Public Clouds: Trust but Verify

Posted On October 14, 2011 | By Tokutek | 1 comments

Review of Thursday’s Cloud Events in Boston

Everyone is well aware by now of the EC2 outage that Amazon had back in April and it would have surprised no one if that high profile had put a damper on cloud adoption. But judging what we heard yesterday at Boston’s two cloud events (MassTLC’s Cloud Computing Summit and Vilna’s Moving Your Data to the Cloud Panel), cloud solutions can work just fine. For example, there was the customer story told by Douglas Kim, Managing Director, Global Head, PaaS & Cloud Computing at PegaSystems. Pegasystems is a Boston tech company that started offering cloud versions of its BPM services to conservative Fortune 500 customers in regulation-laden fields such as healthcare and finance. After migrating over a major healthcare customer to the cloud, Kim asked the COO how they internally overcame the concerns about complying with HIPAA requirements as they considered the cloud. The COO admitted they were actually already facing $120M in HIPAA violations in the past year – from using their in-house solution! In other words, before throwing too many stones at Amazon (or other cloud providers), ask if you can really do better.

MassTLC: The monkey is not in the cloud

So, with two events focused on the cloud yesterday, we know bloggers, analysts, VCs and press are hot on the topic – how about actual adoption? Bruce Guptill, Senior Vice President and Head of Research at Saugatuck Technology noted that cloud adoption levels were about one in three for new IT applications last year, but that we are heading to a one in two tipping point in 2014. He further noted that buyers are demanding cloud offerings, which in turn is driving 90% of ISV’s to some sort of cloud based presence.

Michael Skok, a General Partner at North Bridge Venture Partners, noted that the biggest drivers for cloud adoption are agility, scalability and cost, based on a study his firm completed in conjunction with several research houses. That will continue to evolve. In five years, Skok thinks the drivers will hinge on innovation, mobility, APIs and competitive pressures. In terms of inhibitors, while security is always a top concern, Bob Shinn, Founder and Senior Managing Partner, Cloud Silver Lining noted that “even the CIA is in the cloud.” Portability was also observed to be a key item to address. Chris Brookins, VP of Engineering, Acquia noted that by resolving the portability issue (i.e., vendor lock-in) they have been able to grow to 60k users.

Business models were also up for debate. Dan Pelton, CIO, Enterasys Networks claimed that companies selling cloud applications should really follow the Google model to make money (subscription price based on number of users) because it is scalable and easy to understand. Kim argued for going even further with enterprise verticals to find ways to connect pricing to actual business value. This includes, as an example from the insurance industry, charging pennies per claim, which can be directly tied to the bottom line.

Vilna: Does anyone have a prayer to beat Google?

Alright, so how do we spur adoption, especially in the wake of public outages? Shin noted that even though FUD still exists, the reality is that “most people’s data centers are not close to the security and quality of Google.” Still have doubts? Kim suggests jumping in with both feet, but not blindly. For how to do this, he pointed to Netflix. They avoided catastrophic failures with Amazon because they implemented across zones and because they were constantly testing for failure, with what they call their “Chaos Monkey.” This is a program that randomly terminates computer processes and services in Netflix’s IT infrastructure architecture to continuously test resiliency. In the end, when it comes to public clouds, perhaps it is best to “trust but verify.”

One Comment

  1. Leo Leung says:

    I would break the discussion into two points:

    In terms of availability, I think George Reese said it best in this blog post. You can’t just port any old app into the cloud and expect the infrastructure to take responsibility for all possible fault scenarios. That’s not cloud. Cloud is a trade-off. You get massive scalability and flexibility, but the application has to be more resilient.

    In terms of security and control, I think it is less about technology than it is about economics and incentives. Public clouds will always try to squeeze out economies of scale to reduce their costs and improve their margins. Or they will use the data in some fashion to generate new revenue streams. Period.

    They will push multi-tenancy and de-duplication, even if it creates security holes. They will mine user behavior for their own benefit, or reveal that information to third parties, always testing the lines of anonymity.

    The current state of the cloud along these two vectors may be fine for the consumer market and basic corporate workloads, but really represents immaturity. I would argue that the next chapter should provide the benefits of cloud without compromising your data.

Leave a Reply

Your email address will not be published. Required fields are marked *