What follows is an edited version of an outline provided to the MGA IT Forum by Michael Dear, head of IT at Collegiate Management Agencies Ltd.
What is the cloud? That’s a question I’ve asked at many trade shows, and I’ve never had quite the same answer twice. It seems to depend what the vendor is selling!
Many of us have experience of Dropbox, Office 365 or Google Docs. These are all examples of public cloud services - where multiple users share an externally hosted infrastructure.
There is also something called ‘private cloud’ where the user owns or has exclusive use of the hardware on which their cloud services run.
At Collegiate we use something called a hybrid cloud infrastructure. This combines workloads running on a private cloud infrastructure located on our own premises (‘on-prem’) with publicly available external workloads in the public cloud, all talking to each other.
For the purposes of this article I will be focusing purely on the public cloud. This can be divided into three main areas:
Infrastructure as a Service (IaaS)
Platform as a Service (PaaS) and
Software as a Service (SaaS)
IaaS is the most basic option and gives you a computer - or more commonly a virtual machine - on which you install your operating system and build from there as if you were using a private server. You will incur licensing and running costs as if the equipment were your own, but you can specify the hardware you want in terms of processor, RAM etc.
PaaS is a level up from IaaS and is a computing platform with an operating service, webserver, database and programming language built in. The actual computer or virtual machine is hidden from you. The main selling point is that the platform can scale up or down to match your needs and budgets. The big players here are Microsoft (with Azure), Amazon (with AWS), and Google (with App Engine).
SaaS, another level up from PaaS, SaaS takes the form of a specific application accessed on a (per user, per month) subscription basis via a web browser or app. Examples would include SAP or Dropbox. With SaaS, you know nothing about the underlying structure or how it is built.
Having defined what a cloud platform is, it may be helpful to explain what the cloud is not - but is often thought to be.
If you are using a file sync application like Dropbox, or any cloud app, the data is held by the provider not by you. The data they hold is not a backup, but the original data. Rather than trust your provider alone with your data, it is good practice to keep a separate backup stored locally or with a second cloud provider. You should test these backups regularly - and beware: some cloud providers charge for backup testing.
Using the cloud does not mean that you don’t need an IT person in house. You will still need them to check the cloud provider is doing what they say they are. They will also need to ensure you have enough redundant links to connect to providers, that you remain secure as you open up more to the Internet, and that your data is secure when it is in the cloud with your provider.
Do not simply assume you will save money by using the cloud. It is essential that you calculate your total cost of ownership before leaping in. It is also important to ask up front, and get signed agreements on, how you would get out of the cloud again. Vendors tend to be much better at sucking all your data into the cloud and a lot less enthusiastic about helping you get it out again. Make sure you go over all this in detail during the courtship and honeymoon period, when your provider will be ready and willing to help, rather than during a messy divorce.
The other big issue is trust. Can you be sure your provider has the skills and security measures in place to stop unauthorised persons poking through your data? Edward Snowden has shown that the security services have a massive appetite for data and see cloud service providers’ relatively insecure internal systems as a handy back door.
Ethereal as the cloud may sound, your data will still be on a server (or servers) somewhere. Where will that be? If your provider has a US office, the US government could demand your data be transferred there for them to have a look at. Depending on what data you will be storing in the cloud, you need to take a view on how you would feel about that. And how would you react if your cloud based data got into the public arena? In short, you still need to ask all the same questions you would if your data were held on your own premises.
And what if your provider were to vanish from the Internet? This can and does occasionally happen - even with the biggest providers. You might assume an SLA will cover you, but unless this covers any losses you incur due to service disruption, you will lose out. Even if you are happy with the penalties provided for in an SLA, could your provider actually afford to pay them?
If you provider should fail, how would you get your data out? When the cloud provider 2e2 went under, customers were given 48 hours to pay between £4K and £40K so that 2e2’s computers could remain on long enough for users to reclaim their data.
The cloud is great for certain businesses and certain workloads - but it is not for everyone. Before you take the plunge, think carefully about exactly what you need and whether particular cloud providers can deliver that. With the cloud, just as with on-premise workloads, you still need to plan for a worst case scenario.