The public versus hybrid cloud Rorschach test

The public versus hybrid cloud Rorschach test

Summary: Are we heading for a world full of public cloud, or a future dominated by hybrid architectures? It all depends on which way you look at it.

VC Marc Andreessen (far left) and Vmware CEO Pat Gelsinger (far right) squared off on the future of public cloud versus private/hybrid cloud at this VMworld 2013 panel. | Image: Jason Hiner

Is it surprising that a VC in the Silicon Valley startup community sees a public cloud world, whereas a CEO in a tweed jacket thinks the world will never truly let go of its most private data?

When you live in a world of reinforcing feedback, it's hard to see beyond the reality you are constantly presented with.

That's why no one's mind should be shattered by the news that Marc Andreessen, a founder of venture capital firm Andreessen Horowitz, sees the IT world as one that is headed inextricably toward a public cloud-powered future, while Pat Gelsinger, CEO of VMware and former president and COO of EMC, sees the world holding its data crown jewels very close in world full of hybrid cloud.

In a lively "Future of IT" debate at VMworld 2013, both men attempted to impress their views upon the other.

Does this look public or hybrid to you?
(Image: Public Domain)

Andreessen was first out of the gate, in a statement echoed at TechBizz Australia earlier this year that any new business should consider going 100 percent cloud at the start.

"It is extremely rare to see a Silicon Valley startup with a capex budget, especially in its early years," he said. "The capex budget for a typical Silicon Valley startup now is four laptops.

"For companies building very high-scale environments, the assumption is that they go all cloud for all of the applications that they are building, all the data that they are starting, there's just enormous benefits to giving the datacentre the flick."

Naturally, as a leader of a company that's deeply invested in datacentre technology, Gelsinger was not about to let Andreessen get away with that.

"The fact of the matter is that there are a lot of people who have highly regulated businesses, and people who just say 'put everything in the cloud' have never visited regulated customers, who have real SLAs, real premise requirements, real governance requirements," the VMware CEO countered.

Gelsinger pointed out that his company is seeing customers bring data back in-house after having an "experience" with their initial public cloud purchases, and said that it points to an uptake of hybrid cloud.

"The right answer for the long term, and the long term is decades, will be a careful balance of what is internal and what is external," he said.

"We couldn't agree less with that perspective [of Andreessen's]".

As the conversation turned to the percentage of IT's time that should be dedicated to maintenance-style tasks and innovation, unsurprisingly, Andreessen promoted a share of 1 percent for maintenance, 99 percent innovation, while the global infrastructure CTO of Credit Suisse, Graeme Hay, sees 80-20 as the right mix. The Netscape co-founder pointed out the benefits of startups beginning with a blank sheet of paper to base their IT upon, and questioned the burden of legacy systems.

"I think that there is a real, fundamental question at the heart of a lot of industries right now, which is: As software becomes more and more the battleground for how businesses compete in industries, how much is legacy an advantage? It historically has been in many business. And how much is nimbleness and agility an advantage?"

To which Andy Bechtolsheim, co-founder and chief development officer of Arista Networks, attempted to find the middle ground in the startup/business approach to IT discussed so far.

"One thing large enterprises could do is to aggressively adopt the latest technologies to tune their install base for more cost-effectiveness, better scalability, more mobility," he said. "The advantages of rapid adoption of new technologies are not just in the cloud for startups; they are also available to large businesses with their own datacentre."

As a demonstration of the potential havoc that a cloud outage could provide, the example of Google's two-minute issue earlier this month was brought up, but Andreessen's faith was unshakable.

"The reason that that made such a compelling story is because it has literally never happened before. It's been 13 years of fantastic execution, followed by one five-minute outage.

"In contrast, internal environments are riddled with faults, defects, crashes, bugs, data corruption, lack of backup, security holes, viruses, and Chinese hackers across the board."

Andreessen put forward the idea that the cloud will ultimately become far more stable than it already is, and that perception of the security implications of public cloud will improve to such a point that it will be viewed as more secure than an internal or hybrid model.

"I think the leading cloud environments are going to be viewed as much more secure than most internal environments, and it's actually factually true in many cases today, it's getting more true all the time, there's new technologies coming out that will make that even more the case."

Like any good VC, Andreessen pointed to a company that his company has backed, CipherCloud, which provides a way to encrypt any data going into the cloud.

"They have one box behind your network, and then encrypt everything up in the cloud, so the cloud providers don't even have access to it; they just have what looks to them to be gibberish.

"And so, there is a sort of a win-win, where you get all the benefits of deploying into the cloud without having any security compromises.

"In fact, this is why I said that the cloud is more secure when you take an approach like that, you probably are more secure than you are internally, because your internal data is still not encrypted."

Citing the case of Edward Snowden, Gelsinger said the NSA whistleblower is an example of why companies would try to protect their data even more so in the future.

