Feeds

Trevor Pott's guide to pricing up the cloud

Does scale equal less cost?

3 Big data security analytics techniques

Vendor scale

Elsewhere in The Register Cloud Channel we write about risk, compliance and security issues ( - for instance). Here we simply record the argument that scale economies enable vendors to deliver service improvements in these three areas.

Over to Reg reader 'richard.cohn', who points out:

"Looking at "Software As A Service"-Style cloud vendors like Salesforce and Google (apps), they do indeed have quite strong incentives (read: funding, staffing) to "do security properly". Security is part of their "core business" and not just part of that "support function IT".

A single highly competent (read: expensive) security expert can secure millions of Salesforce users, while an inhouse-system will never get that attention."

Note, that vendor scale does not necessarily translate into lower costs for customers here, but that surely is a secondary consideration.

Platform as a Service

PaaS is a booming cloud offering targeted at developers. A PaaS provider offers up APIs allowing applications to transparently tap into feature sets, redundancy and sheer scale developers would otherwise be unable to front. A small developer can go from “my first smartphone app” to a SaaS offering living in a dozen data centres around the world overnight.

Software development studios will find the greatest benefit here; building their offerings on top of a PaaS stack is a quick route to marketing a reliable SaaS application. Developers only have to focus on the code; everything else is taken care of for them.

End users benefit from PaaS offerings as well. SaaS on PaaS applications are more robust, reliable and scalable than SaaS on custom infrastructure. SaaS on PaaS also enable small and mid-sized developers to provide higher quality application at a lower cost than do-it-yourself options.

The downside is lock-in; a trap developers and end users alike are justifiably terrified of. Once your application has been coded to the API of a specific PaaS provider, porting it can be very difficult. Should that PaaS provider alter their terms of service in an unacceptable manner, fail to deliver on their SLA or go bankrupt, the developer and all their clients are out of luck.

Workarounds are beginning to emerge; the Eucalyptus project famously enjoys close compatibility with Amazon’s APIs. Windows Azure, Microsoft’s PaaS, is also interestingly positioned. Other vendors offer projects which are designed to allow multiple providers to create offerings based on a common API. Hope for future interoperability is also present amongst the various cross-provider cloud API projects.

Conclusion

This as-a-service model is an important shift in how outsourced IT services are marketed. Admittedly, there are some basic differences with the outsourced services of yesteryear, especially in pricing models, but at their heart, most cloud computing services are outsourced services.

And at a minimum, each service outsourced increases administrative overhead. The latest trend in IT outsourcing – the hosted cloud – also offers up questions about SLAs, portability, privacy and ownership of data.

Despite this, I remain optimistic. Internal clouds have already demonstrated their value. The major kinks have been worked out, the ROI proposition is clear. The hosted cloud offers the possibility of spending less time with maintenance. If it can deliver, then the opportunity exists - with the right services-split - to greatly reduce the workload of existing staff. ®

Trevor Pott is a sysadmin, based in Edmonton, Canada

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Brit boffins use TARDIS to re-route data flows through time and space
'Traffic Assignment and Retiming Dynamics with Inherent Stability' algo can save ISPs big bucks
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.