Information Technology Reference
In-Depth Information
TableĀ 6.1 clearly shows that over the expected life of the system, on-premises solutions
tend to be more expensive. However, what we did not take into consideration here are
some intangible factors such as security, control, and compliance, which may tip the scales
toward on-premises solutions, especially if all three are required by the organization. If this
is the case, then there won't even be a comparison at all.
Accountability and Responsibility
Based on Delivery Models
Cloud computing changed how IT-based services are provided. It is a paradigm shift that
brings various complications, raising questions about accountability and responsibility in
the case of outages.
Traditional delivery of applications has been offered by vertically integrated organiza-
tions. Both hardware and software were already bundled together and purchased from a
single supplier that was solely accountable for the product's performance. However, the
cloud environment mixes things up because there are a lot of entities that have a stake in the
system; there are infrastructure providers, simple cloud application providers and resellers,
cloud environment providers, network providers, end-point ISPs, and many others. So when
an outage occurs, who is to blame?
Private Cloud Accountability
For a private cloud or on-premises solution, responsibility and accountability reside with the
organization itself, although it may extend to the equipment manufacturer or distributor in the
case of hardware failure and software bugs. But for the most part, the maintenance and secu-
rity of the system are the responsibilities of the IT department. This is simply because a private
cloud or on-premise solution is, as we discussed earlier in the chapter, implemented behind the
corporate firewall and maintained by the local IT department. It utilizes internal resources and
is designed to offer benefits similar to those of the public cloud without relinquishing control
of data and security as well as the recurring costs associated with public solutions.
Because the decision to implement a private cloud is usually influenced by the organization's
need to maintain absolute control of the virtual environment, often due to business or even
regulatory reasons, the organization itself remains responsible and accountable. That will not
matter much, however, because users are often internal, part of the organization. But if there
are external users, as is the case with most banking institutions, security concerns and outages
should be shouldered by the organization, particularly by its IT department. This is really no
different than other kinds of services.
However, if specific problems are the cause of security breaches, impairments, and outages,
the responsibility can be passed on to the hardware manufacturer or software developer. For
example, if a specific brand of NIC contains an inherent vulnerability that allows hackers to
Search WWH ::
Custom Search