Blog Post

The delusions that companies have about the cloud

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

In the years that I led the Google Apps team, I heard every imaginable objection to cloud computing. Back in 2007, perhaps, those arguments may have had more merit, given the immaturity of most services and limited track record of the providers.

But over time, it became clear to me that those who rejected cloud computing (typically in favor of that unicorn of technology: the private cloud) were experiencing a form of insanity that, if left untreated, would put the very existence of their companies at risk.

When I left Google last year (to found Upstart), I jumped over the table and became a consumer of the cloud. As CEO of a tech company that does not even own a computer, tablet or phone, I now get to fully experience the cloud from a customer’s perspective. So before I get into any specifics about the myths of the cloud averse, allow me to recount a couple of anecdotes to give a little context.

I’m entirely obsessed with Google Analytics’ real-time dashboard, so it was with much dismay that on the morning of Jan. 16 of this year  I saw our traffic at Upstart drop to zero.

Zilch. Nada. Zippo.

Checking quickly with our engineers, I learned that Heroku had gone down and since we’re hosted on Heroku, we got taken down with it. Hard. Because Heroku is an application platform that runs on Amazon Web Services, I didn’t know whom to blame. To me, it didn’t matter – we were down for 40 minutes or so, and that sucked. I checked Heroku’s status page, and figured out what had happened, and what they were doing to fix it.

But all I could really say to our users was “we’re waiting as fast as we can!”

That is one of the chief conundrums of cloud computing: you are powerless to fix a problem, and entirely dependent on somebody you can’t see, hear or yell at, to fix it. People hate that.

I was on the other side of this sort of panic many times during my years at Google. Despite the BS about the “end of email,” it’s still the most broadly and voraciously consumed business application in the world. So I occupied an elite circle in Hell when our services failed to deliver. In short, when Gmail went down, pandemonium ensued – particularly in Silicon Valley. In fact, the outcry from a sizable Gmail crash was enough to bring down Twitter, too.

I recall a particularly terrible outage that happened three or four years ago. I was in a hotel in Philadelphia when my own email stopped working, and my Twitter feed lit up like a roman candle. Gmail was down, and I’m not talking about one of those outages that affects less than 1 percent of users (you know, like a few million people). I’m talking about a big one.

I called a couple of engineers who I knew were close to the situation and were working to resolve it. But I got off the phone quickly, because I knew talking to me wasn’t helping anything. (To the contrary, I was wasting their time.) So I went out for a run, just praying that Gmail would be back up by the time I returned (which it was).  So even as President of Google Enterprise, I was powerless to do more than ensure that the best people were working on resolving the outage.

And this, in fact, is the essence of the cloud. As a consumer or corporate buyer of cloud computing, your task is ridiculously simple: Make sure the best people are working on it. And in fact, those engineers working on Gmail are so good that sizable outages are extremely rare these days. Yet whether it’s service reliability, data protection, or regulatory issues, there remains to this day an insane resistance to cloud computing that is quickly becoming the “Darwinian litmus test” for companies in every industry.

This insanity has three pervasive dimensions to it:

Insanity #1: These big outages mean we should keep things in house

I have news for you: a big public outage is actually a sign of success for a cloud vendor – after all, it means tons of customers are relying on its service, no?  (When was the last time you read about IBM experiencing a hosted Lotus Notes outage?) But underlying the essence of Insanity #1 is the presumption that a cloud outages implies your in-house IT organization could do it better.

In reality, outages merely provide your IT department with excuses to protect their kingdom. The facts are that Gmail uptime is in the range of 99.99 percent – meaning the average user experiences about four minutes of downtime per month – and Amazon targets 99.95 percent for AWS. So, can your team beat that?

Further, this confused IT leader thinks his team can manage a service more reliably than a company whose entire existence depends on its ability to do so. To put it bluntly, Google has assembled the greatest collection of computer science talent in the world. Similarly Amazon has a multi-year lead in delivering compute power by the drop, with which it’s happy to provide to you with the single-digit gross margins of a successful retailer. Your IT organization simply doesn’t rate at this level.

Insanity #2: I need somebody to talk to when a service interruption occurs

I’ve never understood why IT departments seem to care deeply about how important they are to their vendors. It’s a dysfunctional need that can only result in you paying far more to your vendors than is necessary, so that they can afford to show you the love.

Needing to talk to a cloud vendor when there’s an outage is a striking example of this: Would you rather have your cloud provider spending millions on account managers to call you when something goes wrong, or instead to spend their money on world-class engineers working to fix the problem?

