Increasingly, I view public clouds like any public amenity. Take, for example, the new complex built by my local council to provide leisure facilities to the general public. The council is responsible for the operation, up-keep and maintenance of the complex, and ultimately underwrites the risk attributed to operating these services. I don’t hold any responsibility or risk – I just turn up and enjoy! I pay only for what I use, and I’m happy to share the pool with other locals. There is a clear distinction between the provider (the council) and the consumer (me). This analogy can be applied to any public cloud, for example when Kainos subscribes to the Windows Azure platform.
But what about private clouds? The private cloud can be deployed in a number of ways, but here I define a private cloud as one where the consumer and provider are the same organisation. Amazon, for example, operated a private cloud up to 2003, when Amazon Web Services was launched. Until then Amazon was the only consumer of Amazon’s IT services.
A private cloud requires lots of investment in security, peripherals, infrastructure and applications software. This tends to limit the scalability of the private cloud, because more scale needs higher investment. And unlike the public cloud, the private organisation has the headache of maintenance, up-keep, management and evolution of its private cloud. More important, much of the flexibility inherent in cloud computing is lost. For example, if the organisation experiences unplanned growth, the private cloud may simply not be able to meet demand. This can often rekindle the old accusation of IT being an inhibitor to business.
If we used the same private approach for my use of leisure services, I would have had to invest up-front to build the complex, and I then would have had to incur the cost and risk of operating it! If I chose to provide this for myself only, I would get to spend as much time on the treadmill as I wanted and there would be no queuing for the swimming lanes. Unfortunately, I would also incur the massive overheads in providing leisure facilities…
So what does a private cloud give me that a public cloud doesn’t? Private clouds are seen as safe havens for sensitive data, particularly in the financial services and healthcare sectors. In fact, the case for operating a private cloud is often built on risk mitigation factors. Similarly, a combination of data location and data access to financial or medical records are risks which, rightly or wrongly, are perceived to be mitigated with a Private cloud model. Owning the cloud means that you can touch and feel all IT assets and have utmost certainty as to the location of data at rest and in transit.
This, of course, is similar to the traditional approach to IT delivery, and here lies the paradox: providing private clouds may empower organisations to consume scalable services on-demand but they also require organisations to assume the associated risks. And this approach is ultimately a replica of the traditional on-premises world – an approach that would seem to be rather self-defeating.