Beware the allure of Fool's Cloud

Beware the allure of Fool's Cloud

Summary: Private cloud, like fool's gold, isn't the real thing. It omits some of the most crucial elements of cloud computing and will disappoint and deceive most enteprises that fall for its allure.


Even more insidious than the perils of Amateur Cloud (which I covered in my last post) is the allure of a phenomenon I'm calling Fool's Cloud. The more familiar name by which this is known to many enterprises and IT vendors is 'private cloud.' It's what happens when people look at the phenomenon of cloud computing, latch on to a few of its features, and implement something within their IT infrastructure that appears identical in their eyes, even though it omits some of the most crucial elements of cloud computing.

I'm not saying that privately-hosted cloud computing look-alikes aren't useful. All I'm saying is, don't fool yourself that they'll deliver all the benefits of cloud computing.

What's really insidious is the way that Fool's Cloud deteriorates so rapidly in comparison to true cloud computing. It starts off all shiny and new, sparkling with state-of-the-art capabilities and value. But because it's cut off from the cloud that it attempts to emulate, it quickly falls behind, tarnishing the competitiveness of your IT infrastructure and becoming as resistant to decommissioning as a lump of radioactive waste.

These captive, private clouds fall into obsolescence because they're not exposed to the continuous, collective scrutiny and collaborative innovation of the public cloud.

A public cloud platform is under constant competitive pressure to renew and refresh itself, whether by adding new capabilities or reacting to new threats. With a broad cross-section of organizations sharing use of the infrastructure, the platform has to continuously evolve to meet the varying demands of all those customers — demands that keep it both at the leading edge of innovation and at the highest level of threat preparedness.

Whereas at a privately-hosted platform serving just a single enterprise customer, all but the most pressing of those renewals and refreshes just get added to the wishlist — things to be done when time or budgets permit. Of course, in theory, it doesn't have to be like that, but who's going to argue for implementing features if there's no demonstrable business case for deploying them right now? Public clouds spread the shared cost of innovation across all their customers, but a privately hosted platform bears all that cost on the shoulders of a single enterprise.

Although I said earlier that privately-hosted implementations have their uses, they should only ever be considered as a transitional platform and enterprises should make sure they fully understand what they're missing out on when they opt for private hosting as opposed to public cloud alternatives. John Treadway at CloudBzz yesterday published a very helpful blog post about private cloud and the benefits it can deliver if implemented effectively. Done well, it really does produce a huge step forward in enterprise IT modernization, automating many of the provisioning and management processes and eliminating a lot of duplication and wasted resource in the IT infrastructure. But he also points out a salient proviso: "this is bloody difficult to pull off."

I wonder how many organizations really can justify the investment required to achieve a fully automated internal cloud infrastructure as a throwaway resource? — one that's sure to rapidly lose effectiveness in comparison to public cloud alternatives, simply because it's not exposed to the same competitive pressures and economic leverage for innovation.

Unfortunately, many enterprises will ignore these factors and allow themselves to be seduced by the allure of Fool's Cloud. It can only lead to disillusion and disappointment — which they'll blame on cloud computing instead of their own failure to fully grasp it.

[Disclosure: I'd like to acknowledge funding by vendors of recent work that helped to develop the above concepts, in particular a white paper for OpSource, Enterprise Meet Cloud. Companies contract my services not to influence my opinion but because they know I'm already on their wavelength. Regular readers of this blog will be aware of my incipient bias in favor of cloud services.]

Topics: Hardware, CXO, Cloud, Emerging Tech, Virtualization

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • no security

    No one in their right mind would send their
    critical apps off to the cloud.

    Another pie in the sky to dream up getting rid
    of expenses only to make more expenses.
  • Still no Security or...

    Public clouds are not secure. They are just like the regular Internet. Only put on the public cloud what you won't mind sharing with the entire rest of the world. That limits the usefulness of public clouds.

    You need the following:
    1. Secure encrypted connections.
    2. Secure encrypted storage
    3. Clear data ownership rights
    4. Clear back up strategies from your cloud provider
    5. Clear technical support services for downtime and other technical problems.
    5. Clear exit strategy for when the cloud provider goes out of business. This strategy should make sense for the business consumer.
    6. Clear cloud standards that would allow for real competition and would go a long way to solving point 5 above.

    People are moving to "private clouds" because like myself they do see a value in cloud computing but so far the market place has not made it a friendly place to do business or for end user consumers.

