ZapFlash

Why You Really, Truly Don’t Want a Private Cloud

I had the pleasure of speaking at two quite different Cloud Computing conferences last week: Opal’s Business of Cloud Computing in Dallas and UBM’s CloudConnect in Bangalore. As the conference names and locations might suggest, the former was the more business-oriented while the latter was chock full of techies. What I didn’t expect, however, was that the business Cloud crowd had a more mature, advanced conception of Cloud than the technical audience. While the techies were still struggling with essential characteristics like elasticity, trying to free themselves from the vendor nonsense that drives such conferences, the business folks generally had a well-developed understanding of what Cloud is really all about, and as a result, focused their discussions on how best to leverage the approach to meet both tactical and strategic business goals.

Perhaps the most interesting contrast between the perspectives of these two audiences was their respective opinions about private Clouds. The techies at the Bangalore conference, having drunk too much of the vendor Kool-Aid, were generally of the opinion that public Clouds were too risky, and that their organizations should thus focus their efforts on the private deployment model. The Dallas business crowd, in contrast, generally held that the public approach was the way to go, with some folks even going so far as to claim that public Cloud was the only true approach to Cloud Computing.

This distinction is remarkable, and aligns with ZapThink’s thinking on this matter as well: the more you focus on the business benefits of Cloud, the more likely you’ll be leaning toward public over private deployment models. Furthermore, this mind shift isn’t all about security risks. We recently debunked the notion that public Clouds are inherently less secure than private ones, and many people at the Dallas conference agreed. But there’s more to this story. Once you work through the issues, you’ll likely come to the same conclusion: there’s generally little or no solid business reason to build a private Cloud.

The Problems with Private Clouds

The best way to understand the limitations of the private deployment model is to take the business perspective. What are the business benefits behind the move to the Cloud, and how can you achieve them?

  • Cloud will shift capital expense to operational expense – instead of having to invest in hardware and software, you can pay-as-you-go for what you need as an operational expense, and write it off your taxes right away. Except, of course, with private Clouds, where you have to build out the entire data center infrastructure yourself. If anything, private Clouds increase capital expenditures.
  • Cloud increases server utilization while dealing with spikes in demand – instead of setting up a data center full of servers that run idle most of the time on the off chance you need them to deal with the occasional Slashdot post or Justin Bieber tweet, the Cloud improves utilization while its elasticity deals with those annoying spikes. Except, of course, in private Clouds, unless your organization is so huge that multiple divisions look to your Cloud to handle many different spikes in demand, that you fervently hope arrive at different times. But what if that Kim Kardashian visit to your corporate HQ causes traffic to all your divisions to spike at once? Fugeddaboutit.
  • Cloud keeps infrastructure costs very low for new projects, since they don’t have much traffic yet – again, works much better in a public Cloud. How many such projects do you expect to have at any one time? If the number isn’t in the hundreds or thousands, then private Cloud is massive overkill for this purpose.
  • The elasticity benefit of the Cloud gives us the illusion of infinite capacity – infinite capacity is all fine and good, but it’s an illusion. And illusions work fine until, well, until they don’t. Elasticity provides the illusion of infinite capacity as long as there is always sufficient capacity to meet additional demand for Cloud resources. You’ll never consume all the capacity of a public Cloud, but your Private cloud is another matter entirely. It’s only so big. If one of your developers has the bright idea to provision a thousand virtual machine instances or a petabyte of storage for that Big Data project, and your private Cloud doesn’t have the physical capacity to do so, then bye-bye illusion.
  • We already have a significant investment in our existing data center, so converting it to a private Cloud will save us money while enabling us to obtain the benefits of the Cloudin your dreams. One essential requirement for building an effective private Cloud is rigorous homogeneity. You want all your physical servers, network equipment, virtualization technology, storage, etc. to be completely identical across every rack. Look at your existing, pre-Cloud data center. Homogeneity isn’t even on your radar.
  • We don’t want to be in the data center business. That’s why we’re moving to the Cloud – guess what?  Building a private Cloud puts you in the data center business!
  • Whatever cost efficiencies the public Cloud providers can achieve we can also achieve in our private Cloud – this argument doesn’t hold water either. Not only to the leading public Clouds—Amazon, Microsoft Azure, Rackspace, etc.—have enormous economies of scale, but they’re also operating on razor-thin margins. Furthermore, if they can wring more efficiencies out of the model, they’ll lower their prices. They’re taking this “price war” approach to their margins for all the regular business school reasons: to keep smaller players from being competitive, and to push their larger competitors out of the business. It doesn’t matter how big your private Cloud is, it simply cannot compete on price.

