So you think the cloud is easy, Think again!

My job is diverse and exhilarating.  I wouldn’t change it for the world.  One day I am fixing a printer problem on a single-seat site, the next I am talking high-end architecture with some of the best and cleverest minds on the internet, and the next I am sitting in a cafe writing an article for my blog.  There is huge variety in everything I do.  I love it!

But there’s one thing that bothers me about this industry.  The problem is that the “cloud” and “cloud technologies” are driving me to distraction.  The concept is great; the execution, in a lot of ways, is a fail.   It’s not the technology but the people providing it.

I recently was called on to set up a cloud infrastructure for a client. Normally a smooth and easy process: search the internet, jump on a site, do your due diligence (security and compliance), fill in an application request, talk to the client’s sales team to determine the best system (they should know their systems), pay for it, and then provisioning takes place.  Within hours, you are playing in your new digital sand pit, that’s the way it is supposed to work anyway.

Now do that with a very small time window.  Yes, I know, “lack of preparation on your part does not constitute an emergency on my part” and similar sayings abound.  I often say them to myself.  But, clients being clients, you sometimes have to bend to make something happen.  Most of us will bend over backwards to make a client happy.  Normal is easy; the impossible just takes a little longer.

So here we are:  We have to have this infrastructure up and running in three days.  I can hear you say “that’s easy.”  But throw in a weekend, and you suddenly have 24 hours to sort it all out.  That should be enough time—but it’s not.

My understanding of the cloud at a basic level is that you can grow and shrink as required, you can increase RAM and processor cycles as needed, and you pay for your use.  So setting up the solution on a minimum requirement should be easy because you can grow and flex as needed.  That’s fine; the challenge arises from the simple fact that provisioning can take up to 12 hours.  Okay, that is still not a problem in itself.

The largest problem comes from the next part, getting the payment cleared.    This can take up to 72 hours, no matter what payment method, and now you can see where I have a problem.  The world is doing business at the speed of light— except the banking sector.  They are still living in the 70’s.  To me, in my business, if you have paid and you send me the remittance or a copy of the receipt, then as far as I’m concerned, you have paid.  No arguments.  We do what has been agreed upon, and the money will turn up in the accounts in due course.  If it doesn’t then it’s time for an argument, or time to get a new bank.
I can’t understand why high-end cloud providers don’t see it this way.  If it has been paid for via credit card, direct deposit or PayPal, then both the seller and the buyer are protected.  The banks take great pride in being able to say that people cannot rip you off through their payment gateways.  So why does big business not embrace this?

Now, in Australia there are a number of web providers and hosting companies who are absolutely brilliant.  NetRegistry and Webcity both come to mind.  The moment you get your receipt, your domain is set up and your hosting package is done, and that includes VPS systems.  Brilliant service, friendly people, fast and simple. In the case of my client, we got the infrastructure set up in time —barely.  But the extra rush and anxiety could have been avoided with a more sane payment system.

I just wish high-end cloud providers would change their attitudes and join the rest of us in the 21st century.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.