I often read or hear sweeping generalisations about cloud computing. But if it were that simple surely we’d all be doing the same things with it? Cloud is actually a lot more interesting, and provides many more opportunities for innovation, than the stereotypes suggest.
The basic idea of cloud computing is to combine computing resources – be that networks, servers, storage or applications – in a shared pool, with ‘tenants’ renting as much or as little as they need, without having to go to the provider every time their requirements change. Pools may be shared within a single organisation (private cloud) or available to everyone on the internet (public cloud).
So far, so good, but things start getting a bit more complicated when it comes to services, which can be anything from an operating system to an application: your “cloud” may look like an operating system command line, mine a complete collaboration environment. That variety creates many opportunities for using cloud services that the simple stereotypes hide.
I want to challenge some of the myths about cloud, and help organisations understand whether cloud or an in-house service is likely to be the best model for them.
Building a cloud involves serious bulk-buying. Commercial cloud providers buy computers by the container-full and electricity by the power station, so their systems may indeed cost less through economies of scale. Managing them can be cheaper too. With all the computers in a cloud having identical configurations, many tasks can be automated. And if you need capacity only during specific points of the year, such as clearing, then renting from a cloud may be cheaper than buying as you’re not having to pay for the tech when it’s not being used.
It’s easy to spend more though: anything other than the standard service, such as access to activity logs or the ability to extract data, is likely to attract an additional charge; pay-as-you-go bill-shock isn’t just about holiday phone calls!
Consider also that whether a service is in-house or in the cloud you still need to connect it to local systems and support its users, which may be more complex for a remote service that you don’t fully control.
The conclusion… cloud may be cheaper for standard or intermittently-used services, while in-house can be more cost effective for specialised operations.
Concerns about security originally arose from public clouds that allowed different users to use the same equipment. Fortunately keeping customers’ information separate is vital to modern cloud providers’ reputations and their technologies and processes are designed to do it well.
Indeed, clouds can have significant security benefits. Digital precautions, such as security updates provided by operating system and software vendors, can be applied faster and more efficiently across a cloud built of multiple identical machines, while dedicated data centres can afford excellent physical security and very restricted human access, meaning there’s less risk of machines being infected or tampered with.
More recently Snowden’s revelations have raised concerns about government access to cloud data but in fact many of the same legal and technical powers that would enable this could be used against a university’s own data centres, too. If governments – rather than criminals, competitors or students – are the biggest threat to your information then maybe it shouldn’t be on the Internet at all?
Whether cloud or in-house better delivers your security requirements depends largely on the kinds of attack you need to defend against. If you are most concerned about burglars or hackers then a cloud will give you state-of-the-art protection. If you need to know precisely what security measures are being taken, or only need to access information from specific physical locations, then in-house can provide that control.
Just like in-house services, the level of reliability that cloud providers offer their users is a conscious design choice, not an inherent feature. It turns out that cloud services have outages, too, and they often look surprisingly similar to our in-house ones. If reliability is particularly important then include it in your specification to the provider, don’t just assume it.
When a cloud-based service fails a couple of things are different to an in-house failure. You’re reliant on the provider to fix it – no matter how urgent it is, you can’t rush engineers to the data centre to help – and you may not be able to tell users either exactly what the problem is or when their service will be restored. Also, you can’t restore a cloud service just for internal users, as may be possible for some local failures.
Both in-house and cloud systems can be designed for reliability, but you need to decide what that means for a particular system, what you need if it fails, and what balance of resources and money you are willing to spend to get it.
Cloud or not to cloud
Fortunately real cloud services are much more varied than the stereotypes suggest. Looking a bit deeper often reveals unexpected situations where clouds are appropriate, unexpected situations where they aren’t and lots of opportunities for innovation.
As part of the team at Jisc I have been working with some of the leading cloud providers to help them match their services to common requirements of UK education organisations in terms of compliance, charging models and connectivity, among other issues.
If you want advice on services to meet your needs do get in touch with our cloud services team [Service@ja.net], or take a look at our cloud page.
Andrew Cormack is Chief Regulatory Adviser at Jisc Technologies