Private Versus Public Cloud Computing
A plethora of applications are being considered for the cloud, but it may take at least another year before cloud computing goes mainstream in the enterprise.
This week, I'm at my second IT event in several months where CIOs are expressing deep concerns surrounding the "public cloud." As usual, it is security that is at the core of their concerns, coupled with the line tendency to use these services anyway. At the prior event, CIO 100, there were stories of employees being terminated for using these often unsecure public cloud facilities and putting critical corporate intellectual property at risk. Here, the firms represented are moving aggressively to provide the agility, cost and performance advantages promised by the cloud internally and there is a significant amount of commonality in their problems.
At the same time, this week, Gartner took a position that was the polar opposite of the CIOs at these two events and argued that the private cloud was the last resort. This is just wrong. I'm guessing the company missed a meeting because this sentiment is shared by neither the CIOs nor vendors presenting at these events. The attendees are arguing that the private cloud may be their most important tool. What is also interesting is that were Gartner right, it would be a going-out-of-business scenario for them because public cloud services are being presented much like outsourcing and they do represent a very real threat to IT and it is IT that generally funds Gartner's services.
Coincidently, as I started writing this, Google's highest profile cloud effort in the in L.A. county hit another huge problem and Google now is being asked to fund the older system for 13,000 employees because its solution still didn't meet security requirements.
EMC's Secret Weapon
With the passing of Steve Jobs, a lot of us are spending a great deal of time looking at leaders in the various companies we cover. The big thing that Steve brought to the table was a massive and unusual (in CEOs) passion for the products. Well, as I talk to the folks at EMC's event, they seem to agree on one thing: Pat Gelsinger's presentation was the best and his passion, vision and knowledge of EMC's products was both appreciated and highly valued.
Pat, when I first met him at Intel, was often defined by a deep passion for products and technology and even spent a stint as CTO there. I'm one of many who thought that he should have had a shot as Intel's CEO and am pleased to see he is doing so well at EMC. You really don't see this kind of passion that often and I think it's important to call it out when I see it.
Gartner and Public Cloud vs. Private Cloud
Analysts, and I include myself, can often get so lost in the trees that we no longer see the forest. There is no doubt that the public cloud is a major disruptive event. The CIO events I've been attending are awash with stories of line organizations using public cloud services and bypassing IT with them. The trend that is being identified is one that suggests that in a very short time, many companies will have effectively outsourced IT to vendor-supplied cloud services. For analysts that live off of revenue from IT, this is as much a going-out-of-business trend as it is an early-retirement trend for many IT professionals because these services rarely subscribe to services like Gartner.
Even well-secured cloud systems like those from Microsoft have had issues, from outages to concerns about government access. In that case, recently, Microsoft had to warn that the Patriot Act would require it to provide access to hosted information regardless of where the client resides because Microsoft is a U.S. company. It has had to shift to using offshore partners to address this security concern. Coverage on the Top Ten Cloud Outages showcases the current reliability issues, including the inability to assure even the reliability of these services and the need to have some level of redundancy for them.
One position that Gartner appeared to get very wrong, according to the CIOs I've spoken with, is to start public cloud deployments with email.
Email represents a massive security problem for these CIOs today because leads can cause everything from an SEC insider trading event to employee litigation. For instance, in parts of Europe, the company is held liable if an email system is compromised and an employee's personal information is compromised. Clearly, in the L.A. county Google example I started with, email security has become a nightmare for both Google and L.A. County. Gartner couldn't be more wrong to even consider email as an early migration opportunity. I'm sure those in Gartner who cover email were likely appalled by this position because email is one of those services that, if handled incorrectly, has visibility and can become a career ender.
Wrapping Up: Passion and Risk
Part of the EMC event that is being very well received is that EMC is clearly eating its own dog food and is showcasing that it is putting its technology where its mouth is. Having a top executive who cares deeply about the firm's products and takes the time to understand them is unfortunately not all that common and something that sets EMC apart in its march to the cloud.
Much of the early part of this recent event was a walk-through of EMC's own massively virtualized cloud structure and the massive financial and agility benefits that resulted. However, the entire public vs. private cloud argument showcases a huge risk that is tied to the lack of metrics in most organizations, which allow the IT professional to adequately showcase the cost of risks associated with security and reliability to justify the admitted higher expense of private cloud deployments. The fact that even a well-regarded advisor like Gartner can get it wrong and not consider the risks associated with critical products like email, which folks often take for granted until there is a major breach and Anonymous or WikLeaks puts your dirty laundry on the Web, speaks volumes.
I'll leave you with what has become my favorite story and it was told at CIO 100: Apparently, two engineers at a pharmaceutical company had to complete a critical project quickly and bid it out to IT. IT came back with a massive cost and a timeline in months. The engineers instead used their credit cards to use cloud services and completed the project in a few weeks and won an award for cost savings. The day after winning the award, both were terminated for violating the firm's security policy as the project, which was ultra-secret, hadn't been adequately secured.
The cloud represents a massive opportunity to save money; it also represents an even more massive risk. Balancing the two properly will likely define the successful IT professional, and public cloud services, as of yet, aren't secure enough for most sensitive projects.