Clouds must be transparent

Customers want to see what they're paying for

Top three mobile application threats

Deep Dive Public cloud computing won’t be successful unless its providers make the full breadth of services transparent and accountable. Customers must be able to see what they are getting and know it has been delivered.

Infrastructure and focus

I work in infrastructure. That means I’m most concerned with the hardware, software and methodologies that form the basis of cloud-based services. I work with organisations that are building cloud platforms to enable the delivery of these services for consumption by end users and I’ve noticed a trend in focus that we actively need to address. Before I detail exactly what that is, let’s refresh ourselves on who the players are in this type of arrangement.

  • Starting at the bottom are the vendors that provide the kit and caboodle that form the basis of the platform - the infrastructure.
  • Then there is the service provider who combines all of that equipment and software and makes a meaningful service offering out of it.
  • Then there may be agents and referrers who bring in business and customers to attach to that service and consume it.
  • Finally, there are the consumers themselves who actually use the service.

Each party has its own vested interest in the arrangement. The vendors would like the service provider to carry on buying their products and services that makes them profits. The Service Providers would like the consumers or agents to keep subscribing to the service that they provide as that brings them profits.

Cloud consumers

But what of the consumers? The motivation here cannot possibly be profit as not everyone in this stack can make profit, someone has to provide the funding for some other benefit. This is the area that can easily be neglected and actually where a lot of the focus should be.

Consumers use cloud services for several reasons. Anyone involved in providing the service or supporting the service can roll the benefits off the tongue at will and they of course include ease of management, predictability of costs and flexibility of service to name the top three I come across.

In exchange for these benefits the consumer will part with certain levels of cash. However, as with consumption of any other good or service, there must indeed be a tangible benefit with limited risk associated in order for that decision to part with that cash to be made.

It is not unusual for a service level agreement to be offered by providers of cloud services, be that compute or storage. They normally focus around performance, capacity and availability. These three are critical aspects to the service achieving what it set out to. However, although they influence the overall experience of that service, they do not fully determine it.

Taking flight

Let’s take another industry as an example, say, the passenger air industry, and let’s assume the service is a flight from London to Paris. Taking the above three critical elements we can promise when the flight leaves and arrives (performance), a place to sit and put luggage (capacity) and a plane with more than one engine should something bad happen (availability). This will probably get you from London to Paris, but it speaks nothing of the experience.

The capacity could be provided above the wings of a bi-plane or next to the rear-gunner for example. It doesn’t define the minimum standards that can be expected or whether a meal or movie is provided. All of these things are expectations the consumer may have but has no way of understanding what is actually going to be delivered. I’m not a fan of such lucky dips with my flights, and consumers of cloud services are likely feel the same way.

So what elements should a cloud provider consider when framing and offering and engaging with consumers? Let’s focus on the cloud storage model as that has many implications that need to be addressed.

To start with, the full experience should be described as part of the service catalogue entry. This means defining not just what capacity and performance can be expected, but what other services and features are provided with that – such as backup policies, what is required to access those backups, how flexible the service is and what process is required to leverage that flexibility. The consumer must understand exactly what they can expect for their money up front. That is the attractiveness of a cloud-based solution and is what will bring in the customers. Sadly it is not a case of “build it, and they will come”.

Evidence of service delivery

The next factor and often the one that gets overlooked is providing evidence to the customer that they have indeed received what they have paid for. This normally takes the form of a report attached to the monthly invoice that details the thresholds set for the service and where the actual parameters lay within those thresholds. There is also an excellent opportunity for some "value-add" here by making recommendations for new service levels, whether or not they are greater than those currently deployed. A consumer will greatly appreciate being told they can spend less and will likely be more loyal to an organisation that tells them that.

Accountability doesn’t end there though. Whether or not it was described in the service level agreement, there are regional laws and general expectations around security and privacy which must not only be upheld, but in terms of accountability, must be seen to be upheld. That means that proof needs to be available that all reasonable steps have been taken to protect the service from unauthorised access, modification or disclosure. In terms of global cloud deployments this would also include the ability to locate the data in a specific geography and within certain legal frameworks without risk of bleeding to others and exposing the data to non-desired laws and legal entities.

So as you can see, there is a lot of responsibility that is taken on by a cloud provider, more so than a simple internal IT provider in fact. The key tool to dealing with the additional demands and accountability of these sorts of services needs to be transparency. The current status of the data and the service must be easy to query and ascertain and unless the expense of manual examination and reporting is going to be added, this needs to be automatic.

It’s areas like this where conforming to standards such as the SNIA’s Cloud Data Management Interface (CDMI) come in, and allow a uniform and consistent means of querying multiple services not only about the specifics of that service, such as its capabilities but also of individual elements of data including such things as authorisation, current placement and legally accepted placement.

When setting up a cloud service, or when consuming one, you should insist that transparency and accountability is considered and detailed, as this really will become a differentiator in what is becoming a very consumer-centric marketplace. ®


This article is based on a series of SNIA tutorials on cloud storage technologies. To view all of the tutorials on Data Protection and Management, visit the SNIA Europe website.

It was written by Glyn Bowden, SNIA CSI member and SNIA Europe UK Committee member. He works for NetApp.

For more information on this topic, visit: www.snia.org and www.snia-europe.org.

About the SNIA

The Storage Networking Industry Association (SNIA) is a not-for-profit global organisation, made up of some 400 member companies spanning virtually the entire storage industry. SNIA's mission is to lead the storage industry worldwide in developing and promoting standards, technologies, and educational services to empower organisations in the management of information. To this end, the SNIA is uniquely committed to delivering standards, education, and services that will propel open storage networking solutions into the broader market.

About SNIA Europe

The Storage Networking Industry Association (SNIA) Europe is dedicated to educating the market on the evolution and application of storage infrastructure solutions for the data centre by providing thought leadership and industry education focussed on storage technologies and business value. For more information visit: www.snia-europe.org.

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.