Forrester recently published a research note on enterprise adoption of Cloud Technology. The full report can be downloaded here from Akamai.com (after registration). As the report was commissioned by Akamai who absolutely is not a neutral third party the results need to be considered with caution. That said, there are some interesting conclusions.
- Public cloud use is increasing across a number of business-critical use cases.
This is not a surprise. Public clouds have become mainstream. Amazon’s case study page is a who’s who of well-known traditional brand names including Hess, Suncorp, Dole, and Pfizer as well as newer technology oriented companies such as Netflix, Shazam, Airnb, and Expedia.
- Cloud success comes from mastering “The Uneven Handshake.”
The gist of this point is that organizations have specific requirements (e.g., security, access to behind the firewall data, etc.) which may be incompletely fulfilled by a particular cloud offering. In order to use a cloud solution it may be necessary to piece together multiple provider solutions together with custom “glue” code.
- It’s a hybrid world
Most organizations that have been around for a while have an investment in on premise systems. In addition to providing valuable services that work (think don’t fix what isn’t broken), they are known commodities, and are typically capitalized pieces of equipment/software. In a perfect world oftentimes it would be cleaner to create a homogeneous configuration all on a cloud platform. Unfortunately we do not live in a perfect world and many times cloud systems have to be made to co-exist with legacy systems for technical, cost, or other reasons.
One particularly interesting finding is that most enterprises are quite satisfied with their investment in the cloud. This conclusion is illustrated in the following figure.
As organizations begin the journey to or expand their operations in the cloud there are a number of important considerations. Each of these topics stands on their own and literally thousands of pages of documentation exist on each. Here are some brief overview thoughts.
- Platform as a Service (PaaS) or Infrastructure as a Service (IaaS)
In a PaaS configuration the provider manages the infrastructure, scalability, and everything other than the application software. In an IaaS configuration the enterprise who licenses the software has total control of the platform. There are pros and cons to both PaaS and IaaS. PaaS can be very appropriate for small organizations who wish to off-load as much of the hosting burden as possible. PaaS platforms offer organizations less control and less flexibility. IaaS provides organizations as much control as they would have in a self-hosted model. The trade off with IaaS is that the organization is responsible for the provisioning and maintenance of all aspects of the infrastructure. Enterprises new to the cloud may find that there IT group is most comfortable with IaaS as it is much more familiar territory. As the IT group is the one who answers the panicked call at 2:00 AM there conservative nature can be understood.
- Picking the right provider
Google AppEngine, Salesforce.com, Heroku, and Amazon Elastic Beanstalk are some on the most well-known PaaS platforms. Amazon’s EC2 platform as well as Microsoft Azure Virtual Machines are the two dominant platforms in the IaaS space. (Azure has a rich PaaS offering called Web Sites.) Rackspace also has very strong offerings as well – particularly in the IaaS space.
- Platform lock in
With an IaaS model careful consideration should be given to the selection of technology components. To a point made in the Forrester report interfaces between existing components need to be considered and configured to work together. Further consideration should be given to whether platform specific technologies should be used or not. For example, Amazon offers a proprietary queuing solution (SQS – Simple Queue Service). RabbitMQ is a well-respected open source queuing platform. The choice of SQS would lock an organization into Amazon where the choice of RabbitMQ allows more flexibility to shift to another platform. Again these are trade offs to be considered.
With enough time and effort public cloud technology can theoretically be made as secure as an on premise solution. This topic is considered by the Forrester report. They note “The most common breaches that have occurred in the cloud have not been the fault of the cloud vendors but errors made by the customer.” Should an organization make the decision to hold sensitive business-critical information in the cloud a best practice would be to retain a subject matter expert in cloud security and conduct regular third-party penetration testing.
- Global Footprint and Responsiveness
One of the advantages of working with a public cloud provider is that an organization can cost-effectively host their applications around the world. For example, Amazon offers three hosting options in the Asia Pacific Zone alone and nine regions world-wide. Hosting in another geography is on the surface attractive for improving response times for customers as well as complying with country specific privacy regulations. For most organizations hosting in a shared public cloud is much cheaper than self-hosting in a remote geography. Organizations should be aware that hosting in a given region may or may improve response times depending on how their customers access the service. Your mileage may vary depending on customer network routing algorithms. Performance testing using a service like Compuware can help identify how your customers access your content. Similarly, care needs to be taken to ensure compliance with privacy laws. For example, it is a well-known requirement that PII data from EU citizens should not leave Europe without the user’s consent. A public cloud can be used to comply with this directive, however, should administrators from the US have the ability to extract data from that machine the organization may not be meeting the requirements of the law.
- Uptime and monitoring
Finally, enterprises need to be concerned with up-time. It is a law of nature that all systems go down. Even the biggest, most well maintained systems, have unplanned outages. Nearly every cloud systems has a distributed architecture such that rarely does the entire network go down at the same time. Organizations should carefully consider (and test) how they monitor their cloud hosted systems and fail-over should an outage occur just as they do with on premise solutions. Should an organization embrace a hybrid hosting strategy the cloud could fail over to the self-hosted platform and vice versa.