"We don't think that it's going to for decades until people stop building their own datacentres. Because there are these privacy issues, security issues, governance, SLAs, cost issues, all of that sort of thing is going to take forever," the CEO said.

"Technology moves fast, businesses move slower, politics moves slower, and regulation moves the slowest of all.

"A good hybrid solution is the right thing, forever."

As a banking CTO, Graeme Hay showed a traditionally conservative view of IT and the cloud.

"For us, it is simple economics — we have a very good understanding of what our costs are, we understand the service that most of our customers want, and we are very happy fulfilling that from our own internal cloud," he said.

"We do look at things on the outside, and should the right thing come along, we will certainly take a look at it.

"That's the simple way that enterprises will go."

Late in proceedings, Gelsinger was direct in his view of the world.

"I always like to say, why did Jesse James rob banks? Because that's where the money is.

"Why does IT need to pursue the enterprise? It's where the money is."

While the discussion did not change the minds of any of the panellists, it is always enjoyable watching ideologues in disagreement argue about the colour of sky and whether the colour will be any different in a number of years' time.

Given the above context, it's not hard to see how someone intertwined with the startup community could see the growth of public cloud services as a forerunner to a future where public cloud is the expected norm. At the same time, if anyone thought that an enterprise IT CEO was going to embrace a technology that the banks have dismissed as immature, then they need to follow the money a little more closely.

Perhaps the most sage advice on the cloud debate was provided by Andreessen, when discussing how the public views Edward Snowden and whether he is a hero or a traitor.

"The Snowden affair is like a Rorschach test," he said.

"A lot of people hear about the whole Snowden thing and they get horrified by the idea of information being in the cloud: 'Oh my God, the government can get information out of the cloud, they wouldn't be able to do that if it was in my datacentre.'

"I look at the Snowden thing, and I'm horrified that a guy could walk a thumb drive out of a secure NSA facility with 20,000 documents on it and, 'Oh my God, doesn't that show how internal environments are fundamentally insecure?'

"It's the same facts, just perceived completely differently depending on where you are coming from. And I think that's going to be true on more and more of all kinds of social issues, I think it is going to be true on political issues, all kinds of economic issues."

And so, too, it appears to be that one's preferred cloud architecture philosophy is also a Rorschach test.

What you do you see when you look at the cloud?

Chris Duckett travelled to VMworld 2013 as a guest of VMware.

Topics: Cloud Computing: Moving to IaaS, Cloud, Security, IT Policies


Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The public cloud guys still are not listening

    Andreessen continues to ignore or belittle the concerns. OK, Snowden managed to walk out with a USB full of stuff, and that could happen to any of us. The point is public cloud wouldn't have stopped it either. From the client's point of view the risk is worse because now others outside your organisation who you've never met or vetted have access to your data too. And you don't have proper audit trails either that would demonstrate afterwards exactly what he took & when.

    The public cloud guys need to understand it is the CIO & Agency Head who gets into trouble when there is a breach or problem. They know when they get called up to the Minister to explain what happened, they will look like idiots when it turns out they trusted a 3rd party to look after the data with minimal oversight just to save some bucks. The voters expect better than that. We also have to be prepared for the inevitable court case, and that we'd have to pay damages.

    This goes to the maturity statement that Hay made. The cloud providers to date have not made available a product suitable for solutions with high compliance obligations. The best they are ever going to get from us is hosting static websites. We can't sign contracts which do not mitigate risks with significant consequences even if they are unlikely.

    We know Google is more 'reliable' than our own systems, but that isn't the point. Respond and change your products. Give us the oversight and reports we need to pass onto the bosses. Franchise your product to local service providers so we can be confident there won't be a Patriot Act type legal paradox, & avoid NSA type snooping. Let us into the data centre without warning, inform us who your other clients are so we can do the necessary risk profiling. Fix the audit trails so we know who changed what to which whenever it was, or who looked up what when.

    Then we might have a chance to turn the funding & BAU support model on its ear & mount the business case to make the switch.

    Until then its going to be internally hosted or a private cloud with a handful of clients at best.
  • Cloud security

    Rightly said concerns over moving to the cloud have always centered on security. Came across this interesting piece on cloud security in general that might interest a few readers “Cloud risks Striking a balance between savings and security” @
  • I would suggest a mixed environment.....

    We us Google cloud for documents that are required for sales and general use.

    Any other files remain secure in our Server/NAS.

    And here we will stay.

    And as far as Microsoft Cloud are concerned NO they have limited security, and still have to give users a guarantee.

    Their skydive has already given us problems.

    So Microsoft you have a long way to go to gain our connection.
  • No. Never. Ever!

    I for one (and neither the company I work for) will NEVER and I stress out NEVER put ANYTHINK in the cloud. We don't have "field" personnell that would require remote access to company resources, and we run a very tight business with just a few computers granted Internet access. All data is stored locally and backed up LOCALLY. That means there is NO central data centre where all company data is. Less of an issue in case of a break down, hack or malfunction.