The Cloud Can Rain on Your Parade

Cloud computing holds great promise and potential, but it’s not without risk.

September 23, 2013
/ PRINT / ShareShare / Text Size +

Recently, a salesperson for a core processor gave us an interesting proposal for dumping our hardware and moving to “the cloud.” The offer, illustrated with dozens of colorful PowerPoint slides, was full of quirky graphs and small print. Basically, however, it was summed up by this exchange:

Sales rep: “It will save you money.”

Me: “How about the security?”

Sales rep: “LOTS OF MONEY.”

Me: “But reliability? Speed?”

Sales rep: (Using $20 bills to wipe up some spilled Perrier water), “Did I mention money?”

Branching Out - cloud computingOn the cost front, the salesperson is probably right. By having our systems in-house, we’re constantly moving and adding servers, storage, and other expensive equipment only to discover the devices are often underutilized.

And all that fancy hardware takes expensive professionals to keep it running. Some days I wonder if exchanging our server room for a stable of thoroughbreds might be cheaper.

Indeed, cloud computing allows for data and services to be shared. But don’t expect to know for what, or how.

The entire process is baffling even to experienced personnel, not unlike your last safety and soundness exam.

Grappling with complicated IT issues is like interacting with your car mechanic, who hands you a tangled mess of metal and wires and tells you “this needs to be replaced.”

Confused and depressed, you hand it back and take out yet another mortgage on the house so your eight-year-old car can chug along until something else breaks.

But I digress. Back to the cloud.

In July 2012, the Federal Financial Institutions Examination Council (affectionately known as “that other regulator”) issued a statement that viewed cloud computing to be as risky as any other vendor relationship—perhaps only the 17,457th dumbest thing said by a regulatory agency that year.

Cloud computing shifts tremendous work and responsibility to others. It also means that you need to ask specific questions to those selling such systems, including:

“Where’s my data?” As with all mythical lands like Hogwarts and Congress, the cloud is not an actual place. Is it in Kansas? Florida? Or—gasp—North Dakota?

Not all localities have laws that protect your data. And many third parties outsource this, so even they might not know where your data resides.

“Who can see my data?” The typical salesperson answer here is that your data is held in a dark, secret lair only to be seen by your staff and approximately 11,000 NSA contract employees. In reality, however, it might be visible to the vendor’s entire staff, their subcontactors, and their sponsored World of Warcraft team.

“Where is your disaster recovery site?” Again, due to the mythical properties of the cloud, the salesperson might say the question is irrelevant, preposterous, or even stupid. If the salesperson says “You don’t understand the cloud,” your response should be juvenile and humorous.

“Can you guarantee a certain speed?” Your salesperson probably will claim that only Al Gore can guarantee the Internet. But if your spouse is like mine and watches endless hours of “Downton Abbey” online, you’ll understand how the phrase “happy wife, happy life” goes up in smoke when the word “buffering” appears.

“How easy is it to move from your cloud-based system to another?” Having options is supposed to be one of the primary advantages of cloud computing. But they aren’t selling options; they’re selling a cloud. In fact, many cloud systems are proprietary, just like your in-house system.

Some will say that cloud computing is the newest name for smoke and mirrors. For someone who regularly uses Google mail and other cloud apps, I would disagree. It’s powerful, amazingly inexpensive, and flexible.

But there’s one thing it is not: without risk.

JAMES COLLINS is president/CEO at O Bee CU, Tumwater, Wash., and Credit Union Magazine's humor columnist.

Cloud vendor - what risk?

Brian Fischer
September 23, 2013 10:52 am
My comment title echos a bit of sarcasm. Cloud vendors do promote speed, flexibility and low cost. All are true. But what are these vendors doing to ensure the security of your member data? Equally as important, what is the individual credit union doing to endure information security? Regulatory agencies place the responsibility for this squarely on the shoulders of the credit union. How do you work towards reducing this risk? Continue a multi-layered approach to information security including complete information security assessments and an in-depth due-diligence review of all vendors handling critical data including those in the cloud.

Flag Comment as Offensive

Post a comment to this story


What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory ( will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive