Facebook SaaS vs Elgg Private Cloud
About a year ago, Stan Schroeder highlighted in his blog post ‘Facebook: All Your Stuff is Ours, Even if You Quit’ that:
… all of the content you’ve ever uploaded on Facebook can be used, modified or even sublicensed by Facebook in every possible way – even if you quit the service.
I’m sure that this was a sobering realisation for many users of the services – and for many organisations that are contemplating using social media platforms for business.
I’d like to highlight a few more concerns about SaaS platforms in general that I think are relevant considerations for Enterprise 2.0 adoption:
- closed source software with fused data stores – with many SaaS offerings the service and the data managed by the service is not accessible to other services/applications and/or replicable on another hosting platform. This obviously leads to the creation of information islands which is something that we have been trying to avoid with IT for years.
- privacy legislation requirements and data hosted offshore – many organisations address these concerns by getting their users to acknowledge the offshore hosting of their personal data via the terms and agreements which users need to agree to. However, this does not abrigate the moral responsibility of the service provider to ensure the protection of their customers data – something that is difficult to achieve and verify when dealing with service providers operating in another culture and time zone.
- terms and agreements which may not provide adequate protection against 3rd parties mining the data for commercial benefit – as evidenced by Schroeder’s blog post, mining of social media data in particular provides many organisations with unforseen commercial benefits.
- ability to erase data when use of the service has stopped – the service provider will in all likelihood retain a copy of the data in some form for an extended period of time after you discontinue use of the service.
- guarantees of service continuity – can the service be stopped at any time? How reliable is the service? As reported in the media there have been several recent outages to high profile Enterprise 2.0 service providers.
So what can be done about these concerns?
My colleagues at Mach Technology believe that they have the answer – look to leverage the functionality, scalability and cost benefits of open source software solutions by hosting them in a Private Cloud.
There are many examples of open source Enterprise 2.0 solutions currently available including:
- Elgg - an open source social networking platform that could provide organisations with a Facebook-style capability
- Indeti.ca – an open source microblogging tool that is equivalent to Twitter
- Alfresco Share - an open source web-based enterprise content management platform that provides blogging, discussions, document repositories, wikis, RSS, calendars, etc. (see previous blog posts)
- Drupal - an open source content management platform that, with the use of community-developed modules that provide blogging, micro-blogging, disucssions, networking, etc.
- BigBlueButton - an open source web conferencing system aimed at distance education but which could be used for many business functions
- And many more …
Looking to host these open source solutions in a private cloud provides organisations with the following key advantages over SaaS / Public cloud offerings:
- Risk Management – deploying a private cloud in you own data centre or in the data centre of a trusted third party will give you a more complete picture of the risks inherent to cloud computing.
- Location – the geographic location of the servers powering the cloud has direct implications on how it will perform. For example, desktop virtualisation requires low latency which demands geographic proximity. Similarly, most database-driven applications will work only if the application sits really close to the data. Customer data must remain in a customer’s country as stated by law in many countries.
- Portability – applications built on top of public cloud infrastructure (e.g. Force.com) can only run on that public cloud. Applications built to run on common, open standards (e.g. LAMP stack) are portable between private cloud providers.
- Resilience – data loss is a huge concern for consumers and corporate customers (Microsoft/Danger lost all of the data stored by customers on their Sidekick smartphones). Private clouds which implement proper backup and disaster recovery policies significantly reduce the risk of catastrophic loss.
- Security – the security of most public clouds has been successfully breached over the past few years, usually through Denial-of-Service attacks or phishing methods. Additionally, public clouds represent a highly visible, desirable and obvious targets for hackers and organised crime.
- Confidentiality – data confidentiality is one of the most difficult things to guarantee in a cloud computing environment for a number of reasons. As public clouds grow, the number of people working for the cloud provider who have access to customer data grows as well, multiplying the number of potential sources for a confidentiality breach. The needs for elasticity, performance, and fault-tolerance lead to massive data duplication and require aggressive data caching, which again multiplies the vulnerabilities of public cloud infrastructure. End-to-end data encryption is not available within the public cloud (e.g. Encrypted data may be transmitted securely but it must be decrypted on the cloud’s server when being processed for a query or a transaction). Until end-to-end encryption is widely available, data confidentiality will be maximised by using a private cloud managed by a trusted party.
- Service Level Agreements – most public clouds today deliver 99.9% uptime (downtime less than 9 hours per year) – but many customers demand 99.999% uptime (5 minutes and 16 seconds downtime) which requires a technical architecture and a set of procedures significantly different from than most public cloud operators. Another area of concern is data ownership – while some service providers are pretty clear about it, others remain dangerously ambiguous, making their clouds totally unsuitable for a broad range of applications.
- Control – the need for overall control is the main reason for most organisations using a private cloud. While private clouds may not offer the same economics or the same level of elasticity as public clouds, they will always provide the extra level of control that most organisations crave.
For these reasons, I believe that the path to successful adoption of Enterprise 2.0 for many organisations will lead to a proliferation of open source private cloud providers like Mach Technology.
Reference Links:
- Stan Schroeder blog post ‘Facebook: All Your Stuff is Ours, Even if You Quit’
- Elgg
- Indeti.ca
- Alfresco Share
- Drupal
- BigBlueButton
- Mach Technology
Categories: Collaboration
Enterprise 2.0
Interesting blog. I also believe that using Facebook has its risks and is not suitable for enterprise activities. Nevertheless, private clouds have there limitations as they are restricted in there ability to expand. Also, the cost seem to be in favor of larger scale operations that we see in our current playlist of website. Privacy is a issues that concerns business and private clouds will stick around for large entrprise.however a large proportion of the market is driven by SMEs that don’t require the level of mitigation and the greatest risk is cost. How do you convince them that this paying for the same service but more expensive option? The privacy battle is not ignored. Many new open source companies have risk mitigation strategies that have very good serves level agreements. You are right in support private clouds but my prediction is that this will be a small bit of the market. I think you should take a look at liferay. Its something you might be interest in investigating and is better the Elgg.