Is there a Twitter sneak attack in our future?

Last year I wrote a post about what I called the Google Sneak attack. If you don’t feel like reading that post, I’ll make it simple for you. Google comes to market as a benign helpful little search engine that threatened no one. Fast forward a decade and Google now pulls in more ad revenue than most of the television networks combined. It has attacked Microsoft’s office franchise, is playing a key role in the cloud via Platform as a Service (Google AppEngine), not to mention the importance of its entry into the book business and who knows what else.  But let’s turn our attention to Twitter.  I’ve been using Twitter since 2007. For the first several months I couldn’t quite figure out what this was all about. It was confusing and intriguing at the same time.  In fact, my first blog about Twitter suggested that the Emperor has no clothes.

So fast forward to the end of 2009 and several very interesting things are happening:

1. Twitter is becoming as much a part of the cultural and technical fabric as Google did just a few years ago

2. A partner ecosystem has grown up around Twitter. A post from February by Matt Ingram of Gigaom echos this point.

3. The number of individuals, large corporations, and small businesses are using Twitter as everything from the neighborhood water cooler to a sales channel.

What does mean? Despite detractors who wonder what you can possibly accomplish in 140 characters, it is becoming clear that this company without a published business plan does have a plan to dominate.  It is, in fact, the same strategy that Google had. Which company would have been threatened by a small search company? And who could be threatened from a strange little company called Twitter that asked people to say it all in 140 characters? Today Twitter claims to have 18 Million users about 4% of adult internet users.  I suspect that we will begin to see a slow but well orchestrated roll out of services that leverage the Twitter platform. I suspect that we will see a combination of advertising plus commercial software aimed at helping companies reach new customers in new channels.

I am confident that within the next two years this small, profitless, patient company will roll out a plan targeting social networking world dominance. It will be fun to watch.

Bureaucracy gone mad: when process gets in the way of service management

I had two interesting discussions over the past few weeks; one with an IT manager and the other with Rhett Glause and Matt French from Service-Now. Both discussions related to the issue of managing service processes in a complex computing environments.  Let me start with the IT manager. He is charged with taking his organization’s web presence from 1990s architecture into a modern Web 2.0 design that will enable better support for customers and partners.  It is a big effort with lots of interaction with the customer facing departments about what they want and with the IT organization about how this new environment will be supported.  Now, this part isn’t out of the ordinary and this is not what this manager was having problems with.  He was being driven crazy by process. The company he works for is devoted to ITIL (Information Technology Infrastructure Library). ITIL is a set of best practices designed to help companies create environments that have a common way to troubleshoot problems with managing complex services.  They are intended as guidelines – not step-by-step instructions about how to managing service processes. In fact, ITIL best practices mandate that you need to start with your strategy for managing services before you get involved in the details.

The IT manager’s problem is that his company’s IT department was so embroiled in process that it was causing excessive delays in getting to a solution. It has a Configuration Management Database (CMDB) —  a repository for all of the details about an application environment including who can change something; how a service or an application is configured and what the change management process is. This company’s problem is that it has set up a change review board that has to review and approve every change for the new environment.  Therefore, something that should take a few days to develop is taking six month of endless meetings.  In other words, the IT manager’s organization is too caught up in process so that it actually crippling the ability to get the job done.  According to the IT manager, “It’s bureaucracy gone mad! This approach will not help make IT more responsive; it will do the opposite.”

I thought about the discussion in context with a great call I had with Matt French, director of marketing and product strategy and Rhett Glauser, communications manager at Service-Now, an IT service desk software as a service company.  What did they think of my friend’s tale of woe? They agreed that this is a common perspective that they hear from customers.  Many customers are beginning to understand that they have to take a pragmatic view of process.  Their top recommendation was that companies should approach ITIL in a phrased approach.

So, here are some recommendations about how to handle process in context with driving business value:

• Establish a light-weight CMDB by only focusing on configuration items that the organization really needs. If a process isn’t likely to change, it might not be necessary to track that process.  You don’t need a change management process for everything.
• Get IT management to take a step back from relying too heavily on IT processes. Rather management needs to be focused on what is important to business management and then execute in a pragmatic way.
• Every service should have a business owner who can make decisions.
• When a change management process is required make sure that there is a change advisory board. There needs to be one person who has the authority to manage that change in the context of the business drivers. The change management board should expedite process and should not become a bottleneck.

