Showing results for 
Search instead for 
Did you mean: 
Create Post

The Public Cloud

Level 11

A couple of years ago nobody really thought of Public cloud (although that might be different in the US), but things change, quickly. Since the AWS invasion of the public clo space we’ve seen a lot competitors try to win their share in this lucrative market. Lucrative is a well chosen word here as most of the businesses getting into this market take a big leap of faith, as most of them have to take their losses for the first couple of years. But why should Public Cloud be of any interest to you, and what are the things you need to think about? Let’s take a plane and fly to see what the public cloud has to offfer, and if it will take over the complete datacenter or just parts of it?

Most companies have only one purpose and that is to make more money then they spend… And where prices are under pressure there is really nly one thing to do, cut the cost. A lot of companies see the public cloud as cutting cost, as you’re only paying for the resources you use, and not for all the other stuff that is alsoo needed to run your own “private cloud”. And because of this they think the cost of public cloud is cheaper than building their datacenters every 5 years or so.

To be honest, in a lot of ways the companies are right. Cutting cost by moving certain workloads to the public cloud will certainly help to cut cost, but it might also be a great test/dev environment. The thing is you need to determine the best public cloud strategy per company, and it might even be needed to do it per department (in particular cases). But saying everything will be in the public cloud is a bridge to far for many companies…. At the moment.

A lot of companies are already doing loads of workloads in the public cloud, without even really understanding it. Microsoft Office 365 (and in particular outlook) is one the examples where a lot of companies use public cloud, sometimes even without really looking into the details and if it is allowed by law. Yes, that’s right going public you need to think of even what can and what can’t be put in the cloud. Some companies are prohibited to by national law to put certain parts of their data in a public cloud, so make sure to look for everything before telling your company or customer to go public.

Most companies choose a gentle path towards public cloud, and choose the right workloads to go public. This is the right way to do if you’re an established company with your own way, but than again you need to not only think of your own, but also about the law that your company needs to follow.

In my last post on Private Cloud I mentioned the DART framework, as I think it is an important tool to go cloud (private at first, but Public also). In this post on Public Cloud I want to go for the SOAR framework.

Security - In a Public Cloud environment it really important to Secure your data. IT should make sure the Public part(s) as well as the Private part(s) are well secured and all data is save. Governance, compliancy and more should be well thought of, and re-thought of every step of the way.

Optimization - the IT infrastructure is a key component in a fast changing world. As I already mentioned a lot of companies are looking to do more for less to get more profit. IT should be an enabler for the business, not some sort of firefighters.

Automation - is the key to faster deployments. It’s the foundation for continuous delivery and other DevOps practices. Automation enforces consistency across your development, testing and production environments, and ensures you can quickly orchestrate changes throughout your infrastructure: bare metal servers, virtual machines, cloud and container deployments. In the end automation is a key component for optimization

Reporting - is a misunderstood IT trade. Again it is tidely connected with Optimization but also automation. For me reporting is only possible with the right monitoring tools. If you want to be able to do the right reporting you need to have a “big brother” in your environment. Getting the rigt reports from public and private is important, and with those reports the company can further finetune the environment.

There is so much more to say, but I leave it with this for now. I really look forward on the comments, and I know there is no “right” explanation for private, public, or hybrid cloud but I think we need to help our companies to understand the strenght of cloud. Help them sort out what kind to use and how. We’re here to help them use IT as IT is meant to be, regardless of the name we give it. See you next time, and in the comments!


If you need to trust your data  and apps and customers to Application Service Providers who want you to think you should call their service a "cloud" because "no one knows where your data really is," then you're stuck.

Force your ASP to provide SLAs and provide significant penalty payments for indemnity in case your data is lost, tampered with, or accessed without permission of you or your customers.

Require those ASP's to prove and reprove their security from hackers and physical entry.

Mandate that you must be given access to monitor any of their systems that provide service or storage to you or your customers.

If you don't, how is that different than just tossing your data and your money into the wind?

If you trust that ASP's are secure, how are you verifying your assumption?

Level 20

Office 365 shows that some types of public cloud applications can work well.


that and webmail based apps.  But even then, if you have no network available you can't do some work.

Level 12

There is a debate going on right now in our area between many of the medical systems about Office 365. Most want to move to it, but the debate is how does HIPAA play into this? Most of the IT people are on the side of not compliant because the data being stored is not encrypted at all, among other things. Business is on the side of it is compliant because "ITS THE MAGICAL CLOUD!!!!!".

Its things like this people do not really think about when considering a hosted app/service provider. The second you ask someone 2 cubicles down from you about patient blah blah with the medical record number xxxxx, that email has to comply with HIPAA from start to finish. And as anyone in health IT can tell you right now, things are starting to heat up in the arena when it comes to HIPAA audits and penalties. The last thing you want to do is be on the receiving end of a penalty because you didn't think a system was covered under a specific regulation or requirement.

The same thing applies with instant messaging, forums and message boards, file storage, phone systems, i can go on and on and on.


HIPAA is a burner if you fail an audit and has no place in the cloud in my opinion...

Level 20

I can understand that... I work on some air gapped networks so public anything is out of the question.

Still grappling with the "Cloud" technology.  It is great for some thing but not so much for others.  Biggest thing for me is SECURITY. 

Level 12

No doubts Eric that Security is the primary factor that must be tackled, handled, documented, configured, monitored, tweaked, updated, documented, tested, and documented again when contemplating moving any corporate data off prem. and into the Public Cloud.

Feeling redundant but my psyche is satisfied I put enough emphasis on the security part.... I think???


Whenever talking Public Cloud I can't help but think of this quote and image....

I agree with you--some parts of Office 365 can work well.

But for mission critical applications, or anything covering corporate or personal or financial security content, verify before trusting.

For me, an ASP's service can work well but remain inappropriate if we cannot directly monitor their systems and audit their security on a continual / on-going basis.

A smart group of people might be able to build a web-based service and still not have the necessary security or backups or resilience / HA in place.

Know those additional parts, and set up monitoring on the ASP's service, and probe it for security holes, and have a thorough understanding of their backup/failover/resilience solution, and get SLA's and Indemnity contracts in place before adopting it.

Because it's not enough for a web-based service to work well.  It has to be secure and reliable, too.

Level 11

That quote is too true.

Level 13

Love the image...I also love the marketing gimmicks companies use to advertise their services...

Level 14

Same here.  I know I am watching the store on my own network.  The cloud requires me to trust someone else to do the same.  Will they have the same diligence? The same focus?

Level 14

Love this logo.  It is so spot on.

A million years ago when I worked for Digex, a managed web hosting provider, I participated in many contract discussions with clients regarding "access to their data". At the time our biggest competitor filed for bankruptcy and shutdown. Businesses that hosted with our competitor could not logically or physically access their data. Doors were locked, equipment was turned off, and people were fired.

  These discussions have stayed with me throughout my career. So when I hear architects mention public clouds I instinctively steer them toward the big players for fear of being "locked out."