By guest author Shaloo Shalini
SM: This may not be relevant for small or mid-sized companies, but in general, how do you view private clouds?
FB: Well, it seems to me that private clouds, as a concept, have value in the sense they create better alienation between the IT organization and the services it provides to the business and the rest of the organization. It will become easier to define service levels and to measure the quality of services (QoS) being delivered by the IT organization with private clouds. There will be better accountability. It will be easier to charge back the actual expenses to different parts of a business organization. Overall, private clouds will have a positive effect on the ability of an organization. This too will help a company to measure the effectiveness of its IT and to look at IT as part of the expense of individual business activities. Businesses will have a better idea of what is the value they get out of their IT investment in terms of ROI. There are fairly significant benefits to going to private cloud models that are not necessary fundamentally different from what you can do in a data center today. It is going to be beneficial to have clearly defined interface levels of services within the organization. For an organization, the ability share infrastructure among the different tenants will improve.
SM: What is your perspective on security in the cloud? In terms of SMBs, are you taking advantage of cloud-based security offerings?
FB: Well, the amount of security that is required in a cloud service is proportional to the size of the organization using the cloud service. Larger organizations have to be a lot more sensitive about security than relatively small ones. In our case, we are a small company and we use cloud services extensively. We feel that the security that is being offered as part of the service is sufficient for us as an organization. If you are a large public company, you clearly have to deal with all kinds of regulatory compliance requirements, and you have a much stricter need for security in the cloud. You may need control over where you store your data, where backup is stored, what happens to your data, and who is accessing your data. You need all kinds of controls that today are not being provided by clouds, and that I see that as one of the hurdles to broader adoption of public clouds in large organizations.
SM: Is vulnerability management, say vulnerability to failures, outages, or intrusions, an issue for a small or mid-sized company?
FB: Yes. Intrusion is an issue. but it’s the way you look at it. We don’t see it as significantly better in a cloud environment than if we run our own IT.
SM: As a small company, are you taking advantage of cloud-based security solutions, say antivirus, firewalls, intrusion prevention, or any other such solutions?
FB: In our case we are not. We use SaaS and PaaS and IaaS for different functions in the organization. We don’t use it for security. When we use SaaS-based solutions, we depend on the security provided as part of the service. We use IaaS mainly for R&D. The cloud-based solutions that we use and the inherent capabilities present in the services we are using we think we are sufficiently protected for our needs.
SM: Do you care about data security, where the data is located.if your data were in China for instance, would that bother you?
FB: Well, for us as a small company it wouldn’t particularly bother us. We have operations in India, for example. Some of our data is actually there. So we are not sensitive to that. I know of other situations where companies are highly sensitive to that, and I don’t think that is a fundamental problem. It just means that they need to have some control with respect to where the data is actually stored in the cloud.