In the end it is about common sense. If IT organizations are going to be effective in managing business requirements they have to look at service management in context with the overall priorities of the business. This was the key message our team was aiming for when we wrote Service Management for Dummies. Service management is increasingly defining not only how we manage IT environments but how we managed businesses. Therefore a streamlined view of process management will be the difference between success and failure.

Why all workloads don’t belong in the cloud

I had an interesting conversation with a CIO the other day about cloud computing. He had a simple question: I have an relatively old application and I want to move it to the cloud. How do I do that? I suspect that we will see a flurry of activity over the coming year where this question will be asked a lot.  And why not — the cloud is the rage and who wouldn’t want to demonstrate that with the cloud all problems are solved.  So, what was my answer to this CIO? Basically, I told him that all workloads do not belong in the cloud. It is not because this technically can’t be done. It can. It is quite possible to encapsulate an existing application and place it into a cloud environment so that new resources can be self-provisioned, etc. But, in reality, you have to look at this issue from an efficiency and an economic perspective.

Cloud computing gains an economic edge over a traditional data center when it supports a relatively small simple workload for a huge number of customers. For example, a singular workload like email or a payment service can be fairly optimized at all levels — the operating system, middleware, and the hardware can all be customized and tuned to support the workload. The economics favor this type of workload that support large numbers of customers. The same cannot be said for the poor aging Cobol application that is used by 10 people within an organization. While there might be incremental management productivity benefits, the cost/benefit analysis simply doesn’t work.

So, the answer is pretty simple. You just can’t throw every workload into the cloud. It is not a panacea for all IT problems.  Organizations that are trying to figure out what to do with these pesky old workloads need to look at three options:

1. Decide if that workload is still supporting business objectives in a cost effective manner. If it does the job, leave it alone.

2. That old workload might be better supported by traditional outsourcing. Let someone else keep the application alive while you move into more mission critical tasks.

3. Think about rebuilding that old workload — either by encapsulating key elements and placing them within a modular flexible environment. You might even discover that there are components that are actually useful across the organization. When you discover that sharing components across divisions/department is a productive and pragmatic approach, you might be ready to move those workloads into the cloud.

Is cloud security really different than data center security?

Almost every conversation I have had over the past year or so always comes back to security in the cloud.  Is it really secure? Or we are thinking about implementing the cloud but we are worried about security.  There are, of course, good reasons to plan a cloud security strategy. But in a sense, it is no different than planning a security strategy for your company. But it is the big scary cloud! Well, before I list the top then issues I would like to say one thing: if you think you need an entirely different security strategy for the cloud, you may not have a comprehensive security strategy to start with.  Yes, you have to make sure that you cloud provider has a sophisticated approach to security. However, what about your Internet service provider? What about the level of security within your own IT department? Can you throw stones if you live in a glass house (yes, that is a pun…sorry)?  So, before you start fretting about security in the cloud, get your own house in order.  Do you have an identity management plan? Do you ensure that one individual within the data center can’t control all of the data within a single environment to minimize risks? If you don’t have a well executed internal security plan, you aren’t ready for the cloud.  But let’s say that you have fixed that problem and you are ready to really plan your cloud security strategy. So, here five of the issues to consider. If you have others, let’s start a conversation.

1. You need to start at the beginning with understanding the characteristics of your cloud provider. Is the company well funded? Is its data center designed with security at the center? Your level of scrutiny will also depend on how you are using the cloud. If you are using Infrastructure as a Service for a short term project there is less risk than if you are planning to use a cloud to store important customer data.

2. How is your cloud provider implementing security in a multi-tenant environment? How do they ensure that one customer’s data doesn’t impact another customer’s data?

3. Does your cloud provider give you the ability to monitor security of your data in the cloud? This will be important both for compliance and to keep track of your own security policies.

4. Does your cloud provider encrypt your critical data? If not, why not?

5. Does your cloud provider give you the ability to control who is allowed to access your information based on roles and authorization? Does the cloud provider support federated identity management? This is basic security best practices.

