Cloud Computing: Not a Silver Bullet

Chris Tomlinson June 2015

Cloud Computing: Not a Silver Bullet by Chris Tomlinson

Introduction
Cloud technology is touted as the solution for virtually all businesses. It promises faster, cheaper, better results with less internal infrastructure and a reduced workload on IT professionals. While the technology certainly has immense promise, the real story might not be so rosy. In fact, according to CIO.com and Formtek Inc., most cloud computing initiatives result in failure. A lack of understanding concerning key areas from pricing to service contracts, scalability and managing resources derails these projects. It doesn’t have to be that way, though.
A report produced by VMWare sums up the situation nicely. “The promise of the cloud remains tantalizingly out of reach, and in its place are technical headaches, pricing challenges and unexpectedly high operational costs… Respondents reported staggering failure rates across IaaS (Infrastructure as a Service) implementations and identified the support and functionality needed to overcome top challenges.”
That should be an eye-opener for any IT manager, CEO or business owner considering the cloud as a solution for business needs. Formtek went further in determining the rate of cloud implementation failure. According to their report:
Failure rates of Iaas projects by platform
Those numbers beg the question what leads to such significant failure percentages across all cloud platforms. Again, Formtek lays the groundwork for us. Several key areas create sometimes-insurmountable hurdles to cloud rollout, adoption, integration and use.
Hurdles or cloud adoption, roll-out and use
However, failure doesn’t need to be the rule when it comes to cloud implementation. Awareness of the difficulties associated with this technology can change the outcome of your own implementations, so long as the right stance is taken prior to project inception.

Implementation Complexity

Speaking at the Westminster eForum seminar on September 4, 2014, Ovum’s chief analyst, Gary Barnett, told attendees, “I am a huge fan of cloud, but cloud is not magic. I know of instances where cloud can be more complicated, more costly and less secure.”
Too many business owners and decision makers view moving to the cloud as some sort of silver bullet that will cure all ills. Sadly, that is not the case, because cloud applications simply overlay existing legacy infrastructure. You’re not eliminating legacy components. You’re simply adding another layer to IT and increasing complexity. Barnett used an example of a business that switched to using the cloud for their customer relationship management program.
The move was supposed to build better efficiency and provide greater functionality and benefits, but in reality, it simply made the company’s sales people’s lives that much harder. Why? Simply put, the company merely dumped its CRM data into the cloud, without cleaning, pruning or improving it. Bad data is bad data, whether it’s in the cloud or your own servers.
Then there’s the issue of companies attempting to rely on their own in-house IT staff to create an end-to-end cloud implementation plan. While IT professionals certainly have the knowledge, experience and expertise to deal with legacy systems and some aspects of cloud implementation, the scope of these initiatives is simply too much.
“Cloud implementations have hundreds of moving parts,” writes CIO contributor, Jeff Fleece. “Planning has to take into consideration all of those parts: all the interdependencies have to be mapped, the timing for each part of the migration has to be perfect to avoid business interruptions, the applications have to be made cloud-ready and more.”
In addition to those hurdles, there’s also the fact that cloud implementation methodology must be in place, and crucial junctures require not just an overarching plan, but contingency plans in case things go sideways. Imagine doing all this, and doing it correctly, when you’ve never done it before. This is the situation facing IT departments, and it makes it imperative that businesses team with third parties with the experience necessary to successfully complete cloud implementations.
Perhaps the single biggest problem here is perceiving the cloud as somehow different from IT. Too many companies think of it as “other” or “separate”. However, if you remove the “cloud” portion of cloud technology, you’re left with just “technology”, which is something your business (and IT department) deals with on a daily basis.
Finally, there’s the possibility that you’re implementing the wrong type of cloud technology. There are multiple platforms available, from SaaS to PaaS and IaaS, and they’re not the same thing. We will examine these platforms later. Ensure that you’re considering the right approach to solving your business’ needs, and not simply going along with the advice of a vendor.
In the end, the cloud is no different from anything else your business undertakes. Successful implementation requires the right roles and responsibilities defined ahead of time.

