The big argument now, of course, is whether a business needs to adopt a private cloud, a public cloud, or a hybrid of both. Indeed the result for companies, particularly those with sales riding on the choices customers make, can be very important.
But customers are starting to see this argument as a non-event, as was demonstrated at the recent Business Cloud Summit. The Technology and Developer stream addressed the Cloud issue of Private, Public Hybrid head on, and panelist Charles Newhouse, Head of Strategy and Design at BAe Systems, spoke for many, both on the panel and in the audience.
That underlying pragmatism was supported by Andrew Jordan, CTO of Governance, Risk and Compliance at Thomson Reuters. He suggested that the most important driver is not which technology to choose, but what the business requirement is. So if there is an obvious business need that some form of Cloud service can fulfill, go for the most appropriate solution. But if the business doesn’t actually need it, then the management should stop even thinking about it.
In that context, the choice of Cloud architecture is not clear cut and it is not easy to place any business in silo’ed buckets marked `Private’, `Public’ or `Hybrid’. It will very much depend on what the business needs to achieve and what combination of flexibility and constraint it can live with.
For example, Newhouse observed that BAe was doing very similar business processes before the Cloud came along, but added that using the Cloud had made many of them easier. But some processes do live with constraints, often applied externally.
But even that is not a clear cut division. Peter Clarke, CTO of the Isle of Man Government, pointed out that there are situations where the business process can be highly regulated but where the Cloud allows services to be set up that are both regulated and more flexible as an available service.
This line of discussion, of course, still begged the questions of whether there were definable differences between the three Cloud options and what, if any, were the associated risks from a business perspective.
In Newhouse’s opinion the loss of control is the biggest risk with any public or hybrid Cloud architecture. In particular, the fact that they can’t fully control where data and processes might run or be stored is of the greatest importance because it raises the issue of appearing to be non-compliant. In addition, there are also the on-going perception problems about security and data sovereignty.
That perception problem was identified by Clarke as a particular problem. But it is also one that has, in his view, been exacerbated by the hype surrounding the cloud, and in particular the issue of data security.
Jordan set out his view of the delineation between Public and Private clouds, suggesting that the public variant is based on offering multi-tenanted subscription services, where the service provision is all external. Private clouds are not multi-tenanted and are specifically configured to the needs the user. He does see hybrid architectures coming in, but suggested that no one customer will use public and private equally – it will vary according to need.
The panelists agreed that smaller businesses will tend towards running on the public cloud. The also agreed that any attempt to create a one-size-fits-all hybrid solution, particularly as a product, is doomed to failure. The collective view is that it will all be `horses for courses’ rather than packaged Cloud `products’.
As an example, Jordan indicated that Reuters is now looking at how to use Salesforce beyond the out of the box CRM system. It is starting to look towards its companion platform, Force.com, to build line of business solutions that meet specific company requirements.
The session was summed up rather well with two straight forward suggestions, both of which pointed to the view that arguments about Cloud architecture types are at the least digressions from what is important.
One was very direct - get on with it. If IT departments ignore the Cloud and pretend it isn’t happening, other departments will start doing it for themselves. That can only create lots of problems that the IT department will then have to solve.
The other follows naturally from that. Have appropriate management controls that can stop other departments doing their own thing, but at the same time have the service capability available to allow those departments the opportunity to sand-box their service ideas and aspirations.
