The cloud computing market is exploding. According to technology research firm Gartner, the market was worth over $100 billion in 2012 and is expected to double within the next four years. With a growing range of "Security-as-a-Service" offerings from access control to video surveillance, recurring revenue business models have grown far beyond their origins in alarm monitoring and now pervade every aspect of our industry.
Vendors responded to this gold rush with product offerings designed to put integrators into the RMR business. They’re also offering to save end users big up-front expenses while reducing total cost of ownership.
Unfortunately, with every gold rush there are opportunists selling false, over-hyped claims. This is especially worrisome for the security industry because inaccurate cloud claims endanger the safety of our customers and their property.
Real Data Center or an Integrator’s Network Closet
You would think that anything advertised as a "cloud" solution would be hosted at a real data center. Today, a number of security systems vying for cloud legitimacy are actually server-based products that integrators install at their own facilities and operate on behalf of customers.
This sounds fine in theory, except that few security integrators have the IT chops to pull it off. Many a "data center" in our industry turns out to be nothing more than an unsecured network closet in an industrial park office with electrical backup from a five-horsepower generator. Contrast this with a real data center that has a hardened perimeter, riot glass, 24/7 guards and staffing, biometric access control, redundant ISP connections, redundant power supplies and cooling equipment, fire suppression, earthquake proofing, network monitoring, and enough batteries and diesel generators to keep the whole thing running for days—if not weeks—in the event of a major emergency.
Nothing less than a real data center can provide the high availability and data security required for security services; anything else places end users at high risk.
Substandard Hosting: Just a Fancier Network Closet
Substandard hosting is a close cousin to the network closet. It has become so easy to spin up a virtual machine with an Infrastructure-as-a-Service company that everyone is doing it and declaring game over for meeting the hosting requirements of a security application. Unfortunately, many end users suffer brand-name blindness in this scenario and can’t see past vendor assurances that their data is hosted at Amazon, Azure, or some other Big Company. Don’t get me wrong. These are great companies with great services, but the quality of an application service has as much to do with the way the software is written and managed as it does with where it is hosted.
For example, it does no good to be hosted at a big company unless you’re diversified across at least two of their data centers. A lot of Amazon Web Services customers learned that lesson the hard way during recent outages in one of their primary availability zones. Ditto for Microsoft’s European cloud customers.
Taking it a step further, it does no good to be diversified across multiple data centers unless you have real-time database replication built into your product architecture. And it does no good to have replicated data unless you also have global traffic management to immediately switch between facilities. The lesson here is that it’s the whole solution that matters. A brand-name hosting service doesn’t guarantee quality unless the application provider has taken all the proper architectural and operational steps.