Virtual Data Centres: fact or fiction?

In the past, analysts at the Enterprise Strategy Group (ESG) have attacked the cloud for its lack of security and accountability, calling Amazon an “unknown, unsecure provider” and referring to putting data into its EC2 as putting it “God knows where.” This is a valid argument, one that is used whenever change is mooted in the IT industry. Moving from centralised to distributed platforms, introducing thin client technologies, and adopting the internet have all, in their time, been targeted by critics worried about security and accountability.

As with all IT architectures, an agreed position on security and ownership of data is fundamental for success. At the moment, there seems to be very little common ground on standards to cover all the traditional areas of systems management, namely security, accountability, and data ownership, in a cloud environment. Without these being in place, we will not see pure utility-based or virtual computing emerge.
Lost data
While the critics may be correct to highlight the security issues related to virtual data centres, we must not assume that the traditional methods of data centre management are perfect either. Every week brings another story of lost data; an insurance company losing a tape containing details of 50,000 of its customers, government losing a laptop with the personal details of 14,000 voters. We have all seen other examples too: the Inland Revenue losing millions of customer details on two CDs, Barclays’ chairman losing £10,000 in ID fraud scam and a large number of customers’ bank records found on the motorway.

How many CIOs are certain that their in-house disaster recovery procedures can safely and accurately restore a working IT environment within the terms of their agreed SLAs to meet the RPOs and RTOs needed by their business? One attraction of adopting a virtual data centre approach would be to negotiate successfully with the provider a binding, committed data protection and security strategy. As the pool of virtual data centre providers matures, one means of differentiation will be the quality of guarantees underpinning their services.
Business needs
Steve Duplessie of ESG said that those who run the infrastructure have a different mission from those who run the business and applications side, which ultimately causes clashes “Our (IT) world is about becoming cheaper, consolidating, and being more effective at what you do. That mission is directly at odds with going faster to satisfy the immediate business needs.” For the virtual data centre providers another opportunity now opens up. The providers will (almost certainly) have access to greater pool of developers and business analysts who can meet the business needs more readily than the incumbent IT organisation.

Already we can see that there will be many flavours of virtual data centre, from basic outsourcing at one end through to complete IT redesigns at the other. Virtual data centre costs will also vary significantly. In summary, the sceptics are right to highlight current deficiencies of cloud computing but these can be overcome with proper standards and correctly-set levels of expectation. As with everything else in life “caveat emptor” and “you get what you pay for” will apply with cloud computing too.