For those with the energy to debate it - what is Cloud?

 

On the other thread, Brent said: "If you look at it from afar, all the "cloud" is is a remote server hosting your application and data. Big enterprises call this remote desktop, or terminal services or citrix or whatever. I have clients who have been in "the cloud" by their definition for longer than they remember - they define their cloud as their servers hosted by someone else who takes care of keeping them running and access to their various offices and mobile staff." ...and JC said: "A lot really depends on whether ones definition of Cloud is an extension of the progression of ASP, SaaS, Cloud If it is part of this chain then that in turn disqualifies all sorts of other approaches that have acquired Cloud status; so citrix, hosted etc are all disqualified. Call them whatever one wants but not Cloud" We've spent an enormous amount of time on AccountingWEB arguing over "What is Cloud?".  Would it be helpful to have some clarity for the marketplace?  Does it really matter providing the price is right and somebody else is managing the solution for me and all I need is a connected PC with a web browser? 

Comments
david_terrar's picture

Formatting within the AWEB platform

david_terrar | | Permalink

That was all nicely spaced out when I typed it, but got scrambled by the editor. I can go back and re-edit answers, but I can't re-edit questions. Hey ho. Anyhow, you get the gist.

Bob Harper's picture

What isn't it?

Bob Harper | | Permalink

How about you start by defining what it isn't and then you can agree what it is. Cloud isn't a locally hosted application. So, everything accessed through a browser is, isn't it.

garyturner's picture

Is this a drinking game?

garyturner | | Permalink

What's the first round?

Gary Turner
Managing Director, Xero
@garyturner

guyletts's picture

"Does it matter...?" For some, not for others.

guyletts | | Permalink

Bravely done, David. 

In relation to your "Does it matter..." point, it seems to depend on one's perspective.  As an observation it evidently matters a lot to some vendors, others are too busy to care, and it matters to larger customers anxious about the finer details of architecture, infrastructure and security.  It also matters to some technical observers and commentators.  But the definition of Cloud doesn't matter the slightest bit to the vast majority of smaller companies that I come across.  Their concern is, and always has been, business benefits, simply achieved at reasonable cost and minimal effort.  Yet whilst they may not be fully aware of how it's done, Cloud does deliver a remarkable number of advantages for them.

So on my analysis, that means the 'am I bothered' community is just vendors and large companies.

What might be more valuable to the purchasing community is a checklist of incisive questions against which to test each of their options.

Guy Letts

CustomerSure

david_terrar's picture

Checklist in Intellect's Business Case for SaaS

david_terrar | | Permalink

@Guy,

I don't want to jump in with too much yet.  I think "why Cloud" isn't important for only vendors and big companies, but I do think a checklist is the right approach.  Can I recommend the free downloadable PDF "The Business Case for SaaS" which we produced at Intellect, co-authored by Duane Jackson of Kashflow and Hamish Edwards of Xero amongst a dozen others.  I believe it lays out the arguments well (but I would as I was the main editor) and it has exactly the kind of checklist (for cloud apps) you suggest on pages 16 and 17 (except it was 2009 and so pre-iPad):

http://www.intellectuk.org/publications/intellect-reports/5534

D2C and Cloud Advocates

Interpretation to suit the occasion ...    1 thanks

JC | | Permalink

Two general camps – technical/software houses & salesmen

For the most part the distinction is probably that salesmen don’t really don’t really care about the matter provided they can hang a label on a product that will encourage sales, and to this end will describe/badge anything based on their objectives – essentially, if they could describe a Mini as a Rolls Royce & get away with then they would

The software con – if you have a legacy product that was not designed for a multi-tenant environment, then take the ‘yesterday’ badge off and insert a shiny new Cloud label that shouts ‘today’ and job done. Unfortunately it is then sold as a lie to customers on this basis

@guyletts – ‘.. But the definition of Cloud doesn't matter the slightest bit to the vast majority of smaller companies that I come across ..’ So why are products that are clearly not Cloud being sold on the basis of being Cloud, if not as a sales inducement? Especially all manner of Terminal/Citrix based offerings that have been deliberately badged in this way

‘..Yet whilst they may not be fully aware of how it's done ..’ and this is how the intentional ambiguity arises & is perpetrated by those who are not Cloud for their own ends

Apropos the Intellect document - let’s take the example of Sage Line 50. Is Sage a Cloud product?

  • Access - complies
  • Browsers – possibly; maybe, maybe not
  • Code - complies
  • Code Location - complies
  • Data - complies
  • Ownership - complies
  • Training Evaluations - complies

And as OnLine 50 http://www.online50.net/ puts it ‘.. What we provide could be called: Cloud Computing ..’

But is there far more to Cloud than a name; encompassing recent products, architecture, tenancy etc. rather than a bunch of software houses trying to flog legacy products under that banner?

guyletts's picture

Still no mainstream benefit from articulating Cloud definitions?

guyletts | | Permalink

@David  That document's a very good resource.  Clearly it's making the case for SaaS, so it's not comprehensive on the downsides, but the checklist is exactly what I had in mind and it's excellent.

@JC  Sorry if I didn't make the distinction clear - I understood the OP to concern whether the precise definition of Cloud mattered, not whether Cloud offered advantages.  Clearly it does and, as you point out, everyone's keen to claim the badge. 

I'd be interested to learn whether the average purchaser would mark Online50 down because it didn't satisfy a purist's definition of Cloud.  I wonder whether they'd be making their choice on other factors, but it would be good to hear from some.

Personally, I'd like to see this debate move on and deal with some of the unresolved downsides of Cloud.  Just a few examples:  There is a vast body of important legacy systems and they'll be around for a long time....how should SaaS integrate with them?  How can we influence banks and the card payment industry to offer better Cloud integration services, sooner?  When will they accommodate meta-data in transactions (wouldn't it be nice to have a description and a reference on payments throughout the banking and payments system to improve legibility and reconciliation?).  How can we compensate technically for the weaknesses of SaaS to improve business continuity and disaster recovery....?

 

Suites most to muddy Cloud definition ..

JC | | Permalink

@guyletts – ‘..would mark Online50 down because it didn't satisfy a purist's definition of Cloud ..’. Surely the point is not whether Online50 is any good but the fact that they are claiming to be Cloud in the first place. Either they are or they are not Cloud and if it is the latter why are they lying to mislead the customer – this is the crux of the matter; indicating something you are not to boost client perception/sales; and everyone is doing it?

Legacy Systems

Integration could be achieved by in a number of ways – not least web services, which are a fairly clean and simple approach

Arguably the real question is – why should newer SaaS systems integrate with legacy systems except to provide a migration path to their own modern application. Pandering to legacy systems only encourages software houses to avoid investment in order to maintain a revenue stream (Sage is a classic on this front) and mitigate the possible pain of moving from box sales to a subscription basis; so everyone becomes a loser. Organisation like Sage could have been in on the ground floor but missed the boat and only chose to engage a couple of years ago - then were embarrassed over security (SageLive). They have contributed to the lack of faster progress by refusing to connit to the SaaS revolution in the first place

Card processing is picking up steam and whilst not strictly Cloud, useful areas such as mobile phone payment apps are arriving (PayPal, Barclays etc.), which should benefit the small business without the need for Streamline etc.

You are quite right about moving forward in the other areas, but in fairness the ’proper’ Cloud/SaaS companies have probably been concentrating on market penetration, consolidation and persuading people on the merits of SaaS to the exclusion of progress in new areas - all of which larger organisation could have contributed to if only they had not sat on the fence in the early days (e.g. Microsoft etc); only coming down in favour when the hard work had been done

guyletts's picture

Back to the main point...

guyletts | | Permalink

David

Having now read more thoroughly the thread that spawned this one I note that you've set this up specifically for those who do want to debate the definition of Cloud.

I think I picked up more on your secondary point of whether that debate is worthwhile, so I apologise if my comments have steered the thread away from your topic.

Guy

david_terrar's picture

 Criteria, SOSaaS, 2 types of Cloud, and weaknesses

david_terrar | | Permalink

@JC,

I'm mostly with you, particularly on how Sage have consistently failed on, or tried to sidestep,  the Cloud topic, except I don't have such a downer on sales people as you do.  That's because although I've done all the jobs at a software company from coding to support to being in charge and also cleaning the toilets, actually I'm a salesman at heart - so I would say that, wouldn't I!