You can’t have both (unless you want to pay a lot more for your service). By this time, any credible cloud vendor has mastered the art of providing online status updates (just as Heroku did for us here). It’s no small challenge to do this right (we worked on it for years at Google), but it’s critical to servicing customers well in the cloud. So why are so many large companies turned off by the idea of getting updates via a website or RSS? Because it doesn’t make them feel special.

As a consumer of cloud computing, your goal is to be as unimportant to your cloud vendor as possible – to ride the curve of innovation and cost reductions that result from their efforts to serve an enormous and diverse customer base.

Insanity #3; Cloud is OK for non-critical applications with non-sensitive data

If you believe that cloud vendors are just plain better, faster and cheaper at delivering IT services, then it’s another level of insanity (and illogic) to limit the use of these services to inconsequential applications that aren’t critical to your organization. This is the status quo’s last stand – “this data is too sensitive to enable Company X to manage it for us!” (A similar concern is for those who find perverse comfort in actually knowing where their data physically resides.)

This thinking is backwards. If you care about the reliability, security, and the protection of your data, then you should entrust it to those who are most capable of managing it. If you believe you can match the capabilities and rigor of Google’s Security Operations team, I wish you well.

Of course, the objection to the cloud heard more often than any other is “it’s not me, it’s them.” In this case, “them” means the boss, the lawyers, the executive team, or the board of directors. And just as frequently, “them” is a varied assortment of regulators whose statutes invariably fail to give clear guidance on whether cloud computing is, in fact, legal. Strangely, even when you speak with these regulators, you will hear the same thing: It’s not me, it’s them.

Ultimately, the spoils of cloud computing will accrue to those organizations that break through the insanity, that resolutely fight through these distractions and ambiguities to drive this radically better approach to computing throughout their organizations.

Dave Girouard is founder and CEO of UpStart. Previously he was President of Enterprise at Google. Follow him on Twitter @davegirouard.

Photo courtesy of John Wollwerth/

65 Responses to “The delusions that companies have about the cloud”

  1. Obviously the reason that you don’t hear complaints about the Lotus Notes cloud service is that is never goes down unlike these dodgy new fangled untested systems. Lotus Notes target is 100% not a pathetic 99.95%. Those 4 minutes might cost thousands of dollars.

  2. Anton Chuvakin

    “a big public outage is actually a sign of success for a cloud vendor – after all, it means tons of customers are relying on its service, no?” <- after I got to this point I realized that it is an April 1st piece. Sorry, you got me for a second; I really did think it was a serious post.

  3. Gy Troter

    Daniel Segel

    Yes! Absolutely as to ALL of your stated concerns!
    Additionally, when the inevitable, happens …as it is always to ‘someone else’
    – the feeling must be comparable to hearing your Insurance Company
    diverting and manipulating their ability to PAY-OUT while questionably informing you
    …”You haven’t purchase coverage for ‘THIS EVENT’ ?”
    Here’s an idea – Let all of us commenting, research those companies that must be
    complaining – of exactly the experiences you have just described.
    Research BEFORE – not AFTER – ‘THE EVENT’ !

  4. Daniel Segel

    “…the essence of Insanity #1 is the presumption that a cloud outages implies your in-house IT organization could do it better.”

    Um, yes. Absolutely we can do it better. The thing is, the hosting site isn’t the only point of failure between my users and the servers and data, and there are frequently problems somewhere along the way. Routing issues, cut lines, DOS attacks…none of that impacts me because I maintain my own data on my own servers, locally.

  5. Anthony Porcano

    This is a fine article and I agree with the sentiment. However, it skips over the detail that the largest cloud providers in the world at not yet ready to handle all needs of existing large enterprises. I cannot put my Oracle RAC database in AWS. I cannot put my large multicast-based applications in AWS. Yes – I can rewrite these applications, but is the cost of doing so realized in potential savings from public cloud? You can make the argument that companies will either evolve or die and there is some truth to this. Certainly the fact that most new startups are leveraging cloud is a key indicator that it is the new normal. However, if you’re point is just that anyone not fully utilizing public cloud today is just insane, then you are skipping over some details about current capabilities of public cloud.

  6. Dave Girouard forgot about Vint Cerf

    The cloud becomes really useful once there is an open protocol (implemented by all or most cloud vendors) for cloud interoperability. Always remember that when you enter into a relationship with a cloud vendor you are becoming a dependent. What happens if Jeff Bezos wakes up on the wrong side of the bed one day and decides to change the terms and conditions once you’re hooked as his dependent tenant? What Dave Girouard omitted from this article is the lack of interoperability between clouds and this is really too bad considering his previous title at Google considering Vint Cerf at Google has written about the need for cloud interoperability several years ago. I guess Dave Girouard wasn’t talking much (on his Android phone!) with Vint Cerf.

