Computing research: Cloud first, cloud only or cloud never?
Computing's latest research takes an in-depth look at the cloud strategies driving UK organisations
How popular is a cloud first strategy, what are the advantages that are enticing companies to move services out of house, and what are the hurdles still holding them back? These questions were addressed by Computing’s latest research into cloud and data centre infrastructure, which comprised an online poll, focus groups and a series of in-depth interviews among experienced IT decision makers across a range of sectors.
The hype has been with us seemingly forever, but in the past couple of years cloud has emerged a genuine contender when companies consider the most economic, forward-looking and flexible way to run their IT, so much so, in fact, that the long-term future of many in-house data centres has to be in serious doubt in the face the muscle-flexing marketing might of behemoths like Amazon and Microsoft.
In the case of cloud the direction of travel is clear: three quarters of those surveyed in our quantitative survey expect their use of cloud services to increase over the next 12 months (figure 1).
The growing significance of cloud was also reflected in the number of people saying they expect external hosting or cloud services to be the mainstay of their IT systems. Thirty-two per cent predict this will be the case in two years’ time, compared with a figure of 10 per cent today (figure 2).
The number of organisations saying that cloud will be their main area of IT spend is also increasing, from 22 per cent when we asked that question last year to 29 per cent now.
Of course, future projections of this kind are prone to various types of cognitive bias and we would not expect these numbers to be particularly precise, but they do show that cloud has now firmly entered the mainstream.
Even a couple of years ago cloud was still the emperor’s new clothes, client-server and utility computing repackaged in unconvincing new garb. But while the technological fundamentals remain the same, the meteoric rate of growth in use of cloud services (Microsoft and Amazon have recently reported near triple-digit percentage revenue increases year on year) and the services that depend on it (e.g. mobility, web-based services) mean that, strategically speaking, cloud really must be considered as a break with the past, not just by internet start-ups, but by more traditional businesses and the public sector too.
It’s been some time coming, but the cloud first strategy – deploying new services and applications in the cloud unless there is good reason not to – has arrived.
When we talk about cloud first, the cloud generally referred to is the public variety: shared infrastructure, where your data and applications are huddled together in virtualised bubbles alongside those of other organisations, sharing the same hardware – but hopefully nothing else.
Worries about the security of such a communal setup have long been a sticking point for cloud services. How can you be sure who has the encryption keys to your data or where it’s being replicated to? But such fears are slowly subsiding.
“I have a lot more confidence in Amazon and Microsoft keeping my data safe than I would in 99.9 per cent of operations staff in normal companies,” the development lead in a media organisation told us.
Of course data security is a complex, multifaceted issue and a tiered or hybrid approach to where it is hosted is the result in many organisations, with the most sensitive data kept within the organisation. Sometimes this is just a matter of being seen to be doing the right thing.
“Servers in data centres on premise have more of a mature security wall around them? That’s a bit of a myth,” said an IT architect in utilities. “But if we go with that, then we will move data in transit workloads to the cloud and leave the data at rest workloads in our data centre because we need that burden of truth that it is secure enough.”
So, concerns about the security of the multi-tenanted cloud remain, particularly in highly regulated industries where the repercussions of a breach can be most damaging, and this issue is still the main hurdle to cloud adoption (figure 3).
The second item in figure 3, price, is an interesting one. In the early days of cloud, promises were made that as well as delivering accounting advantages by moving costs from capex to opex, shifting to cloud would actually save money. Subsequently such claims were quietly withdrawn, but the cutthroat price war in which the largest public cloud vendors are engaged means that – in some cases at least – cloud really can be cheaper. There are some important caveats, though, and despite the advent of published per hour / per server pricing this area remains a minefield, according to our respondents.
“Moving to cloud and a pay-as-you-go model actually increases our running costs,” said a head of IT in local government.
A head of IT in healthcare, meanwhile, maintained that prices can be lower so long as you manage operations carefully.
“It’s easier, it’s more flexible, it’s certainly agile. I find the costs are way lower within the cloud than they were either as managed services or doing it myself. But there is a tendency – certainly Amazon are worse than Microsoft – for a sort of Ryanair pricing of services, so there’s a price for moving a bit from here to here and there’s a price for moving it back again …”
The importance of looking beyond the basic list price was emphasised by another interviewee.
“If you go to Microsoft’s Azure site you can see that when you go to an eight-core machine [the price] absolutely rockets,” said a global programme director in the leisure industry. “If you have a lot of applications that require a lot of power to run, what’s important is the price cut-off point.”
“It’s a bit like your gas bill,” added the head of IT in a museum. “You’re vaguely aware how much it costs but you’re not totally aware of how much you’re using, nor can you calculate it. Microsoft’s back-up regime does a block back-up so even when you delete data, your back-up size increases because it stores all the changes that those deletions have made. So the back-up size is going up and up and up and it’s impossible to see – and it’s charged to the total storage so it’s very hard to calculate.”
Cloud first?
At what point do the pros of flexibility, agility, scalability and pay-as-you-go outweigh the cons around security, control and regulation? In other words, where does a cloud first strategy make sense?
Test and dev is an obvious example, with developers able to spin up servers as they need them. As a result software development can be far more agile.
“One of our administrators proactively wrote a script in Amazon to close down our sandbox environment overnight when it wasn’t being used and turn it back on in the morning, that took him 30 minutes to write and it’s saving us £24,000 a year…” said an IT architect in a utilities firm.
Cloud first may also be appropriate for new applications, for projects that do not depend on legacy hardware, or where latency is not an overwhelming concern. Cloud is useful where the required skills are lacking in house, and may also be a sensible strategy when the time comes for a hardware refresh. Does it make sense to replace those servers or that SAN, or should you first look at how workloads can be moved to cloud?
The UK government's policy around G-cloud is to encourage a cloud first approach by public sector bodies, in an attempt to avoid the expensive, long-term monolithic contracts that have gone badly wrong in the past.
“It’s a tricky one for our organisation because we have so much storage capacity. Certainly for public-facing web services we stick them in the cloud first because we don’t need to worry about availability. For our other systems we use cloud as back-up,” said the museum head of IT.
Twenty per cent of respondents said that cloud first describes their current strategy best, with that number expected to double in three years’ time. Even financial organisations may adopt a cloud first strategy, offloading non-sensitive data archives, for example, where regulations allow.
“In financial services it’s still a bit ‘dipping your toe in the water’,” said the head of IT services in a finance firm, who described his overall strategy as a hybrid approach.
“As legacy contracts come to an end, it’s making that decision whether to move services to the cloud… we are more partial cloud – from a security and data protection perspective we still need to maintain ownership, but we use cloud for specific cases or SaaS.”
Others, however, urged caution in putting too much business-critical infrastructure at the mercy of the cloud and connectivity providers.
“We may rethink our cloud first option after BT’s debacle [a major UK outage in July]. We couldn’t get access to some of our services. Some of the services we put out in the cloud because we wanted the resilience, but we lost Sunday night…” said the head of IT in healthcare.
Such considerations pobably account in part, for the low numbers pursuing a cloud only strategy (figure 4), proving once again that there’s life in the data centre yet.
@_JohnLeonard
Download the Computing Cloud & Infrastructure Review 2016 for more on the state of the UK cloud and data centre markets