Grant Morgan, Dimension Data

South Africa’s cloud computing adoption is behind that of its BRICSS counterparts.

This was revealed by Grant Morgan, GM for cloud at Dimension Data, when addressing the ITWeb Cloud Computing Summit, in Bryanston.

According to Morgan, China (36%) is the biggest cloud computing adopter of the BRICSS states, followed by South Korea (29%), India (16%), Brazil (13%) and Russia (4%), with SA last at 3%.

Among the top inhibitors of cloud computing in SA, Morgan noted, were security and privacy concerns.

He also pointed out that governance issues are another worry for local organisations, adding that in most instances, there are inadequate, inflexible or non-existent cloud service level agreements (SLAs).

Organisations are also hesitant to adopt cloud because of poor vendor transparency, as well as an inability to assess risks and audit cloud vendor security measures, he noted. “There is also unclear long-term return on investment and inability to monitor costs between billing cycles. Vendor lock-in created by a lack of service interoperability and poor service migration is another issue.”

Organisations are worried about market immaturity, vendor fluctuations and poor service implementations, Morgan added. Most organisations are also deeply concerned about operational risk, which involves elements of data sovereignty risk, which speaks to the actual domicile of the information in service provider data centres.

Data and code portability risk is another limitation, which determines the difficulty of recovering intellectual property from the cloud, he said.

According to Morgan, when talking about data-loss risk, once an organisation’s information is on a shared, multi-tenant cloud platform, mitigating the risk of inadvertent or malicious data loss is relinquished to the service provider, potentially exposing the organisation to legal and social risks.

Thus, he urged organisations to fully understand the SLAs before engaging a cloud service provider.

HYBRID CLOUD IS BEST

To combat security concerns, Richard Vester, director of cloud services at EOH, suggested companies consider a hybrid cloud model which, he said, offers the best of both the private and public cloud worlds.

Richard Vester, <a href=

EOH" />It’s a matter of balancing risk, control and flexibility in cloud deployments, said Vester. “For low risk and high control, go with the private cloud. The ‘public’ cloud – although I prefer the terms ‘managed’ or ‘hosted’ because the data isn’t public, sitting where anyone can access it – is high risk and low control. In the middle is the hybrid cloud.”

The hybrid cloud combines the strengths and weaknesses of both options, explained Vester. “With a hybrid cloud, you can keep missioncritical information in the organisation, to be consumed by the users inside the organisation itself. Then you can take something like mail, or other, less mission-critical applications, into the public cloud. You can scale up and down, but you’re not locking yourself into one particular environment.”

The hybrid cloud allows for reduced expenditure and scalability – often touted as the principal benefits of cloud – while ensuring mission-critical data is available anywhere, but secured, said Vester. Ensuring governance and compliance is an essential step towards the hybrid cloud, he noted: “If you don’t have this, you’ll never be able to adopt cloud computing in the correct manner. The question is, how do you actually get visibility over governance and compliance in the organisation, so that when a user does something, the right people are notified about what is happening? The POPI Act and others will be forcing organisations to look at how they manage this.”

Regulatory issues such as privacy and data residency are one of the principal factors keeping businesses away from the cloud at the moment, according to Vester, alongside cost uncertainty and worries about staff control.

CIOs and IT managers require new capabilities, said Vester, including ensuring compliance, as well as deploying portable apps, controlling a single point of management and measuring performance. Ultimately, this management is at the root of a successful cloud, he noted. “You don’t have to build on any particular platform – you can build on anything. It’s about how you orchestrate and manage those environments to best fit your organisation.”