Pricing and Costs

Cloud pricing sounds so reasonable, all packaged up in usage tiers, bandwidth, user numbers and the like. However, the reality is different. It can be enormously expensive – far more expensive than legacy systems in many cases. The key is to manage those costs correctly by implementing strong leadership, and clearly defined abilities and capabilities.
For instance, if your firm is adopting IaaS to provide your developers with the ability to buy instances whenever necessary, you might be shocked by the end cost (a real life example: a company did just this, expecting to see costs of around $2,000; imagine their surprise when they were billed $15,000 by AWS).
Really, this boils down to the concept of “just because you can doesn’t mean you should”. Providing staff with the means to achieve a goal on their own that once required approval will almost always lead to problems. Give someone the means to get whatever they want, whenever they want it, and they’ll take you up on the offer, creating massive costs in the process.
Certainly, cloud technology can provide significant benefits to companies large and small. The base costs are low, providing savings over legacy technology, enhancing efficiency, and creating better productivity. However, the tradeoff is that increased costs are incurred when there is a lack of coordination, training, governance and awareness.

Cloud technology is not a short-term fix for cash problems.

It’s a long-term strategy requiring the right implementation and execution in order to realize projected savings.
This was echoed by the CIO of the Bank of England. John Finch warned attendees at the Cloud World Forum in 2014 to be wary of financial promises made by cloud vendors. “Do not let the bean counters determine your cloud strategy,” he said. “Cloud can deliver good value and I know of many use cases where cloud has been a real enabler. It genuinely offers the opportunity to burst capabilities, expand and contract, and it can remove the need to build long and complex infrastructures. But if vendors talk to you about the financial upside of the cloud, talk to someone else.”
Really, Finch’s point was that any move to the cloud should be for reasons other than financial savings (because those savings often aren’t what you’re expecting). The primary reasons for moving to the cloud should include infrastructure benefits, better scalability and greater agility within the business.
In terms of cost and pricing, Finch provided some important advice that applies to all businesses, large and small. “Understand what’s in the contract,” he said. “Cloud can give you low cost of entry, but will the contract allow you to continue to grow at low costs? Will it allow you to get out when you want out?”

Virtualization and Consolidation

For many businesses, the move to the cloud is part of a virtualization and consolidation plan. When properly implemented, businesses can take even very large data centers and put them on the cloud, reducing or even eliminating the need for servers, software and staff. However, this doesn’t always go to plan.
David Hobson from Oracle states that, “Cloud is not a panacea”. Virtualization and consolidation can backfire if there is no clear strategy and over-provisioning occurs. One CIO of a large UK enterprise admitted that his 18-month consolidation program resulted in less than expected productivity and no benefits to his infrastructure.
The company started with an expected 700 servers, but discovered they actually had 1,100. By the end of the project, they had 1,300 physical servers and 2,000 virtual servers. There was no strategy in place, no governance throughout the project, and the result actually increased the company’s costs.

Understanding Contracts

Cloud service contracts are often difficult to understand. There’s a reason for this. They differ significantly from outsourcing contracts. With conventional outsourcing contracts, the goal is to hold you and the outsource provider to a strict set of guidelines. With cloud contracts, the situation is the opposite. They’re designed to foster growth and allow expansion and evolution over time. They provide options, rather than set limits.
However, not all contracts are structured in this way. To use John Finch from the Bank of England’s example, make sure that your contract clearly explains pricing both now and in the future when your needs have expanded. Will the same low rate still apply during service or functionality expansions? What about contract duration or penalties for early cancellation? Another important point concerning contracts is where your data will actually be located.
To understand this, we need to burst one of the many bubbles concerning the cloud. Your data doesn’t exist out there in the ether. It’s not floating around in the air. It’s in a data center, or possibly several data centers. Where is your provider’s data center located? This is vital because if it’s located in another country, then that nation’s laws regarding third-party data will apply, and you could find yourself in hot water.
In order to really understand and leverage cloud contracts, you will need to develop a relationship of trust with your vendor. You’ll need to lean on them for guidance and workload prioritization. This can be a difficult thing for many to accept. After all, won’t the vendor simply try to sell you more? That seems to contradict the cost savings that cloud technology offers.
You’ll need to change your thinking. The right vendor is the most important part of the relationship, and you really can’t expect giants like Amazon or Microsoft (or even Rackspace or VMWare for that matter) to provide the guidance and help needed. Rather, you need a neutral third party, one that is not motivated by potential profits created by selling additional services or functionality.

