Challenges for Adopting Cloud Computing
Now a day choosing cloud computing as a computing paradigm is unquestionable because of the benefits it brings to the ICT sector. Despite its benefits, there are challenges which are related to Lack of resources/expertise, coherent regulatory framework guaranteeing transparency, data protection and respect for data integrity, business, technical and organizational challenges.
FIGURE 2.3: CLOUD ADOPTION CHALLENGES 22
Lack of resources/Expertise: The Right Scale report on February 2016 shows that since the 2013 State of the Cloud Report, security has been cited as the top challenge in the cloud. Lack of resources/expertise increased from 27 percent last year to 32 percent to supplant security as the largest concern. As more organizations are placing more workloads in the cloud, the need for expertise has grown. Additional training of IT and development staff will be critical to helping address this challenge.
Security: Security is the most challenging barrier to the adoption cloud computing in financial institutions. Cloud computing security is an evolving sub-domain of computer security, network security, and, more broadly, information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing 23. Some of the common threats to cloud computing security are: data breaches, data loss, Account/service traffic hijacking, insecure interface and APIs, denial of service, malicious insiders, cloud abuse, insufficient due diligence and shared technology vulnerability.
There is a general agreement among security professionals and experts that the overall objective of information security is to preserve the availability, integrity, and confidentiality of an organization’s information 24. To protect information and privacy of their customers’ cloud providers adopt different security mechanisms like encryption, multi-tenancy, and VLAN. The data in motion is encrypted through the Internet Protocol Security (IPSec) and generic routing encryption (GRE) tunnel, as well as by using a virtual LAN with a software switch available in the Meghdoot stack. Hypervisor’s zoning ensures segregation of access rights and privileges between hardware and the virtual environment 25.
Whenever companies decided to move their data to the cloud they should have a clear understanding about who and how to secure their data at a different level, i.e. Security at the network level, security at the host level and security at the application level. Security at the network level means ensuring data confidentiality and integrity of the organization’s data in transit to and from the public cloud provider. Application level security is usually the responsibility of both the cloud service provider and the customer. Host level security is protecting attacks to the guest operating system, stealing keys used to access and manage the hosts.
Regulatory and Compliance Restrictions: Besides technological and security issues, there are also regulatory, compliance and legal issues to consider when moving to the cloud. Based on business requirements, a company’s computing infrastructure could be a focus to certain compliance regulations. Companies would have a clear list of agreement requirements before considering cloud service providers. If the tenant or cloud customer operates in the United States, Canada or the European Union, they’re subject to numerous regulatory requirements. These include Control Objectives for Information and related Technology and Safe Harbor. These laws might relate to where the data is stored or transferred, as well as how well this data is protected from a confidentiality aspect
Performance Bottlenecks: Cloud provisioning is the process of deploying and managing IT resources on cloud infrastructures. Rapid provisioning is a key performance requirement for cloud services, especially when there are a large number of customers requesting resources at the same time. However, it is difficult to determine what factor, or a combination of factors, are the causes of poor provisioning performance because there are no existing tools and methods to trace each status change and execution step in provisioning 26. Multiple virtual machines (VMs) can share CPUs and main memory surprisingly well in cloud computing, but that network (HTTP protocols and bandwidth issues) and disk input-output sharing are more problematic.
Lock-In: Vendor lock-in is a situation in which a customer using a product or service cannot easily transition to a competitor’s product or service. Vendor lock-in is usually the result of proprietary technologies that are incompatible with those of competitors. However, it can also be caused by inefficient processes or contract constraints, among other things. Moreover, these types of services dent high switching costs between competing vendors, making customers reluctant or even incapable of transitioning to different vendors. It’s the classic case of a tradeoff between good technology and good business. Unfortunately for customers, bad technology and closed standards sometimes make for a more profitable product. The fear of vendor lock-in is often cited as a major impediment to cloud service adoption.
It is not suggested a company become locked-in with a specific cloud provider, because this dependence may limit control over costs and technical cloud hosting options. It is not unusual for providers of the cloud to increase service values or change their technology offerings 27.
According to 28, one solution to vendor lock-in is to standardize the APIs in such a way that a SaaS developer could deploy services and data across multiple cloud computing providers so that the failure of a single company would not take all copies of customer data with it. Storage expert Arun Taneja offers the following tips for avoiding cloud vendor lock-in:
? Read the fine print of each provider’s policies, and if necessary, ask them directly how they facilitate moving customer data out of their cloud storage repository.
? Ask the provider whether they offer data migration tools or services to facilitate the movement of large amounts of data.
? Choose providers that have pledged to support emerging industry standards, such as the cloud data management interface standard created by the storage networking industry association.