Cloud delusions at the turn of the decade
Summary: How to avoid amateur cloud, fool's cloud, firewall jealousy, misdirected multi-tenancy and half-aaSed applications. My views on how to implement cloud and SaaS have hardened considerably over the course of 2009.
Continuing my series of posts about the big themes on this blog over the past year, I now turn to the topic of cloud computing. My views on how to implement cloud and SaaS have hardened considerably over the course of 2009. Halfway through the year, I took a conscious decision to promote multi-tenancy as the only acceptable architecture for cloud and SaaS infrastructures. You might expect that from someone who makes a living consulting for multi-tenant vendors. But I've deliberately chosen a hardline and controversial stance, intended as a counterpoint to the many siren voices that argue for a more hybrid approach.
I still see migration to the cloud as a journey, but I'm concerned that too many people, especially with the advent of platforms like Windows Azure, have decided they can achieve all the benefits by going just some of the distance. This is a risky self-delusion, and the more people fool themselves this way, the more the cloud model will be discredited, not because of inherent weaknesses, but through implicit association with the disasters and disappointments these half-hearted implementations will bring in their wake. There are several different cloud delusions to beware of.
Amateur cloud. The year's third most highly trafficked post on this blog was The cloud, no place for amateurs. It picked out two examples of established, reputable computing companies that had let down customers who were depending on them for computer operations — in one case the victim was a single large airline, in the other it was a large number of mobile phone subscribers. Many reputable providers (and their customers) believe that enterprise size and computing experience are in themselves guarantees of the reliability of any cloud services they operate, whether for enterprise or consumers. This is a gross self-delusion. My follow-up post gave advice on How to avoid the amateur cloud.
Firewall jealousy. A related delusion is to put more trust in your own organization's security measures than in those of a cloud provider's — even if the cloud provider employs many more security staff in round-the-clock shifts, has significantly more security expertise and operates much better processes based on the highest level of best practice. This 'not my firewalls' mentality — a variation on 'not invented here' — is especially egregious if your so-called 'on-premise' computing is actually off-site at some non-descript colocation center shared with an unknown number of other organizations.
Fool's cloud. This is my term for what others persist in referring to as 'private cloud', and which I've also called 'captive cloud' and 'stagnant cloud' (the latter because of the way state-of-the-art implementations quickly fall behind when shut off from the continuous, collective scrutiny and collaborative innovation of the public cloud). My advice is, Beware the allure of Fool's Cloud. In the final decade of the previous century, rich enterprises deluded themselves they could get all the benefits of the Internet by implementing their own private versions. Today, many are destined to repeat this extravagant delusion by attempting private versions of cloud computing. Take my word for it: you can't take computing out of the cloud and still call it cloud computing.
Isolated multi-tenancy. Some vendors have taken the view that it's possible to take multi-tenancy out of a cloud context without losing any of the benefits of cloud computing. At the beginning of the year, I did wonder if they had a point. In March, I welcomed platform-as-a-service provider LongJump's introduction of an on-premise option as satisfying a pent-up market demand for SaaS development platforms. I examined the claims made for Salesforce.com's breed of multi-tenancy when the company opened the kimono on its 'green crystals'. I was intrigued by Intalio's blueprint for taking multi-tenancy on-premise. I examined whether multi-tenancy could co-exist with on-premise computing assets. But in the end I came to the conclusion that the crucial point about multi-tenancy is that it enables a better fit for the cloud. Organizations are adopting cloud computing because their customers, suppliers, partners and employees are all doing business and interacting in the cloud already, and multi-tenancy makes no sense except as an enabling component for uncapped connectivity to every other business and resource out there in the public cloud.
