Another Half-Dozen Half-Truths of the Cloud

Last week, I reviewed six half-truths of the cloud. Here are six more commonly held views that, while not completely wrong, may not be entirely accurate:

1) Clouds are less secure: Less secure than what? Given the regular news reports of enterprise data lost through laptop theft, third party misfeasance, WEP hacking, loss of backup tapes, disgruntled employees, etc., it’s not like enterprise data is currently held in impregnable Kryptonite fortresses.

True, clouds “intermingle” information and software assets in shared environments. And, there have been some well-publicized service outages and privacy breaches from a number of service providers.

However, the same way that a hotel can afford to provide better security (video surveillance, guard patrols, key-carded elevators) than you can at your house, cloud providers can offer both better physical security (biometric authentication, physical premises security, mantraps) and process certifications (SAS 70 Type II, SysTrust) than many enterprise data centers — and certainly better than a hodgepodge of corporate server rooms.

From a logical security perspective, a reliable cloud provider will enforce secure separation of multiple tenants, and if it’s an integrated compute and network provider, it can provide enhanced distributed denial-of-service protection through massive bandwidth capacity coupled with packet scrubbers. Finally, larger cloud service providers can afford to hire more certified security professionals than most enterprises.

2) Consumer Cloud = Enterprise Cloud: Some have stated that, except for security, there’s “not that much difference” between the consumer cloud and the enterprise cloud.

True, at a hardware level there may be no difference: one can use the same technologies to build both consumer and enterprise cloud services.

However, that’s where the similarity ends. Consumers getting free (i.e., advertising-supported) service really have no cause to complain if service is out for a few hours. Or days. It is, after all, like complaining because Billy Joel decides not to do an encore after a free park concert. But enterprises, who are being asked to run at least parts of their information infrastructure in the cloud, require service-level agreements with financial recourse, life-cycle service and support, including outage escalation and notification, human relationships with their service providers, rock-solid reliability, and more.

3) If cloud services cost more, they shouldn’t be used: A McKinsey study out this week showed that using cloud services from a leading provider would cost more than double a do-it-yourself approach.

True, a rational economic decision-maker should consider cost as a factor.

However, as I’ve argued before, even if on a unit basis cloud services cost more when used, a large part of their value is that – unlike owned resources – they cost nothing when not used. Thus, total cost of ownership can be substantially reduced when workloads are spiky or unpredictable.  Plus, there are other benefits such as scalability and performance.

4) Clouds provide IT services accessible via the Internet / IP: True, many cloud services work this way: consider web search or web mail, now even delivered to netbooks and smartphones via the 3G-enabled mobile web, and soon, LTE.

However, there are many other use cases, such as cloudbursting to on-demand compute resources, business continuity scenarios, and data center migration. Here, resources are accessed by not just the Internet or MPLS VPNs, but perhaps instead by metropolitan or regional optical transport networks supporting non-IP data center protocols such as Fibre Channel or even Infiniband over SONET.

5) Location doesn’t matter anymore: True, location-independence is a hallmark of today’s web, whether accessed via a laptop, smartphone, or even set-top box. It shouldn’t matter where you are, or where the cloud service is: the network will figure out how to connect the two.

However, to enable such independence, paradoxically, location does matter. While the days of server huggers may be coming to an end, today’s low-latency applications, such as interactive gaming, keystroke and mouse move processing via remote virtual desktops or AJAX, content delivery, and even interactive video services, require a global footprint of cloud service nodes. Location matters due to costs in time and money for remote processing. Plus, various countries increasingly are enacting legislation regarding what can come into — or leave — their territory.

6) Data center consolidation to a private cloud is the answer: A number of CIO’s have undergone data center consolidation efforts lately, in some cases going from 85 down to 6.

True, there are substantial cost savings in doing so, through simplification and consolidation of operations, administration and management.

However, cost is only one dimension of the problem. CIO’s must balance cost, availability, security and agility, while enhancing the user experience. To support interactive applications, a high degree of centralization must be balanced by dispersed resources in the cloud.

Joe Weinman is Strategy and Business Development VP for AT&T Business Solutions.