 

 You refer to the Intellect document as if it provided criteria for real Cloud.  It wasn't intended to do that but highlight the differences in any flavour of SaaS vs on premise.  We purposely didn't say anything about multi-tenant or use of things like Citrix because we didn't want to get in to a "true Cloud" architecture debate, but it was trying to highlight how to pick a good provider from a bad one.  On one hand I absolutely believe that Online 50 is a prime example of Same old Software as a Service, but on the other hand it makes a workable solution for some people with some of the Cloud benefits.  I'd suggest there are two types of Cloud - one is retrofitting existing solutions in to Cloud Infrastructure - you get some cost savings and some Cloud benefits.  The other is embracing Cloud properly with Public Cloud solutions.  These allow you to adopt different business models, connect with customers and partners in new ways, and open the opportunity for the provider or the customer to use the underlying data in innovative ways that just wouldn't be possible or practical with on premise or retrofitted systems.  This is where the big benefits of doing more with Cloud come in.

 

 @Guy,

On the thread - no worries, I wanted to debate the need for definitions as well, as I know some of the contributors (like Gary) think we should move on from this.  For me, whatever we insiders think, the debate is still helpful for the general person in business trying to understand the benefits of Cloud.

 

 Thanks for the kind words on the document and the checklist.  Actually we tried to be as balanced as possible and highlight SaaS realistically with the potential pitfalls as well as the strengths.  You mention the weaknesses of SaaS in the context of business continuity and disaster recovery.... I don't get what you mean, as SaaS/Cloud should put you in much better shape on both of those issues compared to on premise.  Could you clarify please?

 

 Also you highlight a list of other weaknesses of SaaS which are all to do with the important issue of the IT history/legacy that companies have to deal with.  Those are issues to be dealt with - how are they weaknesses?

 

 So back to answering my own question, I certainly believe clarifying Cloud properly would help buyers pick and chose and uncover the misrepresentation that's going on in some quarters.

 

 David Terrar

 

D2C & Cloud Advocates 

Agreed ..    1 thanks

JC | | Permalink

@david_terrar

Apologies a bit harsh on sales

Again must have misread/interpreted the Intellect document

I guess the issue is that so long as legacy software is allowed to masquerade as modern applications they continue to provide hurdles on the way forward. In this respect organisation with a large user base are slowing progress with their refusal to properly engage with SaaS and doing everyone a dis-service

Although perhaps Gary's view is best - just move on and ignore the laggards

david_terrar's picture

Yes, but

david_terrar | | Permalink

@JC,

No worries...

With Sage as one of those laggards, I have to agree with you on hurdles.  I thought the technology underlying Sage One gave them a foundation for the way forward even though they are very late to the party, but the more recent announcements around using Azure to take other products forward sounds like SOSaaS again to me.  I don't think just moving on is the answer so I'm for helping create some resources around definitions and clarity.

David Terrar

D2C

Might I suggest a very simple

Steve Rollisson | | Permalink

Might I suggest a very simple checklist about a true cloud/Saas application.

Lets be Vague about the product and call it Okey Cokey ERP.

Salesman to customer:  "It is a Cloud application Mr Prospect"

Customer to Salesman: " I like it, but I want to put it on my own server in the secure room"

Salesman to customer: " That is not a problem, on premise in one of our deployment options"

 

If there is an on premise option. It aint a Cloud solution.

Simples said the Meerkat

Not entirely ....

JC | | Permalink

@Steve Rollisson

Your idea works up to a point.

However, never forget that 'true' Cloud apps of the multi-tenant style are capable of actually running under that scenario in the same way as they could run entirely on a portable pc - i.e. Windows 7 Pro, Sql Server (MySql etc), IIS 7.5. ASP, NET 4, SSL, app, web service and the whole thing x-tier

The beauty about these apps is that the components making up the x-tier can reside anywhere on the globe and not necessarily all in the same place - i.e. app=UK, web service(if used)=China, database=USA - not desirable or efficient but definately possible, but the combinations are endless

So using your definition, a 'true' Cloud app could change it's status depending upon how it was configured - but in reality such an app would be Cloud whatever the setup because of it's underlying architecture

toe-mar-toe or toe-may-toe?

RussellD | | Permalink

you say toe-mar-toe and he says toe-may-toe

what the customer wants to know is:

  • Can I continue to work on the software I already know, like and trust? 
  • Can it be worked on it from different locations at the same time? 
  • Can I work on it on Mac or iPad? 
  • Is it secure?

Yes, yes, yes and yes (very)

Russell

www.online50.net

(Making the windows software that makes sense to a business available over the Internet, best known for providing Sage 50 online on calendar monthly contracts.)