Security

Moving to the cloud means greater security risks for business and consumer data. Witness the huge number of companies making headlines in the last few years for massive data breaches, which have compromised the financial and personal information of millions of people. Cloud technology CAN be secure, but it requires active planning, training of staff and providing the right policies and procedures. It’s more about changing the culture of a business than it is about having the right technology in place.
Human error is the single largest threat businesses face when moving to the cloud. No longer is data locked up in individual desktops or in mainframes connected to the business alone. The cloud isn’t IN your business; your staff accesses data offsite. To do this, they require a username and a password. Password strength is one of the single weakest factors in any business’ cloud initiative.
Easy passwords can be cracked in less than a second. Even complex passwords can be breached given enough time. Two-factor authentication is a wise choice, but it is not offered by all cloud technology providers. In the end, it really boils down to providing your staff with the training and education necessary to create strong, robust passwords and then changing them on a regular basis.
However, there is also the question of platform and data security to be answered.
In most instances, security will be shared between your firm and the cloud provider. This is beneficial because you do not lose control of your own data, but it requires upfront planning. Before signing on the dotted line with any cloud provider, determine who is responsible for what so there are no breaches in the future. It’s also essential that your business makes the effort to secure data – randomization after each access and solid encryption are both vital. Does your potential cloud partner do this? If not, is there a way for your business to achieve it on your end?

Resource Management Learning Curve

In an in-house IT environment, resource management is relatively well understood. However, when it comes to cloud technology, that’s untrue. Dan Marinescu, writing for TechNet Magazine, sums it up well: “Resource management for an inherently complex system such as cloud computing requires different ways of measuring and allocating resources.”
Add to that the fact that many cloud platforms charge on a resource-usage basis, which is billed as a benefit and things can become very complicated, very quickly, particularly if your users (staff) are not trained and educated on the need for resource management. If you run your business the same on the cloud as you did with an in-house system, you’ll see your costs skyrocket simply because so many resources are being utilized.
Let’s look at a very basic example. Suppose you were using the cloud primarily for document sharing and storage. There are dozens of software suites out there designed to allow small and medium businesses to do this, from Box to Dropbox, Google Drive and more. Many of these are free to use below a certain usage point. After that, costs ramp up.
Part of your due diligence prior to signing on with any cloud provider is determining what your needs are now, and how they will change in the near future. Long term planning is also important, but near-term usage is the more essential variable.
To go back to our file sharing and storage example, you sign on with a cloud provider for a basic plan because it offers ample virtual storage space for a reasonable rate. It rolls out perfectly (which isn’t the norm, so be prepared for holdups). However, once in place, you quickly find that you’re outgrowing your solution. Why is this? Where did you fail in your implementation?
Actually, the failure wasn’t in the rollout of the cloud platform, but most likely in the lack of training and education for your staff. Even with something as basic as cloud storage, there’s the temptation to put EVERYTHING into the cloud, whether it’s really necessary or not. The more files you add, the more storage you need for the future, because your current allotment is eaten up with existing documents.
This is compounded by larger files. Suppose you’re not storing just Word documents and Excel files, but photos, infographics, Photoshop files and the like. These can quickly eat into the space you’re allotted. Once you reach the limit of your given storage space, no new files can be added. You’ll need to remove old files or purchase more space. The temptation is to purchase more space – it’s faster and easier, certainly. However, your costs will quickly escalate, eventually eliminating any savings.
This is a very basic example of the incorrect management of just one resource: storage space. There are many more resources, some of them incredibly complex. For instance, workload balancing and prioritization is a good example. Another is energy usage optimization.
To quote Marinescu once more, “A cloud computing infrastructure is a complex system with a large number of shared resources. These are subject to unpredictable requests and can be affected by external events beyond your control. Cloud resource management requires complex policies and decisions for multi-objective optimization. It is extremely challenging because of the complexity of the system, which makes it impossible to have accurate global state information. It is also subject to incessant and unpredictable interactions with the environment.”

