Cloud Computing and Risk

by Rob McPhee on April 15, 2015

You have probably been hearing lots about cloud computing for sometime now.

The concept of cloud computing is really pretty simple. You use programs and store information on someone else’s computer. Of course there are many more levels of detail and cloud computing comes in a very wide range of scale and diversity.

Software, hardware, and networks have been fairly mainstream for about 30 years now. In pre-cloud days most software, hardware, and networks were owned by a business or organizations as part of their internal infrastructure. IT systems showed up mostly on the balance sheet as assets and subsequently depreciated under appropriate CCA schedules.

As we know, the Internet has changed a few things. Well maybe a lot of things. OK, well maybe everything.

The technical concept of software, hardware and networks really hasn’t changed. What has changed dramatically is economies of scale for the cloud computing suppliers, and business risk for cloud computer consumers.

The smaller the business or organization is, the less software it will likely own in the future. Since a significant portion of software processing will be done in the cloud, a business or organization will have less need for that associated high powered hardware to be processing software and data on internal infrastructure.

Conversley, the cloud computing industry will need more and more processing and storage as this trend continues.

So, what does this mean for business risk? Cloud computing is somewhat like derivative investments in that you are dealing with only the retail front. What isn’t readily apparent is all the underlying systems and business relationships that make that retail front work.

The cloud computing vendor may own their own infrastructure, but more and more cloud computing software providers are using third party hosting companies and not running production systems on their own hardware. Why would they? Hosting companies thrive on economies of scale, and good hosting companies offer reliable, economical, and well supported environments.

Most cloud software providers are reliant on these hosting companies. Personally, I’m not too worried that Google or Amazon Web Services is going to go off the grid tomorrow.

However, there is a pluther of companies that offer Software-as-a-Service (Saas) and they range from the good, the bad, to the ugly. Saas providers are really providing software and hardware to you. My recommendation is that you really need to understand your business risk when signing up with a Saas provider for a cloud computing service.

Knowing what company provides hosting infrastructure for your Saas company is important to know. (Hopefully you are starting to see the derivatives analogy that I mentioned earlier).

In a recent consultation I did with a client regarding ERP, cloud computing vs. non-cloud software was a significant issue in determining the end solution. If we went with a cloud Saas, we could deploy quickly and the client didn’t need any additional application software, middleware, or hardware. However, the market solutions didn’t integrate well with the client’s legacy financial information system (FIS). Getting information from the cloud based ERP system to the non-cloud based FIS would require daily batches. While not an insurmountable obstacle to deal with daily batching, who wants to do that if there are other solutions.

In addition to integration, the was a bigger question regarding business risk. If my client invested in a cloud based ERP system, there were significant risks well beyond the ongoing subscription fee investment. Many of the cloud based ERP solutions reviewed had very good software features. What was not apparent to me was the risk of dealing with the companies that provided the Saas. Dealing with the Saas ERP salespeople typically didn’t bring any more clarity regarding the risk question either.

When evaluating solutions, we really had no idea if the Saas ERP provider would be in business a week from now, a month from now, or a year from now. We had no indication to think they wouldn’t, we simply didn’t know.

If the Saas ERP company went out of business or suffered a significant business interruption, my client would be disconnected from their software, and more importantly all their important data that they use on a daily basis to operate would also be unavailable.

In the end, we settled on and implemented a more traditional software, middleware, hardware solution. This integrates well with their FIS, and even if the chosen non-cloud ERP software provider has a significant business interruption, my client can keep operating, at least in the near-term. Of course we additionally had to deal with a business continuity and data recovery plan for their internal infrastructure. The short story is, with this solution, it’s not an all-eggs-in-one basket approach. There are a variety of local market vendors who can supply, fix and maintain the infrastructure. So my client has more options at their disposal.

Currently most Saas provider are selling on “software features” and “no infrastructre needed” plays.

In the future, I think Saas providers will need to make better disclosures regarding their ongoing viability to convince clients they will be there for the longer term.

Saas providers who fail at the business level will bring a world of misery to their clients if they are suddenly disconnected.

With Cloud Computing you aren’t buying software, you are buying trust.

For me, to turn the tide and use mission critical Saas applications in the cloud, I will have to know that the company I am dealing with is very well managed and is a sustainable and going concern.

Share this post:
Rob McPheeCloud Computing and Risk