The Patchwork Cloud: To Rent or Buy Your Cloud?

Wednesday, June 27, 2012

Rafal Los


I read a lot. That should not surprise you.  

I got an interesting poke on Twitter that the folks over at PistonCloud have written up an interesting blog post in response to the recent mysterious Amazon outage... and it caught my attention.  

To be fair, many folks I know have commented on the post, and on Amazon's issues - but as always you can expect a slightly different viewpoint from me... so here goes.

At the heart of the PistonCloud message is the phrase "it's better to own than rent"... in the cloud context.  Is it though?

As with most topics that are controversial, you'll hear the typical "well, it depends" answer from me... but I'm interested in PistonCloud's justifications on why they believe this.  

In the interest of full disclosure, HP does deliver cloud in both buy and rent variety - public, private, and converged (hybrid) cloud consumption models.  Let's dive into an analysis of the rationale...

  • "It's cheaper to own than rent" - I don't think so.  Are they considering the other factors besides server cost?  What about data center real estate, cooling, human resources, software costs, cooling and power?  Wait, there's more - don't forget the operations costs that are management of the servers hardware & software...  I'm curious where the 3x multiplier for cost of ownership over renting comes from... I would surmise, although I personally haven't done the research to prove it, that this is the exact opposite.  For those of us that are sick of server glut, boxes being bought and running a single service then decommissioned and taking up power and generating heat... this just doesn't make sense.  Consuming the compute service as-you-need-it is a great idea, and in the end even thought it may not be dramatic, it should be a cost savings.  Having your own private cloud is suitable for many applications, compliance and security being a major opportunity, but I'm just not sure the 'cheaper' argument is viable.
  • "Your landlord doesn't give a {bleep}" - Really?  Change providers.  When you're hunting for a cloud provider, do your due diligence and make sure that your interests are reflected in your provider's operating model.  Give the Service Level Agreement (SLA) a check, and make sure that it meets your requirements and that you're not just getting more free poor service after your compute service fails you!  Heck, if your current provider really doesn't give a {bleep} as the PistonCloud blog post suggests, come over to HP Cloud Services ( - we care about our customers, and we'll show you with choice, consistency and confidence in your provider.  This argument is just silly.
  • "There goes the neighborhood" - I will admit that at first blush this argument is compelling.  After I thought about it a bit, I realized that this isn't really that different that than your average internal private cloud... follow me on this one.  If you're a large enterprise odds are you'll be potentially sharing a private cloud service across your organization, not just your specific BU (cost savings, remember?) and that means you'll have to be comfortable with the risk appetite and security profile of all of your private cloud neighbors... so while this is a bit of a stretch it's just as real.  Looking upstream we can see that at the edge of your network you share the Internet with other organizations at the hand off to your private cloud, it's further upstream and isn't on a flat network like a private cloud - but it's not a far stretch.  Bottom line is that you have to understand the risk profile of your application(s) and decide your private (or public) cloud profile accordingly - so this could be true for high-risk, high-profile applications... is it true always?  I seriously doubt it, and it's a cheap way out.
  • "Build home equity" - Are they serious?  I think anyone, myself included, that owns a home right now may not agree so much with this statement.  Also, when is the last time that your server hardware appreciated in value?  I get the argument that you build equity in the form of processes and improvements because you may feel locked in with your rented cloud - but consider that if you're an HP Cloud Services customer you're not locked in given our commitment to OpenStack and consistency across public, private and converged clouds (owned or rented)... Vendor lock in is a very serious concern and even our CEO agreed when she gave her keynote at HP Discover in Las Vegas.  One more analogy... do you generate your own power at your home?  The answer is unlikely to be yes - but in some homes, in some geographies, in some climates it makes sense to put in solar panels or other means and even feed electricity back to the grid.  It doesn't make sense everywhere, but some places the ROI on solar panels is undeniable!  I truly believe it's the responsibility of the consumer to look at what they're buying, and make sure you're not buying into proprietary technology which won't provide you the choice, consistency and confidence in your cloud strategy.  Again, this notion of building equity is borderline silly.

As you can tell, I'm not really on board with PistonCloud's "buy your cloud" attitude.  Like my friend @christianve says, one cloud does not fit all. Your cloud should be customized to fit your business.  I believe that if you're going to have a cloud strategy you need to have a pragmatic approach which has you doing your due diligence, proper risk analysis, and understanding your cloud vendor.

If your provider fails... do you have a strategy?  If you've transformed all those applications of yore to cloud applications then the answer should be yes, and your applications should be resilient across multiple clouds, vendors and environments ... this is the magic of cloud.

To suggest anything else is... well... silly.

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Cloud Security
Service Provider
Enterprise Security Budgets Cloud Computing Outsourcing ROI Managed Services Resilience vendors Enterprise Risk Management
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.