Factors Complicating Resource Management

There is no single rule that can be applied to resource management in the cloud, simply because there are so many different factors that affect not only how you’ll manage your resources, but what resources you have available. A great deal will depend on the type of cloud deployment model in question, as well as the service model used. The National Institute of Standards and Technology classifies deployment and service models in specific ways, as found below
Deployment Models:
Hybrid Cloud: Rapidly became the most popular option available for medium and large businesses. Hybrid cloud infrastructure combines the features and capabilities of two or more other deployment models that builds on those aspects and provides “data and application portability.”
Private Cloud: Once the most widespread deployment model, private cloud platforms have become less popular with the rise of public and hybrid platforms. In this instance, the cloud’s infrastructure is accessible by only a single organization. It may exist on the company’s premises or be located offsite, and it may be managed by in-house staff or a third party.
Public Cloud: The least secure yet most popular type of deployment model, public cloud is accessible by anyone, and can be managed, operated and owned by businesses, government agencies and numerous others. The Internet is perhaps the most obvious example of a public cloud system in operation.
Community Cloud: A community cloud platform blends public and private platforms, providing access to resources and utility for a specific group of individuals, which may or may not be part of a single organization or business.
Service Model:
More important than deployment model (at least in terms of resource management) is the service model in question. Some service models require no in-house resource management at all, but others require considerable amounts of time and effort.
SaaS (Software as a Service): One of the fastest growing cloud segments, SaaS delivers functionality, utility and access from remote devices all without the need for a business to manage much of anything. These may be accessed via a web browser, through a desktop or smartphone app, or in another way. The user has no control over the infrastructure.
The goal here is to deliver software in a way that differs from traditional installation on a desktop. A good example is Microsoft Office 365 or Adobe Creative Cloud, both of which provide users with full program functionality without the need to install, maintain and update the software. Of course, it goes well beyond those two examples – SaaS providers can be found in virtually every industry, from travel to accounting.
PaaS (Platform as a Service): Platform as a Service options are less visible than Software as a Service solutions, but they’re no less prevalent. These provide computing platforms that can include an operating system, an execution environment for programing languages, web servers and more.
Microsoft Azure is a good example of this, but there are numerous others, including Amazon Elastic Beanstalk and Engine Yard. PaaS models provide businesses with an independently maintained platform useful for building and deploying web applications.
IaaS (Infrastructure as a Service): IaaS is the most comprehensive of the three service models, and brings with it everything necessary for a business, including storage, processing capabilities, networks and more. While you do not manage the underlying cloud infrastructure, you do control deployed applications, networking components like firewalls, storage, operating systems and more. As such, these are the most difficult to manage in terms of resources.

