Weekly Update

Is the private cloud really a viable option for most enterprises?

Private clouds were the right solution for many enterprises that wanted to realize the value of cloud services without actually moving to a public cloud. However, from what I can see, the trend now appears to moving to deployments on public or hybrid cloud models.

We’re seeing this trend for a few core reasons:

  • Value. The private cloud model still requires you to purchase, deploy, and maintain your own hardware and software, which reduces the value that private cloud can provide. Certainly, when compared to public cloud computing, private clouds typically cost much more, and do not get to the cost efficiency promise of cloud computing.
  • Complexity. In many instances, private clouds end up being just another “stovepipe” of data and systems that the enterprise must contend with. They add more complexity, and thus make enterprise IT infrastructure harder to change and expand. In many cases, it reduces the ability to be agile, if the right planning does not occur. That type of planning typically does not happen around private cloud deployments.
  • Features. Software provided to build private clouds seems to come up short when compared to today’s public cloud offerings. Where there was once parity with public and private clouds, the large public cloud providers have spent their R&D dollars on the public cloud offerings. Public cloud providers such as AWS and Google don’t have private cloud (on-premises) versions. Although Microsoft does, it seems to be rarely used. The other public cloud providers also seem to be focused on their public cloud offerings. There are a few exceptions among the larger enterprise players that re-cast some of their existing enterprise software as cloud computing solutions. In many cases, it’s just cloud washing.
  • Security. Many enterprises push back on public cloud providers, citing security and compliance reasons. For the most part, public clouds provide the required security as well as support vertical market compliance, such as that found in healthcare and finance. Private clouds, while they feel more secure since you can see the blinking servers in your data center, are as secure or less secure than public clouds, generally speaking. Enterprises are just discovering this fact, and are opting for public clouds as cloud projects come on-line.

It’s about control, not security

Although a private cloud is indeed a solid and viable architectural option, it’s typically overused. Enterprises that want to maintain control of their hardware and software see the private cloud as an option to help them kick the cloud can farther down the road. They can claim to have a cloud, but that cloud looks like the other systems lying around the data center. Moreover, the cost is about the same or more than traditional systems.

However, the control aspect of private clouds remains important to many enterprises. Private clouds are certainly a viable architecture choice, so if control matters more than any cost savings, and the perception is that security is indeed better if kept on-premise, then private solutions will work just fine. Typically, public or private would work, but the difference is the value to the enterprise that each model brings. These are arguments I don’t participate in anymore; they typically can’t be soundly won until enterprise IT begins to see more data points that may change their thinking.

Behind the operational cost savings, public clouds have a better ability to bring more agility to the enterprise, in that public cloud solutions are more elastic, and thus scalable, as business needs change. They don’t require building or renting more data center space, and you can rapidly alter the platform environments with minimal cost impact. The value of public clouds’ agility is often 10 times that of any operational cost saving. However, many enterprise don’t understand how to determine that value. It’s typically not a part of the initial business case in moving to the public cloud because the value is not understood until well after the public cloud solutions have been deployed.

Of course, private and public cloud architectures are not that pure. There are hybrid clouds, or, mixtures of private and public clouds, typically without direct portability between the private and public cloud server instances. Also, there are virtual private clouds (VPCs), which are private clouds hosted by public cloud providers, such as AWS. Moreover, there are hosted private clouds that are physical servers that may exist within a managed services provider or co-lo. The models get more cloudy as cloud technology providers come up with new ways to approach private clouds.

Value versus security

In looking at the value versus security aspects of private and public clouds, leaving VPCs, hybrid, and even multi-cloud out of the discussion for now, the perceptions are becoming clearer. Figure 1, depicts private and public cloud technology, in terms of degree of value that it provides the enterprise, as well as degrees of security capabilities. Again, we’re speaking in generalities here, and not addressing a specific private or public cloud technology.

Figure 1: This year (2014), public clouds provide as good, if not better, security than the private cloud offerings (generally speaking), and have the ability to provide better value, considering there are typically few if any capital costs.

private cloud f1

While there is certainly a debate around security issues with public clouds, I’m working from the facts that I see in the implementations I’ve been involved with, as well as the data points that have emerged over the last few years.

For instance, those in the world of healthcare are quick to point out that public cloud is not a viable platform for them, considering the security drawback. However, according to Alert Logic’s Fall 2012 State of the Cloud Security Report, anything that can be possibly accessed from outside, whether enterprise or cloud, has equal chances of being attacked because attacks are opportunistic in nature.

The report further finds that Web application-based attacks hit both service provider environments (53 percent of organizations) and on-premise environments (44 percent of organizations). However, on-premise environment users or customers actually suffer more incidents than those of service provider environments. On-premise environment users experienced an average of 61.4 attacks while service provider environment customers averaged only with 27.8. On-premise environment users also suffered significantly more brute force attacks compared to their counterparts. Indeed, if this report is to be believed, your data is safer in public clouds than sitting in your data center.

Or, you can just read the news reports. Target lost data from about 40 million credit and debit cards that were stolen at its stores between Nov. 27 and Dec. 15 2013, the height of the holiday shopping period. Thieves tampered with the sales terminals’ card swipers to gain access to the data stored on the magnetic stripe on the back of credit and debit cards. And do you remember Sony’s huge PlayStation Network security blunder that exposed as many as 100 million credit card numbers? It cost Sony big and required user account reboots. These were all on-premise systems, but not really private clouds, to be fair.

Figure 2 shows how the world looks as we move forward to 2016. The trends we see today in public clouds provide much more value and better security, and this trend will continue. I suspect that private clouds will fall out of favor for many new projects, and many applications hosted on private clouds will find their way to public clouds as the years progress.

Figure 2: By 2016 the value that public cloud delivers over private cloud will be significant. The ability to provide sound security solutions will improve as well.

Private cloud f2

This does not mean that private cloud, as a pattern of architecture, will fall by the wayside. Indeed, there are many solutions that may work better with private clouds, including the CIAs massive private cloud, which is required…well…because they are the freaking CIA. I also suspect that there are instances where some regulation, performance issues, or constraint on data usage means that a private cloud is a better fit. After all these years in IT, I’ve learned that there are always exceptions to the rules and trends.

So, if the question becomes: Is the private cloud really a viable option for most enterprises? The answer is probably “Not anymore.” That is, if the enterprise is willing to do their homework and a bit of planning, there is huge value that can be found in public clouds or hybrids.