Thursday, February 12, 2009

A Cloud Over Your Financials?

With all the hoopla recently over cloud computing, I’ve been wondering if companies would be willing to entrust their sensitive and confidential financial data (including financial transactions, financial and statutory reports, etc.) to the cloud. I have little doubt that small companies and even large enterprises will eventually manage (and more than a few are already managing) many forms of information using the cloud, but would an experienced Enterprise CFO or CIO even risk making an “orange-jumpsuit” kind of mistake by risking legally privileged data (e.g. SEC filings, as just one example) leaking out into the public domain inappropriately?

While it might be an easy step to conceptualize the cloud as an abstract remote processing and storage mechanism that you can rent by the hour, gigabyte, or megaflop, the reality is that when you push your data into the cloud you are storing it on a real hard drive on a physical server somewhere. Compared to the expense and hassle of managing a data center it can be an extremely cheap and cost effective way of handling large volumes of information. However, using the cloud does require you have to have an extraordinary degree of trust in the provider; not just in the security of storage and transmission of your data, but also in its availability.

A graphic example recently was when a certain major online accounting package went offline for some of its users for almost an entire day – those companies were literally dead in the water, effectively unable to issue invoices, record payments, or generate financial reports for 24 hours. If that outage had happened at the end of a quarter or another similar time, the consequences could have been disastrous. If your company were put in that position, who can you call? Remember, everyone else is also calling, and you would be just one voice among many in the same position.

My impression is that at least as far as large enterprises are concerned, we aren’t quite there yet. The security of data centers is improving daily, yet the ingenuity and determination of hackers remains a constant threat. The overall uptime record of many cloud service providers is exceptional, but what happens if they do go offline? For a small company with few resources the risk/cost equation is minimal. However for larger organizations which have the resources to manage their own data, there is still some value to controlling their own destiny.

1 comment:

Bob Lambert said...

Good post, and very much on target to the concerns of business leaders. The problem seems to me an issue of IT industry maturity. The cloud doesn't necessarily dictate data location, and there's no conceptual reason secure shared functionality can't operate on data housed internally. That said, it may be an attractive aspect of the cloud from a vendor perspective to have control over customer data, making it difficult for companies to migrate to other providers.