• nl
  • en
beeldband

“Cloud! Unless …” – pros and cons of cloud technology

20 juni 2012 Gepubliceerd door 3 Commentaren

Guest post by Jeffrey van der Hoeven of the Dutch National Library

Jeffrey van der Hoeven (KB)

The Innovate IT 2012 conference (Rotterdam, 14 June 2012), organised by Accenture and co-sponsored by many ICT companies, was a big sales pitch for implementing cloud technology in your business. The message was that cloud is not new anymore and that we actually use clouds already pretty often (Amazon, iTunes iCloud, Spotify and the like). Cloud technology was presented as the next logical step in systems architecture after the client/server architecture from the early 80s. It was asserted that implementing cloud technology successfully in your organisation still presents many challenges, but if you succeed, you can save substantial amounts of money, increase IT productivity and have a more agile business as your organisation can easily adapt its processes.

In this short report I first give some basics about clouds, followed by three of the most interesting presentations. I conclude with some words about how we (KB and Netherlands Coalition for Digital Preservation, NCDD) can benefit from the cloud… or not.

Cloud storage basics

The “cloud” is understood to mean an architecture that allows an organisation or individual to use tools, platforms and infrastructures from elsewhere and incorporate them in their own business processes. Three main levels of cloud technology are distinguished:

  • Infrastructure as a Service (IaaS): using storage/computing elsewhere
  • Platform as a Service (PaaS): using predefined remote computer platforms running specific systems software such as databases or software development environments (IDE)
  • Software as a Service (SaaS): using software tools or even complete suites remotely.

Important characteristics of cloud technology are that it is scalable and flexible. The cloud can be scaled to your needs (e.g. more storage or computing power when needed) and is flexible, because you pay only for what you actually use on a short-time basis (e.g. monthly). It is like traditional outsourcing but without the difficulties of long-term commitments and additional costs.

Depending on your needs, clouds can be shared (available for multiple users) or private (in-company or for a selected range of users).

Is the cloud a good thing for security?

Floris van den Dool (Accenture) zoomed in on one of the biggest fears people have with regard to the cloud: security. Who owns my data? Who else is capable of accessing my data? How do I comply with local regulations? How do I stay in control? These are hot topics!

Fortunately, Floris gave some guidance here. He thinks that we shouldn’t be afraid as long as we keep in mind the following five principles:

  • What’s my risk appetite? In other words: you need to define what level of risk your organisation is prepared to take with regard to data in the cloud
  • Expect to share responsibility. In other words: you give away some control, but when contractually defined in SLAs that should not be an issue
  • Choose the right level of cloud for you (IaaS, PaaS, SaaS)
  • Define roles and the level of control explicitly
  • Demand transparency and accountability from cloud providers
  • Force them to be transparent because sweeping issues under the carpet will have a boomerang effect
  • Use the cloud to solve your identity and access management
  • Maybe Facebook will become the best way to authenticate people to business systems? The social arena might know more about your employees than the organisation’s identity management system
  • Design solutions that address the risk
  • Consider hybrid cloud solutions, as not all data are in the cloud
  • Evaluate each application before you apply it to scale.

The bottom line is that the cloud allows you to start considering risks more openly in your organisation instead of just continuing the strategy you normally would follow.

The choice between the cloud or not also depends on the data: if you have regulated and personal data, then the cloud is not a real solution unless you have really strict arrangements. Otherwise, it is a natural follow-on to maturity of your organisation.

How the cloud changes your business

Willem van Enter (VMware) started with a short overview of some astonishing facts: 25 million virtual machines are running on VMware. Every 6 seconds a virtual machine is turned on, which is much more than baby growth in the USA. Under each cloud lies a virtualisation layer and in 80% of the cases that is produced by VMware. Cloud foundry is VMware’s platform as a service for setting up a cloud.

In a recent study about the incentives for using the cloud most organisations defined cost reduction as the main driver. However, after the cloud was implemented the same organisations took a different view: although the costs were reduced, they found out that improved IT productivity and improved business agility were the most important benefits.

During a panel discussion a question was raised about vendor lock-in. As there are many different cloud providers, there are many implementations as well. Most of them are not compatible with each other, which means that it is difficult to change providers. The attending IT companies reported that work is underway to align their technologies better, but no official standard exists yet or is envisioned any time soon. Presently, organisations wishing to change providers have to factor in extra efforts to change their software relying on cloud services and extra time to migrate their data from A to B.