OK fine, you get it. Private Clouds suck, fair enough. You’ll even buy our arguments that public Clouds may actually be more secure than private ones. But you’re in a regulated industry or otherwise have stringent regulatory requirements about data protection or data movement that the public Cloud providers can’t adequately address. The only way you can move to the Cloud at all is to build a private Cloud.

Not so fast. While it’s true that regulatory compliance business drivers and limitations are becoming an increasingly important part of the Cloud story, any regulatory drawbacks to using public Clouds are essentially temporary, as the market responds to this demand. A new class of public Cloud provider, what is shaping up to be the “Enterprise Public Cloud Provider” marketplace, is on the rise. The players in this space are putting together offerings that include rigorous auditing, more transparent and stringent service-level agreements, and overall better visibility for corporate customers with regulatory concerns.

The incumbent public Cloud providers aren’t standing still either. For example, while Amazon built their public Cloud (and with it, the entire industry) on a “one size fits all” model aimed initially at developers, startups, and other small to midsize companies, they have been working on building out their enterprise offerings for a while now. While you may not be able to get solutions from the big players that meet your regulatory needs today, you can be sure it won’t take them long to figure out how to compete in even the most regulated industries. In a few years, if you look back on your decision to build a private Cloud on the basis of regulatory compliance, you’ll likely feel quite foolish as your competitors who waited will soon have fully compliant public alternatives, while you’re stuck paying the bills on your private Cloud initiative that will have become an expensive money pit.

The ZapThink Take

So, should any organization build a private Cloud? Perhaps, but only the very largest enterprises, and only when those organizations can figure out how to get most or all of their divisions to share those private Clouds. If your enterprise is large enough to achieve similar economies of scale to the public providers, then—and only then—will a private option be a viable business alternative.

In many such cases, those large enterprise private Clouds essentially become community Clouds, as multiple divisions of an enterprise share a single internal Cloud provider that operates much like a public Cloud, albeit for internal use across the enterprise. This community model makes sense, for example, for many federal governments. They can achieve the cost efficiencies of public Clouds while maintaining the control benefits of private Clouds by supporting the Cloud initiatives across multiple agencies.

Virtual Private Clouds (VPCs) also give many organizations the best of both worlds, as they leverage the public Cloud but run logically on your private network. Many hybrid Clouds follow the VPC approach, as hybrid on premise/Cloud models typically leverage private networks. ZapThink predicts this hybrid VPC model will become the predominant deployment model in the enterprise.

Still not convinced? Well, ask yourself why, and the answer is likely to be a question of control. Many executives will still be uncomfortable about public Clouds, even when we address the security and compliance issues that currently face public Cloud providers, simply because they don’t control the public Cloud. Our answer? Distribution of IT control is essential to the ZapThink 2020 vision, and is at the heart of the Agile Architecture Revolution. The Web doesn’t have centralized control, after all, and it works just fine. The app store model for enterprise IT, the rise of bring your own device (BYOD), and the fundamentally mobility-driven architecture of the Internet of Things are all examples of the broader shift to the notion of decentralized control over IT. Fighting to maintain control is a losing proposition, and as a result, by 2020, private Clouds will be a mostly-forgotten bump on the road to the next big thing.

Discussion

17 comments for “Why You Really, Truly Don’t Want a Private Cloud”

  1. Jason:

    Good afternoon.

    This is the best article I have read on Cloud Computing Architecture. I like such an approach that deals with practical thinking that is supported by technical and scientific foundation.

    The problem that I have with the “techies” is that they talk without understanding the technical and scientific reasons behind what they say. 

    “Risks” are due to unknown factors — uncertainty and complexity — that could affect the choice –building a private cloud — and the realization of the choice to achieve the goals. Until the Wall Street collapse, we really did not properly understand the term “risks “. In fact, any Operation Research model you examined only dealt with risks associated with financial management. No Operation Research model looked at unknown factors such as geopolitical and economic issues (such as in Greece today), sudden rise in oil price, major tornadoes and hurricanes, etc. that could affect the realization of the choice to achieve the goals.

    With respect to a private cloud, major hurricanes or tornadoes could totally wipe out an entire private cloud unless the private cloud is designed as distributed enterprise SoS or many decoupled SoS (to handle uncertainty and complexity), spread across many geographical regions. But then such an ecosystem, to handle uncertainty and complexity, is essentially similar in concept to a public cloud. 

    Thus, unlike public clouds, private clouds are susceptible to much uncertainty and complexity.

