By Sramana Mitra, Pablo Chacin and Saurabh Mallik
SM: And it’s pay-as-you-go utilization.
RT: Right, they pay for what they use. One of the first questions I would ask is, Can cloud computing help me in some of these assumptions of ramping my cost more in line with the scale of my revenues? Does it allow me to avoid having to capitalize a lot of the cost upfront before I have any revenue and therefore have to get into debt before my business gets off the ground? I think that’s a fundamental change that’s come about because of the cloud, because it allows you to pay for what you use rather than incur a lot of startup costs.
SM: Is there anything that I should have asked you that you wanted to talk about?
RT: I think this was a very good review of the industry. We didn’t spend as much time on some topics such as security. I will just say that data privacy continues to be one of the top concerns of the cloud. I tell folks that our clients are number one, and you should not have to sacrifice your security principles or policies for the cloud. If you cannot find a cloud vendor that meets your security needs, then think about running it as a private cloud internally depending upon what the workload is, or pushing your vendor toward what your security policies are, and it’s through that push from clients that the industry will rapidly ensure that cloud systems are secure inside the firewall systems. I remember in the early days of Internet people said that we would never put the credit card! And now, you feel comfortable. For me, I make sure I am comfortable with the vendor, but I am comfortable about where my credit card number is. For the cloud, this will happen quickly. People will start asking questions and demand answers from cloud service providers – how do they handle user IDs and authentication? How do they isolate workloads among different clients? Where is the data located? International clients have strict policies about the location.
SM: What kinds of policies are those, and what’s the general philosophy of those policies?
RT: It’s mostly concerning the various laws of the country. As we are building our cloud delivery centers, we are conscious of where the data can be stored and where customers of one country are comfortable with where the data is stored. There are some European countries that say the data has to stay in that country. If needed, we build a cloud computing delivery center within that country, so the data never leaves. Then you have to show how security is going to be enforced – how you will replicate, copy, or backup the data to a different place. So IBM takes data location, privacy, and government regulations very seriously. We also take user information, both in terms of billing information and client information and passwords seriously. You should also take physical security seriously – you should find out where your cloud vendor physically is. You want to make sure wherever your data is, it’s physically and technically secure.
SM: Also, the data backup and disaster recovery needs to be very sound, right?
RT: Right, there were cases and press reports of companies where the cloud service provider was using a storage cloud that went under, and the company could not get its own clients’ data back. Understanding the different aspects of where and how the data is stored – these are all questions that clients should ask and expect good answers to. If you don’t get good answers, don’t take the risk.
SM: Great. Ric, thank you. I learned a lot, and I am sure the readers will appreciate the talk.