Tom Petrocelli's take on technology. Tom is the author of the book "Data Protection and Information Lifecycle Management" and a natural technology curmudgeon. This blog represents only my own views and not those of my employer, Enterprise Strategy Group. Frankly, mine are more amusing.

Monday, May 18, 2009

Get Off Of My Cloud

With Oracle's recent acquisitions of VirtualIron and Sun Microsystems, it would appear that they are positioning themselves as a player in the emerging area of cloud computing. Last year when I was buying IT resources, the concept of purchasing virtualized resources sounded really good. No more tying up money in data centers. No more hiring people to babysit hardware and software systems. Instead, investment and attention would all be focused on developing applications that created revenue for the company. Why not just buy hunks of processor, memory, disk and bandwidth from someone whose job it was to provide infrastructure? They make money and I don't have to tie up precious capital in hardware that goes obsolete. The nice thing about applications is that they are forever. Hardware, on the other hand, is like a car – it starts to depreciate the minute it leaves the showroom.

A funny thing happen on the way to the cloud though. I began to worry about privacy and long term viability. Some data is so valuable that you don't want anyone taking a peak at it. Intellectual property records, social security numbers, patient data, and the like can't be trusted to anyone but yourself. This is not the same as Saleforce.com type data. If my data was sitting on someone's SAN, how could I be sure no one messed with it? When I rented a server that was pretty easy. I could look at the server, check out the storage, and see what the logs told me myself. Fairly basic protections could go a long way towards making me feel secure.

The public cloud however provides none of that. You know practically nothing about the security of the systems. Amazon S3 is a great idea until you realize that you are handing your data over to Amazon with only their reassurances that everything will be alright. You can't see or touch their gear because it's in the cloud somewhere. Given the proclivity of large companies to misuse data and ignore privacy, it seems foolish to give it over to a faceless cloud.

Even if you assume the best, a public cloud requires a level of trust in the provider that is unknown in recent memory and perhaps unprecedented. Do you really trust Google with your data? Do you think they will always make decisions that are in your interest and not there's? Of course not.

And what happens when the cloud evaporates one day? We've seen large numbers of online applications disappear in the recession. What makes us think that you cloud provider, especially the smaller ones, won't join them. Remember the Storage Service Provider fiasco when SSP when boom in the Internet bust? What will you do if your cloud providers goes belly up? Replacing an ISP or even a rented server is fairly easy. You find another one. Can you find another cloud to sit on quickly? And can you adapt your applications to the new cloud in time?

Note that I said “public cloud”. Building your own cloud is fundamentally different. It's just another form of cost effective architecture. That's where I think Oracle will go with all this. Given Sun's ability to deliver a data center in a cargo container, coupled with VirtualIron's software and Oracle applications, they will be able to deploy an entire private cloud to your doorstep. I envision a tractor trailer pulling up and leaving a cargo container with a data center in my back yard. One can dream can't one.

Cloud technology has a lot of advantages. That's been talked about ad nausem. You get many of those advantages even if you own it. A private cloud allows you to have the benefits of a virtualized environment without the privacy and security problems. Public clouds are risky. They might be inevitable but don't get your heads into the clouds lightly.

No comments: