The public cloud seems like a no brainer — develop in a temporary sandbox; scale up as fast as you like when you go live; leave the non-core aspects to someone else, and pay only for what you use.
Public cloud services still have a lot to recommend them. For instance, apublic cloud providers offer, nor the recent price reductions.
Some of those public cloud advantages derive directly from the business model, especially the more efficient use of infrastructure, and capital, from sharing servers with countless other customers.
"Multi-tenancy provides the scale and scope for greater asset efficiency by realising peaks across varied workloads around the clock, commercial flexibility, and technology innovation," says Saju Sankarankutty, associate vice president and head of cloud at business technology consultancy Infosys.
Dave Roberts, an executive advisor with BMC software, has seen clients from the big to the small end of town benefit.
"If you're a small company and had to build out your own datacenter space it would cost a lot to get going, whereas you can get cloud resources for cents per hour," Roberts says. "If you're a large company, public clouds are great when you want a lot of infrastructure quickly and don't want to spend the capital yourself. I can go to Amazon or Google and have thousands of servers up and running in a few hours."
Keeping it private
But the public cloud has downsides. A recent study from technology consultancy Compuware APM revealed that 79 percent of IT pros think cloud provider service level agreements (SLAs) are too simplistic and fail to address the risks of moving and managing applications in the cloud. 73 percent of businesses also believe their cloud providers might be hiding infrastructure or platform-level problems that impact on performance.
Tim Campbell has spent 27 years in IT and 10 years as a consultant, and his experience is telling: "In the last two years, five clients have transitioned from public to private services. None transitioned from private to public."
While the prices of public cloud might be attractive, Rob McCammon, director of product management at data storage provider Cleversafe, says the big providers aren't necessarily passing their monetary gains on to you.
"It's generally accepted server price and performance improves by 50 percent every two years, and we're not seeing public cloud prices reduced by 50 percent every two years on a compound basis," he says.
Amazon Australia and New Zealand principal architect Simon Elisha disagrees, saying there are several aspects to total cost of ownership many organisations fail to take into account. One example of many is what he calls a "very real and high cost of technology generation change".
"When you're talking about multiple petabytes, the cost includes migrating data between old and new generation hardware without downtime, the space needed to host both during the migration and secure disposal of the old storage — things like degaussing, physical destruction, and ecologically responsible disposal."
You also can't beat the "pay for what you use" scalability of the public cloud, according to Elisha.
"If you install one petabyte of data [on-premise] and only use 500TB, you still pay for the full one petabyte," he said.
On the other hand, McCammon believes there's a common point at which a private cloud will be a better financial option.
"A petabyte of data is a very good rule of thumb," he says. "If you look at the total cost of ownership of private and public between one and 10 petabytes over three to 10 years, our private cloud environment can typically show 40 to 50 percent savings."
The trend becomes even more marked the more data you manage or the longer the period of use, but once you cross a petabyte, McCammon says the savings are already 'significant'.
Even one of the public cloud's biggest drawcards — minimal initial set-up cost — might backfire on you, warns Ajay Patel, founder of enterprise collaboration company HighQ.
"Unless you can accurately predict your growth and usage, these cost advantages are quickly eroded and in many cases, reversed," he says.
Steve Pelletier, solution architect at converged infrastructure provider Logicalis US, says that if you're talking about specialisation, at a certain point, the equation that currently recommends outsourcing your datacentre, will flip — much like a manufacturer subcontracting out creation of specialty parts.
"Your subcontractors are set up to make specialty parts for a number of customers and they can deliver those parts quickly," Pelletier says. "Then when you grow and need hundreds of thousands of them, it makes more sense to buy the equipment and manufacture the parts yourself."
"It's all economies of scale," agrees independent IT strategy consulting firm founder Kris Kelso. "Cloud providers are making a profit and at a certain scale, a business can build their own cloud and retain that profit. It's similar to real estate, vehicles, or any other large operational cost — at some point it makes sense to buy rather than rent."
Kelso says while there are a lot of variables when you're trying to identify that point, often it comes down to your culture.
"If a company has a 'DIY' mentality or a leadership team that likes to own, touch, and feel every aspect of their business, they're less likely to be satisfied with an outsourced provider," he says.
"If you prefer strategic partnerships and offloading risk and responsibility, you're less likely to have a successful internal implementation. I know of small hosting providers that are running profitably with fewer than 100 physical servers, so it stands to reason that a company with a need of that size could manage it internally and retain profit margin."
On the security side of public cloud computing, you run the risk of falling foul of the 'noisy neighbour' effect of a multi-tenancy environment.
"The private cloud's basic premise in single tenancy inherently restricts the failure scenarios that need to be built into the system," explains Saju Sankarankutty of Infosys.
But Tim Caulfield reminds us that needn't be the case. The CEO of data centre service consultancy The Antara Group says overall resiliency is ultimately your responsibility as the data's owner.
"A great example is Netflix," Caulfield says. "When Amazon Web Services had outages a couple of years ago, Netflix wasn't affected because its solution was across multiple availability zones. The cloud is not a replacement for making bad design excuses."
CEO Robert Jenkins of Cloud provider CloudSigma says a private line into a public cloud is more secure again.
"Customers have the ability to define their environment and the security aspects within it to meet their security requirement level."
But the above comments about security on either public or private clouds comes with one caveat — it only applies if you're already doing the best job with data security you possibly can.
As Dr. Boris Goldberg, co-founder and CTO of cloud monitoring and tooling company Cloudyn, says: "The majority of organisations aren't even close to the security level of leading [public] cloud vendors."
Finally, a little-discussed aspect of cloud security is the behaviour of the provider itself. While you might feel confident attackers or competitors have almost no chance of getting your information, do you ever wonder what the provider itself is doing with it?
Tim Campbell has spent 27 years in IT and 10 years as a consultant, and has spent the last two years helping users transition from public to private cloud services. Those he worked with were all receiving unsolicited marketing campaigns, all of which stopped when each client ended their relationship with the provider.
"I can't say with any certainty Google sells names and addresses," he says, "but in the case of my five clients, the marketing pitches were directly addressed to either the CEO or CIO of the organisations by name from three different companies, even though the information wasn't public."
If you're already using a public cloud service, moving to a private environment might be much easier than launching into the cloud from scratch. Private cloud technology can be similar to that offered by public providers, according to Cleversafe's Rob McCammon.
"Well-known options like Amazon S3 educate people about object based storage and how it works," he says. "Then, when we present them with an object based storage system in a private cloud, it's a very natural thing to keep all the benefits and the same architectural approach used by the public providers."
With the world still in grip of outsourcing fever and focusing on core competencies, it's not often you hear about a company building such a technical discipline under its own roof, but Australian bank ING Direct has done just that. With 150 staff in IT, COO Simon Andrews says not having to manage third parties was an attractive proposition.
"We have all the capabilities that would be offered by an infrastructure service provider," Andrews says. "We get financial efficiency from mass standardisation and security is a huge cost and an operational difficulty to remain up to date. Having moved our whole application suit to a private cloud we're inherently more secure."
Aftercalled Bank In A Box in 2012, ING Direct worked with architecture, design, and software partners to build a private cloud. Andrews says where there used to be around 800 legacy systems, now the whole bank runs on 40 servers.
"You can understand the massive benefits to spinning up copies of the bank within half an hour for testing or development without the complexity or overhead of physical environments," he adds.
The best of both worlds
As with most choices, the best approach can often be to cherry pick and combine the best options. How much you need to select from each will depend on your workload.
It's been termed 'buy the base, rent the peak'. If you have a relatively consistent workload and the means to deploy it, a private cloud will suffice. If your workload fluctuates wildly, public will be better than investing in data processing that sits idle during low periods.
Most businesses have a predictable workload for certain functions like administration or accounts, but need extra power for spikes because of shifting processes like sales, and Saju Sankarankutty at Infosys says the term 'cloud' is merely a spectrum regardless of whether it's under your roof or not.
"Cloud adoption is a journey that starts from a siloed, consolidated infrastructure to a more virtual and automated infrastructure and then to highly agile, flexible public infrastructure," he says. "Moving from one to the other is driven by the level of maturity your organisation attains."
Lilac Schoenbeck, product management and marketing VP at cloud provider Iland says the biggest mistake companies make is thinking they have to choose one or the other.
"Many organisations are most successful using a combination of three environments," she says, "on-premise private clouds for predictable and legacy applications, virtual private clouds for more varied use cases like test and development, and public cloud for burst capacity."
To Goldberg of Cloudyn, the hybrid model of different cloud environments for different processes is already here.
"Some data will probably stay inside private cloud forever due to local regulations," he says, "and already-purchased hardware has to be used anyway."
In the end, the best advice isn't to look at the means, but the ends. Look at your processes carefully and allow for what they need to do.
Whether you need a public cloud, a private cloud, or a USB stick in a top drawer, the behaviour of your data will show you the answer.