    A CIO or CEO would have to be insane to trust a public cloud. Public clouds are NOT like out sourcing electricity. Data controlled by someone else can be used for more than electricity controlled by someone else. Plus electric companies are more controlled because they are basic infrastructure companies. If cloud providers where tightly regulated by government, they might be a good option. I don't favor a socialistic solution but so far the free market has not addressed the points above.
  • I think you got it right...

    Public clouds are successful due to the massive investment made in making them "easy" to use by cloud providers such as Amazon and RightScale. It is hard to imagine that a typical small to medium sized corporation or organization would have the resources to build and operate their own private cloud that would be feature compatible with what they could get using a public cloud. As for security, it is the responsibility of the cloud user organization to provide sufficient controls over the cloud services that they are using. The cloud vendors can only go so far with regard to security. It doesn't make sense to lay all security concerns at the feet of the cloud providers.
    • Same here...

      I agree.

      Also, I don't get the "recurring Security
      argument" for Private Clouds... Public cloud
      computing security/privacy/availability
      concerns are not addressed by private clouds
      per se but by keeping the important stuff
      inside. Like... in a simple, robust Data Center as many exist all around the planet.

      As this post states "don't fool yourself that they'll deliver all the benefits of cloud computing" (with the added comfort of mind of keeping your data inside)...

      Great article, I also liked the reference to CloudBzz...
      Fabrice Cathala
    • Yeah but...

      The push in cloud computing is a push for all of your data to be handled by the public clouds. When you cut through the marketing haze and talk with real people they end up saying things like "Keep your private data on secure in house networks" or "come up with a hybrid solution" or my favorite "Create your own private cloud."

      In order to rationally outsource all of your data needs to a public cloud, you need security. You need assurances that you will have encrypted connections and encrypted storage where the consumer controls the keys not the cloud provider.

      I have been reading EULAs and TOS and there aren't a lot of consumer rights in them. They protect the public cloud's business but if you are the CEO or CIO that hands over the data of your company to a third party and you don't retain rights and security on that data, you are being very irresponsible managers. A companies data is a huge asset and in some cases the only real asset.

      Dealing with public cloud companies so far has been like making a business deal with someone who can change the terms of the contract agreement with out consulting you or notifying you. In real life how does that really work? What business agreement reads like that? I mean if you are on the right end of it, yeah it sounds like a sweet heart deal but only an idiot would sign a business contract that gave all of the business power over to a third party.
  • Currently everything is pretty much the 'fools cloud'

    Obviously there is no one "right" (or in Phil W's words, "true") cloud as can be seen by the various messages posted in response to this blog, as well as numerous other blog/e-mail chains.

    It does seem rather ludicrous that people are trying to make a distinction that there exists (or possibly can exist) a "true cloud" ... it is all about use cases. Right now, the public cloud definitely has some use cases, but it seems limited to maybe 25% of the current marketplace (due to security, privacy, SLA management, performance management, lack of integration with business processes, etc etc etc).

    And currently, it appears that "private cloud" is good for 80-90% of all use cases ... but of course that will morph over time. I envision that there will become some point of stabilization where most medium to larger enterprises will be on a "hybrid cloud" ... basically outsourcing as much as they can that is not a core value or competitive weapon or sensitive data.

    The level of hybridization will be different for various industries as well as for companies that view controlling their own IT as a weapon rather than a cost. For instance, financial services will probably lean more towards private cloud infrastructure, whereas I'm seeing pharm/chem currently leaning towards seeing IT as a pure cost and therefore hoping to make as heavy use of public cloud as possible.

    -Phil Morris
  • RE: No security

    Yet another very insightful blog. IT is being deeply changed by cloud / -aaS whatever the force trying to avoid that.

    And security is always the ultimate argument :-) Are critical data more insecure on Amazon top world class datacenter than on the average in house Exchange server or on a Blackberry (most of an entreprise really critical info ends up in emails)? That's funny. Any smart techie can access his CEO's email, but the best data center in the world or a 256-bits encoded Internet transfer are not secured? mmm...

    Besides, before making definitive assertions on the ability of public cloud actors to comply with entreprise class security, it's worth having a look at Amazon Virtual Private Cloud offer.

    Analogy is never more than analogy, but it probably sounded fool to many to put money into a bank 200 years ago; it may even still seem stupid nowadays to entrust bankers, who massively failed so miserably. But anyhow, almost everyone does that.

    On the other hand only true cloud offers (or more generally -as a service offers) bring a disruption in the IT market: they redefine the roles of hardware makers, software vendors, consultants and integrators, IT governance and CIO. But the non disruptive "private cloud" smoke is doomed; it's cool it exists though: it keeps incumbent actors busy, leaving room for new entrants.