Now you are probably saying to yourself that this isn’t rocket science. These are fundamental security approaches that any data center should follow. I recommend that you take a look at a great document published by the Cloud Security Alliance that details many of the key issues surrounding security in the cloud. So, I guess my principle message is that cloud security is not different than security in any data center.  But the market does not seem to understand this because the perception is that a cloud is somehow not a data center that can be secured with regular old security. I think that we will see something interesting happen because of this perception: cloud vendors will begin to charge a premium for really good security.  In fact, this is already happening.  Vendors like Amazon and Salesforce are offering segregated implementations of their environments to customers who don’t trust their ordinary security approaches.  This will work in the short term primarily because during this early phase of the cloud there is not enough focus on security. Long term, as the market matures, cloud vendors will have to demonstrate their ability to provide a secure environment based on basic security best practices. In the meantime, cloud vendors will rake in the cash for premium secure cloud services.

Unintended consequences of the cloud – part II

As I was pointing out yesterday, there are many unintended consequences from any emerging technology platform — the cloud will be no exception. So, here are my next three picks for unintended consequences from the evolution of cloud computing:

4. The cloud will disrupt traditional computing sales models. I think that Larry Ellison is right to rant about Cloud Computing. He is clearly aware that if cloud computing becomes the preferred way for customers to purchase software the traditional model of paying maintenance on applications will change dramatically.  Clearly,  vendors can simply roll in the maintenance stream into the per user per month pricing. However, as I pointed out in Part I, prices will inevitably go down as competition for customers expands. There there will come a time when the vast sums of money collected to maintain software versions will seem a bit old fashioned. In fact, that will be one of the most important unintended consequences and will have a very disruptive effect on the economic models of computing. It has the potential to change the power dynamics of the entire hardware and software industries.The winners will be the customers and smart vendors who figure out how to make money without direct maintenance revenue. Like every other unintended consequence there will be new models emerging that will emerge that will make some really cleaver vendors very successful. But don’t ask me what they are. It is just too early to know.

5. The market for managing cloud services will boom. While service management vendors do pretty well today managing data center based systems, the cloud environment will make these vendors king of the hill.  Think about it like this. You are a company that is moving to the cloud. You have seven different software as a service offerings from seven different vendors. You also have a small private cloud that you use to provision critical customer data. You also use a public cloud for some large scale testing. In addition, any new software development is done with a public cloud and then moved into the private cloud when it is completed. Existing workloads like ERP systems and legacy systems of record remain in the data center. All of these components put together are the enterprise computing environment. So, what is the service level of this composite environment? How do you ensure that you are compliant across these environment? Can you ensure security and performance standards? A new generation of products and maybe a new generation of vendors will rake in a lot of cash solving this one.

6. What will processes look like in the cloud. Like data, processes will have to be decoupled from the applications that they are an integral part of the applications of record. Now I don’t expect that we will rip processes out of every system of record. In fact, static systems such as ERP, HR, etc. will have tightly integrated processes. However, the dynamic processes that need to change as the business changes will have to be designed without these constraints. They will become trusted processes — sort of like business services that are codified but can be reconfigured when the business model changes.  This will probably happen anyway with the emergence of Service Oriented Architectures. However, with the flexibility of cloud environment, this trend will accelerate. The need to have independent process and process models may have the potential of creating a brand new market.

I am happy to add more unintended consequences to my top six. Send me your comments and we can start a part III reflecting your ideas.

What are the unanticipated consequences of Cloud Computing- Part I

Maybe I am just obsessed with cloud computing these days. I guess that after spending more than 18 months researching the topic for our forthcoming book, Cloud Computing for Dummies, I can be excused for my obsession.  Now that I am able to take a step back from the noise of the market, I have been thinking about what this will mean in the next ten years. Consequences of technology adoption are never what we expect. For example, in the late 1970s and early 1980s no one could imagine why anyone would want a personal computer. In fact, the only application people could imagine for a PC was a way to store recipes (I am not making this up). Keep in mind that this was before the first PC-based spreadsheet was designed by Dan Bricklin and Bob Franston(That’s them in the picture) . No one in those days could have predicted that everyone from a CEO to a three year old child would own a personal computer and its use would change the way we conduct business.  (I never did find a recipe storing application).