 

david_terrar's picture

You would say that wouldn't you

david_terrar | | Permalink

@RussellD,

Heartily agree with you on the bottom 3 bullets.  On the top one, why would I want to work the old way on software from the last century, when modern software is so much easier to use, intuitive, function rich and helps me work in new ways with my clients?  (but I would say that, wouldn't I! :) )

However, there is definitely a case for retrofitting old or legacy software in to the Cloud and getting some of the benefits.  If it's presented in a transparent way for what it really is, good luck to it.  

David Terrar

D2C

Well call it a toe-???-toe or anything else ...

JC | | Permalink

@RussellD - Just don't call it Cloud because using a strict definition that is untrue

No one is saying Online is not good - just sell it on it's own merits and stop trying to hijack other technology terms to sell your product

Maybe in your world tomatoes are Cloud because that is about as close as Online gets to the definition

@david_terrar - @RussellD posting is just the example that we have been discussing. Vendors claiming things to be under the Cloud banner to enhance/add credibility to their own product. Whereas they should be selling their products on its own merits and stop trying to claim someone elses attributes!

toe- security -toe???

RussellD | | Permalink

JC wrote:

@RussellD - Just don't call it Cloud because using a strict definition that is untrue

http://www.google.co.uk/#hl=en&q=cloud+computing&tbs=dfn:1&tbo=u&sa=X&ei=yh2yT63mG8bc8AO7jbmICQ&sqi=2&ved=0CMYBEJEO&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=85752f59f4f0de64&biw=1280&bih=857

For example:

Wikipedia: Cloud computing is Internet based computing, whereby shared resources, software and information are provided to computers and other devices on demand, like the electricity grid

Tick

New Oxford Dictionary: the practice of using a network of remote servers hosted on the Internet to store, manage and process data, rather than a local server or a personal computer

Tick

Perhaps a different and more relevant key distinction is this: 

With hosting from Online50, businesses can entrust all their software and data to a single supplier whose entire operation is annual audited by an external body for an ISO27001 accreditation.  The data is all held in the UK and therefore subject only to European privacy laws.  One company, one externally audited information security strategy resulting in an independently verified secure Cloud experience. 

The alternative is to purchase different software from different providers who then link their software together in various ways (with no currently accepted standard).  It could be suggested that the user's data is subject to the security of the least secure provider. 

Picking and choosing to fit ...

JC | | Permalink

@RussellD - We can all pick explanations to fit our requirements

'.. whereby shared resources, software and information  ..'

Expanding upon just one element of your post '.. shared resources ..' and one piece of software (Sage L50) running on your servers

It is very simple - Can you run everyone’s requirements (all Sage users) through a single instance of the Sage application and a single database?

So far as I am aware each user must have their own instance of Sage running on the server and moreover they must also have their own database/dataset

Therefore unless you can categorically say all Sage clients go via a single instance of Sage & use the same db - YOU ARE NOT CLOUD and there is absolutely no element of multi-tenant involved - THERE ARE NO SHARED RESOURCES INVOLVED

Granted you may have all your users 'sharing' the same hardware but that is not Cloud by any stretch of the imagination

Furthermore, there is nothing about delivery - i.e. browser, or any of the other attributes that go to define Cloud

'.. Perhaps a different and more relevant key distinction is this ..' - very laudable, highly secure and no doubt very good, but nothing in this definition indicates Cloud except your conclusion

shared resources

RussellD | | Permalink

JC wrote:

It is very simple - Can you run everyone’s requirements (all Sage users) through a single instance of the Sage application and a single database?

Therefore unless you can categorically say all Sage clients go via a single instance of Sage & use the same db - YOU ARE NOT CLOUD and there is absolutely no element of multi-tenant involved - THERE ARE NO SHARED RESOURCES INVOLVED

All Sage users from a single company share a single instance of a Sage application and a single database.

Multiple companies operate on one server cluster at the same time - seems multi-tenant to me. 

It all seems like shared resources to me. 

I am not arguing that our architecture is exactly the same but I am saying that from a customer's perspective we offer the same thing - our customers could substitute us for web based software (which I assume is what you are referring to) and customers can (and often do) substitute web based software for our solution.  They meet the same need. 

At least with Online50 service businesses can take a backup from their local Sage 50 and upload it directly into our system which will make everything they were using locally available online.  There is no lengthy setup process, migration into a new database, learning of new ways of working etc.  Within a few hours it is possible that a company could have fully migrated to Sage 50 online and be working as efficiently as before.  If at a later point their needs change, they can simply take a backup from our system and load it into a local copy of Sage 50 and absolutely all their work will be there for them.  The cost of moving to the Cloud with Online50 is very low.

