Cloud computing (still) needs a bill of rights
One of the obstacles hampering adoption of cloud computing is that would-be buyers still aren’t sure what questions to ask. So even if the whole process of buying online applications is much simpler than the conventional sofware alternative, people hesitate because they don’t know how to proceed.
Of course everyone knows to ask about security, even though security will probably be the most reliable aspect of a reputable cloud application. Quite a few people know that they should ask how to get a copy of their data if they should ever need to. Not so many think to ask about important contractual matters such as service level guarantees, renewal terms and termination clauses. When Amazon ejected Wikileaks from its servers without warning last December, the CTO of Fujitsu Technology Solutions pointed out that it was a case that should concern other cloud users:
“If a provider can terminate its service that easily, then it is doing exactly what skeptics expect, putting the security and availability of cloud services into question … Cloud-computing’s reputation has been damaged.”
The episode highlights something that I’ve described as the golden truth about service level agreements: you only find out they’re defective after the service fails. It also highlights the need for the cloud industry to do more to help its customers navigate the unfamiliar territory of cloud service procurement, so that they can shop and buy with confidence.
Fortunately there are a number of initiatives under way, both at individual vendors and at industry bodies. Earlier this year, Salesforce.com’s chief scientist JP Rangaswami wrote about ten guiding principles for cloud computing that the vendor has identified. Another vendor, RightNow, has set out ways in which it believes cloud contracts can be improved. Analyst Ray Wang’s Customer Bill of Rights for Software-as-a-Service has stimulated thinking in this area too.
Now there’s work going on at industry bodies to come up with definitions of best practice that providers and customers can both use as templates for model behaviour. In Europe, industry trade group EuroCloud (where I serve as vice-president) has developed an Audit Seal for SaaS, and is working with other groups such as the Cloud Industry Forum, which has published a Code of Practice for Cloud Providers.
There’s a sense of urgency about these efforts because if cloud providers don’t act of their own accord, then government will step in and lay down the rules whether the industry likes it or not. The Internet economy is an important source of growth and cloud computing in particular has a vital role to play in helping to lower costs and spur innovation, especially for startups and small businesses. But this is a young industry that is still earning mainstream acceptance, and it has few vested interests looking out for it. Sometimes it seems that government is more interested in identifying an Internet ‘kill switch’ to shut down perceived threats than finding how to apply the gas pedal to maximize cloud adoption.
Developing an industry consensus around how cloud providers ought to behave will reduce the pressure on government to limit the industry by imposing regulation. More importantly, it will help customers understand what they should be asking for in their contracts and service level agreements, removing many of the barriers to adoption and boosting confidence in cloud computing. With so much to be gained, it’s hardly surprising that industry participants are now starting to work on making this happen.