Stormy Weather: The Pitfalls of Cloud Computing

January 25, 2013 – In The News
Philadelphia Business Journal

When problems at Inc.’s server operations in Virginia interrupted service for Netflix Inc.’s streaming video customers on Christmas Eve, it got a lot of publicity. One reason is the timing of the service outage, which couldn’t have been much worse for Netflix. Another is the size of Amazon’s hosting services, which use more than 450,000 servers, according to an estimate that Huan Liu, a research manager with Accenture, calculated for his personal blog last March.

“When they go down or have issues, they take out half the Internet with them,” said Keith Fitzgerald, the chief technology officer at Center City-based TicketLeap Inc. “The reality is they’re really reliable.”

Fitzgerald should know. His company depends on Amazon to run its business.

TicketLeap provides online ticketing services but doesn’t have a server of its own. All of its software is on servers owned and run by the Seattle-based ecommerce giant’s Amazon Web Services unit.

“We rely on Amazon to do a lot of things for us, so we don’t have to,” Fitzgerald said.

TicketLeap isn’t alone. A growing number of companies are turning to cloud-service providers such as Amazon to do everything from run their entire operations to back up some of their data. But as Netflix’s experience shows, moving to the cloud entails risks, even with providers of Amazon’s size.

Outages, like the kind experienced by Netflix, are among the biggest risks.

That’s especially true for a company such as AirClic Inc., whose customers depend on its cloud-based mobile supply-chain and logistics software to run their operations.

One way AirClic tries to minimize the risk of outages is to make sure the data centers where its software is hosted meet Tier 3 standards, said Matthew Foroughi, the Trevose-based company’s vice president of software as a service. They include redundant power supplies and an infrastructure with an expected availability of 99.982 percent.The company also likes data-center operators that use the largest vendors, have the latest equipment from those vendors and have strong enough relationships with the vendors that they can get timely support at all times, not just when there’s a problem.

High availability can be essential. A 99.5 percent availability means the infrastructure will be down two days a year, said Colin Lacey, Blue Bell-based Unisys Corp.’s vice president, data center solutions and services.
Just boosting the figure to 99.9 percent reduces the infrastructure downtime to eight hours a year, he said. It also boosts cost.

“The cloud is a ‘you get what you pay for’ environment, just like anything else,” Lacey said.

Among other things, that means it’s important for cloud customers to know what they’re getting for their money and what their rights are if they don’t get it.

For example, a cloud provider’s contract may give the provider the right to conduct routine maintenance. In that case, potential customers should find out how often the maintenance is necessary, how long it takes, and how it will affect accessibility to the cloud, said Scott Vernick, a partner with Center City-based law firm Fox Rothschild.

Cloud customers also need to make sure what their contract entitles them to when their provider can’t deliver service, Vernick said. Getting credit for down time above and beyond what’s allowed by the contract is nice, but, depending on a company’s business, the financial damage it suffers from an outage could be greater than the amount of the credit it receives for the outage, he said.

Security is at least as big a risk as outages. And, as with uptime, cloud customers need to know the security levels they’re guaranteed and what their rights are if they don’t get them.

“If there’s an unauthorized use, who’s responsible for that?” Vernick said.

Cloud customers also should know whether their cloud provider can disclose that they use it, especially if the intellectual property they have on the cloud would make them a likely target for hackers, he said.

In addition, cloud customers need to be sure their provider’s security levels at least meet the requirements of whatever regulations they must abide by, such as those governing the security of financial or medical records.

“When you have compliance and audit requirements, the ability to achieve a certain type of compliance audit in a cloud-based solution is often important,” said Doug Paradis, the chief technology officer for Anexinet Corp. of Blue Bell, a systems integrator and technology manager.

Another risk involved with cloud-based services is spending too much on them.
Cloudamize, a Philadelphia-based company that helps businesses optimize their cloud services, typically can reduce its customers’ costs by 40 percent, according to its founder and CEO, Khushboo Shah.

One way cloud customers can reduce costs is by making sure they’re only using what they need at all times, Shah said. For example, a company that’s testing software in the cloud doesn’t need to be able to access the servers the software is on when its testers aren’t working.

Companies that will be using lots of cloud resources for long periods of time are better served by a flat rate. Those that use fewer resources and need them sporadically are best with an hourly plan.

“Just by changing the pricing plan, you can get around 45 percent cost savings,” Shah said.
Spending too little on cloud services can also be a problem. That can result in not having enough capacity to serve customers adequately.

“If you are [processor] intensive, we are going to help you make sure that you have more resources to add,” Shah said.