Downtime

Downtime – it’s a death knell for your business, but it’s an inherent part of cloud technology. When your service provider is unable to deliver, part of your business stops functioning. This could cause problems for your staff and possibly your customers if you have consumer-facing applications or services supported by the cloud platform.
Providers make big claims when it comes to downtime, very similar to what you’ll find in the world of web hosting. Claims of 99% uptime can sway you in one direction or another when it comes to choosing a platform provider, but are those claims the truth? Many business owners and decision makers find that they’re more than a little misleading and greatly affect continuity of services.
One of the most significant downtime events in recent years occurred in November 2014, when Microsoft Azure crashed, downing a significant number of clients. The issues ranged from websites to Xbox Live and even Microsoft Office 365 apps. In the end, the cause turned out to be that a critical update process wasn’t being followed. “Flighting”, as it’s called, is designed to rollout updates to the Azure cloud platform incrementally, with health checks conducted along the way. This didn’t happen, and the results were disastrous.
A similar event in 2011, due to lightning strikes in Ireland, sent both Amazon and Microsoft cloud platforms crashing. What does this mean for businesses? According to a report by ComputerWeekly out of the UK, nearly 81% of businesses are either already running business-critical applications in the cloud or plan to in the near future. However, fears over downtime may make some of those companies rethink their strategy.
In terms of choosing a cloud provider, downtime should be one of the most significant metrics for your business. Obviously, if the cloud is down, then you will not have access to data, applications or anything else stored there. This can be critical for businesses, particularly if the outage is more than transitory. Peering behind the uptime guarantees of cloud technology providers is vital.
Which companies have the best and worst downtime out there? Interestingly, Microsoft leads the pack in terms of global downtime, with an estimated 54 hours of downtime and 241 outages in 2014 (the most recent year for which statistics are available). Amazon comes in second with 35 outages and just under 5 hours of downtime.
Google was amongst the best with less than 15 minutes in downtime globally. IBM’s numbers were similar. Rackspace clocked in with just under 8 hours, and Joynet experienced less than 3 hours of downtime. In comparison, Digital Ocean experienced 16 hours of downtime, while CenturyLink was out for 26 hours.
Note that these numbers are global – they vary considerably by region.
What should businesses do to combat these statistics and prevent outages from derailing their operations? Experts point out that following best practices can minimize the impact of downtime. Test the system for fault tolerance frequently, don’t host workloads in a single place, and ensure that you have tools available to transfer traffic from down servers to operational ones.

Scalability

One of the most significant advantages of cloud technology for businesses (both large and small) is its perceived ease of scaling. Scalability has many different implications in this realm, ranging from starting with only the services you need and then adding others as your needs change, to scaling on the fly in terms of resource availability.
Where most businesses encounter hurdles is in the area of scaling up over time. This relates directly back to the advice given in the section on contracts, too. Let’s say you start out small, with only the core functions and benefits you absolutely must have. As your business grows, your needs change and you find that you must scale up. You turn to your cloud provider, only to find that things aren’t as simple as promised.
The most common issue here is cost – scaling up often comes at a premium above the rates offered during your introductory period. Make sure your contract spells out what rates you’ll be paying not just initially, but when you need to scale up.
Another issue concerns scaling down. What happens if you find that you no longer need particular services or functionality? Your vendor might have promised no hassles, but the reality is that you could be hit with fees and charges for scaling down. Again, this comes back to due diligence where the contract is concerned.

Worst Practices

There’s a great deal of talk about best practices with cloud technology, but we also need to address “worst” practices. CIO and IT architect Mike Kavis identifies nine key worst practices in his book Architecting the Cloud: Design Decisions for Cloud Computing Service Models, and we’ll discuss some of the most important of his points below.
Solely for the Costs: Kavis echoes other thought leaders when he urges business decision makers to avoid moving to the cloud solely for the perceived cost benefits. He says that, “The reality is usually the complete opposite.” If you’re considering moving applications to the cloud to cut costs, it might be worthwhile to consider a managed hosting provider instead.
Lack of Understanding on Security: Again, the specter of cloud security raises its ugly head. If you go in without a full understanding of cloud security requirements, the results could be devastating.
Not Bringing in the Right Skills: The right hands at the wheel will ensure success, but too many businesses fail to understand the importance of leadership, planning and expertise. Those responsible for implementing a cloud computing initiative should have, “broad knowledge of networking, security, distributed computing, SOAs (Service Orientated Architectures) and much more,” Kavis adds.

