Showing results for 
Search instead for 
Did you mean: 
Create Post

To Cloud or Not to Cloud?

Level 10

There’s a question I’m sure is keeping some IT managers and CTOs up at night. How do you know when it’s right to move a workload to the cloud? And when you finally make the decision to migrate, how do you choose the best location for your application?

As mentioned in my previous post, cloud is a buzzword that carries with it a lot of white noise that IT managers and departments need to cut through to see whether it’s a worthwhile venture for their organisation. New three-letter initialisms and hyperbolic marketing campaigns are hitting inboxes daily. Vendors are using studies and figures from advisory firms like Gartner, IDC, and Forrester to back up their elaborate stance on cloud. Yet there is no denying that more companies and applications than ever are transitioning to the cloud.

Before I go further, I just want to level-set a few things. Firstly, “cloud” is a service-oriented architecture. Depending on the amount of abstraction you want within the application stack, we have Infrastructure as a Service (Iaas), Platform as a Service (PaaS), and Software as a Service (SaaS). As we move towards SaaS from IaaS, we sacrifice control to gain flexibility and scale.

More often than not, “cloud” is used in reference to the public cloud, a collection of services available to the public to consume, at will, via the internet. Private cloud, on the other hand, refers to everything from the data centre, the racks, the servers, and networking, through the various operating systems, to applications. The intent is to provide a service or services to a single company or organisation. It can be argued whether this private cloud infrastructure requires the ability to be controlled via a programmable interface to facilitate self-service and automation.

To decide where a piece of software or software stack runs, we need to look at the different aspects that can come into play between public and private cloud. One of the first things to do is consider the total cost of ownership for each deployment. While the public cloud gives you the ability to quickly deploy and rapidly scale with known operational pricing, you still need to monitor and assess whether you’re gaining the right amount of agility to performance. With on-premises hardware and software, you can have greater control over costs because you can calculate your requirements then add in the environmental, management, support, backup, disaster recovery, and decommission costs before spending a penny. The downside to this is that you have to “guesstimate”’ how much your application’s usage will increase over its lifespan. What will happen if your company takes on 1,000 new employees or acquires another business unit that needs to be integrated? If you go too big, you have overspent and underutilised, which nobody wants to do.

Yet a benefit from running it on-premises or in a private cloud is that you have far greater control over the versioning within your stack as well as maintenance windows that work with your company’s fiscal calendar. In the public cloud or off-premises, you probably have very little control over these factors and may have to add layers of complexity to deal with things like maintenance windows.

Which leads us into decisions that will need to be made regarding disaster recovery and the ability to avoid disruption. With a private cloud, you’ll need to purchase two sets of infrastructures (identical if you want complete disaster recovery), which then poses the question—do you sweat that asset and spread your workload over the two sites, thereby increasing the management overhead for your organisation? This leads to a greater initial capital expenditure (although financing options are available) and then a longer delivery, setup, burn in, benchmark, and tuning period before you can go live. On the other side, we can code site fault tolerance into the majority of public cloud services at deployment time, with several providing this as a default setting with services like databases and others where it can be “retrofitted” as required.

Reading this, you probably feel that the public cloud is ahead in this race to acquire your next application deployment, but there are drawbacks. A large one that needs mentioning is, “Can the data live there?” Regulatory bodies like HIPAA, FERPA, SOX, and GDPR have rules to help protect customers, consumers, and patients alike, so decisions on which cloud and usage of technologies like VPNs, encryption, and more are detailed in their frameworks. There are also concerns that need to be addressed around how you connect to the application and manage security for this environment so you don’t end up on the front page of the Wall Street Journal or Financial Times.

It is very rare to find an organisation that is solely in the cloud. There are a greater number of companies who still operate everything in-house, but we are now seeing a trend towards the hybrid cloud model. Having the ability to run different applications on either the public or private cloud and the ability to change this during the lifespan of an application are becoming requirements for organisations trying to go through digital transformation.

While there are many cloud options available, it’s important not to get hung up on these, as an application may move during its lifecycle, just like a server or VM. It’s about what’s right for the business at that time and having the ability to react quickly to changes in your marketplace. That’s what will set you apart from the competition.

I have only touched on some of the points that I see as the ones of greater concern when discussing the various cloud options, but spending time investigating and understanding this area of computing and application delivery will put both you and your company in good stead.

  A colleague recently mentioned to me that if you are not speaking to your customers about the benefits of cloud, you can be sure your rival is, so let’s make sure we frame the conversation correctly.


Thanks for a well-formed piece of commentary, rorz​!

This "cloud" isn't going to dissipate, so we all have to accept that the marketeers and technologists have won the war when it comes to offering fast, cheap (eventually), and secure (allegedly) product, which anyone can buy in to.

For startups, using the cloud is a no-brainer. Why spend tens-of-thousands of your start-up funding on hardware, DC space, and all the associated costs, when you can get all a fledgling company needs for around £15 a month per user? Where I struggle to comprehend cloud adoption is when gigantic multinationals, with many clever people in their IT departments, are pressured to "migrate" into the cloud, rather than building afresh, run in parallel, build up slowly, and decommission the old environment in chunks.

