June 28, 2010
Last week GigaOm organized the third edition of their famous Structure conference. This is one of my favorite conferences because of their focus on Infrastructure topics. Unfortunately, I had to drop out in the last moment as I went down due to a viral attack. Still I managed to catch up with the sessions live as well as from the recordings. Even though there were many interesting takeaways from the conference, I thought I will touch upon the tension that still exists between the advocates of public clouds and private clouds. I also want to warn in advance about the possible rant in this post.
It all began with a talk by CTO of Amazon Web Services, Werner Vogels, who lambasted the so called private cloud by characterizing them as False Clouds. Even though I didn’t agree to everything he said, it was a great talk and I strongly recommend you to watch the entire talk (embedded below).
Mr. Vogels’ attack is not very surprising as AWS is a public cloud provider and they would want the enterprises to consider them seriously. His characterization of private clouds as a false cloud drew strong response from Clouderati on Twitter and other back channels. It is not surprising either because those folks were just defending the product/service of their respective companies. But this flareup brought into focus the fact that there is still a division among the Clouderati and the public cloud advocates are still not willing to accept Private Clouds as anything more than virtualization with some management stuff thrown on top of it. This flareup suggests that we will continue to see the same debates on Twitter and other social networking sites in the foreseeable future.
My perspective on this debate is an evolving one. Even though I started off with Nick Carr’s electricity fantasy of a world fully serviced by public cloud computing services, I eventually understood the needs of enterprises and the limitations of the current day public clouds from their perspective. In my opinion, enterprises will take the hybrid approach in the short term while eventually moving most of the workloads to public clouds. This eventual move will be dictated by economics and a large scale maturation of public cloud services. Neither the public clouds are good enough to offer enterprises what they want today nor the private clouds will dominate the enterprise market in the future. Anything to suggest otherwise is either pure marketing or plain old FUD. On one hand, public cloud providers make daring claims that they have wrapped up the public cloud security problems. This is a pure marketing bullshit. On the other hand, advocates of private clouds tie even the availability of AMI downloads without proper verification to ensure the authenticity of the downloaded file, to the problems in cloud security. This is nothing but a plain FUD and this is no way a cloud problem. If anything it is a Security 101 problem for the particular user. Whether it is the AMIs one downloads to run on EC2 or a RPM or DEB or EXE or MSI file one wants to run on their internal datacenter or any software one would want to download and run on their PC, the problem is the same. It has nothing to do with the public clouds. It is the users’ responsibility to make sure the AMI downloaded is trustworthy much like how we are expected to do in the traditional computing world. While the public cloud providers and evangelists are unleashing marketing BS, the private cloud advocates are engaged in slipping such FUD into their otherwise legitimate claims about the lack of enterprise level security in the public clouds.
Caught in this crossfire are the poor users and CIOs who are completely confused in deciphering what is true and what is marketing/FUD. It is time for folks on both side of the debate to not engage in such unwanted (and sometimes unethical) business strategies. Let us put down this debate about whether private clouds exist or not and figure out a way to secure the public clouds to meet the needs of the enterprises so that most of the workloads are moved off the internal datacenters. It is not an easy task. It is not going to happen overnight. But only if we focus on getting the security of the public clouds right, we can think about the next big innovation. Think about it folks.