On-demand scalability and the move towards Opex are clearly among the key drivers of cloud services, but buyers need to be highly aware of how various add-on services can impact cloud costs as compared to on-premises solutions.
This issue was among the key points discussed on Tuesday at UBM's Cloud Connect conference, which is under way this week in Santa Clara, Calif.
During a discussion on cloud security, consultant John Pironti, president of Rowley, Mass.-based IP Architects, LLC, outlined how cloud service providers offer a generalized level of security, based on "due care," a standard through which the provider can legally demonstrate that they have made reasonable efforts to protect customer data. Customers with a more stringent security need can often opt-in to additional premium services such as cryptographic key management, intrusion detection services, application firewalling, advanced logging and reporting, as well as similar offerings typically offered through the activation of software.
"These offerings can add up quickly and can sometimes change the comparative economics between cloud-based and on-premises solutions," said Pironti. "But that equation becomes a bit more complicated by the benefits of moving to an Opex model, and the fact that moving to the cloud will often drive savings in payroll."
Pironti further explained that add-in security features delivered by service providers are sometimes even less expensive than those same features in an on-premises environment.
"The service providers are typically providing those enhancements to a substantial number of customers," he said. "In many cases, they can use time slicing to share those resources among the customer base and thereby spread the cost over multiple customers. So in a lot of cases, acquiring the technologies through the SPs is less expensive than buying them on your own. But in the context of security, buyers need to decide for themselves whether time slicing, or sharing the capability among multiple customers, is adequate to their needs."
Clearly, the service provider community needs to drive a delicate balance to avoid leaving money on the table without bending the economics in favor of on-premises solutions. But the criticality of data security tends to give the service providers a bit more leeway.
"There's a legitimate hysteria around IT security," Pironti said. "Every day, there's another news article about someone getting breached. And, this often translates to high-margin add-on services."
Pironti recommended that purchasers clearly identify how much visibility they will have, and to what extent they will be able to monitor the activities of the provider.
"You also need to find out what guarantees the provider can deliver in terms of system availability, and how those guarantees are supported," he said. "You also need to assess the guarantees with respect to data security. And, don't forget to read the fine print. The language that limits their liability is usually deep within the contracts."
"But ask the right questions," Pironti said. "Cloud providers will stress the aspects that make you want to buy their services. It's up to you to ask direct questions that are necessary to give you the complete picture."
PUBLISHED APRIL 2, 2013