Geeks With Blogs
Paul Kelly

Has the cloud backlash started? Stallman's cloudburst when he railed against the dangers of allowing our data to be locked up offsite and online (http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman) was perhaps predictable, but he is not the only voice to have suggested that cloud vendors are overselling the benefits and ignoring the risks.

On the one hand we have some very large corporations (Amazon, Google and Microsoft in particular) pushing the advantages of migrating your applications off your own hardware and onto theirs, and on the other voices of doom warning of the danger to your data, and asking why you would want to be held hostage by a third party who might change their terms and conditions, go bust, or maybe just lose interest…

What I want to do in this article is looking business cases and architectures that enable you to get a competitive advantage from the cloud. I don't think it will often make sense to move everything you have into the cloud, but there can be excellent tactical and strategic reasons to take advantage of it. What makes sense depends on what kind of business you are running, what kind of data you are storing, and whether or not you need to take advantage of the cloud's most compelling advantage – the ability to treat compute power in the same way as you do other utilities like water or electricity.

The classic no-brainer for a cloud implementation is the startup. You don't have significant amounts of confidential data to lose (yet), and you don't want the capital costs of running your own server farm. You can rent one or two nodes on a cloud to get your website up and running, with the option of scaling across more nodes as you need to. If you want to do that, you need to make sure your applications scale so that you get the improved performance you need as demand goes up.

But what about older kinds of enterprise computing? What if you are a bank, or an insurance company? You've got lots of confidential data that you can't afford to lose or have stolen; and if you can't access it because of some sort of cloud outage, you are out of business. Can you take advantage of utility computing? Straight off, I think I'm with Richard Stallman here. I'd be pretty worried if my current account details were floating out there in the cloud. Right now, the bank looks after my data, and if they lose it, they are responsible (unless I can be shown to have done something foolish of course). I think I'm much happier if they keep it locked up in their own data centres and have a fairly paranoid attitude towards security.

But even banks and insurance companies have to have a presence on the web these days. And customers want to get quotations online, check their balances, make transfers etc. Can this compute requirement be moved into the cloud, while the core data stays locked up in the bank's data centre? The answer here is "definitely maybe".

Let's look at a couple of examples, starting with online insurance quotations. It seems to make a lot of sense to be able to farm some of this off to the cloud. You'll have some actuarial data, and a bunch of algorithms to crunch it. You need users to enter their details on some web forms so you can collect them and do the sums. You'll want to keep their data for a while, but eventually you'll either delete it or archive it off somewhere. If someone actually follows through on a quote, you'll definitely want to bring the data down to your own data centre when you deliver their policy. The idea here is that you keep your data centre for looking after the data on your actual customers, doing billing, sending out renewals etc. Your core business stays here, inside your control.

The compute and storage demands for your core business should be reasonably predictable, so you shouldn't get caught out with either insufficient capacity or too much. But the surges and slumps of web demand can be handled scalably somewhere else. Maybe you need to put on extra capacity at weekends and evenings when people are shopping around; but the point is that you have an option for doing it. And with the proliferation of comparison websites, it probably doesn't hurt to put servicing all those web requests on someone else's hardware either.

Next example, running bank accounts. Again, like the insurance example, your customer data should mostly stay in your own data centre. But can you farm off your online banking services elsewhere? The customer logs in, and wants to see recent transactions and their balance. This one is a bit more tricky I think. Does all the data remain in your data centre, and gets sent to the cloud only as the customer requests it? That might not give you much scalability advantage, and constant data transfers between you and the cloud might push up your bandwidth costs. You need to look at the minimum amount of data you can keep in the cloud to give you some advantages in terms of scalability (giving your own data centre a rest), without compromising security or data integrity.

To start with, you might want to look at what the minimum amount of data would be required for customers with online banking to simply log in to their accounts. You shouldn't need all their details, but you'll need the right tokens to be sure they are logging on with the correct details. What else makes sense? Do you push transaction data up there each night so they can always see the previous days transactions, or would you be increasing your bandwidth costs needlessly in the case of all those customers who log in less frequently? Although I think there are still potential wins here, there is going to be a lot more art in working out a strategy for how you cache some data from your own data centre in the cloud to make scalability gains, while avoiding big bandwidth costs or exposing your customers to large scale data theft.

Conclusion

I think we are still only starting to learn how to mix enterprise and utility computing – I'd love to get comments from anyone who has had real involvement in this. I think to make it work we have to learn how to be able to run the same code in a cloud as in the data centre (shameless plug – my own employer Micro Focus already has COBOL running in the Amazon and Microsoft Azure clouds). We also need to think very carefully about what data moves between data centre and cloud and when. How long does sensitive data stay in the cloud? Do you take the approach that cloud security is good enough that small amounts can stay there indefinitely? Or do you absolutely minimize amount and lifetime of corporate data in the cloud – which will improve your security but might hurt running costs and scalability?

Posted on Thursday, June 2, 2011 7:02 AM Cloud , architecture , Azure , EC2 | Back to top


Comments on this post: Weather report - how can you stop worrying and learn to love the cloud?

# re: Weather report - how can you stop worrying and learn to love the cloud?
Requesting Gravatar...
Nice post Paul,

Being dyslexic I found the ratio of words to heading made it a little on the hard to read side. But I think you point is well made.

I would go further with your analogy of electricity and how this relates to large corporates like banks. Typically, a bank will have a generator to run its mainframe if grid power goes down. IE the bank will keep its only electricity supply for key corporate assets. However, the generator will not have enough capacity to run everything - that would be daft when outages are typically very short and very rare.

Well, if having a generator powerful enough to run everything is daft, then having computers on site to run everything is also daft. Could computing is a no brainer for everyone, if thought about in the correct way.

I suspect that IT people don't actually have the correct training to think this way. What might work better is for the utilities side of the company to provision computing power just as they do the buildings and electricity. They provide compute power as a service to IT who consume it. The utilities division of the company can then use their training to say what must be on site and protected by generators etc and what can be taken off site and run in the cloud.

I'd love to see some code examples on this blog of using the cloud from COBOL ;)

- AJ
Left by Alex Turner on Jun 15, 2011 7:34 PM

# re: Weather report - how can you stop worrying and learn to love the cloud?
Requesting Gravatar...
This is a really good article and I love the Dr. Strangelove pun :).

I think I am in general agreement with the issue of guarding sensitive data. rms, with all due respect, represents one end of the spectrum where absolutely "any" data stored on third party clouds/servers is unacceptable and a violation of the privacy of the user.

+1 to AJ's comment.
Left by Serendipity on Aug 02, 2011 7:52 AM

# re: Weather report - how can you stop worrying and learn to love the cloud?
Requesting Gravatar...
Thanks! From your blog, you are clearly a lover of old movies and if at least one person got the Strangelove reference it all feels worthwhile.
Left by Paul Kelly on Aug 08, 2011 12:10 AM

Your comment:
 (will show your gravatar)


Copyright © cyberycon | Powered by: GeeksWithBlogs.net