“One of the basic rules of the universe is that nothing is perfect. Perfection simply doesn’t exist…. Without imperfection, neither you nor I would exist.” – Stephen Hawking.
You’re here for a reason – 1) you’ve been engaged with our previous posts on Exploring Cloud and are keen to learn more to aid your cloud journey; or 2) you thought we may have been discussing theoretical physics and Stephen Hawking (rest in peace). We’ll assume #1, but for those behind door number two… an interesting historical fact.
“Before ALS and his ample scientific offerings, Stephen Hawking was a university student who did his fair share of cutting up. Seen above holding the white handkerchief, Hawking joined the Oxford University boat club where he served as a rather daring coxswain whose strategies would result in a number of damaged boats.” Source.
Nothing is perfect, and that certainly holds true of private and public cloud, and hybrid for that matter. Each cloud model has its own advantages and disadvantages, and in the process of your cloud journey, it’s the weighing of these pros and cons that must play a pivotal role in architecting your service delivery.
First, if we may, let’s expand on an already famous quote… “Tis impossible to be sure of anything but death and taxes” to add “and cloud costs”. A factor common across all models – private, public, and hybrid – is cost, and its analysis of being an advantage or disadvantage is in the eye of the beholder.
Private cloud creates a dent in capital expense as businesses are required to invest in the technology necessary to support current and, ideally, future considerations – servers, storage, etc. Unfortunately, determining what will be required in the future is ultimately guess work (capacity planning is capacity guessing – there are just far too many variables beyond your control), which could lead to an undersized or oversized environment. However, if done properly and with minimal variability, the capital expense dissipates over time with only minor costs incurred to maintain the infrastructure.
On the other hand, public cloud shifts spending to operational expenditures, significantly lessening the impact on organizational coffers, by allowing businesses to pay only for what they use. Yet, the very nature of the public cloud billing model and ease of deployment introduces risks to the business of infrastructure sprawl and runaway costs; therefore, it’s important to understand how your public cloud provider’s billing models work, including what is and is not a billable service and how said services are billed. And, remember, just because a service is “off” in the public cloud does not mean you’re not incurring charges (coming from firsthand experience).
Costs are therefore capital or operational heavy.
Another subjective topic is security, one which will continue to harness headlines for years to come, be of constant debate in cloud journeys and continue its nuances throughout IT, care of government regulations (thank GDPR for all those fantastic compliance e-mails as of late).
If we look at the security of private cloud, it’s based a good deal on the fallible perception of being secure due to it being confined in four known walls. The capability to feel, see, and smell the infrastructure leads to a belief of security. Nothing is further from the truth. This often creates complacency around security measures during implementation to protect infrastructure beyond just physical constraints by placing an inherent trust on the perimeter. Further, the strict requirements around compliance and the less glamourous tasks of infrastructure maintenance rests entirely on your shoulders. Toss in the costs associated with security, including people, processes and technology, and one can be left with a recipe for disaster.
Moving towards public cloud also has a general perception that data accessibility is open for the masses. Granted, data locality remains an important consideration and most, if not all, cloud providers understand and account for this (i.e. storage repositories within many geos); however, turning a blind eye to public cloud on the merits of security and data accessibility alone is misguided.
Think through what’s known as the CIA triad – confidentiality, integrity, and availability – as you consider your cloud journey. It’s important for data to remain confidential (for your eyes only); for data integrity to exist (trustworthy content); and, importantly, for data to remain available. However, if data is not available, what’s the value of confidentiality and integrity? If data is unreachable or unusable, it’s useless. The availability of data should be your primary focus (this logic holds true for both structured and unstructured data). Public cloud eliminates the need for one to consider the rigorous and endless lifecycle management of private cloud infrastructure, not to mention “n+1” availability. Ergo, remember, security is not just about someone or something eavesdropping on your data flows or peering into your data files, it’s also about your ability to maintain the availability of that data.
Is that all there is to security? Heck, no… more on that next week.
 Christopher Bullock, The Cobler of Preston, 1716