Cloud Computing: Flying high or pie in the sky?


With jaw dropping claims that cloud solutions can be up to 80% cheaper than more traditional IT solutions, it is not difficult to see why the cloud is viewed by many as a very bright light in what is otherwise currently, rather a dark sky. But is cloud computing the panacea it claims to be?

What is 'the cloud'?

All data requires to be hosted. There are a number of different types of hosting services available:-

Shared hosting: your organisation's data and application will be hosted on a specific server shared with other users. All users will therefore be subject to the memory, bandwidth and CPU capabilities and restrictions as all other users of the server. If the server goes down, all users will suffer downtime.

Private hosting: your organisation's data and application will be hosted on a specific server dedicated exclusively to your organisation. You will be subject to the memory, bandwidth and CPU capabilities and restrictions offered by that server, and may suffer downtime where the server fails.

Managed hosting: the hosting provider leases servers to your organisation, and monitors the performance of your leased server. Support services are provided for back-up and fixing. Again, there will be finite memory, bandwidth and CPU capabilities.

The Cloud: your organisation's data and application will be hosted on several servers (shared with other users), which servers are networked to work together. The data can effectively 'bounce' from one server to another, to ensure that server efficiency is optimised, allowing the cloud provider to spread the load of data, improve bandwidth speed, or undertake maintenance without affecting downtime.

Private Cloud: your organisation's data and application will be hosted on several servers dedicated to your organisation, which are networked. The data can effectively 'bounce' from one server to another as described for 'the cloud' above. A guaranteed minimum capacity is usually given.

What are the benefits of the cloud?

The main benefits of the cloud are (i) cost and (ii) availability. Service providers minimise their costs by bouncing data from server to server, optimising capacity, and minimising its costs (by utilising the cheapest available server capacity at any given time). Customer downtime is also minimised as customer data can be moved to another server while fixes are applied.

What are the pitfalls?

So far so good. Unfortunately, there are some not inconsiderable downsides. Security and resilience being the main risks. The cloud makes perfect business sense for the processing of non-sensitive data, but for more sensitive data, businesses require to ensure that they are meeting all technical security and organisational requirements under the Data Protection Act 1998, as well as specific regulatory requirements applicable across a number of sectors. For most public sector organisations such as schools, hospitals and local authorities, processing highly sensitive data concerning individuals, particularly vulnerable people and children, these are very serious issues. In addition, the Data Protection Act prohibits personal data being transferred outside the European Economic Area* without alternative rigorous tests being satisfied, often involving an exploration of the countries to which the data will be transferred, the processing that will be undertaken there, and the appropriateness of the data protection laws applicable in that country.

Satisfying yourself as to the technical and organisational security of a worldwide network, and assessing the appropriateness of local data protection laws, where many sub-contracted providers are involved, is no small task.

Given the specific risks attaching to sensitive data, further problems arise where service providers are unwilling to negotiate their contracts, relying instead on standard terms and conditions which often fail to address customer needs.

It is perhaps not surprising therefore that e.g. banks have been slow to take up the service, which is why the story that Spanish bank BBVA had selected Google's cloud solution for functions such as email, calendar, chat and video conferencing made headline news recently – until you read the small print that use will be limited to internal communications, and not for its core banking or customer data.

Contracts - what to look for

If your organisation is considering using a cloud based solution, there are certain risks which standard terms and conditions often fail to adequately address. You should accordingly take time to consider the following:-

What performance standards do you require? Remember that a promise of availability does not equate to a promise of quality of service, or speed. Consider what service levels you may require. Will the provider be prepared to negotiate these?
What undertakings will the service provider give in relation to technical and operational stability? How long will the service provider support the offering, and how will this impact your organisation?
What is the service provider prepared to do when it all goes wrong? Will it guarantee an alternative service capability meeting all your requirements? What will happen to your data? What undertakings are there for fix times?
What does the contract say about data protection? Remember your obligations relating to technical and organisation security, and transfers outside of the EEA.
To what extent will your organisation become tied to the service provider? How will you recover your data at the end of the contract? How easy will it be to migrate your data from the supplier system to another? What termination assistance will the service provider provide at the end of the contract? Contracts for longer periods can increase dependency on a supplier, and systems which do not use industry wide standards are more likely to tie you to a supplier.

Cloud systems have been a huge boon to organisations, and used appropriately, offer a very efficient and cost effective solution. Their limitations should not however be overlooked, and security and legal obligations compromised without careful thought.


the EEA comprises the EU member states, plus Iceland, Liechtenstein and Norway.