Not Preparing for Unexpected Costs The subscription plans on which cloud platforms are based can be very tempting. When you add up the monthly cost, it often comes out much less than what you’re currently paying for IT through capital expenses. The problem here is that “the most expensive part of cloud computing has nothing to do with the cloud,” according to Kavis. In fact, it’s the process of building software for the cloud that so often derails budgets. Prepare for unexpected costs, and realize that your initial perception of lower overall costs is likely skewed.

Choosing the Wrong Vendor: We’ve covered the importance of the right vendor, but Kavis brings additional insight. “Understand the differences between three cloud service models (SaaS, PaaS and IaaS), and know what business cases are best suited for each service model. Loyalty to a current or preferred vendor could create holdups, inefficiencies and even leave you with a cloud solution that doesn’t do what you need.
Too Much, Too Soon: It’s all too easy to leap into the cloud and assume that everything’s going to be fine. That’s rarely the truth. Kavis points out that the success of cloud based companies has created an illusion that any company can follow the same path. He says, “Cloud should start as smaller deliverables that deliver business value sooner, in smaller increments.”

Summary

The key thing for business owners and IT professionals to remember when it comes to cloud computing initiatives is the definition developed by the National Institute of Standards and Technology. According to the NIST, cloud computing is defined as, “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
A broad range of areas must be clearly defined and well understood in order for a cloud initiative to be successful. Cloud pricing must be understood and broadly demarcated in terms of not only what services and solutions are delivered by a service provider, but ongoing and per-instance costs. Cloud service contracts must be closely scrutinized and understood in order to avoid costly overruns, paying for unneeded services and costly add-ons that should have been included in the beginning. Of course, jumping into the cloud just because “that’s what everyone is doing”, without a clear, compelling reason that is not solely related to cost savings, is also a bad idea.
The uptime/downtime issue must also be understood – 99% uptime guarantees do not translate to “constantly available”. Downtime comes in many forms, and all will affect an organization’s ability to access data and services. All organizations must take the required steps to learn how to manage cloud resources by taking advantage of not only available literature and guidance documents, but by leveraging the expertise offered by other cloud technology professionals. The realization that many businesses simply cannot “go it alone” is one that too many arrive at late in the game.
Pay close attention to security concerns, and ensure that there is both an overarching plan for cloud security and training and education initiatives in place for staff. The right people in the right positions will also help to mitigate your risk here.
Finally, everyone involved in the cloud initiative must realize that scalability, while an essential consideration, it not always as simple as service providers and vendors promise. While certainly possible, scalability requires the right hands at the wheel, a solid understanding of what’s needed at all times during the project’s lifecycle, and how various pieces of the overall offering work together to ensure that scaling up or down does not negatively affect the organization’s ability to leverage cloud computing in the first place.
In the end, the cloud must be thought of as any other new technology architecture, as CIO urges. The cloud isn’t a magic pill. It’s not a silver bullet. It will not automatically revolutionize your business. However, with the right understanding, the right people in place behind the wheel and knowledge of the core areas discussed previously, it can be a highly beneficial, valuable asset that encourages growth, delivers flexibility and drives success.
Sources:
http://www.cio.com/article/2910026/cloud-computing/why-cloud-computing-implementations-typically-fail.html
http://www.cio.com/article/2375736/cloud-computing/has-cloud-computing-been-a-failed-revolution.html
http://www.computerweekly.com/news/2240228157/Busting-cloud-myths-Four-user-instances-where-cloud-computing-failed
http://formtek.com/blog/cloud-computing-rampant-failure-of-cloud-implementation-projects/
http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
https://www.datapipe.com/blog/2015/04/15/cloud-misconceptions-hurting-implementation-efforts/
https://technet.microsoft.com/en-us/magazine/dn456533.aspx
http://www.networkworld.com/article/2866950/cloud-computing/which-cloud-providers-had-the-best-uptime-last-year.html
http://www.computerweekly.com/news/2240238379/Microsoft-Azure-had-more-downtime-than-main-cloud-rivals
http://www.forbes.com/sites/joemckendrick/2014/01/29/9-worst-practices-to-avoid-with-cloud-computing/