Dissecting’s “Don’t buy cloud computing hype” post

December 31st, 2008 by - 23,511 views

searchdatacenter_logoWell, I thought that I could get away with no more articles in 2008. I guess that I was mistaken. I just read a good article by Chuck Goolsbee on titled: “Don’t buy cloud computing hype: Business model will evaporate” and I figured that I would put in my 2 cents on some of the items mentioned within.

Goolsbee takes a very pragmatic approach to “slicing through” traditional datacenter hosting (using Occam’s razor to boot), so that he could evaluate each and every aspect of what is contained in a physical environment. To summarize (and I’m paraphrasing, hopefully accurately), he mentions:

  1. Payment Card/eCommerce systems – hard to audit the purchased virtualized hardware within the Cloud
  2. Security – this works with auditing, but is the environment physically secure? Is there “data mingling?”
  3. “Fully acronym-compliant” – is the Cloud HiPAA, SOX, SAS70, GLBA, etc compliant?
  4. Data retention – for legal purposes, how can you ensure data retention?
  5. Cloud Computing Success Stories – pure cloud solution successes are marketing driven
  6. Margins for Cloud Providers – how can a cloud provider keep a good profit margin?
  7. Data Center On-Demand – that is what Cloud Computing is
  8. AWS is only real “successful” cloud provider – they are selling unused capacity
  9. “Buzzword overlap” – SaaS is NOT a cloud

Those are just a few points that I wanted to call out and respond to from my own perspective. First of all, I don’t disagree (completely) with the items that are listed above. Any company looking at the Cloud as the end-all solution for their IT needs may be disappointed unless they fully think it all out. To address the points above:

