Private Clouds? Can They Exist? Are They Necessary?
Private Clouds, Flat Earths and Unicorns
Peter Coffee | Head of Platform Research, salesforce.com inc.
A "preference" is not a choice unless the "preferred" thing actually exists. I might "prefer" a flat earth (literally, not in the Tom Friedman sense) to this pesky, not-quite-spherical planet that requires us to have time zones: I might prefer to have the whole world doing business on one common clock, and flipping between day and night like a planet-sized coin, but that's not a feasible option.
In the same vein of confusing fantasy with reality, I've lately seen dozens of statements asserting that IT managers "prefer a private cloud." It's time to insist that a preference is only relevant when there's actually a choice to be made. The label of "private cloud" is more associated with a desire than a choice.
When someone says that they would "prefer a private cloud," the actual attributes of desire seem to be physical possession of the data and operational control of the infrastructure. It's impossible to have these things and still enjoy the defining benefits of the cloud.
• If you have physical possession of the data, you also have to own and maintain the data storage hardware and software.
• If you have operational control of the infrastructure, you also have to employ and supervise a team of expensive experts who spend too much of their time on tasks that add no competitive advantage to the firm - while wasting costly skills as they wait to respond to events that are critical, but in practice are quite rare.
In either case, you're structurally embedding unproductive costs - and blocking yourself from enjoying the massive economies that the cloud should be providing.
If desires are on Side 1, fears of lost capability are on Side 2 of the broken record of oft- repeated excuses for shunning true multi-tenant clouds. People routinely express concerns, whether real or pretended, about security, compliance, and the customization and integration that enterprise IT capabilities require. Let's bust some myths.
• Security in cloud services can be constructed, maintained and operated at levels that are far beyond what's cost-effective for almost any individual company or organization. Further, it's inherent in multi-tenancy that security must address the sum of all fears of all customers: in satisfying the most demanding customers in every respect, the enterprise-grade cloud service provider will wind up exceeding the needs of almost every individual organization while sharing the costs of security on a massive scale.
• Compliance with regimens including HIPAA, Sarbanes-Oxley and other commonly encountered laws and regulations is more a challenge of policy and practice than of technology. The discipline and clarity of service invocations in true cloud environments can greatly aid the control of access, and the auditability of actions, that are dauntingly expensive and complex to achieve in traditional IT settings.
• Customization and integration of cloud services are neither intrinsically better nor inherently worse than the capabilities of an on-premise stack. There are rigid and inflexible systems, and there are powerful and productive process engineering environments, available in either kind of setting. Buyers will do best when they ask for what they need, instead of asking for what they assume they have to tolerate.
When a survey asks IT buyers to express a choice between public and private clouds, it's like asking a fairy-tale princess whether she'd rather ride a horse or a unicorn. The unicorn sure sounds better, and survey results will likely reflect that appeal.
In this or any other situation that invites a choice between a reality and a fantasy, the fantasy can be expected to get more votes - except from grown-ups, who are expected to know when something is not actually an option. Professionals do their job by making the best possible choice - among the options that are actually at hand.
Independent industry experts have lately added their voices to the debunking of the "private cloud" label. In November 2010, blogger and consultant Phil Wainewright offered this forthright advice to CIOs who are being offered a "private cloud" proposition:
The whole point of cloud computing is to be able to operate in the cloud — in that global, 24×7, connected universe where you can instantly reach and interact with your customers, your partners and your mobile employees, as well as tapping into an expanding cornucopia of third-party resources and services that can help you achieve business results faster, better and at lower cost.
Those who say that cloud is just a deployment choice, just a technology option, have shut their eyes to the wider opportunity and potential that the cloud context opens up. They're still building application platforms and business systems that are designed without any acknowledgement of that global web of connections and resources — as if in today's business environment, being connected is just an afterthought, an optional extra. Maybe for some applications it is, but their numbers are shrinking daily.
Further, this is now becoming a global and even geopolitical conversation. In Canada, for example, I recently read a warning against turning that country into a "technology ghetto" whose industries will be constrained "to a standard of technical stagnation and inefficiency" by failure to use the cloud to best advantage. If financial capital is wasted on imported technology that doesn't yield economic advantage, and if intellectual capital is wasted on complex tasks that are necessary but not differentiating for employers or entrepreneurs, then enterprise and national goals will not be met - or will, at a minimum, be deferred.
