Cloud Washing: Slapping Lipstick on a Pig!
Recently, I was having a conversation with my colleague, Brian Lenane, Program Manager with SRA International about what’s going on with cloud computing offerings. He related to me how customers are confused with all the “Cloud Washing” going on. Truthfully, if I didn’t know what’s going on, I’d be confused, too. So many companies have called themselves cloud providers when they are nowhere near the cloud. I told him “Thanks, that will be my next blog.” Unfortunately, that was back in September 2012. I found myself transitioning from job to consulting via my personal company, VerdeSol LLC. Being laid off during the holiday seasons seems to be a theme for me in 2011 and 2012, but the beat goes on. I am, however, currently on the market for Cloud Solution Sales, Channel Relationship Management, and Business Development. If you, or someone you know, needs someone like me, look me up.
Cloud Washing Defined
So what is this so called “Cloud Washing”? Marketing people seem to latch onto the cloud to get attention. If you are not savvy to the cloud hype cycle, that strategy will work on you. Because the definition of the cloud is sometimes unclear, the marketing departments tend to call everything the “Cloud”. In my humble, but accurate opinion, the cloud is Information Technology Services delivered exactly like a utility. It doesn’t matter if it is Software as a Service (SaaS), Infrastructure as a Service (IaaS), or Information Technology as a Service (ITaaS), it must be delivered like Telecom, or Heating and Air Conditioning. I will even go a step further, and lump Managed Services Provider (MSP) into the mix. Unfortunately, we have project-based IT and Software Development companies slapping the cloud onto existing products and services.
If I replace my email with Google Apps, Exchange Online or Office 365, I will eliminate Microsoft Exchange, SQL Server, Windows Server 2012, and possibly VMware and the engineers that go with them. That is what we call a “No Brainer”. I want to configure, virtualize, and scale Exchange, like I want to poke my finger in my eye or kiss that pig with lipstick.
If you find yourself paying the same rates or higher than traditional IT costs, you probably have a pig with lipstick. Your cloud fees should be one third to one half the cost of traditional IT. Cloud services should have a significant savings compared to hardware, software, and salary costs you pay now. You should NOT be buying hardware to get your cloud service projects off the ground. If you are, you are probably building the pig’s cloud service for the future. Now you will have to pay a fee for numbers of users when it comes to software licensing, but that’s to be expected. Cloud Solution Providers should have their systems baked, and ready for consumption. The order process should be smooth and fluid. If you find them writing a Statement of Work that looks like a project, start asking questions. In addition, they should be able to provide Service Level Agreements for all of their services.
Another thing to be greatly concerned about are data centers with fancy buildings and gear, who sell real estate in their data center, and have decided to add Cloud Solutions as an afterthought because they figured out they can make more margin. Make sure they offer Cloud Security, and Cloud Back Up. I have spent a lot of time evaluating, offering, and selling data center space for the last decade. Many only offer cage space, racks, services, ping, power, and pipe. They leave the rest to you. Well times have changed. Companies are burdened with certifications and compliance, which requires them extensive expertise. If you want to be a true cloud provider in 2013, you need to have Cloud Security, Cloud Back Up, and Disaster Recovery built into your cloud service. Otherwise you are not securing the cloud. PERIOD.
Here is a list of Certifications and Compliance designations your cloud provider should meet or exceed:
• FFIEC (FDIC)
• Gramm-Leach-Bliley Act (GLBA)
• Sorbanes Oxley Act (SOX)
• National Credit Union Association (NCUA)
• Payment Card Industry (PCI)
• FISMA (Department of Defense)
• FEDRAMP (General Services Administration)
• SAS 70 Compliance
• ISO 27001
• SSAE 16 Certified
Keep in mind each certification may be designed for a specific industry like banking, healthcare, and government. But these are areas to start valid discussions. In addition, passing a certification exam does not guaranty success. The cloud provider should be able to show past performance, and have case studies, and testimonials.
In short, your cloud services should be easy to acquire, easy to implement, and safe and secure. So beware of the charlatans, be smart, and come on in. The cloud is fine.