  1. I somewhat agree with this assessment. It is impossible to fully audit what I call “disposable IT.” However, the shift from CapEx to OpEx means that auditing methods need to be re-evaluated. In the past (and currently), if you wanted to requisition hardware, there was a process for doing so. It took time and had rigorous approval processes built in. Now, with the Cloud, you can do this “on the fly” and servers in the Cloud can be created and disposed of extremely quickly. With data in general, you can never fully have “absolute certainty” with an audit. Compliance requires a “reasonable certainty”, especially since data isn’t persistent in or outside of the Cloud. So, saying that the Cloud model will fail because it isn’t compliant or can’t be audited is erroneous.
  2. Physical security is left to the hosting provider or even to an outsourced 3rd party whose specific job is ensuring security and complaince therein. This is true with traditional datacenters, “cloudcenters” (a term that we at GoGrid are using to describe our Cloud Infrastructure), and even shared hosting. Just as Credit Card fraud initially got a lot of hype due to the launch of eCommerce, security in the Cloud will undergo a similar scrutiny. There is (unconfirmed) more Credit Card fraud that happens over the phone or physically at merchants than with eCommerce. When you choose a hosting provider, cloud or traditional, you need to think about data mingling anyway. Just ask your provider those questions. As standards arise and Government and Enterprise adopt Public and Private Clouds, security, as I have said previously, will be as robust if not more so than traditional centers. As in the Credit Card example, it’s probably safer to use a credit card online now than over the phone, but that depends on the site.
  3. Yes, the ever-persistent acronyms are important. GoGrid and parent company, ServePath, are SAS70 Type II certified, for example. But, these regulatory organizations will ALSO have to adopt to this new business and technology model. This could prevent some traction of the Cloud for a few corporations but I don’t think it will slow down others that much. And audits like we have, like SAS70, are widely-accepted industry standards for showing reasonable assurance and allowing auditability.
  4. I agree with the assessment that the Cloud will make it difficult for Law Enforcement to ensure data retention. Cloud Storage and/or backups can be used to allow for data retention to take place. However, if data retention is a requirement due to compliance or legal issues, processes can be built in to any IT infrastructure, cloudy or not. The other thing to consider here would be “hybrid solutions.” Since GoGrid is run by a traditional managed hosting provider, ServePath, we understand that there are certain items that are better fit for physically residing somewhere. To that end, we developed Cloud Connect. Corporations or businesses that are concerned about data persistence and the physicality of that data could opt for a solution like Cloud Connect to meet this need.
  5. Success Stories generated by providers are great. But what is better is blog posts or end-user reviews of the service. There aren’t too many reviews on successful implementations with datacenter deployments, mainly because it takes a very long time to roll out fully within a data center. And, it’s not “sexy.” Deploying a full IT infrastructure in the cloud in a matter of hours (vs. days or weeks in a datacenter) IS sexy, and people are talking about that. Time is money. If you can reduce your time to market by using the Cloud, then you will be many steps closer to monetizing than if you took a traditional method. Again, this could be where hybrid clouds (e.g., Cloud Connect) might come into play. I don’t agree with Goolsbee’s statement that “the cloud cannot contain anything critical”. Just look at SalesForce or EC2 or GoGrid. Plenty of critical data is contained within those Clouds. I do agree that Cloud Computing IS great for start-ups, but if you stop there, you are missing many larger opportunities.
  6. Margins for traditional data centers is a topic unto itself. I will only scrape the surface here. GoGrid, for example, was born from traditional managed, dedicated hosting provider experience. In order to roll out and deploy servers, there is a large capital and operating expense. When new clients come on board, servers have to be configured to their needs, hard drives formatted, memory installed, cables connected, etc. The man-hours spent to roll out a single customer is quite large. We saw these inefficiencies as well as the fact that once deployed, servers sat idle and under-utilized. GoGrid was developed to combat these internal and external cost and labor inefficiencies. Not only could more “servers” be “contained” within fewer larger physical servers (reducing datacenter footprints, power, cooling, etc. metrics), but also, automated deployment reduced the human capital needs. Coupled with the fact that the control was now in the hands of the end user (in terms of scalability and configuration, for example), time to deploy was reduced (equating to less grumbling on all sides). If you read between the lines here, there are better margins for a hosting provider to convert some internal infrastructure over to providing Cloud “services” than not. Once the technology is created, rolling out Cloud infrastructures within a hosting provider for end users to later use is better than rolling out a handful of customized dedicated servers.
  7. Some Cloud Computing providers are data-centers on demand, but very few. As I mentioned, we now refer to GoGrid as a CloudCenter, the equivalent of a DataCenter but in the Cloud and using the requirements of Cloud Computing: dynamically and rapidly scalable, paying for what you use and using only what you need, programmatically controlled through an API (or web interface), and somewhat “virtualized”. To be a true “datacenter in the cloud” you must have all of the components of a datacenter (servers, switches, firewalls, load balancers, storage, multiple network pipes, internal and external networks, etc.). Only those Cloud Providers that give out Infrastructure solutions (e.g., GoGrid and potentially EC2) can be considered “data-centers on demand” and even then, EC2 doesn’t quite fit.
  8. AWS had a few things going for it to get it on its way to being considered a “successful provider”: its name,  its size and the fact that it was first to market (or appeared to be). Don’t get me wrong, their entire suite is very impressive and they have a lot of extremely happy customers. Also, they have truly cut the ice for other Cloud providers to come along (to which we are thankful). I’m not sure about the accuracy of what Goolsbee says (that they are “selling unused capacity”). This may have been true initially, but I believe they are their own business unit by now and their data centers have nothing to do with their “book selling.” Also, the mention of uptime and security guarantees being lacking will change (they recently released an SLA for EC2…it’s not as robust as GoGrid, for what it’s worth). The general pessimism about AWS not being good for mission-critical IT functions is not really warranted, I don’t feel. Datacenters fail, as do servers. This is not specific to the Cloud. If you are worried about your data, back it up! That is the best practice and not something that you should only do if you are using the Cloud.
  9. I agree that Cloud Computing as a general buzzword is over-used and vague, but it is here to stay until something better comes along. We are already seeing segmentation within it. It is a general encapsulation of many different things. I do think that SaaS belongs as one of the Cloud layers (Cloud Applications) provided it meets the Cloud checklist. Google IS a cloud provider (Google App Engine as a Cloud Platform; Gmail as a Cloud Application). Buying application time (specifically “hosting” your Python application within their datacenters) IS using the Cloud, but not Cloud Infrastructure but rather Cloud Platforms. In fact, you will be able to buy additional capacity on App Engine soon.

