Over the last couple weeks I had numerous opportunities to discuss about cloud computing with manufacturing companies all over the world. When talking about cloud, I typically use the NIST definition. Interestingly, I found many companies eager to gain a better understanding of what cloud is all about. But only two (a European and an American one) were interested in jumping to the public cloud, the others were more interested in a private option or in something in between private and public.
The key issues discussed around the public cloud are security, privacy and compliance. And there is still a lot of work to be done in that area. The Cloud Security Alliance is doing a lot of work in this space and released an interesting document a couple months ago. It was titled “Top Treads to Cloud Computing”. A “Security Guidance for Critical Areas of Focus in Cloud Computing” is also available.
The conclusion is simple, The public cloud is intrinsically not secure, and a number of approaches should be followed to make it as secure as possible. These are related around two main topics, the accessibility of the data by third parties (security) and the location of the data (privacy and compliance). The latter is really interesting as it goes against the usual motto of the public cloud, location independence.
The private cloud helps companies use their environments more efficiently, but does not resolve the CAPEX issue. So, a number of customers are asking for an environment that can be provisioned through a pay-per-use model, while having security, management and SLA levels that are compatible with their needs. As many applications cannot yet run in virtualized environments, they are also looking at a combination of physical and virtual servers.
There really seems to be a need for such environment in enterprises. I know HP is providing such environment. They call it “Utility Services” rather than cloud, as in some characteristics it differs from the traditional cloud. Flexibility and security/compliance comes at a price. So, you are not able to increase from 50 to 5000 servers in one week-end as Animoto did. But frankly, how many enterprises have such needs in areas where they need the security levels provided by utility services?
This demonstrates once more that “one size does not fit all”. Although people are looking for standardization, it becomes increasingly clear that there will be, at least in the foreseeable future, many different implementations of public cloud. The real art will be to identify the right one for the job, the one that addresses the concerns while leaving enough options for future expansion.