    Best Regards,

    Kofi

    Sent from my iPhone

    Posted by Dr. Kofi Nyamekye | May 31, 2012, 5:20 pm
  2. Jason,
    A lot of good points in your article so thank you for that. It’s important to note however, that inherent in the inevitability of the widespread adoption of an enterprise “hybrid cloud” operating model is the adoption of the private cloud component. Hybrid, by definition, will encompass a unified governance, policy and management capability across “n” service providers from both inside and outside the firewall. This invalidates the notion that “private” cloud will go away– in fact, it will accelerate, as a necessary part of a hybrid strategy.

    In addition, cost savings alone are not the only or primary driver for adopting a cloud model– private or otherwise. As companies move from basic virtualization programs to hybrid clouds the business value comes from the agility gains directly at the business unit level–i.e. speed-to-market, innovation cycles, and expansion into new product lines and geographies. Large enterprises and governments today generally struggle with long procurement cycles and overly complicated software development life-cycles, rendering the organization almost incapable of competing in fast growing sectors or developing markets. The ability to automate the tool-chain across an application lifecycle, and dramatically compress the time from conception to production, will become the difference between competitive and laggard organizations.

    -Eric

    Posted by Eric Pulier | May 31, 2012, 6:04 pm
    • Eric:

      Some of the points you noted — “large enterprises and governments today generally struggle with long procurement cycles and overly complicated software development life-cycles, rendering the organization almost incapable of competing in fast growing sectors or developing markets” — are quite interesting and date back to an old problem — designing large-scale SoS, with infinite flexibility.

      The point that I am making here is what you just described falls under “lean production system (LPS).” The basic concept of “lean production system” — pioneered by Dr. Taiichi Ohno and Dr. Shigeo Shingo is to create a production system that can achieve the following goals:

      1. Superior Quality of Products/Services
      2. On Time Delivery of Products/Services
      3. Superior Customer Satisfaction
      4. Low Cost
      under conditions of extreme market “uncertainty and complexity.” “Uncertainty and complexity”, have been major challenging issues for enterprises using the Balanced Scorecard (BSC) Model. The 2008 Wall Street collapse, attests to that! Many Wall Street financial firms use the BSC Model.

      To achieve LPS, we must transformation the entire enterprise system– business processes, culture, training, etc.–, including the suppliers value chains and the customer value chains. In fact the DoD calls such a transformation, “Network Centric Operations (NCO) or Net-Centric Operations”.

      When you carefully think about SOA it is essentially similar in concepts to LPS. That is, in SOA the business process transformation, to eliminate redundancies in the business processes, has its roots from LPS. “Automation of the business processes,” is always the last step in LPS. Never automate without business process transformation! You will increase costs by automating redundant business processes!

      Except for few US companies, such as John Deere, many US companies never understood the LPS. Thus, they moved their core business processes to China.

      Thus, if a company wants to build a private cloud, it must adopt SOA or LPS. Risks are totally new ball game. Private clouds are not well suited to handle “uncertainty and complexity”.

      To delve more into what I have just described, please see my peer-reviewed paper– “Axiomatic Design Approach for Designing Reconfigurable C4ISR Systems” in 2007 ICCRTS Proceedings.

      Also, please check on my paper on Amazon Dot Com Web site– “Classification and Coding System….”.

      Best Regards,

      Kofi

      Sent from my iPhone

      Posted by Dr. Kofi Nyamekye | June 1, 2012, 9:25 am
  3. Jason,

    I like your latest ZapFlash discussion about private vs. public cloud and I agree with the points you are making. As a government contractor with over 25 years’ experience working with the federal government, I would like to add a perspective that may contribute to why many people think “private clouds”

    In general, the government knows how to procure known and measurable quantities of a product or capability but it has a very difficult time pricing and purchasing something ambiguous and unknown.

    The typical government procurement office is well equipped to specifying and pricing a data center, or a capacity, as well as procuring it and overseeing the contract delivery, however, significant creativity and flexibility is needed in order to handle the elasticity that is one of the main objectives and characteristics of a public cloud solution. Government procurement and management processes are not designed that way, and even if you tell the stakeholders that the cost will be significantly less and the overall value to the government greater, they will want to know the cost up front in order to evaluate the multiple bids, as well as to monitor the cost. The government procurement and program environment is currently not designed to handle the ambiguous fluctuation of the cost of a public cloud; therefor the preference will go to the known cost of a private cloud.

