Recently a reader asked if we still thought the points in this 2008 article “The Cloud Isn’t For Everyone” were still valid. At that time we pointed out that there were 5 major concerns: Security, Non-portability, Control, Limitations (persistent storage, public IPs, etc), and Performance. We also pointed out these pros: Cost, Speed, and Flexibility. Our short response was “yes”, other than the limitations which have mostly been solved, these are still valid. However, this discussion got us interested in revisiting this topic.

We deal with a wide variety of companies from hospitals to ad tech to ecommerce companies, all of which have different levels of knowledge about cloud computing. In this post we’re going to first define different types of cloud computing and then discuss some of the concerns with each.

A common definition of cloud computing is the delivery of computing and storage capacity as a service. A distinct characteristic is that users are charged based on usage instead of a more conventional licensing or upfront purchase. There are three basic types of cloud computing:

• Infrastructure as a Service (IaaS) – This is the most basic type of cloud service and offers servers (often as virtual machines), networking, and storage as services. Examples of this include Amazon’s Web Services and Rackspace.
• Platform as a Service (PaaS) – This cloud offering provides not only the hardware but a layer above, providing platforms to run custom applications usually specific to certain programming languages. Examples of these include Microsoft’s Azure and Google’s App Engine.
• Software as a Servie (SaaS) – This service is an offering of a finished product hosted in a multi-tenant manner (many customers on a single implementation). Examples of this include Gmail, Sales Force, Service-Now, New Relic, and many more.

In a 2012 survey with 785 respondents by North Bridge Venture Partners, we see trends indicating that companies are much more comfortable with cloud computing offerings. Down from 11% last year, a very low 3% of respondents consider cloud services to be too risky. Only 12% say the cloud platform is too immature and 50% of the survey respondents now say they have “complete confidence” in the cloud. Eighty-four percent of all net new software will be SaaS-based. The take away is that cloud computing is simply becoming the way we do things.

SaaS
The demand for SaaS offerings is growing rapidly. Gartner predicts that SaaS will hit $14.5 billion in 2012, a 17.9% growth from the previous year, with growth continuing through 2015 when it will be $22.1 billion. This growth is being fueled by several factors including new software design and delivery modules allowing for more instances of an application to run simultaneously, bandwidth costs continuing to drop, and customer frustration over the cycle of purchasing, paying for maintenance, and going through time consuming upgrades. According to CIOZone.com, a list of the top 60 fastest-growing public software companies in 2007 was dominated by companies switching from a proprietary license model to a subscription model.

When you consider implementing / purchasing a SaaS solution there are a number of questions that you should ask.

• What if the service is unavailable? Our often repeated mantra is that “Everything Fails.” If you’re in the game long enough you’ve seen it all fail – servers, network, storage devices, ISPs, and even entire datacenters. If the service fails, how does this impact your business or your own services?
• Where is your data secured and backed up? If you’re storing sensitive data – corporate email, customer names, or PII – it is important that you understand how your data is being handled and protected.
• What is the cost? Besides the monthly subscription or usage cost, you should investigate the total cost including startup, transfer, and periodic data migration.
• What level of access? It’s your data but that doesn’t mean you’ll have unlimited access to it. Consider how you retrieve the data today and most importantly how you might want to access it in the future.
• Does it comply with industry regulations? If your business has regulatory requirements such as SOX, PCI, PA-DSS, etc you should investigate whether the SaaS provider supports these.

PaaS
The demand for PaaS, at least among our clients, is not that great. As Barb Darrow on GigaOm stated “For die-hard .Net heads, Azure is probably the PaaS of choice. But for the army of new-age web developers, it’s an also-ran.” In fact, there are early indications that PaaS providers are starting to offer services that are moving them more into the IaaS market. If you’re interested in PaaS your choices are very limited based on the technology stack that you are using. The real question to ask for PaaS is whether you should go directly to an IaaS provider or if you gain enough benefits from the PaaS provider to makeup for the additional cost.

IaaS
The spend on IaaS cloud computing is expected to grow 48.7 percent in 2012 to $5.0 billion, up from $3.4 billion in 2011. Some of our clients have 100% of their services hosted on an IaaS provider while others are completely in a collocation facility or datacenter. We are seeing more clients move towards a hybrid model where they make use of collocation for the majority of their hardware but burst demand to the cloud when needed. This burst might be triggered by an unusually high load of user traffic or from nightly batch jobs to process log files or during QA of the iteration. Wherever you are on the spectrum of IaaS utilization here are some concerns that you get comfortable with before diving in.

• Security – Many IaaS providers are becoming PCI DSS, ISO 27001, and HIPAA compliant. However, simply using their service doesn’t provide you with the compliance and you need to be responsible for your own auditing. Passing audits is not cut and dry but rather a negotiation with the auditors and therefore you need to be able to clearly articulate how you are following the standards or guidelines while utilizing cloud computing.
• Cost – While the cost of IaaS is decreasing, most companies still find that if they run the servers (virtual machines) 24 hrs / day the break even is around 18 months. This is a simple spreadsheet analysis that should be run to determine the most cost effective solution.
• Inconsistent I/O – There is a huge amount of variability with some IaaS storage. Some of our clients run Bonnie to test I/O prior to using the instance and then periodically to ensure it hasn’t dropped drastically. You need to make sure your application can handle this variability or create work-arounds to handle this issue.
• High failure rate – The virtual machines of most IaaS seem to be less reliable than bare metal. Netflix who moved to 100% IaaS came up with Chaos Monkey and Simian Army to address this issue of less reliability.

Conclusion
Whether you are in the market for IaaS, PaaS, or SaaS cloud offerings there are a variety of things to consider. In general the concerns revolve around Security, Non-portability, Control, and Performance while the benefits include Cost, Speed of Deployment, and Flexibility.