Is Cloud Computing the way?
Accurate and timely data and information is the lifeblood of supply chains. Many articles and commentaries concerning current and future IT scenarios appear to assume that Cloud Computing will be the predominant storage and delivery technology. But is this assumption valid?
Cloud Computing is the cloud-like squiggle that network designers use to denote internet based technology residing somewhere else. Cloud Computing is now a generic term that includes:
- Software as a Service (SaaS): a service provider supplying a package of IT services and applications
- Infrastructure as a Service (IaaS): for organisation that want to manage their applications network ‘on demand’ via the web, although the network operations could be maintained by an external contractor
- Platform as a Service (PaaS): for commercial software developers not wanting to incur the capital expenditure of in-house IT resources
SaaS is the model most commonly used by commercial businesses and has a potential lower cost of operations, because a service provider can spread the cost of services over a number of clients. However, using cloud services is not without its challenges, which media articles tend to ignore.
An example occurred a few years ago, when a privately owned business implemented cloud computing. The business was acquired by a region based organisation with a number of subsidiaries, some of which were incorporated into the acquired business. The acquiring business had a decentralised and ‘hands off’ IT policy and allowed the now larger division to continue with its cloud computing approach. Imagine that you are the newly appointed supply chain manager for the enlarged division.
Another acquisition now takes place in which the region based business is acquired by a multi-national corporation. This organisation has a more corporate system direction and all IT is undertaken in-house. At your division, more than 70 percent of IT transactions are supply chain based, so you are directed to discontinue the cloud computing contract and manage the transfer to corporate systems.
But the service provider is unwilling to lose a long term customer and its monthly billing – it delayed replying to telephone calls and emails; stated that it did not have the expertise to convert and reformat the customers data to be incorporated into the corporate IT systems; was unwilling to identify where the organisation’s data was stored and other stalling tactics.
Factors to consider with the Cloud
How the data was eventually returned is specific to this case, but it highlights that a cloud computing contract may appear to be satisfactory until conditions change. So, whether your organisations supply chains use cloud computing or is considering an implementation of the technology, review the contract or service level agreement (SLA). Do not be lulled into ‘good feelings’, due to the excessive use of the term ‘partnership’ by the service provider – they have a commercial incentive to incorporate clauses that lock user clients into the contract for its full term.
The initial work by a user should be to identify the risks of ‘lock-ins’ and an exit strategy that includes data portability. Ask the question ‘how much effort and cost will be incurred to get out of this contact?’. The following clauses should ideally be written into the contract:
- No or minimal ‘lock-in’ period before switching to another cloud computing provider
- A current copy of the data files in an agreed format available to the customer at all times (this is data portability)
- An agreed process for changeover to another service provider or revert to in-house IT In the event of a merger or acquisition (M&A), end of contract period or early close to the contract
Having reviewed possible ‘lock-ins’, then review the service provider. Like supply chains, a service provider must be able to deliver in full, on time, with accuracy. So, consider their reputation for availability and reliability (and the techniques by which they establish the performance), plus their capability to scale up resources if required. Also the security and administration at the location where your data is held and the legal jurisdiction under it is covered.
At the operational level are the matters of downtime and recovery of lost data. As no service provider can guarantee 100 percent up-time, assume there will be periods of downtime at the service supplier’s facilities. The threat of downtime becomes even more critical if a users internet connection, bandwidth and speed are suspect. Transferring data over the network requires additional bandwidth to overcome latency time for receipt of data packets and application time-outs, And bandwidth can be expensive in some countries.
To address data loss requires a back-up policy at the service provider. This should incorporate at least an on-line backup (virtual mirror image) while the database is active and performed at short intervals. In addition, an offline backup performed while the database cannot be accessed. The backups should be held and be accessible at different locations.
The risks for security and privacy of data is assumed by the service provider, but in reality remains with the user. This includes the risk of cyber attacks. It is therefore the users responsibility to have a data security and privacy policy that incorporates both internal and cloud based IT. This will include a policy concerning the use and control of passwords and access to applications.
From the aspect of supply chains, a challenge of cloud computing is the integration of data from both cloud and in-house applications. Therefore, an initial policy decision must be the extent to which cloud computing should be considered in supply chains – for core applications or just peripheral functions, such as analytics and analysis or communications with transport suppliers.
Only at the end of this discussion is the matter of cost identified. This is because the service provider negotiates the price. It is the user responsibility to identify the total cost, based at least on the risk factors discussed here and the potential consequences for your organisation. Cloud computing can be a valid approach for managing data and information in supply chains, but the discussion should not commence on the basis of cost savings. Instead, evaluate the risk factors for your organisation to identify the total cost.