    There are of course various ways to procure and manage it, however, this requires creative procurement methods not typically employed by the average contracting office. In general, the preference will go for the ‘known vs. the unknown’; so the more expensive, but known and predictable, private cloud, will be preferred over a more efficient, but lesser known, public cloud. This ‘known vs. unknown’ plays the same role in the concern about security and the resulting reluctance to engage in the public cloud over the private cloud.

    Thanks Dov

    Posted by Dov Levy | June 3, 2012, 9:28 pm
  4. [...] week Jason Bloomberg of ZapThink wrote a funny, cutting piece that was meant to rip the notion of the private cloud to [...]

    Posted by Does the ‘private cloud’ make sense? | Information News | June 4, 2012, 11:59 am
  5. Simple things that for some reason otherwise-intelligent people seem to constantly forget while preaching cloud:

    - legacy system issues include already purchased hardware, systems, licenses, architecture and design, talent, process, etc etc.
    — without following through on the original business models the forecast benefits and RoI will never be realised – which if allowed to happen requires calculation into any Cloud cost / savings projections

    - as per Dov, existing processes (across both the private and public sectors) require adjustment

    - as per my entire 30 year career in solutions architecture and technology planning
    — *nothing* ever has been, nor is likely to be, a panacea
    — almost everything related to people and change takes longer and delivers less return than was projected

    Please see this article which I commented upon and reblogged – and several other similar writings on my blog at http://danielsteeves.wordpress.com/2012/06/03/content-insider-231-clouds-everywhere/

    Don’t misunderstand me: You are NOT wrong… but in my opinion based on 32 years in the industry, you are not as correct as you think you are and like many others need to stop the generalisations and pontifications and get on with actual delivery .. which requires listening to needs and situations, making observations and determining requirements rather than picking up a paintbrush and a bucket of beige paint.

    Posted by Daniel Steeves | June 5, 2012, 6:22 am
  6. [...] Why You Really, Truly Don’t Want a Private Cloud: this guy speaks at conferences… [...]

    Posted by Cloud is not a panacea.. oh, wait: didn’t I say that already? | DanielSteeves | June 5, 2012, 6:27 am
  7. I forgot one other necessary specific:

    Kofi, you can’t really think that all public clouds are magically dispersed, diverse, backed up and accessible within the required SLA and OLA levels for that business to earn as planned.. for dirt cheap prices?

    And that the expensive private cloud doesn’t provide any of that luxury and in fact makes that which you have designed..
    to meet your needs..
    and which is under your control
    – you contend that this is more susceptible to what, now?

    Are you aware that cloud is a new term for old stuff… and that public v. private is simply a commercial model for the same stuff running on the same tin over the same pipes – - and often even in the same data centres?

    If so you might benefit from this simple little blog I wrote called ‘My Gardener is in the Cloud’ and all of the other real world pragmatic discussions I have either written or re-blogged at http://danielsteeves.wordpress.com/2012/04/30/my-gardener-is-in-the-cloud/

    Posted by Daniel Steeves | June 5, 2012, 9:05 am
    • Daniel:

      I think you are missing the concepts of “uncertainty and complexity” that affect the performance of any complex system, such as a global supply chain.

      Consider the tornado — an example of uncertainty or unknown factor — that hit Joplin last year. The hospital’s IT infrastructure, the patience medical records, etc., were completely wiped out. The IT infrastructure service designer that built the infrastructure for the hospital, published in one of the IT magazines that the devastating natural disaster was an event about which they never dreamt. In fact they previously had emergency drills to prepare the infrastructure against an unforeseen event that could disrupt it.

      The infrastructure service provider never knew anything about “uncertainty and complexity” to help them design “intelligent decouplers” across different geographical regions to replicate the infrastructure at Joplin. The IT infrastructure at Joplin is an example of a private cloud.

      Uncertainty and complexity are emerging technical and scientific concepts, in complex systems. Only the DoD and Toyota understand “uncertainty and complexity” very well. Dr. Taiichi Ohno and Dr. Shigeo Shingo used the Lean Production System — a technical and scientific concept — to handle “uncertainty and complexity”, in Toyota Production System for delivering value to the customer. The DoD deals with “uncertainty and complexity” on the battlefield all the time. Both concepts are not a function of 30 years experince in the traditional IT stuff when dealing with “IaaS”, an example of a complex Systems-of-Systems (SoS).

      I will strongly suggest that you read my 2008 peer-reviewed paper in 2008 ICCRTS Proceedings about “intelligent decouplers” and more importantly my 2010 technical paper in ITEA journal about uncertainty and complexity.

