Weekly Update

Why Humans are the Biggest Threat to Cloud Adoption

Around the world, organizations and individuals are coming together to tackle cloud computing’s technological hurdles. Just this week, Intel launched its Open Data Center Alliance and Cloud Builders initiatives; last week, CloudAudit joined the Cloud Security Alliance. Elsewhere, various consortia are working on cloud standards and best practices. All of this progress is great, but when it comes down to it, human nature and institutions, not technology, might represent the biggest obstacle to adopting cloud services and software.

A cloud-security report released this week by the Center for Technology Innovation at Brookings highlights a big reason for this proposition. As authors Allan Friedman and Darrell West point out, technological issues are improving and will continue to do so as cloud computing matures and more money is pumped into security efforts. InformationWeek’s Charlie Babcock calls concerns over multitenancy “overblown,” for instance.

But what won’t necessarily get better are things like malicious insiders wreaking havoc, privacy issues and legal concerns. There’s precious little anyone can do about the former, and we’re still a long way away from resolving the latter two.

The Problem With Privacy

A breach isn’t necessary for unauthorized data access in the cloud. As numerous commentators have discussed before, there is much debate over whether law enforcement can access cloud-stored data without a search warrant. The Fourth Amendment protects against unauthorized searches and seizures, but there’s plenty of support (mostly judicial) for the argument that we waive our privacy rights by placing data in the cloud. Microsoft is leading a charge to have Congress update the Electronic Communications Privacy Act, which is the basis for this contention, but there’s no timeline on when Congress might take up the cause. As for international data laws, that’s a whole other issue.

I’ve covered the legal aspect here before, but it bears repeating. Save for instances of gross negligence or intentional acts, most standard cloud computing terms of service expressly disavow the provider of any liability in the case of a breach. There are strong arguments on both sides of the debate over whether they should or shouldn’t, but the only way they will is through human intervention. Cloud customers need to negotiate favorable terms, or a court needs to mandate them. Technology won’t create them.

No Accounting for Human Error

To the extent that the threat of service outages keeps customers from the cloud, humans play a big role here, too. Certainly, employees manning provider data centers and systems aren’t infallible, as illustrated in the case of an IBM employee accidentally taking down a large banking customer’s managed system. Deep down, cloud users must know that even the greatest data center designs and high-availability plans won’t protect against simple human error.

IT Departments Resisting Change

And then there is the issue of jobs and overall IT department culture. Traditionally, each application had its own set of resources and staff dedicated to each layer of the stack. Cloud computing, by its very definition, eliminates the need for so much personnel, and forces the fusion of once-disparate IT skill sets. Sure, cloud computing will create jobs, too, but those jobs will require learning entirely new skills, switching employers and/or competing with young, cloud-savvy talent. Some companies don’t want to give up their mainframes. Believe it or not, many IT decision makers might stall cloud adoption within their organizations as long as possible until they’re comfortable with all the changes it entails — jobs or otherwise.

The cloud computing community is comprised of some of the smartest minds in computer science; they’ll figure out the technology. What we need is more focus on the biological beings that make decisions, from senators to sysadmins. Ultimately, it’s their efforts that will help complete the shift to the cloud that technology started.

Question of the week

How important are cultural concerns in the cloud versus technological concerns?