Is the cloud ready for mission critical apps?

Organizations are gaining confidence in cloud computing, although questions still swirl around everything from basic security and compliance controls to issues regarding supplier viability, ROI and, given the prominent outages of late, simple availability. 

The Experts
Alexander Pasik
Alexander Pasik

Chief Information Officer of the IEEE says the cloud is ready for prime time and concerns about security and even availability are overblown. His organization, in fact, is already  living the dream. View debate

Sanjib Sahoo
Sanjib Sahoo

Chief Technology Officer at tradeMONSTER and OptionMonster Holdings, Inc. argues that cloud has a ways to go before it earns the right to host mission critical apps, and the bar is particularly high for financial services companies like his. View debate

Alexander Pasik

For most companies, yes.

Cloud computing is ready to support mission-critical applications. Providers’ track records of reliability, along with the fact that IT management is their core competence, should allay fears about the perceived stumbling blocks of security and availability.

More companies are realizing the economic benefits of moving mission-critical applications to the cloud and taking advantage of the chance it affords them to focus on their own core competence, which for most companies is not IT management. These early adopters have also recognized that the appropriateness of cloud computing varies by the "flavor" of the service, from Infrastructure as a Service (IaaS) to Software as a Service (SaaS).

 

Moving along the spectrum from on-premise computing to IaaS and ultimately to SaaS brings increasing economies of scale as greater portions of the technology stack are shared across the client base. Whereas IaaS saves businesses money via shared hardware, real estate, and power, SaaS achieves even greater economies of scale with shared applications, some key examples being Google Apps, Salesforce and NetSuite.

Many leading SaaS vendors have strong track records of reliability and security. Delivering this value is their specialty. To perpetuate that reputation, they invest far more in securing their environments than most non-cloud-computing companies do securing their own data centers.

[ALSO: 10 most powerful cloud computing companies]

Given this dedicated attention to security, trepidation about the safety of the cloud is largely unfounded. It's a psychological fear, akin to believing money under the mattress is safer than money in the bank. Overcoming this fear, both by understanding the provider's capabilities and by negotiating the appropriate service-level agreements (SLA), will allow companies to reap the savings associated with moving mission-critical applications to the cloud.

Economic arguments may not be as strong when it comes to justifying the use of IaaS, but the advantages lie in provider resilience - the ability of these vendors to offer greater performance in terms of reliability and scalability than customers do on their own. While individual companies have to build out infrastructure to handle peak loads, cloud providers offer an elastic approach of scaling resources that is more efficient and cost effective.

Reported outages and cloud service disruptions, however, are increasing potential users wariness. Not long ago, for instance, an Amazon data center went offline, affecting popular websites like Reddit, FourSquare and Pinterest. Wide reporting on this event - which unluckily affected social media sites, and hence a large number of users - has driven concerns about potential lapses in availability among cloud providers. But such problems are particularly visible because of their high-profile nature. Outages of this kind are far more common in enterprises that manage their own infrastructure.

Reliability and continuity, particularly in the face of major natural disasters, is in fact much better in the cloud. At IEEE, for example, we were fortunate enough to have moved many of our applications to cloud providers prior to Superstorm Sandy, the late-October storm that ravaged the mid-Atlantic and northeastern states. In New Jersey, where IEEE's operations headquarters is located, widespread power outages were accompanied by a fuel distribution crisis that stymied not only motor vehicle traffic, but also back-up generators. However, since part of our business continuity strategy included the use of SaaS and IaaS for many applications, our management of key applications was far easier and more reliable.

To further alleviate concerns about security and availability, companies can often negotiate SLAs with the cloud provider. These contracts are promises to address the chief concerns of businesses, whether they be performance, response time, scalability or some other metric. Specifying these parameters in an SLA provides the security of recourse if the levels are not met. Though many cloud computing companies don't immediately offer SLAs, it is typically a point for negotiation.

In summary, businesses that are hesitant about moving their essential applications to the cloud should not let fear stop them. They should evaluate providers' track records of reliability to deliver secure and consistent services, and negotiate SLAs so they can begin to take advantage of the economic opportunities offered by mission-critical applications in the cloud.