The same logic can be applied to the Internet. While the Internet has been used 40 years ago by researchers, it was not a commercially viable option until the mid-1990s. In the early days of the Internet it was a sophisticated communications technology with a command line interface. Once the browser came along, businesses tended to use it to share price lists, marketing materials, and job postings. There were certainly message boards but only for the real techies. There were environments such as The Well which was the first online community used primarily by academics and wild-eyed researchers.

In that context, I was thinking about what we might expect to happen with cloud computing? There is a lot to say, so I decided to break this into two parts — each one will have three consequences. Here are today’s top three:

1. Cloud computing will begin to change the way we think of an application. To be truly useful to large groups of individuals and businesses requires economies of scale in terms of massively scaled workloads. The only way to accomplish this is either to cherry pick a few big workloads (like email) or to branch out. That branching out is inevitable and will mean that vendors with cloud offerings with componentize their software offerings into modular services that can be mixed and matched with other services.

2. The prices that vendors will charge for cloud computing services will drop dramatically over the next few years. As prices drop it will become a lot more economically viable to substitute on premise environment for the cloud environment. Today this is not the case; large companies supporting thousands of users in an application environment cannot justify the movement to a cloud platform. What if the costs drop to the point where the economics (with the right workloads) favor cloud based services? When this happens there will be a tipping point that we might not even notice for a few years. But I predict that it will happen. We are already seeing Amazon dropping prices for its EC2 environment based on the competitive threat from Microsoft Azure services announcement.

3. The cloud will change the way we manage data. The traditional way we think about data neatly stored in specific databases to handle a specific business problem will inevitably change.  This won’t be an overnight change but it will happen. Data will increasingly be seen as a reusable resource that can be used in lots of different situations. There will continue to be strategic line of business applications but they will be more systems of record that keep track of the final result of actions that take place dynamically in the cloud. The value of data is not in its tight packaging as we have been used to for decades but it the flexibility to move, transform, and leverage data. The watch word for data in this new model will be Trusted Data in the Cloud.

I would love to know what you think of my top three choices; send me your comments and I will add them to my list for tomorrow.

As we deal with the cloud hype it is too easy to be dismissive and cynical. But we always treat complicated new trends that way — until one day they become the normal way of business and life.

Can we free process and data?

I am still at IBM’s Information on Demand conference here in Las Vegas (not my favorite place..but what can you do). In listening to a lot of discussions around strategy and products I started thinking about one of the key problems that customers are facing around business process and managing increasingly complex data. What companies really want to do is to have the flexibility and freedom to leverage their critical data across applications and situations. They also want to be able to change processes based on changing business models.

This is the core issue that companies will be facing in the coming decade and will be the difference between success and failure for many  businesses.  Here’s an example of what I mean. Let’s take the example of a retailer in a competitive market. Let’s say our retailer had five or six applications: Accounting, Human Resources, supply chain management, a customer support system, and a customer facing e-commerce system. Each of these systems has an underlying database; each one manages this data based on the business process that is the foundation of the best practices that is the value of these packages. Even if each of the packages are the best in their markets there is a core problem since each solution is a silo. Processes that move between these systems tend to fall through the cracks.  This is why we, as customers of such retailers, are often frustrated when we call about a product that wasn’t delivered, doesn’t work, or requires a change only to discover that one department has no ability to know what is happening in another area. For most companies the dream of single view of the customer is aspirational but not practical right now. In reality, it is hard for companies to mess with their existing applications. These solutions are customized for their business environment; they were expensive and complicated to implement — and change is hard. In fact, companies only change when it is more painful to stay with the status quo than it is to change. In a retail scenario, companies change their approach to process and data management when they must change their business model because the current processes will lead to failure. Retailers are currently faced with emerging approaches to selling and managing customer relationships that are challenging traditional selling models.  Look what a company like Amazon.com or Netflex have done to their slower moving competitors.

