The public cloud ... why bother?
Money isn't everything
Given the amount of noise around cloud computing at the moment, the signal can be difficult to discern. One question that tends to be forgotten in the debate is – why should you bother? Is it just about the money, as some pundits would have you believe? Given that the public cloud is not going to be right for everything, when does it make sense?
To answer this question, we need to first consider how ‘the cloud’ has evolved, into three quite distinct models. Some parts of cloud computing have been with us for decades – hosting companies that were already evolving towards more flexible, virtualised server provision have every right to see terms like ‘Infrastructure as a Service’ (IaaS) largely a rebranding exercise. A server is a server, and IaaS doesn’t change the fundamental hosting principle of offering a shared resource at a lower cost than could be provided in-house. The same goes for online storage, which was around a long time before the term ‘cloud’ was coined.
Second in heritage is Software as a Service, which rose from the ashes of Application Service Provision (ASP) in the early noughties. SaaS depends on the principle that most organisations are happy to work within the confines of a generically defined business application, as long as it is ‘relatively’ cheap – we shall come back to what we mean by ‘relatively’.
A more recent arrival on the cloud scene is Platform as a Service (PaaS), which aims to do the same as IaaS in terms of providing a shared resource, only this time working at a software level – that is, for databases and other middleware functionality. In this model capabilities are provided in a way that has come to be expected for Internet-based applications – that is, highly scalable and resilient, building on the multi-tenancy benefits of both IaaS and SaaS.
The reasons why you might want to deploy a cloud computing solution are numerous, but the specific ‘why’ will depend on which model you are looking at. Let’s look at some of the potential reasons, and then put them in terms of the three models IaaS, SaaS and PaaS.
First, cost – as it has already had a mention. Hosted solutions are seen by some evangelists as inevitably cheaper, but there is no guarantee of this in practice. The broader picture of cost needs to incorporate a variety of factors, including capital purchase (which can be offset through leasing), operational overheads, software licensing and ultimately disposal. IaaS or SaaS may indeed be cheaper for one-off tasks, but it is important to get a view across the lifecycle of the planned service – SaaS may well work out more expensive, particularly if equipment is already available in-house.
Cost considerations for PaaS become more complex still, given that the model is designed to enable new forms of application delivery that would be difficult to justify in-house. Want to build a new social tool capable of supporting hundreds of thousands of people? Want to try something out which might be successful, but may end up never leaving the prototype stage? Such scenarios are difficult to compare with any in-house alternative, as traditionally there hasn’t been one.
Nirvana - where is it?
Which brings us to manageability. In an ideal world, IT really would just work, wherever it was situated – but we are a long way from technological nirvana. Many organisations struggle with managing their own email services, content management systems, business applications and so on – all of which can be a massive distraction from core business. As we discuss elsewhere, IS/IT departments can spend all their time fixing IT problems, which leave little time to focus on the business-facing IS side of the job.
While in some scenarios cloud computing might turn out to be net-net zero gain from a cost perspective (or even potentially more expensive), it may well offer the benefit of letting technical staff get on with what they were supposed to be doing in the first place.
This is particularly the case for IaaS and SaaS, which can be handed off for others to manage; for PaaS, manageability becomes more complex as it is an application platform in its own right, and also, management features of PaaS are still evolving.
We’ve already mentioned the question of availability and scalability in the PaaS context, but it goes broader than simply handling peaks of demand. With the best will in the world, resilience is not a strong point for many organisations, beyond implementing mechanisms for a few core systems which absolutely have to be restored should disaster strike. Many cloud computing providers build in resilience capabilities – which can provide valid reason to consider the cloud alternative to unstable in-house systems.
You will need to check terms of service and supplier track records to be confident that the provider can keep the service running, whatever the circumstances. There’s also the question of service accessibility, which may be nothing to do with the cloud computing provider, and everything to do with the quality of the link between the client device and the cloud service.
It is one thing to have access to a highly resilient online service, but quite another if the network connection is insufficient! Some SaaS providers offer off-line tools and synchronisation capabilities, which you will need to review to ensure they fit with your own working practices.
Finally providers should, in principle, be better at data backups than organisations for whom it is not their core business. Again this is something to be checked during supplier due diligence, and we always recommend keeping a copy of mission-critical data in another location than the cloud service provider, in case of unexpected denial of service or system failure for whatever reason.
It's not the money
A final question is around security and privacy. We will drill into security aspects of cloud computing quite deeply in this series, so we won’t dwell on it here – apart from highlighting that the situation is more complex than whether or not the cloud service is secure in itself: while service providers may offer higher levels of protection than can be provided in-house, security needs also to be considered for the connecting device, and for the data as it moves between client and server.
Cloud service providers often argue that they are better at security than many of the companies they serve. However, data privacy laws in many countries may restrict or even forbid the use of cloud-based data management services, depending on their locations. In other words, even if you might prefer to use cloud-based services to ensure higher levels of data security, you will need to check that you do not breach compliance regulations.
When it comes to asking “Why bother, then?”, it is very important to weigh up all the benefits of a specific cloud solution against the costs and risks, relative to running such a service in-house.
The bottom line is – don’t justify cloud purely on cost – as the maths may well not stack up. However, there may be scenarios where cloud makes some things possible, which would otherwise have remained on the drawing board. As one expert put it, “The most exciting uses of cloud are the ones we haven’t thought of yet.”
Sponsored: Network DDoS protection