  7. Gy Troter

    My guess? Larger (too big to fail) corporations, governments are vastly more in NEED of control over THEIR data for reasons they would never, never, EVER cede to! Imagine the day – When congressional hearings call for: i.e. (All of Dick Cheney’s emails) or All of ANY corporation’s internal creative accounting methods – Enron, Worldcom, AIG, …this list goes on and on and on
    … to the tune of 10,000’s of OFFSHORE accounts. It is much easier to claim INTERNAL problems as to why SUDDENLY all the above information is MISSING! Sure they’ll pay a fine but which of the two is the lessor of the EVILS? As future public Money is on the hook to failures – It may be this above “Accuracy” Mr. Girouard speaks of that MUST be used as a ‘THREAT’ to companies or governments that cannot be trusted to guard their ‘Private’ data for public scrutiny
    when the public PICK’s UP THE TAB for past losses. REMEMBER people, GOOGLE the term “Privatizing Profits and Socializing Losses’!

  8. Simple arguement: Do a google search for “Google Drive HIPAA Compliance”

    That’s an entire industry that says “NO” to cloud computing.

    As for tasks like accounting, as others have pointed out, the government is mining the clouds today, just casting a wide net, looking for “evil-doers.” What happens when the IRS gets the same idea?

  9. Does anyone remember this past Christmas when Amazon went down taking Netflix with it? While Netflix isn’t mission critical as far as I’m concerned lets replace that task with a company taking orders or doing something more valuable. The company is now at the complete Mercy of the Cloud Vendor and while I’d like to think they have my best interest at heart to keep their business model relevant I’ve got no guarantee on that. Oh yeah, guess I could jump ship to another cloud vendor but I’d probably be bankrupt by the time I can make that happen.

    The other thing here is that if the data is used by a smaller business they may still be able to operate depending on their business model if their servers are maintained onsite. With the cloud you have a number of parties you must rely on to make the connection happen and a failure on either ISP end or finger pointing brings the business to a halt.

    • Fallacy of your conclusion mostly lies in what I could name country-centric and technology-only viewpoint.

      “While this is possible, it’s an extremely remote risk for several reasons. First, if the government knows where you are, they will first go to you to get your data (if you know anybody in the US AG office, ask their opinion).”

      I can be perfectly known to government, but as long as I’m in different jurisdiction, state or federal AG can’t “go to me” but has all the means to get the data regardless. I would expect my local AG equivalent to use all legal means to prosecute, so why should yours hold back.

      “The government goes to cloud providers when they are unable to locate the owner of the data – ie a shadowy individual, not a corporation with a known street address.”

      Or, alternatively, unable to exert any power over the owner of the data. Oh, say we’re talking about any foreign company using the service. Even well-known corporation with very well-known street address thay pays all of its taxes. Even the business itself doesn’t need to do anything US-illegal, it could be that prosecution only needs data from it to support its case against some 3rd party.

      “This is “how it works”, but doesn’t imply the risk is zero. Yes, there’s some possibility it could happen with a national security letter, etc.”

      As long as legislation is what it is and data seizure is a fact, noy just fairytale, this isn’t just some remote possibility. Gag orders just compound the problem. There is no need to imply PATRIOT Act is the only problem, as it’s only a symptom of bigger issue: data is in possession of entity within the jurisdiction, but owned by entity outside of jurisdiction. Is there any good reason for prosecution to not seize this readily accessible data (given legal warrant or similar instrument) when needed? Uh, oh… slippery slope here, as answering this the wrong way would mean the police would lose ability to open self-storage locker (contents in possession, but not owned by storage locker company) if contents were owned by foreign national.

      Ignoring this or saying how unlikely this is to happen, means you’re truly living in the clouds. Pun intended.

      “But remember: your cloud providers don’t just have more engineers than you, they have more lawyers than you.”

      Sure. Can I get some legal advice from them?

      Google lawyers work for Google. My lawyers work for me. Google is always subject to US laws, my business might not be and should be careful to put data where it would become such subject. You can’t even remotely imply that I can rely on Google legal team to protect local non-US law rights, which may or may not be aligned with what rights US law grants me.

      “And good cloud providers are much better and more likely to fend off unwarranted data requests than you are (there’s been much in the news about this recently).”

      What is unwarranted depends on your viewpoint or more precisely on your jurisdiction. Right now there’s no legal way for anyone in US government to get hold of my business data without going to local AG and complying with the laws of the jurisdiction where my business operates. You’re talking about “fending off”. It would be funny if it wasn’t sad how simplistic is such view, which doesn’t take into account the global nature of what the cloud is supposed to be.

