Double standard--corporate banking transactions, cloud file storage
Guest post by Shadrach White
There is a misconception about multi-tenancy and the cloud. The concept is not new; it dates back to the beginning of mainframe computing. The architecture that supports the ability for multiple organizations to share applications occurs at all layers of the computing stack. Depending on the system, this could happen at the infrastructure, platform or software layer. System architectures can move from low to high degrees of multi-tenancy with infrastructure being the lowest and a software user interface being the highest. This is as true for online banking as it is for cloud file sharing solutions.
A Multi-Tenant computing model combines a shared use of physical computing resources and virtual containers for operating systems and application software. This architecture enables flexibility and resource sharing in a secure and isolated manner. A tenant is the application and the data stored in the application can come from, be consumed by and belong to one or many sources.
An accounting department that processes financial information using an ERP system connected to a database server used by many applications is as much a 'tenant' in a shared environment as a marketing department that publishes files to a public cloud for collaboration with an external PR firm.
The core processing systems used by banks to process millions of transactions commingle private financial information using a multi-tenant architecture each day. The IBM (NYSE: IBM) mainframe still plays a key role as the hardware platform of choice for many data processing operations. The data contained on this hardware in almost every case spans many unrelated companies, individuals and industries. These include organizations that must meet regulatory requirements like HIPPA and SOX.
"We aren't going to the cloud. We won't store our documents in a multi-tenant architecture, we must have total control of this data in an isolated server farm behind the state firewall"--State of Washington IT Manager
All of your health records, 401K, any stock trades and banking records are stored and processed by third-party organizations outside your corporate firewall. I can't for the life of me understand why your IT project documents or the latest PowerPoint used by HR must be held to a different standard. I find this especially quizzical in the government sector where 'transparency' is bandied about as a political buzzword. FOIA and Public Disclosure Requests must be fulfilled in a specific timeframe and most of this information is 'by law' a public record.
On the one hand, companies have been commingling sensitive financial data on a single server with other customers since the beginning of mainframe computing. Individuals have never had their medical or financial records isolated on their own servers. Multi-tenant data storage is the norm not the exception. Yet, you have a vestige of legacy IT managers and senior executives concerned that storing a word document in a public cloud based file system is not safe. Nearly all of the arguments are thin, repetitive and fly in the face of practical decision-making and common sense business.
Another common argument against public cloud services focuses on content ownership and privacy. The idea that companies who are offering file sharing and collaboration solutions are interested in reading or somehow using your content for its own gain or that it could somehow hurt your business is asinine.
They're in the business of selling their service to as many customers as possible. How does reading your latest project documents or holding your content hostage help them do that?
Also, the idea that one of your competitors is going to somehow troll or hack these systems to gain any market advantage is silly. Do you really think they have staff spending time doing that?
If these documents are that sensitive, your corporate policies already forbid dissemination and you're already open to that risk by employees using email attachments. I would argue that 99.9 percent of all companies and the content they should store and share would deliver more productivity advantages to employees than any risk of corporate espionage could outweigh.
Bottom line is the cloud is not an option, it's a business imperative. I believe it's the exact opposite of what any detractor's may say. It isn't the risk of moving to the cloud you should worry about it's the risk of not moving to the cloud. If you're expanding your onsite data center footprint or replacing outdated hardware to maintain current systems, you're wasting valuable time and money. Your existing software and hardware vendors are laughing all the way to the bank every time you cut another purchase order.
I welcome comments and would love to hear about anyone who has successfully convinced their bank to keep all their records on separate isolated systems, safe from other customers and competitors.
Shadrach White is President and CEO at cloudPWR. He has 18 years experience in the content management and business process automation fields specializing in the financial services, government and health care verticals. Working with many Fortune 500 companies, he has been recognized by his peers and colleagues as a thought leader on content management and cloud computing technologies.