As cloud computing moves from hype to reality, certain broad trends and best practices are emerging when it comes to the public cloud vs. private cloud deployment debate.
Anecdotally and from surveys, it's becoming clear that most enterprises are first looking to the private cloud as a way to play with cloud tools and concepts in the safety of their own secure sandbox.
For example, a recent Info-Tech survey shows that 76% of IT decision-makers will focus initially or, in the case of 33% of respondents, exclusively on the private cloud.
"The bulk of our clients come in thinking private. They want to understand the cloud, and think it's best to get their feet wet within their own four walls," says Joe Coyle, CTO at Capgemini in North America.
But experts say a better approach is to evaluate specific applications, factor in security and compliance considerations, and then decide what apps are appropriate for a private cloud, as well as what apps can immediately be shifted to the public cloud.
Private cloud oftentimes is the knee-jerk reaction, but not necessarily the right decision, Coyle adds. "What companies really need to do is look at each workload to determine which kind of cloud it should be in. By asking the right questions around criteria such as availability, security and cost, the answers will push the workload to the public or private, or maybe community, cloud," he says.
Certainly before moving data to the multitenant public cloud, enterprise IT executives want assurances about the classic cautions around security, availability and accountability of data, agrees John Sloan, lead analyst with Info-Tech Research Group, and IT research and advice firm.
"But I stress, those are cautions and not necessarily red flags. They're more like yellow flags," he says. That's because what will assure one company won't come near to placating another, Sloan adds.
Company size and type of business make a difference. He uses availability as an example. "If you're at a smaller company and don't have an N-plus data center, then three-nines availability might be good enough for what you run and, in fact, it might even be better than what you can provide internally. So from that viewpoint, a public cloud service will be perfectly acceptable," Sloan says.
"But if you're at a larger enterprise with a large N-plus data center and you're guaranteeing five-nines availability to mission-critical or core applications, then you'd dismiss the public cloud for your most important stuff because it can't beat what you've already got," he adds.
And just as private vs. private doesn't have to be an either/or proposition, there are still other models, such as hosted private cloud, or hybrid cloud that provide additional options and flexibility for companies moving to the cloud.
If you have major security and privacy issues, and you don't want to build your own private cloud, a virtual private cloud, your own gated community within the public cloud universe, is an option.
That model turned out to be the right answer for United Capital Financial Partners, a fast-growing national partnership of private wealth counselors.
"When we started looking, we thought, OK, we need a cloud - everybody says we need one. That's the word," says Brandon Gage, senior vice president of technology at the 250-person Newport Beach, Calif., company.
But the more Gage investigated the idea of building a private cloud, the less feasible the idea became, he says. "The level of expertise we would have needed in-house to make this happen doesn't make sense for a company of our size, and it doesn't even make sense for our road map for the next three to five years. What we really needed was a partner that'd already done all the heavy-lifting, had a SAS-70 data center audit, reference customers and could deliver the experience our users deserved," Gage says.
Now United Capital stores its data in a virtual private cloud, located at a collocation facility, using a file-management and collaboration service from Syncplicity.
"I'm not going to lie. This makes me look like a rock star - our cost-savings have been that incredible, in the 65% to 70% range, and we're only in year one," Gage says.
"Plus," he adds, "users report a much better experience getting at their data and, since we're getting rid of servers, my IT guys aren't running around all day logging in and making sure this or that got fixed."
Taking a different tack is the University of Texas MD Anderson Cancer Center in Houston, which has a private cloud, and has no intention of ever moving to the public cloud because of security and patient privacy concerns.
Lynn Vogel, vice president and CIO at MD Anderson Cancer Center, says, "If I made the decision to put patient data in a public cloud and there's a breach, then the patient is much more likely to go after me as the person who made the decision and my institution than an Amazon or Microsoft. They'd get wrapped up with those guys for years," he says. "So we have a significant security concern that really moves us away from thinking about public cloud resources."
What's more, he suggests, a public cloud provider's profitability consciousness could conflict with how much it'd be willing to spend on data protections. "Public cloud companies are in the business to make money, as they should be. That's entirely appropriate, but ... if anyone is taking shortcuts to protect the bottom line, I don't want to be in the middle," Vogel says.
Still, additional Info-Tech survey data shows that most enterprise IT executives expect some sort of future in the public cloud, Sloan says. When asked where they see public cloud services in the next three to five years, for example, 70% of IT decision-makers said it'll indeed be a place where select data, applications and processes are located.
Variations on a cloud
Vimeo, an online-video sharing site, finds great value in getting infrastructure as a service (IaaS) from Amazon Web Services (AWS). The scalability and on-demand cost model available with AWS Elastic Compute Cloud (EC2) and Simple Storage Service (S3) work well for the up-and-down nature of the workloads it's placed in the cloud, says Peter McArthur, director of backend engineering for the New York company, a subsidiary of Internet company IAC.
At one time Vimeo relied exclusively on a managed hosting service, but about three and a half years ago it moved its Web site infrastructure into an internal IAC data center and all of its video transcoding and uploading services onto EC2 and S3.
"We started with EC2 because it was so simple. We could sign up with a credit card and we didn't have to do much work in the way of forecasting," McArthur says. "At the time, the difference between our peak and off-peak transcoding volumes was huge, and so scalability was critical."
Vimeo today uses between 150 and 200 EC2 instances during peak hours and roughly 90 off-hours, to support transcoding and uploading of tens of thousands of videos each day, McArthur says. "We love it."
Vimeo's video workloads, however, don't engender concern over matters such as data privacy and information security - two of the biggest inhibitors to public cloud use.
And there are companies that see their future exclusively in the public cloud.
Such is the case at AMAG Pharmaceuticals, which is working to offload all applications and data to the public cloud. And when AMAG encounters an application whose security requirements make it inappropriate for the public cloud, they use an external or hosted private cloud, says Nate McBride, executive IT director at the Lexington, Mass., company.
Coyle sums up the private-public dilemma this way: "If an enterprise really looks at bringing its technology environment to the cloud, it's almost 100% going to end up with some sort of hybrid, if it really wants to do it right."
Schultz is a longtime IT writer and editor. You can reach her at firstname.lastname@example.org.
Read more about data center in Network World's Data Center section.
This story, "Public Cloud vs. Private Cloud: Why Not Both?" was originally published by Network World.