Half-aaSed applications. One of the very first posts when I started writing this blog in 2005 introduced the notion of SoSaaS: Same old Software, as a Service. The phenomenon of taking any old software package, running it up on a server and putting it on pay-as-you-go pricing is alive and well in the cloud computing era, fueled by incomplete appreciation of what cloud computing is really all about. Today, it's easier than ever to spin up an app on a virtual instance at any of dozens of public cloud and platform-as-a-service providers, from Amazon Web Services, Rackspace or OpSource Cloud to Windows Azure, Heroku, Google App Engine or Joyent. But cloud computing and SaaS go far beyond merely a relocation exercise. Developers should not delude themselves. The as-a-service business model requires "a real-time service infrastructure and culture, able to interact with and respond to the needs, interests and dynamics of customers and their own connected networks." The cloud equivalent of SoSaaS is a half-aaSed application: one that's been deployed to a multi-tenant cloud infrastructure without being re-architected to allow its users to take advantage of the real-time, bandwidth-rich, shared-API environment of the public cloud.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
I like it...
RE: Cloud delusions at the turn of the decade
I agree that a cloud company may be able to hire security experts that blow most companies out of the water. However, the cloud company seem reluctant to guarantee a certain level of security for very good legal reasons. The cloud company does NOT want to assume the risk of an inevitable security breach. So a company is left in a social/legal backwater. Even though the cloud company may have better security, they won't assume responsibility for it. In the case of a serious data breach, someone's head has to roll. Someone needs to be blamed and then the healing process can begin. Cloud companies are not willing to do this. So some CIO out there has to understand that if the company moves into the cloud on the CIO's say so, the CIO's head is on the chopping block but the CIO doesn't have control over the security.
I don't know about anyone else but that is a lot to ask of anyone. "I want you to take complete responsibility for something you have no control over." I would defiantly want a golden parachute on that job, something that would allow me to retire someplace warm and live rich with out working again because after getting hammered once you probably won't be hired by anyone doing anything again.
Same with exit strategies. Cloud companies come and go, hopefully based on some from of capitalism. What happens to your company when the cloud company tanks? Hopefully the answer is, you get the time and resources necessary to move to another cloud provider or build some solution of your own before the cloud provider goes out of business.
That is the thing that cloud advocates
[i]Who[/i] is ultimatelly responsible for any loss of data?
With the current cloud companies out there, if you wake up to find your data hacked or missing, the provider can't be sued.
RE: Cloud delusions at the turn of the decade
recommend this blog. I'm in agreement with the your
arguments with SoSaaS and Fool's Cloud. It is dangerous
for organizations to misunderstand or ignore the crucial
components that bring the real value, and it is dangerous
for the image and association that they have with real
Cloud Computing.
RE: Cloud delusions at the turn of the decade
Sajai
CEO, ParaScale,http://www.parascale.com
Love the pun lol [NT]
RE: Cloud delusions at the turn of the decade
Cloud isn't one-size-fits-all
benefit more than others on the cloud?
Would love to see you insights put to use for areas such as
healthcare and persistency in patient data distribution.
RE: Cloud delusions at the turn of the decade
Ultimately, the software vendor has to decide what is the best business model for them... and sometimes that means offering their existing application as a subscription service. Sure, it may not be pure SaaS, but it doesn't have to be either.
The key concern for the vendor is not whether they are "really" doing cloud computing. Rather, it is what is the best short-, mid- and long-term option (may not be the same) for their growth, revenues, and ease of support. Each software provider needs to consider those questions in light of their own application, and what their own customers are comfortable with.
Joanna
Joanna Lees-Castro
http://www.Software-Marketing-Advisor.com
Partially agree ...
The difficulty most software vendors have is that they're unfamiliar with the cloud environment while being totally comfortable with the conventional way of doing things. So they must guard against the very strong temptation to keep doing things the old way for as long as they can get away with.
Judging by what customers are comfortable with is very dangerous, by the way, because customers can change their minds like a switch, whereas re-architecting for cloud takes months or years. The biggest danger for software vendors is getting left high-and-dry because they left it too late to shift to a proper cloud computing model.
Regards
Phil
RE: Cloud delusions at the turn of the decade
Niek