Seth Payne is a senior product manager at Skytap and previously worked as a technical product manager at the New York Stock Exchange.
“Cloud Computing” is the reigning buzzword in high-tech these days. Everything, it would seem, is either in the cloud, powered by the cloud, or some variation on the theme.
I remember when hosted email was just that: hosted email. Today, such offerings are considered cloud offerings even though they have not changed since first being introduced over 15 years ago. After all is said and done, we are still working with the same essential technology: compute, network, and storage. The reason cloud computing is so attractive is because it affords us incredible flexibility in how these basic elements are utilized – with both speed and specialized toolsets.
Cloud computing is a disruptive technology because it delivers existing technologies in new, efficient ways. As such, the essential unwritten – yet widely recognized – code of ethics that have informed IT operations for decades, apply to cloud computing as well. However, as cloud computing involves third party service providers as a matter of course, it is important to broadly review this code to determine if it introduces new challenges or presents new ethical questions.
IT Ethics Broadly Defined
Perhaps the most widely recognized ethical rule in IT is to respect the privacy of system users. IT admins, engineers, and others will often have access to employee email and personal files. It goes without saying that these admins absolutely need this access in order to manage a system and troubleshoot issues.
Another widely accepted ethical rule in IT is to protect customer data. When a customer pays for a firm’s services, the customer has placed significant trust in the provider and consequently, the provider has an absolute duty to protect its customers from data theft or misuse. If a data breach does occur, the provider has a duty to make the customer as whole as possible.
Providers also have the moral duty to be honest with customers regarding security policies, and at times, even system architecture. I once found myself in the unfortunate circumstance where a company I was working with had poorly designed network architecture with a massive single point of failure. As a matter of course this single point of failure did fail in a spectacular way which brought down the entire system and impacted several customers. After the mad scramble to get the system back up and running, it was important for me to discuss the details with the affected customers. I wanted to be completely honest with customers, as any attempt to obfuscate would not only have been unethical but also counterproductive.
Broadly speaking, cloud services providers have a moral duty similar to members of the customer IT operations team – to be responsive. It is easy for service providers to fall into the trap of thinking that since they provide a self-service product, customers can generally manage and resolve many challenges unaided.
In crisis situations, it is also tempting for vendors to focus solely on the needs of the biggest accounts. There is sense to this as the majority of larger accounts pay for certain levels of support and responsiveness; something smaller accounts often forego. However, service providers must not forget that while a major outage impacts larger customers, outages also impact one-person IT consultancy shops.
In short, service providers have a responsibility to make their customers – big or small – successful. There are a myriad of ways this can be accomplished through proper communication, effective product design, and documentation.
Cloud Computing Ethics in Practice
Just as core technologies, the essential ethical principles of IT remain unchanged with the advent of cloud computing. And even though the governing ethics remain largely unchanged, it is important to reexamine them, especially in light of the fact that so much of what used to be entirely internal considerations of operations and risk management, has been entrusted to providers and individuals who sit well outside direct organizational control.
Service providers must understand the operational risk they are assuming for their customers. Providers become stewards of customer data, functional operation, and risk mitigation. Customers also have a responsibility as they are, most likely, providing services to customers of their own. Consumers of cloud services must have a deep understanding of the technology being utilized and its accompanying risks. The only way to meet this responsibility is to 1) perform due diligence when considering a third party cloud services provider and 2) maintain consistent communication with their chosen provider.
Ultimately, it comes down to some pretty simple ideas: be honest, responsible, respectful of privacy, and treat both customers and vendors as we would like to be treated. Cloud computing can only reach its full potential if a real, lasting trust is established between providers and customers through a well-defined system of ethics.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.