By Keith Tilley, managing director UK and executive vice president Europe for SunGard Availability Services

After several years of hype and hyperbole from vendors, the media and even end-users, the age of the cloud is clearly upon us. Cloud projects are being implemented — and if not implemented, at least investigated — by organisations across the globe looking to cuts costs and increase business agility.

Industry players from all quarters are advocating the cloud as a completely new phenomenon that requires a new mind-set for organisations. Yet many of the processes and principles on which successful cloud projects are built — and particularly the concerns businesses have around the cloud — seem strangely familiar…

Certainly, the cloud has the potential to offer massive benefits to organisations; it opens up a wealth of possibilities in how IT is delivered, and how it can support business operations. The ability to deploy an entire IT infrastructure without the capital costs of 'owned' systems, while offering a pay-as-you-go scalable and elastic metered model, can deliver a significant impact on a company’s bottom line — replacing the traditional practice of overspending on capacity to prepare for future growth with one where you only pay for what you need. And the flexibility of having all business operations available ‘on-demand’, from any location, with information accessible in real-time, offers enhanced agility and responsiveness. Cloud infrastructure, commonly referred to as Infrastructure as a Service (IaaS) provides the opportunity to rapidly implement on-demand processing and storage capabilities. IaaS also facilitates platform as service (PaaS) offerings; which themselves facilitate application design, development, testing and deployment without the expense of the underlying hardware and software.

Yet, taking a closer look reveals that the similarities to previous stages in the evolution of IT are striking. While the technology platforms or indeed the way such platforms are deployed and implemented have changed, the decision-making around investment in the cloud is founded upon the same considerations that companies have always had when sourcing their IT. This is particularly true at the first stage of any cloud project — choosing the vendor. The questions CIOs ask of cloud vendors are exactly the same as they always have been. Do they have the heritage and credentials to deliver what’s required? Do they have proven success with other deployments? How strong are their service and support platforms? Will current and future projects deliver Return on Investment? What will the Total Cost of Ownership be? Do they — and does their technology — have the ability to scale with my business?

But the most striking similarities lie in the fears around cloud computing. Numerous surveys have highlighted the key concerns about moving data into the cloud, and time and time again the answers are the same — security and availability.

CIOs, understandably, are reluctant to let go of their most important data to a third party. Who can blame them, particularly when many of the major cloud vendors — particularly public cloud — have only a couple of years’ experience in managing and securing vital customer information? You only have to Google ‘cloud outage’ to read about the number of high profile leaks in recent times.

Serious cloud computing offerings have to start with availability. Too often vendors build clouds which promise — quite legitimately — reduced cost and greater flexibility, but treat availability and security, CIOs’ greatest cloud concerns, almost as an afterthought. Since IT departments began to relinquish the control and elements of management of their assets, from email to websites to data centres and beyond, the same questions have been (and should be) asked. How safe is my data? Where is it located? What’s the risk of me losing it? The hype is centred around the advantages of putting data into the cloud, but businesses absolutely have to know if they are able to get it back, or indeed if the ability to transfer their data from a cloud vendor back in-house, or to another vendor in the future exists.

A general, public cloud is fine if you need straight computing power for a particular task, e.g. short-term test and development projects. But when you have business-critical applications (if they go down, you lose money) you need to rely on an enterprise-grade cloud which includes managed services backed by mission-critical Service Level Agreements, flexible contracts covering both the virtual machines and underlying hardware. Truly secure, available cloud infrastructure must be built upon a proven, highly-resilient infrastructure and delivered from more than one data centre — there simply cannot be one point of failure. Mission-critical data and applications have to be securely isolated, functioning as highly-controlled and customisable environments, where the provider and/or the organisation can be granted access to security and management controls and tailor them according to their own specifications and know where their data is located. CIOs have to be sure that the cloud platform they choose can answer those tough security and availability questions, and that the partner they choose can steer them through this new frontier.

Cloud computing absolutely has the potential to deliver massive benefits to companies of all sizes — it even has the power to transform businesses and the way they operate in many cases. However, relinquishing control of the infrastructure on which vital applications are run should not mean sacrificing resilience, security or availability. If organisations are savvy about the choices they make, then the benefits may well live up to the hype.