      Yes, I smirk over laws that say data “must remain in the teritory of …” and businesses that think that assurance of hosting the data here or there solves all of their problems, but saying that none of this really matters is just pure ignorance. It might not matter to US businesses catering to US businesses, but we’re talking global here, aren’t we?

      “And by the way, government accessing your data is not guaranteed to be a bad thing – what if one of your employees has gone rogue and is planning to do something reeeaaallly bad?”

      Oh, the terrorist argument. It has come to this?

      Just to make it clear: the government that is protecting me has the right to access data given certain assurances. Cloud being global business makes this hard. What government, who is being protected here and what are checks and balances. Unless you declare cloud provider a sovereign, any global cloud operation fails on all three premises simultaneously when dealing with owner which is operating in different jurisdiction.

      This is time to step out of country-centric view. Cloud is supposed to be global business and you’re only making points that are valid for single-country solutions.

      “Regardless, it’s a really bad decision to forego the benefits of cloud computing because you fear this remote possibility. Even if it happened, in what scenarios would it cause material harm to your business?”

      Even if it happened? Published information shows that:
      a) it happens regularly
      b) number of occurrences are on the rise

      So how exactly is data seizure a remote possibility?

      As far as material harm to my business goes:
      a) US competitor could use legally obtained proprietary data using trumped-up accusations against the business. Think pharmacy and biotech, which are so competitive that nothing is forbidden to get ahead as long as it is legal.
      b) Business could be held responsible for not protecting personal data as required by local law. Even criminal charges are possible.
      c) Business could be held responsible for not protecting data as required by some other contractual agreement.

      It’s a sign of incompetence if businesses don’t evaluate different categories of associated risks as well as benefits and instead focus only on technology aspects. Risk-wise businesses thrive when they both identify risks and adequately mitigate them. Not even trying or just hand-waving them away isn’t good solution if you want to stay in business long-term. This doesn’t mean you need to be scared away by doomsayers, but to take impassionate view of risks and benefits in different categories and then take as much informed decision as you can within the time you have.

      “The real problem is that lawyers in your company aren’t paid to fend of technical obsolescence. That’s why lawyers make recommendations, and business leaders make decisions.”

      Duh! Both Technologist and lawyers only make recommendations when it comes to running the business, and business leaders make decisions, because this is their role.

      You’re selling a business decision, but only taking into account the technical recommendation with a glance on anecdotal evidence of enterprise technologists fearing the change and future of their jobs. So you are taking stock of costs, efficiency and HR, but ignoring legal and contractual risks, which depend on context and might not be negligible.

      To put it in derogatory view as you did, I can very well say that the real problem is that technicians in your company aren’t paid to prevent legal suicide.

      My conclusion?

      Employ cloud where it makes business sense, skip on cloud where it doesn’t. Be careful when selecting the cloud solution to mitigate identified risks. Listen to technologists as well as others in your company, but most importantly don’t ever listen to technologists thinking about non-technological issues (or lawyers about non-legal issues for that matter).

      Perhaps to some this sounds like a bland, non-committal conclusion. But running a successful business isn’t about blindly jumping at every new thing just for short-term financial benefit, but about taking calculated risks that can put your company ahead when they succeed, but don’t kill it when they don’t quite pan out.

  10. I think Dave is suffering from cognitive dissonance. The reasons that Dave brought up about the failings are a positive thing verifies exactly why people like myself are very distrustful of people like Dave.

    The attitude of do not disturb the “techie” because you are wasting his time is nonsense. When and if these mishaps occur do the techies or service firm reimburse or credit you fees for your lost time? Probably not.

    Dave is portraying “a live with it attitude, because it doesn’t happen that often”. Are you serious? If we all ran our businesses that way we would be out of business.

    This attitude is so offensive! Try offering guarantees and credits and you might get a little more respect.

    • Dave Girouard

      actually most or all cloud providers (including Google) DO provide service credits when they have significant downtime. I never said outages were a good thing – they are a reality in any flavor of IT.

      • Anthony Porcano

        This is a valid point, but there are a great many conditions that can cause downtime, which are not covered by the terms of the AWS EC2 SLA.

        “Region Unavailable” and “Region Unavailability” means that more than one Availability Zone in which you are running an instance, within the same Region, is “Unavailable” to you. “Unavailable” means that all of your running instances have no external connectivity during a five minute period and you are unable to launch replacement instances.

        If my applications are malfunctioning due to issues with EBS, but there are no issues with external connectivity it sounds like I am out of luck. I am not a lawyer, but this is how I read their SLA and others such as Lydia Leong have recently called out AWS on this.

  11. Cloud is OK for non-critical applications with non-sensitive data. TRUER words have not been spoken. However, I don’t think people are insane. They are scared. They are not scared of losing their jobs to the “cloud”. Well, some always will be, but I have a more sanguine view of people in general.