When I tried out a CRM 'in the Cloud' a few years ago I pictured I would be able to easily move from them if I needed to once we had built some momentum - the problem was everyone had to be trained (no one already knew the software) and any time we decided to incorporate a new function into our strategy we had to train staff again and so our cost of adoption was high.  When we decided to move there was no way that we could get all the data from that CRM into our new CRM in a coherent way (despite days working with both technical help desks) so my team had to end up recapturing everything of importance.  The cost of migration was  very high. 

Web based software has the opportunity to rethink how things could be done.  Hosted software offers businesses the opportunity to enjoy some of the better features of Cloud while continuing to use the software they have already adopted and find effective for their business.

Keeps being qualified to fit ...

JC | | Permalink

With a multi-tenant application (Cloud) there is a single generic approach to fit all - so it really doesn't matter whether it is the same company or an entirely different one because it should still work and everything passes through a single instance of the same app

The problem with your reply is that the rules keep being altered/qualified to fit your scenario and once you introduce exceptions it ceases to be Cloud.

I understand why '.. All Sage users from a single company share a single instance of a Sage application ..' but that is not a generic approach and instead targets a very specific setup

What you are saying is that given certain specific circumstances Online can run a 'little bit' of Cloud for a single company and there are lots of single companies - so we are running many 'mini Clouds' - one for each company using L50.

'.. It all seems like shared resources to me ..' - No... no... no... this is not Cloud because it is just not a single shared resource - SINGLE being the operative word which seems to be conveniently overlooked throughout the posting

The only way you could achieve Cloud under these circumstances is to run a single L50 instance for every company on the system - which clearly is not occurring

Messing about with clustering to 'fake' a Cloud 'single system' is once again not Cloud and you are using the rest of the system to compensate for the inherent failure of the native app to handle multi-tenant scenario (single application instance through which everyone passes)

I am afraid that Cloud is an architecture/design thing and so far as L50 is concerned you do not qualify

david_terrar's picture

This is fun

david_terrar | | Permalink

This is fun...

@RussellD,

Whatever way you dress it up, Online50 isn't a multi-tenant architected solution.  It somehow comes across to me like you are competing to present Online50 as something it's not - maybe it's just a language thing, but it does highlight a key issue..... 

@JC,

I agree with your point that @RussellD is presenting a perfect example of the type of vendor we were talking about claiming the "Cloud" mantle .  The problem I have is on defining Cloud to differentiate these retrofitted Cloud solutions from the the ones  that are mutli-tenant and architected for Cloud from the ground up.  I'm uncomfortable with words like true and pure in this context.  Citrix have some perfectly valid Cloud Computing offerings to help provide some of the cloud benefits, alongside hosted and virtualisation products that they don't call Cloud.   The definitions need to cater for a perfectly valid Citrix style Cloud provider, as well as explaining what public, private and hybrid Clouds are AND help make clear the difference between an Online50 and a Xero/Kashflow/Twinfield type solution.  I'm working on some words which I'll eventually publish here for comment and argument.  

David Terrar

D2C 

guyletts's picture

For buyers should we explain relative merits not 'True' Cloud?

guyletts | | Permalink

@David

I look forward to reading your proposed definition.

It is indeed a difficult job because even the definition of Cloud we have so far in this thread can fall short - for example we use Google Apps, but 'all customers' certainly do not 'share a single instance'.  It's going to have to be a pretty pedantic definition.

I'm still unconvinced of the benefits of a rigorous Cloud definition, but if our purpose is to help buyers, then in addition to a definition of what does and doesn't constitute Cloud, I think it would also help to explain the relative merits of all the different categories such as the Citrix ones you have listed.  Then a purpose will have been served which is to help less technically minded people choose what's best for their individual needs, and the vendors can just pick which category they fit in (and woe betide any one that misleads).

I am reminded of debates in the '80s about whether something was 'true' client-server or not.  I have to say the arguments were just as vigorous then, but looking back on 30 years of computing history I'm still wondering now as I did then, why does it matter?  So if the debate is to serve a general public good, should we not make it a debate that benefits buyers, rather than a fruitless contest between vendors on something that's not ultimately that important to buyers?