Goolsbee’s article is a definite read. Since he is an executive at Digital.Forest (a colocation provider), it does make sense that he believes the Cloud business model has some faults. I’m glad that he eloquently articulated many of the concerns that businesses, data centers and hosting providers have about the “coming of the Cloud.” I’m lucky enough to be able to visit both sides of the equation: DataCenter (ServePath & ColoServe) and CloudCenter (GoGrid). Happy New Year!

The following two tabs change content below.

Michael Sheehan

Michael Sheehan, formerly the Technology Evangelist for GoGrid, is a recognized technology, social media, and cloud computing pundit and blogger who writes regularly about technology news and trends.

4 Responses to “Dissecting’s “Don’t buy cloud computing hype” post”

  1. pkysoft says:

    godgrid’s outbound price too expansive for the pay-you-go payment user.

  2. I could be convinced to alter my views on the compliance issue, but only when I hear it straight from an auditor (as opposed to a cloud provider.) Additionally Statement of Accounting Standards (SAS70) is not the right compliance standard to hold up as an example, as it is the least relevant, and least strict from an infrastructure perspective.

    What then about my other points?

    1. The business model of “cloud provider” is only sustainable for somebody selling excess capacity. It is unlikely that a “cloud provider” can succeed in a stand-alone fashion.

    1a: What happens when that excess capacity is needed for its primary purpose? Or, what happens when the application running in the cloud succeeds far beyond the cloud’s ability to support it? How can you financially survive the former event as a user, or the latter event as a cloud provider?

    I’m glad we are in agreement on the issue of terminology. ASP/SaaS!=Cloud. “Cloud” is really a lower-level concept independent of the application layer. Perhaps I’m being pedantic but I find it irritating when the terminology is used interchangeably.


    • Michael Sheehan says:

      Thanks for the response. True, the auditing and compliance portion probably needs to go much further. For the short term, many providers will be self-auditing until the standards are truly brought up to speed and the independent auditors fully understand what is involved. It’s a great extension for their business model actually and I think they will reap the benefits of being able to fully audit “the Cloud.” SAS70 (an acronym that you mentioned) is just an example. GoGrid is one of the few (only?) Cloud providers that can say that.

      In terms of your other points:
      1) I don’t fully agree with that statement that the business model is sustainable only for someone selling excess capacity. It is a shift in many different models. Who would have thought that SaaS would be so wildly successful? The billing models fit better to a time where budgets are tight. Data Centers could convert over to providing Cloud services (smaller footprint, less power, etc.). However, doing ONLY Cloud might be a bit dangerous, so I somewhat agree. Diversification is critical. This is part of the reason why we offer traditional datacenter (ServePath/ColoServe) services as well as CloudCenter (GoGrid) services. User then have the ability to pick and choose their solution, one or the other or both together (Cloud Connect).
      1a) I don’t think this is any different than traditional hosting. You have to, as a provider, be ready to scale one way or another. Planning, whether traditional or cloud, needs to take place, so I don’t really understand the concern as being only with the Cloud.

      Sorry, but I still do view SaaS as a Cloud segment (Cloud Applications). However, I do think that there are some SaaS providers that don’t quite fit in. Cloud Computing, in general, is a term that is very broad and general, but we are seeing the fine-tuning taking place.

      Thanks for the thoughtful discussion.

Leave a reply