    What we need to realize is what is “mission critical” is to be left to the “beholder”. I can live without email for two days. If GMail is down, I can use YahooMail. If Twitter is down, it can be a good thing – less number of TWITs on the internet wasting bandwidth. GMail is not mission critical and can be on “Cloud 9” all the time.

    So with due respect to your pedigree “Mr Google”, the real problem today is a lot of “cloud pushers” injecting their BS trying to hook a lot of “users”. These “pushers” – pun very much intended – are simply looking to to have IT shops re-engineer an existing and perfectly sound solution that meets business needs convincing business executives to get on a new “high”.

    I would love someone for once would post something with equal enthusiasm calling out the shamelessness of management consulting funds who simply latch on to the next buzz word wasting the precious shareholder capital.

  12. Interesting article, heavily skewed but interesting. You fail to mention that not all cloud service providers are equal; meaning not all have the cloud chops of an Amazon or a Google but every vendor is clambering to be a cloud vendor. Consequently there still is real risk in selecting a vendor that can’t deliver on one or more aspect of the service(s) they provide. So your reference to Darwin has a role to play here too as those that can’t actually deliver on the cloud promise will die. If your IT assets are on one of those companies that die risk and instability creeps in their too as you must find an alternative and sometimes in a real hurry. Some may say a prudent strategy is to wait for some settling of the landscape before making the move.
    Second, it’s perhaps not about wanting to feel special that some/many/most IT managers are wary about the Cloud, it’s possibly due to the perceived reaction of CEOs if something was to go wrong and they want an answer. If the IT manager was to say, I’m monitoring my RSS feed “as quickly as I can”, that IT manager would soon be reading the want ads as quickly as they can because I’m sure most CEOs would consider that response not good enough!

  13. My concern has to do with the ever increasing complexity of the software required to manage such large environments and the fear that it’s becoming more difficult and timely to diagnose when something goes wrong.

  14. Childish & immature perspectives. Please experience real world before writing again.

    Many enterprises are achieving 100% uptime, are far more sensitive to business needs since their goals are aligned with the company (not someone else’s business motives) and offer better outcomes.

    Self serving twaddle like this doesn’t help progress transition.

  15. As an active helper (TC) on the Gmail help forum, I can tell you that it can be disastrous to put 100% trust in cloud data storage without also having your own backup of the data (redundancy). I don’t know if this applies as much at the corporate level, but e-mail users can loose their account due to a variety of reasons (disabled, compromised, etc) and with it all the data stored in it (for Google that could include e-mail, docs, pictures, blogs, etc).

    I trust Google to keep my data safe at the server level (in aggregate with all the other users hosted on that server). But there are too many non-recoverable things that can happen to me as an individual user; I must maintain my own backups.

    “The cloud” is a very useful concept for a lot of applications, as long as you know it’s limitations and take the appropriate precautions.

  16. So are you saying google wouldn’t have any security concerns putting all its internal source code in the cloud, say on a business github account? (Private repo of course)

  17. “A similar concern is for those who find perverse comfort in actually knowing where their data physically resides.”

    Your point is generally well taken, however, there are probably some (edge) cases where legalese could put a company in a bad situation with respect to where the data is actually stored. Admittedly, the vast majority of prominent applications in the cloud are with one of the major provider, but imagine that (for whatever reason) a company decided to use a provider whose country did not have laws making them liable for any misuse or mistreatment of data; if that provider did something negligent, intentionally or not, that led to your data being accessed/exposed/deleted/etc, you would likely not be able to hold that provider accountable and would instead just end up losing customer/client confidence (and business).

    Obviously this really depends on where the company is versus where the data physically resides, but it’s really not unreasonable to just “be aware” of where said data is and potentially using that as one of the sanity checks for whether or not a cloud provider is viable (of course, setting aside other things like “will the location of this data cause unacceptable latency” or, conversely, “I don’t have to care about transfer overhead because my application isn’t hitting the metal with every operation”).

  18. Jonathan Mergy

    If your technology is not part of your core functions of our organization, then dump it to the “cloud.” But, if it is, and you can afford it, you are still crazy to not have the expertise in-house.

    In my opinion, the “cloud” is much like Costco. You can probably get everything you need there food-wise to survive but just because you can doesn’t mean you should. Many, they are fine relying on whatever Costco brings in to sell and they work their diet around those limits.

    For others, it is a great place to load-up on toilet paper because we can cook our own stuff and may not want the portions we would have to deal with.

  19. tl;dr : Disagreement != insanity. Your unwillingness to accept possibilities you haven’t encountered or avoided doesn’t mean those possibilities don’t exist or can always be avoided.

