Anyone who is working intimately with cloud computing and having critical conversations regarding this medium will eventually be party to the “cloudwashing” conversation.
Cloudwashing: the activity of associating all your products with cloud computing even though it doesn’t meet core attributes that define cloud computing as created either by de jure or de facto processes.
Depending upon your role in information technology cloudwashing is either a major concern or a significant benefit. If you are a product vendor looking to gain attention for your product, then cloudwashing is very useful. It opens up interest in your product to an entirely new audience that may see benefit in your offering even if it really doesn’t align fully with cloud computing goals and values. If it attracts eyeballs without significant additional costs, then it’s positive.
If you are an IT manager, director, vice president, CIO or other, and your goal is to say that you’ve successfully delivered a cloud computing initiative, then cloudwashing is good. After all even if it’s traditional managed services, if you can label it cloud, the pure confusion and lack of agreement on what is cloud will work in your favor. That is, who can argue with you that your initiative isn’t cloud computing if they cannot define cloud computing in a concrete and definitive manner.
If you are a security officer concerned with privacy and security of your businesses’ data and access, then cloudwashing may work in your favor as well. Most cloudwashing is typically managed services repackaged, which means it doesn’t really incorporate key attributes of cloud computing that concern security professionals, such as multitenancy and shared hardware platforms. So, the security professional who cares less what the business wants to say they’ve accomplished as long as they’ve done their job securing information and access may be better served by a cloudwashed product or service than a real cloud computing product or service.
So, why should we care if a business wants to cloudwash their offering? For one, its disingenuous, and anyone that’s willing to sell you something in a disingenuous manner should trigger you to question that company’s values and ethics. Ultimately, it could mean the difference of them being their when you need them and you out on the street with your briefcase in hand looking for your next job.
Secondly, it damages the entire industry. While you can technically argue that there’s no one single globally-accepted definition of cloud computing, NIST and Cloud Security Alliance are two very credible organizations that have settled on a common definition. There may be others also promoting this definition as well. So, to imply that there’s no standard undermines the work of these organizations in attempting to help businesses and individuals understand cloud computing. Moreover, without a common agreement, there is no means to develop agreed upon metrics for comparing offerings from different vendors.
Finally, there should be delineation for vendors that are in the cloud and those that are the cloud. This differentiation is unclear when vendors cloudwash their offerings. Being ‘in the cloud’ means that you are selling a service that relies upon yet another provider’s cloud computing service. This is important for businesses to know that are signing up for a service. In the same way that you would want to know that FedEx or UPS uses a third party delivery agent in a foreign country and that they are not handling your package from start to finish, you should want to know who ultimately is touching your data and applications. Cloudwashing makes it difficult to distinguish those who are “in the cloud” from those that “are the cloud”.
Of note, I know there are those that will argue that you’re buying a service and you shouldn’t care, but that’s a naïve opinion that demonstrates a lack of understanding for the business requirements for audit and compliance. Maybe some startup in Bumpuck, Nowheresville that’s hosting a free service can get away with this approach, but real businesses that hire professional accounting and auditing services are responsible for understanding the implications for using that service; this often means knowing what software and services is being used to provide a service.