Public vs. private cloud computing: Which fits your enterprise needs?
September 2, 2010
Enterprises are using public cloud services and starting to experiment with private cloud computing to capitalize on time-to-market and efficiency gains. This development has prompted IT executives to focus on investments and strategy around two service delivery approaches.
By now, most enterprises have begun to use some form of Software as a Service, such as email or customer relationship management, according to Drue Reeves, a vice president and research director at Burton Group in Midvale, Utah.
"They’re already doing that, and are rapidly interested in Infrastructure as a Service, which is the fastest-growing segment of the market," Reeves said.
There’s less interest currently in Platform as a Service, because pain points — identity management, integration and service-level agreements (SLA) — persist at the lower levels of the stack.
Despite these adoption rough spots, new cloud services continue to pop up, such as Business Process as a Service (BPaaS). Forrester Research Inc., for one, has extended the cloud stack to BPaaS, as outlined in a new report on the evolution of cloud computing markets.
The most dominant users of public cloud computing services don’t work for IT, but for other departments such as marketing and product prototyping, Reeves pointed out. CIOs and IT departments nevertheless must formulate a strategy to help guide these users of external services, and develop an overarching strategy for managing public and private cloud computing.
"By circumventing IT, [business departments] get their job done faster. If IT continues to ignore this, they’ll be circumvented more often," Reeves said. His advice? Help and encourage use: "As with children, it is not effective to say ‘don’t touch that.’"
Mad (computer) science
IT executives indeed are formulating plans and taking action. "The public cloud forces us to have more compelling services than [users] would find elsewhere," said Dr. Marcos Athanasoulis, CIO of Harvard Medical School (HMS) in Boston.
"HMS is like the land of 1,000 CIOs," Athanasoulis said. "We cannot mandate that people use IT services."
Most people at HMS are trained in life sciences but not IT best practices, Athanasoulis pointed out. They write their own software, but don’t know about source control; or they buy a server and stick it under a desk without realizing the power and cooling requirements. Athanasoulis was able to bring the mad computer science under control by articulating a vision for private cloud computing that provides measured storage and CPU services.
The nature of biomedical research matches the elasticity of cloud computing services, so Athanasoulis started with a small private cloud: It’s growing by orders of magnitude, he said. The process has unearthed best practices, such as iteration and constant communication.
The public cloud forces us to have more compelling services than users would find elsewhere.Marcos Athanasoulis, CIO, Harvard Medical School
"How do you monitor that you have enough capacity? Check in with folks along the way a lot," Athanasoulis said. "IT leaders don’t hear when things are going well, only when they aren’t — and sometimes not even then. If users aren’t happy, you run the risk of them doing their own thing."
The truth is, "it’s actually very hard to create a cloud internally," said James Staten, a principal analyst at Forrester. In his latest research on converged infrastructures, he compared the IT department with a test kitchen: Enterprises have the basic ingredients to cook up a cloud infrastructure, but there’s no recipe and many of the ingredients don’t combine well. "Complicating the story are traditional infrastructure silos around servers, networks and storage that must work together in a new, truly integrated way," he said.
The most important point is to understand the value of the cloud over the existing virtual infrastructure, Staten said. One difference is automation — putting new workloads into the cloud and automating maintenance. Another value is self-service, so users can bring things to market quickly. "[The cloud is] a step well beyond the traditional virtual infrastructure," he said. How to get started? "Step away from the high bar, and figure out what to let go."
Public and private cloud computing: Different beasts
Public cloud computing services are more valuable the less you use them, according to Reeves, who suggested that people think about clouds as they would a rental car on a business trip to Miami: At your destination, you’re likely to rent a car, even though the cost far exceeds the daily costs of your vehicle back home. "The reason for that is when you’re not in Miami, the bill is zero," Reeves said. With an internal cloud, you’re always paying for the whole thing. "To save money, public trumps internal every time," he said.
Even internally, some departments — such as engineering, human resources, marketing — can take their bills to zero, but central IT never can. That’s why it’s so important for internal clouds to be multitenant and as highly utilized as possible, Reeves said.
"If you set up clouds for individual units, you’ll always be investing in a cloud with no elasticity. Say the engineering cloud operates at 80% to 90% capacity: If you can convince them to share the resources with marketing and HR on a usage-based metric, the IT delta is solved by other departments," Reeves said.
Because they aim to serve the widest possible customer base at an attractive price point, public clouds are highly structured and automated. In most cases, enterprises don’t get to set the terms of an SLA. Public clouds have an SLA, take it or leave it. "I always tell clients, ‘You adapt to the cloud, the cloud does not adapt to you,’" Staten said. It’s a big disconnect for enterprises that are used to solutions being tailored to their needs, he said.
For example, public clouds establish a standard means of security that meets the needs of as many customers as possible, Reeves said. It’s a matter of mastering the uneven handshake, and enterprises need to determine what to add to meet their definition of secure. What may be negotiable are terms of service that are more business-oriented, he said, such as being able to sever the service at any time.
As enterprises are forced to embrace the public cloud, the question becomes, which applications should be kept internal? The answer depends on an organization’s risk tolerance, according to Reeves.
"The more critical the data, the more important it is to keep in house," Reeves said. "Offload the mundane, not part of the core business."