    Point #1: Bandwidth + power is sometimes cheaper than bandwidth + CPU cycle costs in many cases. If you have a massive spike, you may not worry about down time, but you will worry about the bill. There are plenty of occasions where the cost is unacceptable by comparison. And this is even after initial investment.

    Point #2: If you stick to a generic storage or CPU package that needs no modification, then yes, go with the cloud. But when, you need to switch priority for some CPU threads without jumping through hoops or dynamically allocate high-priority data to primary search spaces and low-priority data to archives, then you’ll suddenly find it comforting to know you have physical access to the servers and primary control interfaces.

    Point #3: Evaporates quite quickly when the U.S. government says cloud data isn’t technically stored by you, so they can do whatever they please with it. Since you’re not the cloud provider, and it’s off-site, they can claim “it’s not your data” and use it as evidence. Read : Megaupload.

    Don’t laugh, that’s an actual argument used often by them during court cases.

    You store your data in the cloud and if you want it to remain private, it better be encrypted.

    Bottom line: Any extra “Stuff” you add to the stack is another layer that can potentially fail. More “stuff” doesn’t make a better platform, but BETTER “stuff” does.

    There’s something very comforting about saying “Hey, Mary. We just lost power and we’re running backups. Could you make sure the generators kick in?” and hearing back, “Sure, I’m on it.”

    • Anthony Porcano

      “Since you’re not the cloud provider, and it’s off-site, they can claim “it’s not your data” and use it as evidence. Read : Megaupload.”

      These guys were in colo space. There are very few companies that can afford to build out their own data centers, and even where you do it doesn’t stop federal prosecutors when they show up with a warrant.

    • Alexander Conroy

      “I think IT is mostly reluctant to the cloud because it makes their job increasingly irrelevant.”

      You hit the nail on the head with that one. The more we outsource our data to companies that automate everything the less technical jobs their are. By outsource I don’t mean moving business overseas, but moving it to another non affiliated company.

      I agree with everything in this post as to why the cloud is better and more efficient, but it is not good for economy at all.

      Cloud companies specialize in cutting costs for both client and themselves, reduction of the amount of people it takes to support IT needs is the downside of this.

      I <3 the cloud, love my Google Drive account and being able to share it with my co-workers, but I can see how if I had a large department and just payed a cloud company to deal with my data and servers, I may skip on hiring a IT manager or two.

      The problem with tech in general is that it is turning jobs into automated processes. I wish I had an answer as to how to make it a beneficial economic situation out of this inevitable process.

      • Shawn Willden

        Alexander, your comment is an example of what economists call the “Broken Window Fallacy”, the idea that make-work is good for the economy — and it’s a fallacy. You might not see the IT work managing those private servers as make work, but if there’s a way that it can be accomplished as well (or better) without those jobs… it is.

        While it is hard on individuals who need to retool and retrain, and it can be difficult for the economy if changes occur faster than people can adapt, in the long run if all of those services can be provided with a tiny fraction of the staff, the economy is energized. All of the capital and labor freed up can then go out to attack new problems and create new services. Unless you believe there are no more problems to solve and no more products to build.

      • Alexander Conroy

        The Broken Window fallacy does make sense. I understand the point, and I think it is mostly the speed of change to automation that concerns me. It’s not that I don’t see a long term solution along with automation, but I see a very painful interim.

        Also with the tendency for large companies to sit on large sums of money, the economy isn’t always immediately energized by these new found efficiencies. If most of corporate profits were used, I would wholeheartedly agree that automation could energize the economy.

        I am very interested to see new problems to tackle, and I do not, by far, believe we have run out of problems to solve or products to build. I appreciate your opinion on this matter.

      • Bo Dang Ren

        Just the other day, I mentioned in passing on a technical forum that I was the Google Apps admin for my school. I was ridiculed by more traditional IT folks for that not being a real IT job. My response? It’s not. I am a teacher, and I manage GApps, schedule training, and try to script solutions for our school in my very little spare time. I put in a few hours a week, and this is sufficient to not only keep the system working, but to improve its performance every quarter.

        I _have_ done more traditional IT work, and this system is much better for our organization. Do we have downtime? Of course. The government-supplied Internet connection goes down or Google is unresponsive for a few minutes. In my experience with school IT, it’s definitely less downtime than we would see by running it in house. I get to focus on new solutions instead of grinding to keep us up and running.

      • Ross Dakin

        “I agree with everything in this post as to why the cloud is better and more efficient, but it is not good for economy at all.”

        It still takes in-house guys to utilize hosted services (I know very few product managers capable of setting up a functional EC2 instance); they just get to work smarter rather than harder.

