When the global financial services firms melted down in late 2007, much of the blame was attributed to an over-reliance on a highly-leveraged financial abstraction called a Collateralized Debt Obligation (CDO). As described in a recent blog entry by Gartner analyst Andrew White, Cheap money, sloshing around the place, feeding an insatiable growth in demand for property, by people that had little or no ability to support the creative mortgages on offer, managed by creative new financial instruments that spread risk around the globe. Those ‘creative new’ things melted, leaving behind puddles of toxic loans.
I don’t actually expect cloud computing to experience the spectacular meltdown that the financial service markets did, but I can’t help noticing multiple similarities between that situation and the reliance of today’s enterprise on ambiguous ‘black boxes’. Parallels between the near fatally-high levels of trust in the integrity of CDOs by banks and the growing use of public cloud computing include:
- Hype: Market urgency encouraging everyone to jump on a new bandwagon or risk losing their competitive edge.
- Complexity: Abstracted and virtualized products that are impossible to fully understand, making it impractical to carry out customary and proven forms of risk assessment. Even the maker can’t anticipate emergent risks.
- Free Lunch: Products offered as providing better returns at lower risk in comparison to traditional products.
- Non-transparency: Minimal information as to the constituent elements, which change in significant ways on a real time basis.
- Formal Risk Ratings: Large, expensive and prestigious audit/assessment firms provide standardized ratings pronouncing risk to be acceptably low. Assessments are performed by inexperienced staff, addressing only a subset of the risk factors.
- Significant Providers: Size and visibility of providers is taken as evidence of product reliability.
- Your People Aren’t as Capable as Our People: Business critical decisions and activities outsourced to abstract chains of providers, instead of relying on trusted and experienced employees to do planning, acquisition and service maintenance.
Would you buy a new car without actually driving it, or would you just trust that it will be exactly like the ‘brochure’ on the web site? Would you buy a house without a positive report from a home inspector? Some people do buy pigs in pokes, and sometimes the pig turns out OK, but if my business depended on having a meaty and healthy pig, I’d want to inspect him thoroughly before accepting delivery. Commercial cloud computing offerings remain undocumented black boxes. Most of them are actually nested black boxes, and some are a pyramid of black boxes from multiple providers.
Of course, just because these virtual pigs are in cloudy pokes doesn’t mean that the provider actually is hiding something from you.
For background on the role of financial derivatives in the economic crisis, a Harvard Business Review article summarizes the results of a Harvard Business School study, “The Economics of Structured Finance,” explaining that it “offers a close examination and clear explanation of how the process of securitization transformed trillions of dollars of risky assets into securities that many considered to be a safe bet…the paper analyzes the difficulties of rating structured finance assets and the perils of relying on ratings to determine prices.” (Note that the irony of the use of the word ‘security’ in the context of finance.)