A number of customers I have spoken with understand this very well. They are looking at ways to separate their core data assets from the underlying applications. Many of these customers are at the forefront of implementing a service oriented architecture (SOA) approach to managing their software assets. They are increasingly understanding that the secret to their future success is the knowledge they have about their customers, their needs and future requirements within their own set of offerings and those from partners. These companies are setting a priority of making this data independent, secure, and accurate. These business leaders are preparing for inevitable change.  At the same time, I have seen these customers creating SOA business services that are, in essence, codified business processes. For example, a business service could be a process that checks the credit of a potential partner or links a new customer request for service to the set of applications that confirms the request, orders the part, and notifies a partner.

So, here is the problem. These customers are implementing this new model of abstracting data and process based on specific projects or business initiatives.  These projects have gotten the attention of the C-team because of the impact on revenue. But, in reality, the real breakthrough will happen when the separation of data and process are the rule, not the exception.

This is going to be the overriding challenge for the next decade because it is so hard. There is inertia to move away from the predictable packaged applications that companies have implemented for more than 30 years. But I suggest that it will be inevitable that companies will begin to understand that if they are going to remain agile and change processes when they anticipate a competitive threat. These same companies will understand that their data is too important to leave it locked inside an application linked tightly to a process.

I don’t have the answers about what the tipping point will be when this starts to become a wide spread strategy. I think that the cloud will became a forcing action that will accelerate this trend. I would love to start a dialog. Send me your thoughts and I promise to post them.

Can IBM turn information management upside down?

I am here at IBM’s IOD (Information on Demand) conference. The keynote is interesting because of the focus on outcomes. IBM has invested more than $12 billion over the past five years in the information management market. More than $8 billion has come through acquisitions (Cognos, SPSS, etc.) and the rest from organic growth.

The biggest changes that I have seen over the past 20 years or so of watching IBM in the information technology market is the change in focus from the database engine and tools to a focus on a process centric approach to information management. In essence, this means that IBM is building a foundation based on outcomes through the lifecycle of information. Last year IBM called this movement to using information holistically to help companies anticipate the future the Information Agenda. Now, there is an interesting and subtle shift to what IBM is calling information-led transformation.  What’s the difference? I think that IBM is actually attempting to turn the information management market upside down.  There is no doubt that data and information management is a technical discipline. What IBM is saying is that the focus is on business transformation that is supported by information management technology. It is a subtle difference but really important. It is very easy to get caught up in the details about schemas, data cleansing, etc. But if information doesn’t support key business processes and business strategy needs, it is just a pile of technology.

With the growth of social networks, an ever expanding world of information sources – structured, unstructured, images, video, data feeds, and more, it is more important than ever that these sources of data be managed in context with the business goals.  The movement to cloud computing will add a lot more information to the mix.  It is going to be a complex journey. One only has to look at complexities of managing information in the healthcare industry to start to understand what the implications for managing costs and lives. Today we cannot easily look across information across individual doctors, hospitals, pharmaceutical companies, pharmacies, patients, medical equipment, digital images, and more. We don’t have consistent definitions of data; nor can we keep track of how effective a treatment might impact individuals with a symptom. Nor do we have the ability today to use information to determine what solutions could be used to reduce medical errors by 5% a year. If healthcare information management were focused on predicting outcomes rather than creating the next report, image what we could accomplish.

Is application portability possible in the cloud?

As companies try to get a handle on the costs involved in running data centers. In fact, this is one of the primary reasons that companies are looking to cloud computing to make the headaches go away.  Like everything else is the complex world of computing, clouds solve some problems but they also cause the same type of lock-in problems that our industry has experienced for a few decades.

I wanted to add a little perspective before I launch into my thoughts about portability in the cloud.  So, I was thinking about the traditional data centers and how their performance has long been hampered because of their lack of homogeneity.  The typical data center is   filled with a warehouse of different hardware platforms, operating systems, applications, networks – to name but a few.  You might want to think of them as archeological digs – tracing the history of the computer industry.   To protect their turf, each vendor came up with their own platforms, proprietary operating systems and specialized applications that would only work on a single platform.

In addition to the complexities involved in managing this type of environment, the applications that run in these data centers are also trapped.   In fact, one of the main reasons that large IT organizations ended up with so many different hardware platforms running a myriad of different operating systems was because applications were tightly intertwined with the operating system and the underlying hardware.

As we begin to move towards the industrialization of software, there has been an effort to separate the components of computing so that application code is separate from the underlying operating system and the hardware. This has been the allure of both service oriented architectures and virtualization.  Service orientation has enabled companies to create clean web services interfaces and to create business services that can be reused for a lot of different situations.  SOA has taught us the business benefits that can be gained from encapsulating existing code so that it is isolated from other application code, operating systems and hardware.

Sever Virtualization takes the existing “clean” interface that is between the hardware and the software and separates the two. One benefit of fueling rapid adoption and market growth is that there is no need for rewriting of software between the x86 instructions and the software. As Server virtualization moves into the data center, companies can dramatically consolidate the massive number of machines that are dramatically underutilized to a new machines that are used in a much more efficient manner. The resultant cost savings from server virtualization include reduction in physical boxes, heating, maintenance, overhead, cooling, power etc.

Server virtualization has enabled users to create virtual images to recapture some efficiency in the data center.  And although it fixes the problem of operating systems bonded to hardware platforms, it does nothing to address the intertwining of applications and operating systems.

Why bring this issue up now? Don’t we have hypervisors that take care of all of our problems of separating operating systems from applications? Don’t companies simply spin up another virtual image and that is the end of the story.  I think the answer is no – especially with the projected growth of the cloud environment.

I got thinking about this issue after having a fascinating conversation with Greg O’Connor, CEO of AppZero.  AppZero’s value proposition is quite interesting.  In essence, AppZero provides an environment that separates the application from the underlying operating system, effectively moving up to the next level of the stack.

The company’s focus is particularly on the Windows operating system and for good reason. Unlike Linux or Zos, the Windows operating system does not allow applications to operate in a partition.  Partitions act to effectively isolate applications from one another so that if a bad thing happens to one application it cannot effect another application.   Because it is not possible to separate or isolate applications in the Windows based server environment when something goes bad with one application, it can hurt the rest of the system and other application in Windows.

In addition, when an application is loaded into Windows, DLLs (Dynamic Link Libraries) are often loaded into the operating system. DLLs are shared across applications and installing a new application can overwrite the current DLL of another application. As you can imagine, this conflict can have really bad side effects. .

Even when applications are installed on different servers – physical or virtual — installing software in Windows is a complicated issue. Applications create registry entries, modify registry entries of shared DLLS copy new DLLs over share libraries. This arrangement works fine unless you want to move that application to another environment. Movement requires a lot of work for the organization making the transition to another platform. It is especially complicated for independent software vendors (ISVs) that need to be able to move their application to whichever platform their customers prefer.

The problem gets even more complex when you start looking at issues related to Platform as a Service (PaaS).  With PaaS platform a customer is using a cloud service that includes everything from the operating system to application development tools and a testing environment.  Many PaaS vendors have created their own language to be used to link components together.  While there are benefits to having a well-architected development and deployment cloud platform, there is a huge danger of lock in.  Now, most of the PaaS vendors that I have been talking to promise that they will make it easy for customers to move from one Cloud environment to another.  Of course, although I always believe everything a vendor tells me  (that is meant as a joke….to lighten the mood) but I think that customers have to be wary about these claims of interoperability.

That was why I was intrigued with AppZero’s approach. Since the company decouples the operating system from the application code, it provides portability of pre-installed application from one environment to the next.  The company positions its approach as a virtual application appliance . In essence, this software is designed as a layer that sits between the operating system and the application. This layer intercepts file I/O, shared memory I/O as well as a specific DLL and keeps them in separate “containers” that are isolated from the application code.

Therefore, the actual application does not change any of the files or registry entries on a Windows server. In this way, a company could run a single instance of the windows server operating system. In essence, it isolates the applications, the specific dependencies and configurations from the operating system so it requires fewer operating systems to manage a Microsoft windows server based data center.

AppZero enables the user to load an application from  the network rather than to the local disk.  It therefore should simplify the job for data center operations management by enabling a single application image to be provisioned to multiple environments- enabling them to keep track of changes within a Windows environment because the application isn’t tied to a particular OS.   AppZero has found a niche selling its offerings to ISVs that want to move their offerings across different platforms without having to have people install the application. By having the application pre-installed in a virtual application appliance, the ISV can remove many of the errors that occur when a customer install the application into there environment.  The application that is delivered in a virtual application appliance container greatly reduces the variability of components that might be effect the application with traditional installation process. In addition, the company has been able to establish partnerships with both Amazon and GoGrid.

So, what does this have to do with portability and the cloud? It seems to me that this approach of separating layers of software so that interdependencies do not interfere with portability is one of the key ingredients in software portability in the cloud. Clearly, it isn’t the only issue to be solved. There are issues such as standard interfaces, standards for security, and the like. But I expect that many of these problems will be solved by a combination of lessons learned from existing standards from the Internet, web services, Service Orientation, systems and network management. We’ll be ok, as long as we don’t try to reinvent everything that has already been invented.

Public versus private clouds: why one size does not fit all

There has been a lot of discussions these days about private and public cloud. More discussion has been generated because  both Amazon.com and Salesforce.com have added a Virtual Private Network (VPN) option to their public cloud services.  What does this mean in the context of how customers will move to cloud computing? It is clear from the research that I have been doing that the private cloud and the hybrid cloud are real and will be part of the computing landscape for a long time.  The emergence of the virtual private cloud is an early indication that customers some customers want a better guarantee of their data. The combination of a public cloud with the privacy offered by a VPN is only going to grow over the coming year.

So, is a Virtual Private Cloud still a public cloud? I particularly found the blog published by Amazon’s CTO,Werner Vogel’s  announcing the virtual private cloud fascinating. On one hand, the private virtual cloud announcement is a proclamation that customers want to be able to have secure access to services on the Amazon EC2 Cloud. On the other hand, he is quite clear that this there is no such thing as a private cloud.  Clearly, it is in Amazon’s best interest for customers to focus on public clouds. Vogel states in his blog that “What is called private clouds have little of these benefits (he means characteristics of the cloud) and as such I don’t think of them as true clouds” The four characteristics of the cloud he points to include:

• eliminating costs – lowering both capital expenses and operating costs
• elasticity – avoiding complex procurement cycles and improving time to market
• and removing undifferentiated heavy lifting by off loading data center operations

While I agree that there are many situations where this is an ideal approach for many businesses, I don’t think the situation is black and white. There are indeed shades of gray. In my view, a private cloud has to be architected to be different than a traditional data center. But like a traditional data center, it is protected by a firewall and sophisticated security.  A private cloud will almost always be combined with some public cloud services (either capacity, software as a service, or platform as a service). So, I’ll take each of the three characteristics mentioned in Vogel’s blog and explain my view based on the fact that customers will make both economic and technical choices.

• eliminating costs – In reality there are data centers that work pretty well and are core to the business. The company has made an investment and therefore would not necessarily be able to lower costs. However, I expect that even if a company decided to go with a private cloud, there will be good reasons to use capacity on demand to fill gaps and expand for projects. In addition, a very large company will have the financial means to establish its own cloud that will be much more cost effective. A cost/benefit analysis of using a public cloud versus a private cloud is not straight forward. It requires a deep assessment of lots of different factors.
• elasticity – It is quite clear that many data centers do not have an efficient way to procure resources to users. However, if a data center is rearchitected to enable self-service provisioning, it can be transformed to better support users. Again, I expect that customers will take advantage of additional capacity or platform services even if they have private cloud services. This is especially true for companies where their computing infrastructure is the foundation of their business.
• removing undifferentiated services – This will really depend on whether the data center helps a company differentiate itself. There are definitely services that offer no value to the bottom line that should be placed in a public cloud (with a VPN for security, in some cases) such as electronic mail. However,  where these services are at the core of the business and probably need to be in a private cloud. Many companies will select which services are not differentiated and which ones are and create a hybrid environment. Companies will have to do their homework both in terms of focus and costs. It might initially cost more to move a service such as email to a public cloud but will have huge resources in the long run. In other situations, paying per hour, etc. may be a lot more costly than you might imagine.

My bottom line is this. The cloud will continue to evolve over the coming decade and there is no one approach that will become the standard. The cloud is primarily an economic proposition that will require careful evaluation. Companies need to understand what their business is, what the value and role of the data center is and what is the best set of services available. The good news is that with the evolution of the cloud companies will have lots of good options.