        Also, don’t overlook the armies of engineers that it takes to run these hosted services.

      • Gy Troter

        …and …”the less technical jobs their are” – The LESS technically qualified POSSIBILLITIES
        that remain in the ‘Technical GenePool” to help hold all of ‘this’ up – and RUNNING. When stuck on “The Information Highway” better to know mechanics – than to ‘Eventually’ wait for one (a qualified mechanic) to ‘show up’ …and – when he decides to get there!

      • Gy Troter

        – Conroy you’re right …”the less technical jobs their are”
        – The LESS technically qualified ‘Critical Thinkers’
        that remain in the ‘Technical GenePool” to help hold all of ‘this’ up – and RUNNING.
        When stuck on “The Information Highway” better to know mechanics
        – than to wait for one (a qualified mechanic) to ‘Eventually’ show up’
        …and – when he decides to get there!

      • This whole thing reminds me a lot of the “mainframe” versus “PC” discussions. Academics and huge companies … firmly on the side of the mainframe (which, like the cloud today, was a vendor-managed datacenter, it was even drawn in schematics exactly the same way : a little cloud). The PC fought on the other side. People could actually do things with PC’s while vendors just sold their pre-made inflexible applications.

        There is no question in my mind as to who will win this time around, same as last time. People should look at it in two ways. First there’s a nice opportunity forming for migrating companies into the cloud, and you can focus on that. Certainly lots of cloud migrations will happen in the near future.

        The huge opportunity, of course, is to found the company that will be to Google what Microsoft was to IBM. It will be a lot easier if you do it while everybody still has windows laptops.

        Specialized custom applications versus generic vendor-controlled huge applications. When it comes to cost-saving generic solutions the cloud beat the cloud. When it comes to adapting to changing circumstances, small, custom, distributed applications will, once again, eat the cloud alive.

  20. Bah, #3 addresses non-issues. Having critical data hosted outside of direct control of the enterprise is still a no-no.

    Critical data for enterprise is by definition not only the one which must not be damaged or lost, but must also remain protected and must be guaranteed to be destroyed. With cloud or any other outsorcing company, this is tricky at best and for majority of enterprises simply a show-stopper.

    While I can agree that preventing damage or loss is something that Google and others do well, what really happens to data that needs to be “deleted” isn’t all that clear. How many times did Google have “oops” when it found wireless data that it wasn’t supposed to have any more. I agree that this is apples and oranges comparison, but really: how do I know and ensure that destroyed data is actually destroyed and won’t come back to haunt me? Obsessed with where my data resides? I sure am as well as I’m obsessed with ensuring that I follow my local law that Google or some other random cloud provider doesn’t even have a clue about.

    Similarily goes for the protection. While I don’t think risk of somebody malicious gaining access to data is any bigger on the cloud as opposed to “private cloud”, theer still remains serious threat of lawful legal requests for data where Google can be compelled to both release the data and stay quiet about the fact that somebody elses data was released. And this data can be data from AppEngine, e-mail, IM services and include both content and metadata about that data.

    If enterprise would be in sole posession of that data, there would be exactly no risk of that data ever getting out without ability of enterprise to challenge subpoena or warrant before that data is given, to ensure that only minimum required is given and be completely aware of what, when, to whom, why and how was given.

    While the last point isn’t something that cloud provider can influence, but rather limitation of legislation in digital age, it still means that for certain kinds of data outside hosting simply doesn’t cut it. Cloud or otherwise. Recommending to store or even process such data on the cloud simply isn’t good recommendation. While nobody really cares about netflix movies or petabytes of funniest home videos, enterprises care about internal communications, business plans, customer data and possibly other critical information as well.

    It would be insanity to give out this kind of data before thinking long and hard with your legal team about what could happen if somebody will obtain this data without ability to challenge order for release of said data. Fluffy blog post about “how great is our technical team” simply doesn’t cut it, because techology isn’t the issue here. Legislation is.

    Oh, by the way: it doesn’t matter where my data resides. If CA judge issues a warrant for data and gag order, Google will have to comply. Technical detail of where the data is stored, as long as it is in posession of Google, is irrelevant. EU law, which deals with teritory where data is processed is absurd on its own, but that doesn’t change the fact that there is no law that would ensure that posession and ownership in digital realm don’t always match like they do in physical realm. Ignoring that fact and staking your buisiness on it is special form of instanity. One that many enterprises are guily of.

    • Anthony Porcano

      “Bah, #3 addresses non-issues. Having critical data hosted outside of direct control of the enterprise is still a no-no.”

