Cloud security case 1: Mohawk Fine Papers

Paul Stamas won’t deny that cost savings, elasticity and agility are all benefits of cloud computing. However, the CIO at Mohawk Fine Papers would argue that these benefits are not by themselves sound reasons to make the move to the cloud. The conversation, he says, begins and ends with the business context.

At Mohawk, a family-owned, $300 million manufacturer with 800 employees, the value of cloud is in treating the computing infrastructure as a commodity, thereby freeing Stamas and his three-person staff to focus on business objectives. “Cloud computing, in and of itself, is not that valuable,” he says. “It has to be part of a holistic business strategy.”

A good example of this thinking in action is Mohawk’s recent decision to move some HR software to a software-as-a-service (SaaS) application. Stamas says he’s watched the cost of the SaaS application drop precipitously in the last three years, but the clincher was that the on-premise application was very difficult to manage. “It’s cheaper, but it also has to be in the context of the larger business case, which is that we wanted to be able to focus on our HR processes,” Stamas says.

Mohawk continues to run its ERP and enterprise asset management systems on-premise, but it has moved to SaaS for its customer relationship management (CRM), transportation management, e-mail and business analytics applications. For these, it’s working with SugarCRM, MercuryGate, Cisco and Burst Media, in that order.

[Also read 5 cloud security trends experts see for 2011]

And when Mohawk moved to expand its business into customized digital photography books by purchasing LabPrints, a service that links professional photographers to professional labs, it continued to use the cloud-based infrastructure from SoftLayer that LabPrints had used to run its e-commerce site.

The cloud model became even more compelling to Stamas when he realized that he could also use the cloud to integrate applications, both on-premise and in the cloud. Mohawk’s value-added network provider, Liaison Technologies, uses a service-oriented architecture and Web-services-based approach to integrate all of Mohawk’s geographically separate applications, including data transfers from customers and partners. Stamas can monitor everything through a Web service running on an open-source Linux server over a private connection to Liaison. “I no longer worry about security and integration,” he says.

While there are protocols and techniques for securing the links between applications, Stamas says, it’s hard to be vigilant about all these connections when you have a lot of them. “Based on the numbers and types of connections we have to manage, it incurs risk,” he says. “You hear so much about XYZ as a service. I’m talking about integration and security as a service.”

Now Mohawk can pick applications based on what they can do and whether they improve business processes, rather than on whether they work with existing applications. This type of agility, Stamas says, is even more important than cloud’s oft-touted ability to speedily provision hardware. “We have the business process agility of being able to select best-of-breed applications,” he says. “And when I make decisions about whether to move this or that application to the cloud or [keep it] on-premise, I can look at it on its business merits, not on the issues of governance, security and reliability.”

The on-premise solution to application integration--middleware such as the WebMethods suite--was out of the question, as it would have cost millions and required more staff. “The cloud has moved the computing center of gravity from the four walls of the enterprise to outside [the company],” Stamas says.

While many people associate moving to the cloud with taking a hands-off approach, mostly dealing with problems through self-service Web portals, Stamas says that robust security still requires cultivating a deeper customer-vendor relationship. “I want a conversation with a solution architect and the ability to ask deep questions,” he says. He doesn’t want to hear, “Go to a portal and swipe your credit card,” he says. “It’s not like going to Amazon to buy shoes.”

Case in point: Stamas is working with two vendors, SoftLayer and Rackspace, to provide infrastructure as a service (IaaS) for Mohawk’s two e-commerce offerings. The SoftLayer platform takes care of the custom photography books, while Rackspace handles direct-to-consumer paper sales. Stamas wants to consolidate these onto one platform and is working with Rackspace, as it offers PCI DSS-compliant protections for credit card processing, security monitoring and backups. “I want to talk to someone who can explain what they do,” he says. “It’s about security, reliability and a trusted relationship.”

Other stories in this Cloud Security series

• More tales from the cloud
• Case 1: Mohawk Fine Papers
• Case 2: BuildFax
• Case 3: Inavero