Cloud is not a technology decision

I’ve sat through a lot of debates recently about whether not-for-profits should migrate to the cloud. Most have either focussed on technology questions such as, “Is the cloud better technology than traditional models?” Or cost arguments. But what struck me during these debates - apart from the ubiquitous use of cloud to cover anything that didn’t involve capital expenditure on IT and therefore being a quite useless term for any specific discussion – was that there is a crucial point that is being missed:

·         

The general overhead for small organisations (as most not-for-profits are) of owning technology.

This was really brought home by two conversations. One was a discussion on benchmarking of IT costs, and whether outsourcing was more expensive than doing it yourself. One of my colleagues made the point that for the outsourcer, all costs are visible and have to be taken into account when setting a price - commercial reality is very harsh if they’re not covering all their costs. Now that’s not to say that the in-house IT organisation doesn’t have to cover its costs, but some of those costs can get deeply hidden within the organisation, and are not immediately visible and attributable in a chart of accounts. For instance, the cost of a finance or HR function may not get included, yet by their very existence IT employees add some burden to these functions.

The second discussion was with a small charity who have engaged an IT support company to help them and wanted someone to ‘sanity check’ what was being proposed to them. You see the manager at the charity didn’t feel that he had sufficient understanding of the technical detail to know whether what he was being told was right and, in particular, whether some of the work could be deferred to manage their cashflow better. Which brings me to my point: 

Cloud solutions such as Google, Microsoft Office 365, Dropbox, Huddle, Salesforce.com etc. take away a set of technology from the organisation so that senior managers no longer have to concern themselves with it.

Now I know this is a claim made by the outsourcing fraternity, but cloud is subtly different. I’ve been involved with a lot of outsourced contracts and they all finish up in discussions, to a greater or lesser degree, as to how much kit you use, what technology it is being managed, how often do you want to change/upgrade it and so on. So management are still involved in gory technology decisions. This is where cloud solutions differ. As a manager, I don’t care about the detail of the underlying technology. I want email; I want file sharing; I want CRM functionality. What hardware, operating system, RAM, DRAM, SAN, UPS,NAS,  SSD, IPV6, Ubuntu, Linux, Windows, SQL, MySQL, SAP, Oracle, and any other acronym you wish to come up with that I don’t give a twopenny stuff about, do we need.

Management time is in short supply in not-for-profits. Managers want to focus what time there is on their passion: what their organisation delivers to its beneficiaries. Detailed IT decisions are the management overhead IT people forget about when they have their technology debates. Most non-IT managers don’t care about this stuff. It just takes time and gets in the way. The cloud allows them not to care, and to focus on what matters, which is how can technology help my organisation deliver more, faster, cheaper, or in completely new ways, without worrying about how much memory do we need in the server or where are we going to put the UPS.

Senior managers in not-for-profits are going to make decisions on cloud solutions on the basis that they save them time, are convenient, and they’re not going to wear out in three years time. Does it do the job? Is the price point right? Will it save the organisation and/or me personally a lot of time? If the answers to these three questions are yes, yes and yes, then expect senior managers in not-for-profits to say yes to the cloud. It’s not a technology argument for them, it’s a business decision!

Why are we so scared of cloud security?

I hear a lot peoples’ reservations about cloud computing. One of the biggest is security. No doubt Dropbox’s recent security lapse will be rolled out at every seminar and conference for the next three years to warn small children, sorry prospective users of cloud services, of the cloud’s inherent insecurity. 

But the more pertinent question is this: is the security of a cloud service weaker or stronger than you currently have? I would wager that for most not-for-profits it is emphatically stronger. I’m as big an advocate of a good firewall and a reputable anti-virus/spam package on all your systems as the next person. But let’s face it, most of the time what we’re protecting against here is the casual opportunist hacker who is targeting literally millions of potential victims. It’s like putting a burglar alarm on your house, it just makes you a bit more secure than the house next door that doesn’t have one when the opportunist thief walks by. A determined, competent hacker, targeting your organisation specifically, will almost certainly get in. Just like a determined competent burglar will break into your house if they decide your’s is the one. When the ‘celebrity’ hacker rings like Anonymous and Luzlsec see the challenge as the CIA (and allegedly succeed) what chance do we really stand?

Cloud providers spend a lot more money on their security, their reputation, as Dropbox are currenly finding out, depends on it. What they have in place is far superior to most not-for-profits. Yes there will be high profile mistakes, but tell me there haven’t been virus infestations and data breaches within hundreds, if not thousands of small not-for-profits. You’re most vulnerable point is the PC in the office with the ‘save password’ options ticked to yes, or the password written on the underside of the keyboard, or the USB stick left on a table at a conference, or that just oh-too-tempting website/email. These vulnerabilities will continue with the cloud and any other technology you use. Cloud providers anti-hack, anti-virus defences will remain a lot stronger than anything you do in house because it is one of the biggest economies of scale they bring to the table and their commercial lives depend on it.