      There is a valid point here. If I want to prove that an AWS EBS volume was destroyed I can’t do that. There is no way (now) to receive a confirmation that data was wiped according to AWS’s policies. You just have to trust that the processes and procedures they are audited on are being executed in all cases. That said I expect this is a feature we could expect to see in the future. In the interim it’s not stopping large enterprise and government from using AWS.

      • Of course you can. Always store the data encrypted (do that regardless of any of these arguments, it’s easy enough). Don’t keep the key inside AWS except in host memory where it can’t be (reasonably) extracted.

        To delete, delete the 20 bytes that form the password. The data is gone, and nobody, not google, not amazon, no CA judge, not barack obama himself can order it restored.

  21. While these comments are spot on with regard to commercial enterprises, the last point takes on a different tone for education or government customers.

    Their ability to accept the perceived risks is often far more limited, and much more career limiting.

    Our company focuses on educational institutions running Google Apps and over the last few years we’ve seen a huge shift in attitudes, driven by a combination of natural (or accelerated) attrition of mgmt stalwarts AND availability of outcomes data.

    The outcomes data makes clear the opportunity cost of the status quo. “We could have a huge impact on student literacy, or we could keep the data right here in the server room.”

    The bigger point is not really about moving to the cloud, it’s about moving to better tools.

  22. _I have news for you: a big public outage is actually a sign of success for a cloud vendor – after all, it means tons of customers are relying on its service, no?_

    That means Microsoft’s Office 365 is a huge success?

  23. I think you contradict yourself here a little bit with regard to communication and Myth #2. As president of Google Enterprise, your first reaction was to call for insight about the problem. Why should paying customers deserve less? Like you, they’re also responsible to their clients.

    • Dave Girouard

      yes that’s at least partially true. but it was my team working on it on behalf of millions of others, so I think it’s somewhat different. I was in position to understand what was happening and know the people involved in resolving. Note that I didn’t try to call Heroku a couple of weeks ago.

      • Matthew G Trifiro

        Google sells premium support packages, as does Heroku, which makes cloud an even more robust offering for businesses that need that extra level of direct contact. Some of these support packages include dedicated phone numbers and even connect routes to specific individuals. Having a full range of options allows you to build and scale your cloud infrastructure according to your needs — including when you need to get somebody on the phone now.

        Support as an add-on is very different from the historical business software sale. If you buy say, a big SQL database from a non-cloud vendor, you will surely pay a mandatory +20% for support on top of your license, whether you needed it or not. WIth today’s cloud vendors, extra levels of support can be bought and sold a la carte. The cloud a la carte model lets you tailor your spend according to your needs and ability to pay

        With cloud, not only do you get a lot of these services more efficiently (especially from TCO perspective), it also opens up top-tier technology to a new segment user: Smaller businesses and new businesses (even new projects within larger businesses) now have a low-cost entry path into enterprise-grade tools.

  24. Hmm,,so I guess in the event critical e-mail couldn’t be delivered for 40 minutes nobody remembered how to use a phone? or are these the same people when you call them numberous times you only get voice mail and either respond or not by e-mail? oh yes they forgot that device in their hand also allows you to speak? they built this disfunctional new information communication mutant of a drunk monkey with open head wounds..if this author
    thinks I felt his pain,,,I hope he’s in the hell he helped to build..

  25. While the points you mention are some of the reasons businesses use, you failed to bring up the #1 reason: security/privacy.
    In fact, Google’s own press releases showing how many times information was released to various agencies underscores this perfectly. I’m not blaming Google for this, they are abiding by the law. Everyone knows that getting the same information from the data owner would require a higher standard of probable cause.

    • Thank you, that is spot on. And then there is the Not too far-fetched possibility that e.g. your Google Account gers closed without any explanation, you don’t have access to any of your data, your mails, your photos, your calendars, your Android apps (several 100$) etc. You enter a Kafkaesque nightmare of automated replies that tell you nothing can be done (especially if you don’t speak English and don’t live in the U.S.).
      The cloud is fine and dandy as an additional third or fourth backup storage, but rely on it, trusting them with my business, my livelyhood? Never. I would not trust Google (or Amazon etc.) as far as I can sling a piano.

    • Don Rekko

      Spot on! Dave Girouard’s view is bordering on the arrogant , kind-off ‘those who don’t get cloud are server-hugging retards who are just proctecting their dinosaur-turfs’. The Google’s and AWS’ of this world still don’t get enterprise-type Service Level Agreements and compliancy/regulations. This is what is preventing 99% of the enterprises from adopting Cloud Computing in a massive way. Most CIO’s ‘get’ the cloud, and they can’t wait to use it. It’s the vendors who need to get their enterprise-act together. Dave’s display of his ignorance of this reality is, well, not helpfull.