I recently read some nonsense about the benefits of a “private cloud”. It’s a good PR line because most people don’t understand the cloud and you can make it sound scary.
Werner Vogels is the CTO at Amazon and has been for a very long time. He knows the cloud and he knows security. I mean he really knows. I’ve blogged about him before.
One of my favorite blog posts from him was written in 2006 about storing credit cards. It’s titled, “You Guard it with Your Life”. In light of everything that has happened lately, remember this was in 2006. Two great quotes:
Credit card information should be kept in a physical secure location separate from your other servers with armed guards in front of it (I am not kidding).
I won’t tell you exactly how we implement our schemes but to get to Amazon customer credit cards you will need a small army of Marines
In 2009 he wrote what is still the best post on “what is the cloud” I’ve seen. He was announcing Amazon’s Virtual Private Cloud, while pointing out that a Private Cloud is not the cloud.
A key quote:
These CIOs know that what is sometimes dubbed “private cloud” does not meet their goal as it does not give them the benefits of the cloud: true elasticity and capex elimination
This may require some explanation. Elasticity is one of the key benefits of the cloud. Origami could double the number of servers we are using in a matter of hours and then scale back down a day later, paying only for what we used. A private cloud cannot do that. “Capex elimination” is CIO speak for capital expenditures, meaning paying for physical servers. Again, if you have a “private cloud” where all resources are dedicated to you, then you are paying for those resources. If it is possible to double your resources quickly and those resources are available to only you, then they are just sitting there and you are paying for them. That’s not the cloud.
Vogels states that the cloud has three key benefits:
- Eliminates Cost
- Is Elastic
- Removes Undifferentiated “Heavy Lifting”
The last point means that operating a data center is a pain in the butt. You have to be an expert on air conditioning, power supplies, flooring, a bunch of stuff that your clients don’t care about. Not having to think about that is a big benefit. That’s the only one of the three that the “private cloud” gives you.
So if your vendor is in a “private cloud” they are not as elastic as they should be and you are paying them more for storage than you should be.
Even Salesforce.com’s Desk product uses Amazon EC2 and touts their security (Salesforce is a leading cloud provider as well). If you have a private cloud, ask if
critical locations have extensive setback and military grade perimeter control berms
They probably don’t know what “berm” means.
People do not understand the cloud. That means other people will try to fool them. Anyone who is touting their “private cloud” is trying to fool you.