Like any new IT toy, the cloud has repeatedly been proclaimed this wonderful approach that will cut costs, improve operations and most likely cure cancer.

Like any new IT toy, the cloud has repeatedly been proclaimed this wonderful approach that will cut costs, improve operations and most likely cure cancer.

Best Buy, the world’s 19th largest retailer, banked on it as an almost infinite supply of bandwidth, one where IT governance rules could be ignored. (Let’s forget that had to shut down because of its cloud reliance - it spoils the story.) And Burger King, the world’s second-largest fast-food hamburger chain, is trying to use the cloud to bypass PCI and to do mobile payment without hardware changes.

However, those tales of nirvana cloud (please forgive me, I am weak) the practical issue. The cloud is inflicting on retail IT confusion, deceptions, contradictions and huge complexity. In short, it’s doing what we all privately knew it would. But we didn’t want to spoil the happy thoughts that the CFO was buying.

Consider four cloud incidents that all came to light in the past couple of weeks. Firstly, the tax authority in a major US state, Pennsylvania, changed its position on how cloud activity should be taxed. The changes could have sharp spreadsheet impact on cloud costs, both good and bad.

Secondly, a group of cloud vendors publicly supporting better cloud security rules are refusing to allow those rules to be written into retail contracts. When it comes to vendors, pledging to do something and being forced to actually do it are impressively opposite. Thirdly, Cisco’s decision to move some of its servers to cloud management was quietly made the default choice for customers, with huge ramifications.

And fourthly, Amazon’s enterprise cloud offering is sold on the basis of security and PCI compliance, but the company is refusing to allow retailers to inspect where their data is being stored, nor is it letting them know the location of their server. So they can’t be PCI compliant on security circumstances that they can’t inspect.

These incidents occurred over just two weeks and are limited to events that have come to public light. It’s hard to argue now that cloud servers do not come with a lot of headache-intensive baggage.

Probably the most mind-numbing case is the Pennsylvania tax, so let’s drill into that. The rule seems harmless enough at first, as it merely rules that cloud operations are fully taxable, assuming the end user is in Pennsylvania. Previously, the ruling made it taxable based on whether the server - not the end user - was in Pennsylvania.

Let’s say Walmart buys some SAP suite and installs it in a public or private cloud, and then employees in Pennsylvania Walmart stores use the software. Under the new ruling, Walmart has to pay sales/use tax on the purchase (including, apparently, purchase of maintenance contracts, which provide additional software) as if it were purchased in Pennsylvania, prorated to the number of employees it has in that state.

Alternatively, let’s say Target offers a consumer charge service and happens to handle some of the service on the cloud. If some Target customers in Pennsylvania used this site and paid for the service, even if Target had no stores or facilities in Pennsylvania, this letter appears to say that Target would have to collect sales/use tax on that sale.

What if only part of the transactions happened on the cloud server? What if cloud servers, along with physical servers, were in a round-robin? Some of the cloud servers are in Pennsylvania, but many aren’t. How can the chain possibly determine which server locations handled particular transactions?

What if employees in Illinois were generating revenue and they happened to use a VPN, which routes through the cloud in Pennsylvania? Does that place all that revenue under Pennsylvania jurisdiction? And just wait until other states try and mimic Pennsylvania’s move.

Ahhh, the joys of the simple cloud. Maybe following those old IT governance rules weren’t so bad, after all?

About Evan Schuman

Evan Schuman is Editor of, a U.S.-based site that tracks retail technology, E-Commerce and Mobile Commerce issues and a Retail Week content partner. Evan Schuman can be reached at