Actually, as a Cloud vendor I see dramatic benefits from multi-tenant software.  Maybe that's because I still remember the down-sides of the alternative - the stress of authorising the production and shipping of 200,000 payroll year-end CDs is not quickly forgotten.

But as a Cloud customer, even with a reasonable amount of technical knowledge I still wouldn't be choosing a low end on-line accounting package on the finer details of its bare metal hosting architecture.

david_terrar's picture

Multitenant, clarity, testing and things to help the buyer

david_terrar | | Permalink

@guyletts,

I don't know all of the ins and outs of the way the deliver their service, but I've seen Google Apps leader Rajen Sheth quoting that Gmail and Google Apps were designed and launched as a multitenant solution, and that was contrasting it against the initial implementation of BPOS, the Microsoft precursor to Office 365, which wasn't.  I don't think we'll have to be pedantic but we will have to cater for variance.  Intel's definition of Cloud, by the way, specifies multitenant has to be one of the ingredients.  Hey ho, I'm not sure we should be that restrictive.

You're unconvinced of the benefits of a Cloud definition unless it is to help the buyer - I get that.  For me it is absolutely about helping the buyer, and I'm after clarity to avoid those daft arguments between vendors because they don't contribute anything productive.

Completely agree on multitenant vs shipping all those CDs (tapes, boxes of diskettes) and I'd also like to add testing.  At one software company we used to have to certify the software for 26 different platform combinations (operating software/database/hardware platform).  Most of the testing time was to do with making it work on each platform rather than testing the actual functions you'd added.   Once you are dealing with one set of code and you control your own delivery platform, and you are doing small release increments rather than an 18 month big bang release, you can do a MUCH better job on delivering quality.  

I do agree that it should be all about whether the product can do the job.  However, one of the issues with the current Cloud/web apps marketplace is that I can hide a lot behind my brilliantly designed website.  I may be a master at designing software, but lousy at the basics of IT, security, or hosting a solution that will work for a million users.  That's why I'm keen on the Intellect checklist I added above and support the principles behind the Cloud Industry Forum's Code of Practice.  Those should help a buyer figure out a good from a  bad Cloud provider.

David Terrar

D2C

guyletts's picture

Fully commend the goal of supporting buyers

guyletts | | Permalink

@David

Just to confirm, Google Apps is multi-tenant architecture, but given its scale, impressive resilience and the way they roll out new versions progressively I'm doubtful that all customers are on one physical instance (though no doubt very many will be on each one).  I just made that point to illustrate the difficulty of these definitions, but I suppose the thread already does that!

Thanks for clarifying the goal of the debate; distinguishing responsible vendors from irresponsible in respect of security, performance and resilience is certainly to be supported.

Toe.....

RussellD | | Permalink

Someone recently told me they were going to Google something and then proceeded to type their query into the Bing bar at the top of their IE window. 

The problem with the term Cloud is that it has become a phrase which has meaning to the public which may be different to what the jargon term means when IT technical people get together.  I gave you an entire page of definitions all of which indicate common (and in many cases highly reputable) understandings of the term - all of which Online50 fit within. 

Trying to retro fit the Cloud term to benefit your argument/position is the equivalent of trying to catch water as it falls, with your hands.

I am glad to note your goal - identifying responsible vendors in respect of security, performance and resilience.  If that is the case, Online50 would be fairly high if not top of the list.

Incidentally, as it happens Cloud isn't the way we promote ourselves in the main - but that is our choice.  Perhaps going forward we need to change that. 

Having been pulled into the thread as an example of bad practice with no evidence highlights an agenda rather than a solid argument.  At no point has anyone provided any evidence about the architecture of our platform - although it has been stated that our architecture is why we are not Cloud providers.  At no point has anyone provided a credible peer reviewed and industry accepted definition of Cloud, let alone one that excludes Online50.  Therefore it is unjust to have been highlighted in this way.

As I said earlier -

"The alternative is to purchase different software from different providers who then link their software together in various ways (with no currently accepted standard).  It could be suggested that the user's data is subject to the security of the least secure provider."

and @David has agreed with -

"one of the issues with the current Cloud/web apps marketplace is that I can hide a lot behind my brilliantly designed website.  I may be a master at designing software, but lousy at the basics of IT, security, or hosting a solution that will work for a million users"

If this thread is really about providing a way to find credible and responsible suppliers we would like that also.  There are web app and hosting suppliers alike who bring the industry into disrepute. 

Especially with financial data involved and therefore the extreme importance of ensuring information security, perhaps one of the criteria of a supplier's reputation should be whether they have an ISO 27001?

