Like so many “next big things,” the public cloud has an obvious allure. Just as typically, the risks are very real but may be overlooked by organizations blinded by potential cost savings.
This new way of doing business is rapidly becoming a familiar part of the IT landscape: One third of companies use public cloud solutions for at least some computing, according to InformationWeek's 2012 State of Cloud Computing Survey.
Public cloud projects appeal to organizations—and their IT project leaders—because they can provide substantial capacity and flexibility at little cost and with fewer resources than an on-site solution.
But companies that opt for the public cloud do give up some measure of security, along with the certainty of access that comes with on-site servers.
Tapping the public cloud involves contracting with vendors such as Amazon, Google or Microsoft to lease space on their servers for storing data and running software. Organizations considering taking the plunge should keep these pros and cons in mind.
The cost savings of the public cloud are straightforward: Because several organizations share one server, they pay less than they would for dedicated servers in a private-cloud environment. They also pay far less than they would to build, host and maintain the network infrastructure themselves.
The public cloud provides retailers with an environment that can grow and contract, allowing them to have a base infrastructure to support their customers for the majority of the year, but then scale up automatically as demands rise by provisioning more storage and computing power.
—Stuart Dankevy, PMP, Microsoft Canada, Toronto, Ontario, Canada
A public cloud solution adds flexibility, too. Organizations are free from the constraints of an internal network, so they pay for only what they need, when they need it. Public clouds can scale up or down depending on an organization's peak demands and hour-to-hour needs. This is a particular boon to retailers and other organizations that experience periods of increased demand that far exceed their typical needs.
“Retailers might have two or three periods each year where they get massive hits on their websites and people trying to purchase their products or services,” says Stuart Dankevy, PMP, a solution specialist, core infrastructure optimization for Microsoft Canada, Toronto, Ontario, Canada. “Traditionally, these retailers acquired massive amounts of computing and storage infrastructure that sat at maybe a 10 percent or 15 percent utilization for 90 percent of the year, but for the other 10 percent of the year, it was maxed-out.”
The public cloud provides retailers with an environment that can grow and contract, allowing them to have a base infrastructure to support their customers for the majority of the year, but then scale up automatically as demands rise by provisioning more storage and computing power, Mr. Dankevy says.
A third benefit of cloud computing, measured performance, refers to the fact that server usage can be recorded, reported and controlled with a greater degree of specificity and control than traditional data centers and in-house IT networks.
These three benefits of cloud computing are more enticing to IT pros than casual users. Still, the prevalence of cloud-based software in everyday gadgets is helping drive adoption rates. As executives recognize the convenience of software hosted in the cloud, such as Dropbox and Apple's iCloud, they become more open to the idea of a cloud solution for their organization, says Nick Hadjinicolaou, PMP, PgMP, program manager and director, iLearning Solutions, a project management consultancy in Adelaide, Australia.
In addition, the increasing reliance on virtual and remote teams is creating an accompanying need to access organizational data from anywhere, on any number of devices. This seemingly limitless access creates solutions—and problems.
A casual understanding of the cloud isn't enough to make an informed choice about whether an organization should deploy public cloud solutions, Mr. Hadjinicolaou says. Popular consumer cloud products have driven “acceptance and awareness of the cloud, but from a business perspective, the options, differences and considerations are not well understood,” he says.
The moment organizations take their data beyond the walls of an internal datacenter, they open a Pandora's box of security concerns, says Justin DeLay, cofounder of TempoDB, a Chicago, Illinois, USA company that provides a cloud-based database for time-series data collected by sensors and smart meters.
“Whether you're using a private or public cloud, and whether or not you're using best-in-class security with all the SSL encryption, layers and abstraction that you're supposed to, folks still get concerned because, in a multi-tenant cloud environment, their data is written to the same hard drive as someone else's,” he says. “For some people, it just makes them sleep better if there is physical separation—if they're the only ones accessing the server and there's less chance of a disaster scenario in which someone else gains access to their data.”
Guide to the Clouds
Public cloud: An organization purchases server space along with other tenant companies from a vendor such as Google, Amazon or Microsoft. Advantages include low prices (made possible by co-renting), rapid elasticity and measured performance. Risks include security vulnerabilities associated with sharing a server, as well as non-guaranteed performance due to unpredictable demands on the servers.
Public-private cloud: Similar to the public cloud, but organizations pay more for servers dedicated solely to housing their data. This raises costs but decreases security and performance risks.
Hybrid cloud: A combination of multiple public and private cloud solutions.
Mr. Dankevy says some of the risks associated with public cloud products can be mitigated with due diligence. Different providers offer varying levels of security and service, not to mention privacy, so it pays to read between the lines.
“Not all service providers are created equal, not all public clouds are created equal, and that's certainly where you have to dig into the terms and conditions, service-level agreements, and privacy policies from each provider,” says Mr. Dankevy. He suggests ensuring the service provider has no contractual right to its clients’ data. He also recommends that organizations include an extra layer of protection by adding their own security and encryption on top of what the service provider employs. Finally, he advises organizations to compare different cloud service providers, as the levels of security and privacy they offer may differ.
There's also the danger that moving to a public cloud—no matter how safe the provider—will hurt performance. The same resource-sharing that can save organizations money in a multi-tenant cloud environment has the potential to negatively impact performance if not properly managed by the cloud provider. “Because everyone who is using a public cloud server is sharing the same set of resources, it's conceivable that if someone starts hitting the system hard, your performance can be adversely affected,” Mr. DeLay says. “Cloud service providers work to minimize that likelihood, but people sometimes want guaranteed performance and availability of resources.”
The Middle Ground
For organizations that don't feel comfortable moving completely to a public cloud environment, intermediate solutions combine public and private options. In such arrangements, a vendor such as Google or Microsoft still maintains the cloud, but each organization's data is stored on its own dedicated server, reducing some of the security risks while still cutting costs.
Yet another option, called a hybrid cloud, involves storing data on both private and public cloud installations. The benefits—and risks—then depend on the proportion of public and private use.
Such compromise solutions aren't as inexpensive as a purely public cloud, however, because organizations are no longer pooling resources with other tenants on the same server. Mr. DeLay, for example, estimates that his company's private-cloud solutions are on average 10 times more expensive than their public cloud counterparts
“Cloud solutions exist and can be affordable because you're sharing the fixed costs,” he says. “You don't get that with a private cloud.” PM
“For some people, it just makes them sleep better if there is physical separation—if they're the only ones accessing the server and there's less chance of a disaster scenario in which someone else gains access to their data.”
—Justin DeLay, TempoDB, Chicago, Illinois, USA