IEEE is the world’s largest technical professional organization dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. 

Sanjib Sahoo

Not yet

The cloud is not fully ready for mission critical apps. While the technology is rapidly maturing, it has catching up to do in terms of reliability, bandwidth management, latency and performance, security, cost of data storage and several other aspects.

Cloud computing is increasing in popularity, and rightfully so, but it is not ready for every organization, and especially not for financial trading organizations like ours -- tradeMONSTER, a top rated online brokerage firm. Even though there are some clear benefits, we are not moving to the cloud yet.

 

In evaluating cloud viability, organizations should categorize their applications into mission critical and non-mission critical and clearly assess the pros and cons. For trading companies like ours, the most important thing is getting guaranteed trade execution. Right now, that means dedicated lines to execution vendors and market makers, and those must be closely monitored.

Due to the difficulty and high cost of managing a private network within the cloud and lack of a guaranteed quality of service, critical trading apps have not taken to the cloud. Also, with no control over where servers are deployed geographically, latencies can't be controlled, which is a serious competitive disadvantage for trading firms.

There is a perception that the cloud reduces costs (both resource and money) compared to deploying your own infrastructure. But consider our case. The cost of handling high volumes of market data (almost 8 billion quotes during a 6 ½ hour trading day) and transactions would add up to a huge expense in the cloud.

Market data is not only I/O intensive but also exhibits tremendous message rate spikes due to market volatility, requiring substantial, instantaneous bandwidth expansion. Supporting market data transmission in the cloud would not only be more expensive, but it would add latency, which diminishes the value of the data and reduces the trading firm's quality of service.

Another related cost disadvantage of the cloud for our application is that much of the historical data must be stored so it can be used for charting and analysis tools. This dataset can go back 20 years. Data storage in the cloud is generally more expensive than storage on your own servers.

Brokerage firms like tradeMONSTER are subject to substantial regulatory oversight, including regulations regarding storage and protection of customer data. Storing sensitive data like Social Security numbers and and date of birth in a cloud infrastructure would raise serious issues with regulators. Another important concern is that the regulations require regular back-ups as well as keeping continuous off-site backups. This becomes a huge issue especially when several transactional and other data including logs have to be archived for regulatory reasons.

High availability is absolutely critical in trading applications because any downtime causes not only financial exposure but legal liabilities. The application systems are designed in such a fashion that they are clustered and highly available. More importantly, they are hooked into enterprise monitoring systems where the production support team is constantly monitoring network load, CPU, threads, memory, etc.

[ALSO: 2013: The year of hybrid cloud]

Super high availability requirements are more difficult to achieve when mission critical apps are deployed in the cloud. The recent outages at Amazon and cloud sites not only raise questions about the cloud model, but introduce new risk for organizations that have their destiny dependent on an environment where there is only limited monitoring and control.

This requires a substantial level of trust in the vendor, because trading firms cannot independently verify assurances of redundant power, disk, network, backups, etc.

At tradeMONSTER we have to integrate with many different third parties including clearing, execution vendors, market makers, market data vendors and business partners. To make this entire platform agnostic and build separate clouds of integration points with network integrations will only lead to a nightmare and increased costs.

While the cloud solution really comes with several positives, like consolidated hardware footprint, resources sharing, etc., it is still not ready for mission critical apps, particularly for organizations like ours. A tradeoff may be deploying some non-critical apps to the cloud to try it out. Also in the near future, organizations with hyper critical apps like ours might build private clouds to gain flexibility, more control and more options to scale.

Rated "Best for Options Traders", tradeMONSTER is setting a new standard of excellence and innovation in the online brokerage industry. tradeMONSTER was the first online broker to deploy a streaming desktop-like trading experience in a web-browser, featuring professional grade tools in a dynamic and customizable interface combined with integrated investor education, transparent commissions and an extremely knowledgeable and dedicated customer service team. 

Want more Tech Debates? Check out our archive page

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies