This tip is the second in a two-part series on private and public cloud computing. Read part one about understanding...
the differences between public and private cloud computing.
Public cloud computing services offers organizations the opportunity to realize many of the advantages offered by private clouds, but without many of the costs. There are, however, drawbacks to public cloud options that could outweigh the potential cost savings for companies. This tip explains the benefits and potential disadvantages of public clouds.
Advantages to public clouds
The most prevalent benefit in a public cloud is cost savings. Organizations do not buy, install, operate or maintain servers or other equipment as they would with private clouds. Organizations may develop their own applications, but they are hosted by a public cloud provider.
Public clouds are also designed as true multi-tenant environments. This allows a huge number of users to share a provider’s computing resources, which also makes public cloud services highly cost-efficient for users. Experts agree that the cost of a public cloud is typically far lower than a traditional data center and private cloud because there is no capital expense. There is also greater flexibility for users because organizations pay only for the computing resources that they actually use.
According to a recent TechTarget survey, of the more than 1,000 respondents who use a public cloud, more than 31% said they were motivated by a reduction in infrastructure costs, another 26% sought more flexibility than traditional hosted services, almost 21% wanted a more scalable infrastructure without up-front costs, and 11% sought lower IT staff costs.
Security, reliability and regulatory compliance remain the principal concerns with public clouds. The concept of multi-tenancy supports strong economics by allowing high utilization. There is persistent concern about potential vulnerabilities or attacks that might be used to exploit the hypervisor and impact other users’ sessions. Although there have been no reports of successful attacks, it remains a serious point of contention for users considering public clouds.
“Security is a shared burden, but not shared equally,” said James Staten, vice president and principal analyst at Forrester Research..Staten also added that services like Azure provide security to the point of abstraction that they provide, but no higher. For example, Azure would presumably be responsible for server security by providing logs to ensure that no violations occurred. But organizations are responsible for security on their own applications. That includes design oversights like open ports or weak logins. “This uneven handshake is the mistake most people make when they use cloud resources in an unsecure fashion,” Staten said.
Reliability and availability are other concerns in public clouds. Even when providers implement clusters, redundant sites and other tactics to improve availability, outages can occur periodically. Because downtime can affect the ability to access cloud applications—and affect your organization’s ability to function—the move to a public cloud should include a careful evaluation of availability and the consequences of normal and extended downtime.
Preparing for disaster
For businesses to leverage public cloud technology, data must be secure and accessible to users. Today’s global challenges make this goal far from certain.
Companies can and do encounter natural and man-made disasters, fall victim to hacking and go out of business entirely. What happens if your cloud provider falters?
Experts say that any move to the public cloud should include a careful consideration of application and data portability. For example, it may be necessary to move away from one cloud provider and engage another. Otherwise, you might need to restore that application within your own data center—effectively taking the application out of the cloud.
In either case, part of cloud disaster preparation involves some form of transition plan. “The role of IT is changing,” said Laurie McCabe, partner with the SMB Group in Northboro, Mass. “IT people have to have a strategy or plan for determining what they are comfortable with outsourcing, creating a contingency plan ready should they need to make an adjustment.”
Some businesses develop a relationship with a second public cloud provider and have already worked out a process for mapping their applications to the second environment. Other organizations may adopt gateway tools such as CloudSwitch to minimize architectural changes and ease application porting between clouds. And still other organizations may retain and periodically test local servers that can startup virtual machines to run applications in-house.
The good news is that most businesses have time to think ahead and make plans for a transition away from or between clouds. As long as steps are taken before trouble actually strikes, planning for a serious transition is simply another aspect of disaster planning.
Hype vs. reality
Deciding between a public and private cloud can be a serious challenge, because each one is not appropriate for every application, user group or organization. The hype that surrounds cloud computing has caused confusion, prompting many organizations to steer clear of the technology entirely.
According to TechTarget’s survey, more than 40% of IT respondents said they have chosen to avoid cloud computing because of security concerns. Another 30% of respondents said that their business applications do not translate well to a cloud environment, while 27% said that they do not meter or chargeback for computing resource use. More than 26% of respondents expressed concern about data storage integrity and compliance, and the remaining respondents cite concerns over virtualization, in-house skills and cloud complexity—among others—as reasons for not using cloud technology.
But experts warn organizations that do make forays into cloud technology not to underestimate the challenges. Cloud computing provides enormous potential for efficiency and economy, but achieving those goals within a cloud is difficult. “If you don’t put the right kind of workload into a cloud environment, it will not yield cost savings,” Staten said. “In fact it may cost you more.”
Generally speaking, the best applications for a cloud deployment are web-based, customer-facing applications where many users need to connect from various locations using different levels of connectivity. Examples often include email, collaboration and support portals. These are often the low-hanging fruit of cloud computing.
The case for a cloud is not so easy for applications that are heavily tweaked or used only by a small group at one location. These may be better served with a more traditional client/server deployment in an organization’s data center.