Trusting the Cloud

This was originally posted in response to a blog entry by James Urquhart in his insightful ‘The Wisdom of  Clouds’ :

At the moment there’s a clear difference of opinion amongst cloud aficionados on the subject of trust. The Web 2.0 optimists argue that informal trust is good enough. They’ll say “I’ve rarely had a problem with EC2/FlexiScale/Mosso and when I do I just restart my app some time later. Oh, and I get some credits too when that happens”. The business skeptics on the other hand say “How can I expect some third party to take the same care and attention over my critical applications that I do myself? How can I trust someone else not to lose, accidentally expose, or sell my confidential data?”

Trust is often treated in these cloud discussions as if it was a binary property. I either trust ‘the cloud’ or I don’t. But things aren’t as simple in the real world. I might trust James to look after my pint whilst I go to the restroom but not to look after my Porsche (if I had a Porsche, that is). Whereas I’d trust my colleague Barry with my Porsche but I wouldn’t leave him alone for 5 minutes with my pint. Trust between two individuals / organisations is a function of their previous interactions.

In the business world (and in the pre-nuptial arrangements of the very wealthy) trust is codified in legal contracts and in the legal system that supports those contracts. So, when you ask me if I trust my bank to look after my money then I’d say … (no, wait, that’s a bad example). When you ask me if I trust my airline to deliver the seat I’ve booked then I’d say ‘yes, in the main’. But if they don’t, then I know that there is a contract in place and an audit trail and that there are laws that will result in my being compensated for their failure to deliver. This knowledge bolsters my trust and is ultimately what makes my business with the airline, indeed all business, possible. I don’t think we’ll see broad take-up of cloud infrastructure until we can capture the contractual relationships between cloud customers and vendors (and incidentally I believe that in the cloud this distinction will become increasingly blurred).

At Arjuna we think this can be done by allowing service requirements to be clearly defined and then by constructing service agreements (effectively contracts) between independent parties intended to support those service requirements. (Thomas Bittman of Gartner has recently blogged on how potentially complex some of the requirements might be – ). These agreements need to be very dynamic in nature and to be sufficiently flexible so that they are capable of supporting everything from complex, tightly defined business relationships backed by legal documentation, to the very loose and non-contractual relationships. Once an agreement is in place both parties can then build their own audit trail recording their view of how they and the other party have performed. This knowledge can be used to inform further agreements i.e. build trust, and to help to settle (or avoid) disputes between the parties.

Business requires contracts and, if it means business, then so does the cloud.

Tags: ,

One Response to “Trusting the Cloud”

  1. Suresh Sambandam Says:

    Excellent Post. Especially the example of Pint & Porsche is quite impressive. I will use this in my cloud computing briefings. Also, I read another post which said ‘Where will you keep your gold? – at home or at your bank’s safe/locker”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: