In this article I’d like to explain why companies are being sold short by “cloudwashing” of traditional hosting and give my tips for telling rebadged traditional hosting from real cloud services.
Many IT services providers are now marketing “private cloud” offerings, no doubt hoping to attract customers who want all the benefits of cloud computing, such as scalability, capacity on demand and economies of scale, but who mistakenly assume a “public cloud” software application or platform is less secure than a “private cloud”.
Yet if you take a hard look at what these vendors are providing, you may well find these “private clouds” are nothing more than rebadged traditional hosting. That’s not to say true “private clouds” can’t be created – but the goal of “private cloud” initiatives is usually the provision of a new secure, dynamic, scaleable and reusable platform architecture for business applications.
The trumpeting of the rebadging of data centre consolidation or outsourcing exercises as the creation of a “private cloud” is missing the point and typically will not result in cost-savings, more flexibility or even more security, especially when compared with true cloud-based platform infrastructures from specialists such as Amazon Web Services or by moving to Software as a Service.
So how can you tell if a provider is actually offering a cloud-based solution that will give you all the benefits of cloud computing – or just “cloudwashing” traditional hosting? There are three key questions to ask:
- Can the provider offer immediate provisioning and completely flexible capacity, whether you want to add one user or 10,000? If the vendor has to ask how big or small you are, or ask when you want it delivered, or tell you it will take a certain amount of time to deliver it… it’s not a cloud solution.
- Is the cost significantly lower than running it in house? Traditional hosting may be a little cheaper than running your own IT, but cloud computing offers much greater economies of scale because it doesn’t just do the same things you were doing in-house more efficiently but delivers IT services in a very different way. If the vendor isn’t able to pass on those savings, it’s not a cloud solution.
- Does the service provide a security infrastructure designed for the cloud? Does authentication allow secure access from the public internet to a single application or set of data? If security isn’t built in to application or data objects, so that multiple users working on the same infrastructure can only ever see their own applications and data, it’s not a cloud solution.
For Software-as-a-Service, there are a couple of additional tests:
- Can the application be accessed through any device on the internet, whether that’s a PC, tablet or smartphone, and not require a particular operating system or device? If you need to use a designated operating system such as Windows or need to install any software on your device or in your infrastructure, it’s not a cloud solution.
- Does the application support accelerated feature delivery? SaaS applications are typically updated with new features and functionality more regularly than on-premise software (often monthly) allowing agile development methodologies to keep the application up to date at all times.
True SaaS “built for the internet” solutions like Google Apps for Business, Salesforce.com, Netsuite pass all four tests. Vendors moving software from the on-premise world to the cloud like Microsoft Office365 may struggle in some areas, such as scaleability, complete cross-browser or cross device support or residual dependencies on on-premise software; they are also tied more rigidly to the typical 2-3 year major release cycle of their on-premise parent products.
The limitations of going the “private cloud” route with traditional applications have been clearly demonstrated in the UK Government’s evolving G-Cloud strategy. It’s not surprising the public sector wanted to take advantage of the cost savings of cloud computing, but it soon realised that creating its own private cloud infrastructure, as demonstrated in a pilot with HP, was prohibitively expensive.
The “G-Cloud” project then morphed into a combination of data centre consolidation and virtualisation – until it became apparent that this would offer limited financial benefit. During 2011, we saw the government recognise that both short and long-term benefits would come only from making use of widely available and mass-market software-as-a-service solutions delivered through public clouds. G-Cloud was then relaunched as a catalogue of apps from which the public sector could buy SaaS solutions.
What of the security concerns associated with public clouds? Because security is built in to true SaaS solutions from the ground up, the public cloud multi-tenant model is actually likely to be much more secure than a “private cloud” that’s rebadged hosting. Once someone has gained access inside a traditional hosted environment, they can more easily wander around at will. So “private cloud” solutions that are really rebadged traditional hosting will not only fail to deliver the cost and scalability benefits of cloud computing but will also not provide the high level of security companies are seeking by going “private”.
That the UK government is willing to entrust its operations to public clouds confirms that “public cloud” is secure. Major players in other highly-regulated industries who handle extremely sensitive data are also confirming “public clouds” meet their security needs. For example, Spanish banking giant BBVA recently struck a deal to roll out Google Apps for Business to 110,000 users. So there really is no reason to settle for a “private cloud” that’s just old-fashioned hosting masquerading under a new name.