Navigating hybrid cloud decisions
Tue 21 Jun 2016
Gordon Haff, cloud strategy at Red Hat, looks at why it should not be a matter of private or public, but a matter of private AND public when it comes to cloud…
It’s widely recognized that the vast majority of organizations will take an approach to cloud infrastructure that involves some combination of on-premise/private resources and public clouds. However, that reality raises the question of when a given approach is best. And what “best” even means in the context of this decision. Osterman Research recently conducted a survey for Red Hat to get at how companies are choosing between private and public within a hybrid cloud infrastructure.
It’s likely a surprise to no one that the reasons survey respondents gave for choosing not to use a public cloud were mostly associated with protecting data; “safety of sensitive and protected data” topped the list at 56%. It’s worth noting though that the number 2 reason, “jurisdictional issues about where your data is stored” (55%) reveals a level of nuance regarding issues that often get lumped under public cloud “security” which we probably wouldn’t have seen even a couple of years ago. Other top of mind issues like “control over data, infrastructure, outages, etc.” and “visibility into hacking attempts” (both 52%) likewise reveal a degree of specificity around using or not using public cloud resources that would likely just have been part and parcel of a generalized unease in the past.
Control and visibility
These answers also suggest that concerns are more about control and visibility than they are about classic security issues such as unauthorized insider access, unpatched vulnerabilities, and misconfigured firewalls. But where the results get really interesting is when people were asked why they’d choose to use a public cloud. Some of the top reasons were what you’d expect. Total cost of ownership issues was a positive driver for 59%. Reliability/uptime at 62% was perhaps a bit more surprising, but the fact that it was way down the list as a negative driver at 26% provides strong evidence that–rare headlines about outages notwithstanding– there’s a general recognition that the big public cloud providers actually provide very reliable infrastructure.
What was a bit surprising was that many of those same issues around the control over and safety of data that many cited as negative drivers for using public clouds were also cited as positive drivers. 63% answered that “control over data, infrastructure, outages, etc.” was a positive driver, 62% said that “safety of sensitive and confidential data” was, and 60% cited “protection of sensitive and confidential data.” This suggests a growing appreciation that the operational rigor at large cloud providers can actually provide an IT team with more predictability and control than they can achieve in-house.
Osterman Research also asked a broader question about whether applications managed in a public cloud were more or less secure relative to those managed on premise. On the one hand, more than 44% came down on the side of applications being somewhat less or much less secure when run in a public cloud. However, the majority said that security was either about the same (40%) or better (15%). As Osterman Research wrote in their report: “While a substantial proportion of survey respondents believe the cloud is less secure, it is important to note that most leading cloud providers enjoy economies of scale, as well as a reputation to defend. This means they can afford robust physical and logical security capabilities more easily than most organizations that manage infrastructure on-premises.”
A major underlying factor in the decision-making process was whether the system managed highly confidential information or intellectual property
Survey respondents didn’t view choosing to use a private or a public cloud as a binary decision. Indeed, even a given application might be hosted internally or externally at different points in its application lifecycle. In general, the results suggested that: “Survey respondents were very happy to use the public Cloud for prototyping, development and pilot, but significantly less inclined to host an application in the public Cloud during the majority production phase. Indeed, the only thing when a significant number of respondents would never use a public cloud is in majority production.” For example, while 60% were comfortable using a public cloud for prototyping/development and 59% for pilots, only 33% were comfortable using one for “mass implementation.” (Only about 20% weren’t comfortable using a public cloud for any phase of an application’s lifecycle.)
Another notable difference that played into whether an application would be deployed on a public cloud was whether it was customer-facing or internal-facing. Osterman Research notes that: “Once a critical, customer-facing application had been thoroughly vetted and was fully operational, 38% of respondents told us they would deploy it in either a public or hybrid cloud, but for a critical, internal-facing application, only 22% would do so.”
They also concluded that a major underlying factor in this decision-making process was whether the system managed highly confidential information or intellectual property. For systems managing these things only 8% would prefer to use either a public or a hybrid cloud for their final deployment.
Weighing the costs
Cost models associated with using public and private clouds can also change over an application’s lifecycle. Osterman Research writes that “As a rough rule of thumb, a small-to- medium workload on a public cloud service will cost significantly less than the equivalent workload in an on-premises, private cloud that you own.” However, “as workloads grow, there typically comes a ‘crossover’ point, at which the TCO of private cloud is lower than public.” They give the example of Dropbox, which moved the bulk of its 500 petabytes of customer file storage from a public cloud to on-premise.
The overarching message of this research is that it’s not a matter of private or public cloud. It’s private and public cloud. Which means that it’s going to be increasingly important for IT organizations to systematically plan where their applications run and to avoid locking them into specific environments as their requirements change based on their lifecycle and their usage.