Five reasons why you'll take your storage to the cloud
And five reasons why you won't...
The cloud will inevitably replace all other forms of IT. The cloud is a passing fad. The cloud is good, it is bad and it is hideously ugly. The cloud is a paradigm shift that will obliterate all previous technological developments. The cloud is an iterative evolutionary augmentation of extant technologies and nothing to write home about.
The marketing for the cloud is terrible, was terrible and will be terrible in the future. Nobody can agree on what the cloud is, why we should care or even if it's of benefit to us. Despite this, nerds the world over have opine passionately about the ephemeral technology du jour and The Register does so like stoking the fires.
Thus we present five reasons you won't go into the cloud ... and five reasons you will.
1. This salt shaker is bugged for your protection
"The cloud" as it stands today basically means "American technology companies". There are a few outliers – primarily in IaaS – but the really sexy stuff is almost all American. This is a practical problem for cloud adoption advocates.
Wading through the legal morass of what kinds of data we can legally store where is expensive, frustrating and subject to change with the next law passed by our governments. The net result of this is that it doesn't make business sense to use American cloud providers for anything. Even if they have a datacenter in your country they can still be compelled by their government to pull any data you've stored (such as the personally identifiable information belonging to your customers) and never tell you.
For obvious reasons an American legal attack surface of any kind is simply unacceptable in today's cloud computing. What of the UK? I'm pretty sure that as a Canadian company I can't store data there either. Probably not France, given recent revelations on their side too. China's out, for obvious reasons ... that leaves "store my data in my own nation" or "store it in Switzerland". (There are a few EU nations I could probably get away with for now, but I'm sure that's only until their own intercept programs are made public.)
Ultimately the only solution is "the data must be stored only within the boundaries of your own nation and by companies without a legal attack surface in other nations." Legal attack surface, BTW, does not simply mean "headquarters are in your nation."
If the sysadmins live in another nation then the men with the dark suits can show up with a "do this and never speak of it" letter and you'll never know your data was pulled. If your customers have reason to believe that their data was read they can sue you because you made the choice to use that cloud provider and it was that choice which put their data at risk.
The only acceptable solution from a privacy standpoint is that the cloud provider must license their software to a company within your nation that then stands it up inside the datacenter of a hosting provider that is also located in your nation (and who has no legal attack surface anywhere else.) Of course, that's anathema to most cloud providers and impossible for many others. If they've built your application on a PaaS offering such as Amazon, then they're stuck ...and so are you.
On the other hand ...
300 million-plus wallets can't be wrong!
The counter argument to this is simple: the rest of the world doesn't actually matter all that much. The CEO of a cloud provider crystallised the argument around privacy during a PupperConf after-party this year.
"There are several dozen US companies spending or willing to spend a million or more per month on cloud services," he told me. "But I haven't seen one outside the US willing to do that." The big money is in America and most cloud providers will do just fine mining that market for some time to come.
The rest of the world takes consideration, care, investment and a heck of a lot of work to deal with. Most cloud providers have built their business not only around the software they sell but around the internal business processes they use. Some tout their DevOps prowess, others their support, stability or what-have-you. To replicate that outside the US requires partnerships, licensing and constant vigilance to ensure that licensees do not ruin the cloud provider's good name.
There's a lot of money to be made in America. More than enough for the next decade or so. What's more, non-American companies don't seem all that bothered by little things like their own data protection and privacy laws. It's easier for everyone to simply assume that politicians will smooth out any barriers to adoption.
Everyone's doing it. You can no more kill cloud computing that you can stop non-commercial copyright infringement, win the "war on drugs" or succeed at prohibition. Many businesses are seeing benefits from cloud computing whereas few have been sued over the privacy aspect. Statistically, it seems likely you can use it to your advantage and get away with it.
2. 404 as a Service
Google goes dark for two minutes and significant chunks of the western world wonder if they should go home, or wait for Google to fix itself. It sounds like the premise of a science fiction novel, but this actually happened a few weeks ago.
In addition to the cloud provider having a lie down there are layers of things that can go wrong between you and the provider, The ever-present idiot with a backhoe, ISP router misconfiguration or even the NSA botching a fibre tap and accidentally wiping out an undersea cable or two.
Natural disasters are another consideration. Here in Edmonton we pretty much don't have natural disasters; there's the odd tornado every few decades and flooding is a possibility if you live by the river, but statistically there are few better places to have a pile of servers run reliably for years at a time. If I go put my data in a datacenter in San Francisco then natural disasters as a service interruption modality become something I have to start thinking about.
As a consumer of cloudy services you have no control over versioning, UI (Google stop moving my buttons!), or the development process. In the wrong hands "rapid release" can mean "automated iterative failure as a service."
One of the fundamental problems of cloud computing is that when the thing blows up you don't have a neck to wring. There's a lot of finger pointing (it's your network/computer/browser, no it's your cloudy server, no it's $ISP), but you've no real option during outages except "hurry up and wait."
Having said that ...
Sucking less, at scale
Despite this, the cloud provider is most likely better at IT than you are. For the big players, there's more of them than there are of you and they have entire teams of people just to do monitoring.
Cloud providers leverage economies of scale. That doesn't just apply to getting cheap hardware or having a little bit of muscle when they sit down with Microsoft across that long negotiating table. It means things like testing, automation, quality assurance and the raw manpower that can be brought to bear.
They're better at it than you. Even with the potential for outages, you will probably still get better uptime with a cloud provider than rolling your own IT.