By Carl Meadows, email@example.com
Retailers always prefer clear skies. But from an operational standpoint, more and more are preparing for cloudy days ahead – via cloud computing.
If a retailer is considering the use of a network of remote servers hosted on the Internet for its data rather than using its own physical servers, just how cloud-ready is it?
Retailers should evaluate several elements before making that move. So far, though, most retailers aren’t superhot to employ cloud-based applications. To be sure, retailers often are late adopters of new technology. They operate on such tight profit margins that, generally, any new IT expense gets close scrutiny.
Unless a Walmart or Amazon in size, retailers haven’t considered IT to be a major differentiator for the most part. A Forrester Consulting survey released in November found that while 156 leading U.S. and European retailers surveyed increasingly are mulling a cloud-based e-commerce site, 81% still use a homegrown e-commerce platform or a licensed on-premise system from a software vendor.
Many retailers worry about cloud security, which, while understandable, actually should be of less concern than if operating their own data center. It’s true that the retail industry now stands atop cybercriminals’ list of targets. By one account, retailers comprised 45% of one data-breach investigator’s work in 2012, up 15% from 20111. Much of the rise reflects growth in e-commerce, which is triggering assaults that now surpass point-of-sales attacks.
Still, the physical and infrastructure security of cloud providers generally far exceeds that of most retailers. That’s because cloud providers typically use highly secured facilities with stringent access-control procedures. The security of the application, however, is still largely the responsibility of the retailer and its developers as the Cloud is acting as a hosting platform (except for Software-as-a-Service solutions where application security is the responsibility of the app vendor).
Back to gauging a retailer’s cloud-readiness, here are several questions to ask:
1. What do you want to achieve with the cloud? This is essential simply for the exercise of determining what cloud computing can and can’t help you do. It’s also advantageous to gauge how much it will cost to handle a project in the cloud; usually it will be less expensive because in the cloud, you just pay for the infrastructure you use. Still, look into the probable costs of some projects you want to initiate, especially if it involves dissecting Big Data.
2. What applications are ready – and what aren’t – to move to the cloud? Some applications can’t move because they’re backed by legacy systems. Some servers have performance needs that make them poor candidates for the cloud without redesigning the application, such as those with scale-up vs. scale-out systems. However, some IT investments are due for a hardware refresh, which offers a good inflection point to look at the Cloud.
3. How will the cloud impact your web presence? Generally, maintaining such a presence is one of the easiest things to do in the cloud.
4. Can the cloud satisfy your specific regulatory compliance demands? Payment card industry security compliance, for instance has been a hot button. But guidelines issued in February by the PCI Security Standards Council provide a roadmap that defines security responsibilities for cloud providers and customers.
5. What is the cloud’s scalability? Initially, that was judged a big benefit of the cloud, especially since most retailers possess a very seasonal business and the cloud can help scale up or down fairly easily – closely aligning costs with revenue. However, many retailers don’t think the scalability issue is much of an issue anymore.
6. What is the cloud’s security strength? Again, cloud managers are savvy about security. Still you need to understand what is protected and how the security system works to ensure you comply with all applicable regulations. Some auditors require that they have access to the datacenter to prove everything’s just fine, but not all cloud vendors provide that access.
7. Do I know the cloud vendor’s fee schedule and service-level agreement? It’s important to know what they cover and don’t. Be sure to understand vendors’ definitions of downtime in determining their SLA obligations. Putting something in the Cloud does not inherently make it highly available, but highly available applications can run in the Cloud. They just have to be properly architected and designed to ensure localized service disruptions do not disrupt the applications availability.
8. Does the cloud provider retain consultants who can help with the migration to the cloud? Depending on the amount of data and systems, it can prove overwhelming.
Undoubtedly, it’s just a matter of time before the vast majority of retailers settle in the clouds. Still, make sure you assess how you want to migrate there and what the warning signs are.
And remember this truism: Technologists tend to overstate the impact of new technology in the first couple of years – then understate it the rest of the decade.
Carl Meadows is senior director, managed services product management at SunGard Availability Services, a leading provider of information availability and disaster recovery services. He can be reached at firstname.lastname@example.org.
1. 2013 Trustwave Global Security Report, issued Feb.13, 2013.