This sounds sensible, but many of the project managers I have worked with have been asked to do it all "last week", and are forced to find a way of fitting an old, square peg, into a shiny new hexagon hole. It ends up causing delays, instability, and, costs huge amounts of money, as invariably specialists need to be found to wrangle their old systems into their new cloudy pens! There is immense pressure from C-level to "get to the cloud", and, with the greatest of respect to those who genuinely are tech experts, most simply do not understand the challenges involved. It's simply a status symbol for use at the 19th at the end of the weekly round of golf... or so it seems.

Let's face it, many legacy applications, which mature businesses are inevitably reliant on, simply won't run on Windows Server 2019 / SQL Server 2019. Until a business can move these kinds of applications into the private cloud, we're always going to have some form of hybrid environment, and that is less than ideal in many ways.

Private cloud works best when all your base is belong to it. Everything else is a compromise somewhere along the line.

I haven't mentioned the security concerns, which are often the #1 concern in polls about cloud adoption, and is a Head Geek worthy subject! Thing is, people are still moving their stuff, regardless of these concerns, so it really does all boil down to money and operational agility. I would hate to be a security specialist in the cloud arena, but I bet those that do specialise in cloud security are raking it in

Level 20

I wonder if putting too many eggs in AWS basket is really a good idea?  The JEDI contract comes to mind.

Level 14

Thanks for the article.  I don't think that we'll ever be completely cloud....we'll always be a hybrid environment.

IMHO, the cloud is appropriate for:

  • Data for which you have no concerns about security
    • You can't verify physical access restrictions in the cloud. That's enough for me to bypass the cloud entirely.
    • You don't know where your data is physically located.  The more copies of it created, with or without your knowledge, the easier it is for an increasing number of probes to be sent against your data.
    • It's very hard to prove copies of your data haven't been made without your permission or knowledge. And subsequently hacked or sold.
    • Tomorrow's hacks find zero day vulnerabilities for which your security has no solution today. 
  • Systems and data you want to be highly available.  Of course, if you don't know where your data is located, and can't verify its security, what's the point in highly-available data?
  • Systems you don't want to host internally.  But if you can't secure that data in the cloud as well as you can secure it inside your own data centers, what did you gain?
Level 13

Good Article - thanks


Nice write up

Level 14

On site will never disappear.  Some stuff will move to the cloud because it is suitable but hybrid will be the future.

Quite often the business forces us to do stuff we don't like or want.  For example, moving two floors of staff to a managed building in three weeks time and the managed building only has one link to the outside world.  My preference would be to VPN back to here with a backup link and leave the DCs, print servers, data storage etc. here.  With one link we can't do that so I will have to buy a big server, install VMWare and set up a DC (with DNS and DHCP), print server, data storage etc in the new site.  With one link I can't even contemplate a cloud solution.

Level 13

Very good article.  Thanks for the write up.  There is so much hype going on around cloud (which is nothing more nor less than you putting your stuff (data, services, whatever) in someone else's data center) that it's hard to get some clarity, especially when the spin doctors are telling your management on a daily basis that if they aren't moving to the cloud they are idiots heading for disaster. 

Level 13

Nice write up.  But I like staying onsite.

Level 12

I anticipate going cloud and on premises at some point. It will work well for off site workers and eliminate VPN issues and network overload. We have a lot of off network users and they will be able to gain access from anywhere with an internet connection which is very helpful. But we will keep on premises for print services, and others that don't work off the network.

Level 10

Yes the idea of chunks does sound like the sensible way to go, and these are the organisations who are succeed in the transition to cloud. Those who rush or cram the round peg .. are the ones with huge bills and the horror stories we hear around the water cooler. AS with regards to security in this day and age EVERYONE needs to take responsibility and I "hope" future generations of coders adopt this stance as they continuously integrate.

Level 10

yup but tomorrow is another day to fight the good fight. If your DC has a firewall or DMZ with a flaw then they could also quite easily exploit that as an attack surface and hello Mr Ransomware. Security in the public cloud can be achieved to as good if not better level to many organisations if done properly. With Public cloud vendors investing huge amounts of money to uncover and fix zero day flaws as compared to some legacy appliance and software vendors would it not be advisable to at the very lease evaluate the options the cloud has to offer.

Level 10

Good luck my friend. We've all had the "joy" of an office move.

Level 10

Some times it does come down to likes and dislikes, but in the future don't let this get in the way of properly evaluating your options.

Level 10

Spread the love around. AWS, GCP, Azure, SalesForce, RackSpace, verizon, IBM Cloud. The possibilities are endless.

Level 12

cloud forever, less hardware breackages costs.

Level 7

Looking for a solution for improving the security, control and performance of your environment? We Design, Build, Deploy, Host and Manage private cloud solutions