      You can later contact me personally to explain both technical and scientific concepts to you in details.

      Kofi

      Sent from my iPhone

      Posted by Dr. Kofi Nyamekye | June 5, 2012, 12:24 pm
  8. In brief response, Kofi

    If you truly believe that only the DoD and Toyota understand uncertainty and complexity then clearly you don’t get out much and insult businesses and experts around the world with such arrogance

    The infrastructure supplier for your hospital example was hopefully sued out of business: any industrial strength solution put in place by professionals the nature of whom I have directed over the years: two data centres, diverse routing, complex backup programmes, custom designed Disaster recovery solutions with integrated Business Continuity plans. Oh yea: don’t forget the rocket science aspect of keeping a copy of your back up OFFSITE!!

    In argument I would say that both concepts *are* a function of 30 years experience in the traditional IT stuff – particularly when my traditional stuff included designing and implementing some of the first component and frameworkl architectures on which ANY “aaS” is delivered.

    As for my mundate experience traditional IT stuff, my background, fyi, covers complex mathematics, network encryption design, protocol design, JiT manufacturing processes for the high tech and manufacturing sectors and predictive intelligent systems to manage jet fighter structural engineering inventory.

    I have no interest in reading proceedings about theoretical approaches to the things that the rest of us do in the real world… but trust me, if I did, I can’t imagine that I would require your explanation

    I strongly suggest that you venture out into the real world rather than write about it.

    Posted by Daniel Steeves | June 5, 2012, 1:04 pm
  9. [...] Comment   Login50%50% Last week, Jason Bloomberg, the president of ZapThink, penned a vicious screed against private clouds. Why buy when you can rent? Why deal with the headache of buying on-premises [...]

    Posted by The IT Pro - Michael Steinhart - Cloud Brouhaha Brewing | June 5, 2012, 2:08 pm
  10. Nice article – other key reasons we’re seeing private cloud winning the battle (but ultimately losing the war – whilst accepting that this is a generalisation!) are:

    - In the Financial Services sector, despite the hard times, they still have enough money to throw at private cloud creation, i.e. the commercial pressures are obviously not so great as to overcome the “no one got sacked for buying X” inertia – yet. These are to some extent vanity projects IMHO.
    - The “do it in-house” inertia (aka preserve our data centre jobs) is still massive. Part of this is that organisations are struggling with the degree of change going on, and so not having to think too hard to prove the security etc of public cloud to internal stakeholders is the easiest route to take, despite being usually sub-optimal.

    Posted by Robin Meehan | June 6, 2012, 6:45 am
  11. [...] week Jason Bloomberg of ZapThink wrote a funny, cutting piece that was meant to rip the notion of the private cloud to [...]

    Posted by Does the ‘private cloud’ make sense? | wordpress | June 11, 2012, 12:58 am
  12. [...] to Jason Bloomberg in, “Why You Really, Truly Don’t Want a Private Cloud”, “the more you focus on the business benefits of the Cloud, the more likely you’ll be leaning [...]

    Posted by Which Cloud Platform Is For You? | March 5, 2013, 4:37 pm
  13. [...] Jason referenced in his April ZapFlash: Why Public Clouds are More Secure than Private Clouds and Why You Really, Truly Don’t Want a Private Cloud. See the ZapFlash entries for an explanation of each of the driving and restraining forces shown [...]

    Posted by Using a Public Cloud instead of an In-House Private Cloud | Design Decomposition Blog | July 19, 2013, 11:56 pm
  14. Hi I am so delighted I found your webpage, I really found you by accident, while I
    was looking on Digg for something else, Anyways I am here now and would just like to say cheers for
    a remarkable post and a all round entertaining blog (I also
    love the theme/design), I don’t have time to look over it all at the moment but I have saved it
    and also included your RSS feeds, so when I have time I will be back to
    read a great deal more, Please do keep up the
    superb work.

    Posted by the simpsons tapped out cheats android 2013 | June 18, 2014, 11:01 am
  15. Hurrah! After all I got a blog from where I can truly get helpful data concerning my study and knowledge.

    Posted by real racing 3 hack | July 10, 2014, 12:57 pm

Post a comment

FREE POSTERS

NEW VERSION! ZapThink's Vision for Enterprise IT in 2020
With all new content including Dev/Ops, Hypermedia-Oriented Architecture, Big Data Visualization, and more!
Click here to download for FREE
10-pack of prints for only the cost of shipping!

SOA Implementation Roadmap
Over 100,000 downloaded!
Click here to download for FREE
10-pack of prints for only the cost of shipping!