How to evaluate private versus public cloud solutions
Is cloud computing overhyped? Yes, according to a recent research note by Gartner. Effective and efficient use of the cloud requires a more strategic approach than simply moving all workloads to another company's servers, the note says.
This is not the first time industry observers have called out the hype around cloud. In 2012, Gartner issued a graphic that suggested the cloud hype cycle had hit its apogee, and a 2009 Wall Street Journal article tracking an explosion of cloud superlatives in the tech industry quoted Oracle CEO Larry Ellison dismissing cloud hype at a financial services conference that year. "I have no idea what anyone is talking about," Ellison reportedly said.
What does 'cloud' really mean?
In general, the term cloud refers to a virtualized computing architecture whose software can reside on the servers of a public provider or on your own servers. Organizations of all sizes are increasingly using cloud solutions to power mobile apps and iterative programs, to leverage the Internet of Things, and to scale their infrastructure. Over the next two years, 57 percent of all workloads will be deployed to various cloud platforms, according to 451 Research.
Much of the confusion around cloud results from the incorrect—but still widespread—assumption that private and public cloud are the same thing. While a private cloud is infrastructure that is hosted either on-premises or in a service provider’s data center, and devoted entirely to your business needs, using a public cloud provider means your data are on shared hardware owned and operated by a third-party provider.
"The first generation of cloud computing was dominated by Amazon Web Services," says Bobby Patrick, chief marketing officer at Hewlett Packard Enterprise Cloud. "The definition of cloud was 'public cloud,' but now we can build that architecture on premises." In other words, you can build a private cloud, which uses the same architecture but is controlled directly by the company that creates it.
According to Ken Won, director of cloud products and solutions marketing at HPE, there are four metrics to consider when evaluating private versus public cloud solutions: security, performance, cost, and compliance. Reviewing them might help you understand the primary issues IT decision-makers should consider.
If you are a financial services or healthcare company, you are going to want the highest level of data security you can get. Public cloud platforms may provide extraordinary convenience, but their security has been compromised in several high-profile breaches, resulting in significant financial costs for companies like Amazon and Microsoft.
With a private cloud, you can control access and employ any security measures you wish. Moreover, a private cloud is generally less of a public target than, say, Microsoft Azure or AWS, with their multitude of users.
Arbor Networks' 11th Annual Worldwide Infrastructure Security Report indicates attacks on cloud-based services nearly doubled in the past two years, to 33 percent. Attack size has continued to grow, and the attacks are more often complex attacks on multiple fronts. Additionally, half of all respondents who suffered distributed denial-of-service attacks saw their firewalls fall, up from one-third last year. These are the sorts of things you might want a dedicated security staff to handle.
Public cloud providers seem to be learning from past breaches. Earlier this year, AWS integrated a set of best-practice security benchmarks recommended by the Center for Information Security to increase its level of safety. As one example, Virtru's email encryption uses the AWS key management feature to store user keys in its private cloud.
That said, 64 percent of federal IT managers are still more likely to use a private cloud over a public service, according to a recent study by market researcher MeriTalk.
Although public cloud services can provide the elasticity missing from some traditional IT, they are hardly problem-free. Common public cloud challenges include bandwidth and connectivity (though private clouds can have similar connection obstacles), trouble scaling, and traffic stress that overtaxes a service's architecture. One way to mediate these issues is by negotiating a service-level agreement that addresses availability and access expectations.
Another issue with the public cloud is latency—the amount of time it takes for a packet of data to travel between two points. Some applications are very sensitive to latency. "If you set up a virtual machine on a public cloud today and another tonight, those two might have different latencies," says Won.
This is because when you order the first VM from a public cloud, it will be deployed to a data center. The next time you order one, it might be deployed on a different data center. In that case, the latency will be different between the two VMs. Certain apps require that users meet latency requirements to even run them.
Using private cloud technology avoids a number of the public cloud issues, but not all. Bandwidth and connectivity, not to mention lack of a dedicated staff to troubleshoot problems, are still issues. Harmonizing the different data center connectivity requirements is not somebody else's problem once your cloud is your own. You have to ask if you have the internal personnel and skills to handle that process.
If your budget will allow you to make only a relatively small outlay for operational expenditures, it might make more financial sense for you to move to a public cloud. Public cloud services like Azure and AWS can operate a server for less money than anyone else can. For example, a large company racking a $5,000 server in its data center could spend between $25,000 and $50,000 to run the server internally.
Won allows that development and testing environments make more financial sense on a public cloud than on a private one. But if you have sufficient funds to create your own cloud—along with the corporate will and technical expertise to manage it—you can create a custom environment that is possible to sustain at a lower yearly cost.
Again, if your employee-hours are fully invested in a tech team that is fast and smart in responding to your needs with legacy tech, any shift to the cloud will cost money in training—or even replacing—personnel.
4. Compliance and regulation
Public cloud providers manage customer workloads across far-flung networks of data centers. Because these services generally are not transparent about where they host your apps and data, it's hard for customers to know if they are meeting compliance requirements, which can vary widely by country.
In Europe, for example, stringent privacy regulations mandate that personal data created within a country must stay inside the borders of that country. If you have customers in Italy, for instance, you must by law keep their personal data within Italy's borders. If you are using a cloud provider that doesn't have a data center in Italy, you can't meet those data sovereignty requirements.
This is a real issue for not just large multinational companies, but also any company that operates across national borders. "People are starting to realize the financial value—but also the limitations—of the public cloud," such as the difficulties they present to compliance and the target they present to hackers, says Won. "People want the benefits without the limitations. They want that public cloud experience in their data center."
Most CIOs want to provide a unified platform experience for their developers so they can concentrate on building killer apps without worrying about having to customize each app for different platforms.
Public cloud providers are starting to recognize the value of enabling common experiences across public and private clouds. For example, Microsoft plans to launch Azure Stack in 2017. This service will allow Microsoft data center users to run private cloud services that are compatible with the Azure public cloud. Along the same lines, AWS now provides compatibility with VMware.
Unfortunately, there are no easy solutions to the challenge of moving workloads seamlessly across public and private clouds. "The industry has realized the value of doing this, but we're in the early days of making it real," says Won.
According to a forthcoming 451 Research report on hybrid IT, "Decisions around deployment models will remain...dynamic and will initially involve ample trial and error based on the individual application profiles (e.g., lifecycle stages, usage patterns, application behavior characteristics, data criticality, and data sovereignty considerations)."
In the end, it's important to remember that cloud technology is not going anywhere, but it is constantly on the move. And tracking that movement will be integral to your IT success.
Public vs. private cloud: Lessons for leaders
- The choice is no longer cloud or no cloud. Rather, it's about balancing your IT load effectively across public cloud, private cloud, and traditional IT.
- When choosing between private and public cloud for a particular workload, you need to weigh security, performance, and cost, along with regulatory and compliance mandates.
- While most enterprises want to provide seamless multiplatform experiences for their developers, the industry is in the early stages of making that real.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.