently discussed risk since many worry that data placed in the cloud could be compromised or stolen by 3rd parties. Yet it’s important to review the risk in context of the current state of security that already exists in many companies. Most companies face data security issues that, well significant, are defended by systems in-house that are less hardened (well tested) then the elaborate defences of cloud service providers. Moreover, in-house server rooms or in some cases cupboards are treated as cost centres and, as a result, are always under pressure to cut costs, which ultimately means that not all of the security issues are adequately funded or supported.

Ultimately, the greatest security threat to systems and data, even behind the corporate or company firewall, is what is called social engineering. This is done in various ways and illicit practices used to interact with the internal IT staff and with employees that are disgruntled that have admin passwords. Going beyond this, we see that quite often servers are left in an unlocked “server room” and or the servers themselves do not have secure admin passwords or left unlocked.  Thereby making security a bigger issue on premise then it would be in the cloud. Cloud providers have to adhere to a strict security code and as this is how we make money it is a priority of ours. SMEs in general do not have the expertise and in most cases the financial want to spend large sums of working capital on appropriate security measures.  The data centres in which reputable Cloud providers have their servers are extremely secure and therefore negates a number of the above concerns. 

Performance management, there are concerns that once systems are moved to the cloud environment, there will be no way to monitor or control the user response times and other performance characteristics. Often it is said that companies will just have to accept whatever performance levels the cloud service vendor or provider may offer and make the best of it. This may be the case when you are relying only on the Internet and public cloud (Office 365, Google Apps) but it is certainly not the case for private cloud. The reason for this is that high levels of performance and satisfied customers are central to the profitability of private cloud providers, we are inherently investing in technology that allows our customers to continue to enjoy maximum performance thereby achieving higher customer satisfaction levels. Performance management is not only the speed at which the environment works but time taken to either implement a new system or have a new employee up and running. Having your environment in a private cloud affords you the agility and flexibility to test new environments and software without the major capital outlay and time taken to order and deploy. When a new employees starts, all the company needs to have in place is a working desktop or notebook with a web browser. The new employee is able to logon and start working without waiting for software to be installed and the network to be setup.

Service level agreements that continue to specify levels of system performance are constantly evolving. Comparing this to in-house one must remember that the quality of in-house system performance is directly related to the sophistication and training of in-house IT or the local support person. It is in these cases moving to a cloud provider could well create an improvement in the quality of service.

On the last point of vendor lock in, companies need to assess the risks associated with cloud providers that have a lock in clause. We do not have a lock in clause as we believe our quality of service and user experience is what locks our clients in.

Andrew Tucker

CEO at

Serial Entrepreneur with 20 years of building successful annuity based IT professional services businesses. His goal has always been for these businesses to deliver unmatched service levels, customer value and trust. He has started, run and sold a number of successful businesses. These business range from 80 to 2000 staff with turnovers of $10mil to $400mil. Most recently Andrew has got involved with ITonCloud, a Cloud and Hosted Desktop provider. ITonCloud is proudly Australian.

Comments (1)
Nathan Dwyer

Nathan Dwyer

Nice blog, Your work is great and i hope for some more nice posts. Continue writing such a nice blog.