Continuing to defend the indefensible ....

JC | | Permalink

Absolutely agree with

'.. Trying to retro fit the Cloud term to benefit your argument/position is the equivalent of trying to catch water as it falls, with your hands ..'

So the questions have to be -

  • why do organisations that clearly do not meet the criteria try to do this?
  • why are vendors trying to '.. retro fit ..' their legacy products when, Cloud originated as an indication of the future and not retrograde step to bolster legacy systems?

Of course one can hammer a square peg into a round hold but is that where we really want (or should) be?

Afraid disagree with the following

'.. Having been pulled into the thread as an example of bad practice with no evidence highlights an agenda rather than a solid argument ..'

A solid argument was put forward, however, each response made kept adjusting the criteria to 'tune' the reasons why Online are Cloud. Regrettably one cannot simply ignore or re-write ideas to fit the bill.

In absolute terms Cloud is a fairly defined technology which must be used as the baseline to start any discussion. Whilst it is good to include all manner of ancilliary aspects (security, hosting, ISO this & that etc.) they are desirable attributes for the base product and without a baseline they are all worthless. i.e. having hosting & security without an underlying application is no use at all

and the final 'capitulation' is outlined in opening line of this post

'.. Someone recently told me they were going to Google something and then proceeded to type their query into the Bing bar at the top of their IE window. ..'

Surely this demonstrates that Online regard the term Cloud as in the same light as the word Google, and therefore takes no account of anything other than using is as a generic 'hook' on which to badge the product; however, it is far more than that!

Unfortunately the difference is that Google was never originally meant as a description of technology (just a corporate name), whereas Cloud was introduced as a logical extension of the progression ASP, SaaS, Cloud etc. There is a world of difference in the derivation of the two words (ergo: their application/usage) which seems to have been overlooked

david_terrar's picture

Just a few points (and it shouldn't be just ISO27001)

david_terrar | | Permalink

@RussellID,

Sorry mate, but I don't think search being synonymous with Google (like many a brand leader in other sectors) is quite the same thing as the confusion here and in the market over the Cloud term.  The issue you've got to deal with is that some, like @JC and Intel, think a Cloud solution HAS to be multitenant.  My position is that the Cloud term definitely covers SaaS, PaaS and IaaS along with Public, Private and Hybrid Clouds.  A single tenant solution, like Online50, that uses Cloud infrastructure is still a Cloud solution.  It has significant differences, strengths and weaknesses compared to software that has been architected from the ground up as a multitenant Cloud solution.  Our definition and related terms has to cover all of the flavours Cloud and help a buyer understand the differences and the generic pros and cons of the underlying architecture, in terms of the business benefits rather than technical stuff.

All of the issues around security - data protection, ownership, backup, encryption, business continuity, failover, physical security of the data centre, staffing practices - should all be transparent and properly explained for the buyer so they can asses the risk and make an informed choice.  Good Cloud providers will have a section of their website to explain all of that.  If not, the buyer needs to ask the right questions.  

You mention one particular standard ISO27001.  Standards are relevant and important, but there are so many to chose from.  There are also emerging accreditations like the CIF Code of Practice, EuroCloud Germany's Star Audit, and some of the standards bodies, like the CSA, are working on specific Cloud initiatives.  The CIF has a standards sub-committee that is investigating how all of these things relate, and EuroCloud UK is doing a piece of work to compare the CIF CoP with the Star Audit I mentioned above.  In addition Intellect are planning a webinar on the Cloud standards topic.  I don't believe there is one particular standard that will help at present, but there are several which are relevant.  I also worry that gaining some of these standards is expensive, and so only the big boys can afford to get them.  Whatever we do as an industry, we need to make sure we don't exclude the small, innovative providers with brilliant ideas - one of the beauties of Cloud is that they can piggy back on World class infrastructure to make sure their solution has best in class security in a way that they could never afford to do on their own.  

I'm looking forward to the output from CIF, EuroCloud and Intellect to help make things clear (and by the way, these 3 organisations are sharing what they are doing in an effort to bring some consensus).  

David Terrar

D2C & EuroCloud UK & Intellect UK

p.s. It looks like @JC and I were writing our responses simultaneously - different slants, but I can agree with most of it.   

Add comment
Log in or register to post comments
Group: Cloud Computing for Accountants discussion group
A place for accountants to share their thoughts about web-based systems