“Our journey into the cloud”

In a lively presentation Tommy Wiberg (videodeals.com) gave us a sneak preview of their recently launched website and business model videodeals.com. With this website, individuals and organisations can buy and sell stuff by presenting their goods in videos. Each item that can be bought is labeled with a pop-up showing you can buy it instantly. Compared with traditional online markets Videodeals is much more dynamic and gives a new experience of products.

Underneath the Videodeals portal is a cloud-based solution from Avanade and Microsoft. Tommy pointed out that they see both providers as strategic partners because of their expertise and worldwide network. Bottom line is that you must have a well-thought strategy in which you define each others roles explicitly.

Is the cloud a viable option for long-term preservation of cultural heritage?

Given the input from this conference, I started to consider how cloud storage could work for the Dutch National Library (KB) and, in a broader context, for the national infrastructure that the Netherlands Coalition for Digital Preservation (NCDD) is organising. In this post I will only consider cloud solutions for preservation of and access to digital collections (although it might also be interesting for improving facilitating processes such as administration, finance or software development). Considering cloud technology in this light I make a distinction between (large) organisations which own their own infrastructure and (small) organisations that do not or are considering to develop one.

In the end, this is what a cloud looks like (KB e-Depot)

Large cultural heritage organisations (such as the KB) often have an existing ICT infrastructure. As digital collections grow rapidly, IaaS cloud services might be an interesting option as data can gradually be stored elsewhere without the need to scale your own infrastructure. However, there are some serious drawbacks to this approach:

  1. If you store data stored elsewhere, you have less control over it. As managing digital assets is a core task of a cultural organisation the cloud represents a risk in this regard.
  2. Legal and ethical constraints might be a showstopper. Extra security measures are needed if collections contain personal information or allow only for restricted access due to copyright constraints. Although the five principles presented at the conference are a helpful guide, it still means that data in the cloud has a higher risk of being hacked or of not complying to with local regulations. If shared clouds are used, it must be defined explicitly at which geographical locations the data is stored to avoid legal issues.
  3. Vendor lock-in is a concern, especially for long-term preservation. The extended preservation period increases the likelihood of having to deal with multiple vendors during the lifetime of the data set. Migration of data and adaptation of underlying software is then required.
  4. In case of financial problems, not paying the cloud provider will result in direct loss of data hosted elsewhere. This is not the case if you have your own storage infrastructure  – which can be shut down while keeping the data on the media carriers.
  5. Cloud architecture makes an organisation more agile and increases availability. These two aspects are in some way contradictory to long-term preservation, where an organisation must be sustainable with a focus on preservation rather than providing short-term access.

In my opinion these drawbacks must be taken into account before applying a cloud strategy to one’s infrastructure. Only in particular cases where legal constraints are not a problem and the cloud provider is a reliable trustworthy partner, IaaS cloud technology can be considered.

For (small) organisations which do not have their own scalable infrastructure, cloud technology can be an attractive (partial) solution. Often, these organisations have a demand for all facets of digital asset management, from ingest, preservation to access. Although the same drawbacks mentioned before are applicable here, small organisations may have no other option. Setting up their own scalable and sustainable infrastructure is simply too expensive. A private cloud at a larger cultural heritage organisation might be a welcome solution. Furthermore, PaaS and even SaaS solutions can be offered for ingest and access to the data. The cloud provider organisation must ensure that the content is stored following strict security rules and in accordance with additional agreements to describe regarding what to do with the data in case of an event (financial problems and the like). This should be stated in a clear service level agreement (SLA).

Another thing to keep in mind is the fact that cloud providers usually provide only storage, and do not in any way provide services that secure long-term access. The bits are preserved as they are. DuraCloud is a service that intends to include at least some basic preservation services (fixity checks, characterisation), but this project is still in an early stage of development.

Overall, cloud technology might be the way to go for businesses that need to have a high velocity, but it must be treated with care in the context of long-term preservation of cultural heritage data.

Related posts: cloud storage costs

Guidelines on cloud storage, security and preservation  from Cloud Sweden (thanks to John Lindstrom, Lulea University.)

Gecategoriseerd in :Geen categorie

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *




Translate »
Top